Combofix er ook eens op los gelaten in veilige modus deze heeft dit verwijderd c:\windows\system32\api32.dll
ComboFix 09-01-01.02 - Eigenaar 2009-01-03 22:32:45.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.767.593 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\api32.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-03 to 2009-01-03 ))))))))))))))))))))))))))))))
.
2009-01-02 18:52 . 2009-01-03 22:22 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend
2009-01-02 02:33 . 2009-01-02 02:38 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\vlc
2008-12-31 18:34 . 2008-12-31 18:34 <DIR> d-------- c:\program files\WinAVIVideoConverter
2008-12-30 23:14 . 2008-12-30 23:14 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 23:14 . 2008-12-30 23:14 1,409 --a------ c:\windows\QTFont.for
2008-12-16 23:03 . 2009-01-03 05:29 <DIR> d-------- C:\RECYCIER
2008-12-08 04:55 . 2008-12-08 06:34 <DIR> d-------- c:\program files\Absolute MP3 Splitter
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 13:18 --------- d-----w c:\program files\Norman
2009-01-02 01:32 --------- d-----w c:\program files\VideoLAN
2009-01-01 23:44 --------- d-----w c:\program files\WMR11
2008-12-30 22:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-30 22:01 --------- d-----w c:\program files\SpywareBlaster
2008-12-15 21:11 3,888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS
2008-12-08 05:36 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-08 04:36 --------- d-----w c:\program files\Audacity
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 03:08 --------- d-----w c:\program files\Java
2008-11-23 23:19 --------- d-----w c:\program files\3D MP3 Sound Recorder G2
2008-11-23 04:29 --------- d-----w c:\program files\POI-Warner MioMap Edition
2008-11-16 01:17 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso
2008-11-15 03:34 --------- d-----w c:\program files\7-Zip
2008-11-12 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3
2008-11-12 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 22:17 --------- d-----w c:\program files\Lavasoft
2008-11-07 22:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-07 17:44 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-07 04:13 --------- d-----w c:\program files\Winamp
2008-11-07 02:22 --------- d-----w c:\program files\Lavalys
2008-11-07 01:30 --------- d-----w c:\program files\WMV9_VCM
2008-10-28 21:30 47,360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-07 09:41 164 ----a-w C:\install.dat
2008-10-03 10:05 247,326 ----a-w c:\windows\system32\strmdll.dll
1999-05-03 14:01 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
2002-09-11 12:00 94,784 --sh--w c:\windows\twain.dll
2008-04-14 17:02 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 17:02 1,028,096 --sh--w c:\windows\system32\mfc42.dll
2008-04-14 17:02 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 17:02 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 17:02 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 17:02 551,936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 17:02 84,992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 17:03 12,288 --sh--w c:\windows\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-05-03 46077]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0lsdelete
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime Alternative\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 04:21 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AME_CSA]
--a------ 2002-10-30 03:26 757760 c:\windows\system32\AmeCSA.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BearShare Pro\\Bearshare.exe"=
"c:\\Documents and Settings\\Eigenaar\\Mijn documenten\\leechftp\\Leechftp.exe"=
S0 Eot61;Eot61; []
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys []
S2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-10-07 20448]
S2 NVOY;Norman's Very Own supplY of resources;"c:\program files\Norman\npm\bin\nvoy.exe" [2008-10-09 121912]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys [2007-12-29 118391]
S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55808]
S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55808]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88172.sys [2007-12-29 11264]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\DRIVERS\DUBE100B.sys [2008-01-26 18560]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-10-07 322616]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-10-07 19512]
S3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-10-07 191544]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\Bin\Nvcsched.exe" [2008-10-09 154680]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
c:\windows\Downloaded Program Files\hcImpl.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-03 22:36:06
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
**************************************************************************
.
Voltooingstijd: 2009-01-03 22:38:33
ComboFix-quarantined-files.txt 2009-01-03 21:37:15
ComboFix2.txt 2009-01-03 04:59:35
Pre-Run: 96.737.415.168 bytes beschikbaar
Post-Run: 96,785,846,272 bytes beschikbaar
167 --- E O F --- 2008-12-11 14:07:09