ComboFix 08-08-18.01 - Eigenaar 2008-08-18 23:19:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.162 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt [color=red][b]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b][/color] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner 2006 Free C:\Documents and Settings\Eigenaar\Application Data\DriveCleaner 2006 Free\Logs\update.log C:\Documents and Settings\Eigenaar\Cookies\eigenaar@experts-exchange[1].txt C:\Documents and Settings\Eigenaar\UserData C:\Documents and Settings\Eigenaar\UserData\2DWDQN45\iconState[1].xml C:\Documents and Settings\Eigenaar\UserData\2DWDQN45\showHideState[1].xml C:\Documents and Settings\Eigenaar\UserData\GLEVM9YD\oWindowsUpdate[1].xml C:\Documents and Settings\Eigenaar\UserData\GLEVM9YD\oXMLStore[1].xml C:\Documents and Settings\Eigenaar\UserData\GLEVM9YD\showHideState[1].xml C:\Documents and Settings\Eigenaar\UserData\index.dat C:\Documents and Settings\Eigenaar\UserData\OFINGJID\iconState[2].xml C:\Documents and Settings\Eigenaar\UserData\OFINGJID\showHideState[1].xml C:\Documents and Settings\Eigenaar\UserData\OFINGJID\undefined[1].xml C:\Documents and Settings\Eigenaar\UserData\YRAZ0BUV\iconState[1].xml C:\Documents and Settings\Eigenaar\UserData\YRAZ0BUV\undefined[1].xml C:\Documents and Settings\Eigenaar\UserData\YRAZ0BUV\undefined[2].xml . (((((((((((((((((((( Bestanden Gemaakt van 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))) . 2008-08-18 23:02 . 2008-08-18 23:02 580,096 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-08-18 23:01 . 2008-08-18 23:01 d-------- C:\WINDOWS\ERUNT 2008-08-18 23:00 . 2006-04-13 16:47 d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-08-18 23:00 . 2006-04-14 00:39 d--h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-08-18 23:00 . 2006-04-14 00:39 d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-08-18 23:00 . 2006-04-14 00:39 d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-08-18 23:00 . 2006-04-14 00:39 dr------- C:\Documents and Settings\Administrator\Menu Start 2008-08-18 23:00 . 2006-04-14 00:39 d-------- C:\Documents and Settings\Administrator\Favorieten 2008-08-18 23:00 . 2006-04-14 00:39 d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-08-18 23:00 . 2008-08-18 23:00 d-------- C:\Documents and Settings\Administrator 2008-08-18 22:57 . 2008-08-18 22:57 d-------- C:\Program Files\Trend Micro 2008-08-18 22:55 . 2008-08-18 22:55 d-------- C:\SDFix . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 21:17 --------- d-----w C:\Program Files\Sr 2008-08-18 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity 2008-06-20 08:28 --------- d-----w C:\Program Files\ESET 2008-06-20 07:45 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-20 07:42 --------- d-----w C:\Program Files\Yahoo! 2008-06-20 07:41 --------- d-----w C:\Program Files\Google 2008-06-20 07:33 --------- d-----w C:\Program Files\Lavasoft 2008-06-20 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-20 07:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-20 07:22 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Lavasoft 2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 16:03 1957888] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 15:49 86016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD SE\PDVDServ.exe" [2004-07-15 01:07 32768] "Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-04-13 17:54 423258] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-04-13 17:54 90112] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152] "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-18 23:11 652528] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe] "nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Catan\\Catan.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= *Newly Created Service* - PROCEXP90 . Inhoud van de 'Gedeelde Taken' map 2008-04-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKCU-Run-PowerBar - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startpagina.nl/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 -: Zoeken op eBay - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab C:\WINDOWS\Downloaded Program Files\IPSUploader.inf C:\WINDOWS\system32\unicows.dll C:\WINDOWS\Downloaded Program Files\IPSUploader.ocx . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 23:21:18 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? kt??9~????????????????r???1???R???????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-08-18 23:22:12 ComboFix-quarantined-files.txt 2008-08-18 21:22:07 Pre-Run: 45,658,542,080 bytes beschikbaar Post-Run: 45,746,221,056 bytes beschikbaar 135 --- E O F --- 2008-06-11 10:46:54