ComboFix 09-07-09.08 - glenn willems 10/07/2009 17:23.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.32.1043.18.502.179 [GMT 2:00] Gestart vanuit: c:\documents and settings\glenn willems\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\glenn willems\Application Data\FunWebProducts c:\documents and settings\glenn willems\Application Data\FunWebProducts\Data\glenn willems\avatar.dat c:\documents and settings\glenn willems\Application Data\FunWebProducts\Data\glenn willems\outfit.dat c:\documents and settings\glenn willems\Application Data\FunWebProducts\Data\glenn willems\register.dat c:\documents and settings\glenn willems\Application Data\FunWebProducts\Data\glenn willems\zbucks.dat c:\documents and settings\glenn willems\Menu Start\Programma's\PlayMP3z c:\documents and settings\glenn willems\Menu Start\Programma's\PlayMP3z\Run PlayMP3z.lnk c:\program files\Internet Explorer\msimg32.dll c:\recycler\S-1-5-21-2319822902-1316688044-2755416854-500 c:\recycler\S-1-5-21-4098419737-3222111656-2999374177-500 c:\windows\emMON.exe c:\windows\Installer\22d1f0.msp c:\windows\Installer\WMEncoder.msi c:\windows\kb913800.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE (((((((((((((((((((( Bestanden Gemaakt van 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))) . 2009-07-10 14:55 . 2009-07-10 14:55 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-07-10 14:47 . 2009-07-10 14:46 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-10 14:46 . 2009-07-10 15:08 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-10 14:44 . 2009-07-10 14:44 152576 ----a-w- c:\documents and settings\glenn willems\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-07-10 14:39 . 2009-07-10 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-10 14:39 . 2009-07-10 14:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-10 14:39 . 2009-07-10 14:39 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-10 14:39 . 2009-07-10 14:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-10 14:38 . 2009-07-10 14:42 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-10 14:37 . 2009-07-10 14:37 -------- d-----w- c:\program files\AVG 2009-07-10 14:37 . 2009-07-10 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-10 13:39 . 2009-07-10 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-07-10 13:31 . 2009-07-10 13:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools 2009-07-10 13:31 . 2009-07-10 13:31 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools Pro 2009-07-10 13:22 . 2009-07-10 13:22 -------- d-----w- c:\program files\PFPortChecker 2009-07-10 13:14 . 2009-07-10 13:14 -------- d-----w- c:\program files\uTorrent 2009-07-10 13:14 . 2009-07-10 13:46 -------- d-----w- c:\documents and settings\glenn willems\Application Data\uTorrent 2009-07-10 13:05 . 2009-07-10 13:05 -------- d-----w- c:\program files\SystemRequirementsLab 2009-07-10 13:00 . 2008-12-03 23:25 120832 ----a-w- c:\documents and settings\glenn willems\Application Data\Mozilla\Firefox\Profiles\0ley9tuy.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-07-10 12:51 . 2009-07-10 12:51 -------- d-----w- c:\program files\CCleaner 2009-07-10 12:43 . 2009-07-10 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-07-10 12:43 . 2009-07-10 12:43 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-07-10 12:34 . 2009-07-10 12:34 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-07-10 12:33 . 2009-07-10 12:33 -------- d-----w- c:\documents and settings\glenn willems\Application Data\DAEMON Tools Lite . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 15:48 . 2006-04-10 12:00 84560 ----a-w- c:\windows\system32\perfc013.dat 2009-07-10 15:48 . 2006-04-10 12:00 473918 ----a-w- c:\windows\system32\perfh013.dat 2009-07-10 14:55 . 2008-08-09 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-10 14:45 . 2006-07-18 10:05 -------- d-----w- c:\program files\Java 2009-07-10 14:19 . 2006-12-29 10:23 -------- d-----w- c:\program files\Microsoft Games 2009-07-10 13:28 . 2008-05-07 11:15 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-10 13:16 . 2008-05-07 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-10 12:45 . 2008-02-17 19:35 108544 ----a-w- c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe 2009-07-03 11:40 . 2006-09-10 16:54 -------- d-----w- c:\program files\Zylom Games 2009-07-03 11:33 . 2006-09-10 16:54 -------- d-----w- c:\documents and settings\glenn willems\Application Data\Zylom 2009-06-27 16:06 . 2008-10-31 12:54 -------- d-----w- c:\documents and settings\glenn willems\Application Data\FrostWire 2009-06-27 14:43 . 2006-11-08 18:37 1928 ----a-w- c:\documents and settings\glenn willems\Application Data\wklnhst.dat 2009-06-27 14:41 . 2008-09-10 15:49 -------- d-----w- c:\program files\Common Files\PrintFit Shared 2009-06-17 09:27 . 2008-08-09 18:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2008-08-09 18:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 17:06 . 2009-03-07 10:39 -------- d-----w- c:\documents and settings\glenn willems\Application Data\U3 2009-05-22 15:44 . 2008-07-01 12:24 34 ----a-w- c:\documents and settings\glenn willems\jagex_runescape_preferences.dat 2009-05-07 15:44 . 2006-04-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:32 . 2006-04-10 12:00 671232 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:32 . 2006-04-10 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 20:12 . 2006-04-10 12:00 1846784 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:18 . 2006-04-10 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2008-03-26 12:47 . 2008-03-26 12:47 0 ----a-w- c:\program files\temp01 2007-08-02 15:47 . 2007-08-02 15:48 774144 ----a-w- c:\program files\RngInterstitial.dll 2007-08-24 19:52 . 2008-05-07 11:33 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll 2006-07-18 10:35 . 2006-07-18 10:35 8 --sh--r- c:\windows\system32\182E119D80.sys 2006-07-18 10:35 . 2006-07-18 10:35 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-10-31 12:53 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8da9765-6797-4e9f-9342-04163e5e7b3d}] 2007-10-23 23:47 282112 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-18 180269] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416] "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2009-03-19 197936] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-10 1948440] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-09-16 557056] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-06 16251904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360] c:\documents and settings\glenn willems\Menu Start\Programma's\Opstarten\ iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-2-17 108544] Microsoft Office Snelzoeken.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-2-3 111376] Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-2-3 51984] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-10 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\NetMeeting\\Conf.exe"= "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/07/2009 16:39 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/07/2009 16:39 108552] S1 mailKmd;mailKmd; [x] S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [24/03/2006 19:14 33536] . Inhoud van de 'Gedeelde Taken' map 2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe HKLM-Run-NWEReboot - (no file) HKLM-Run-emMON - emMON.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://mystart.hiyo.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search FF - ProfilePath - c:\documents and settings\glenn willems\Application Data\Mozilla\Firefox\Profiles\0ley9tuy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.be FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-10 17:44 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3668) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\AVG\AVG8\avgwdsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\system32\beidservicecrl.exe c:\windows\system32\beidservicepcsc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Voltooingstijd: 2009-07-10 17:58 - machine werd herstart ComboFix-quarantined-files.txt 2009-07-10 15:57 Pre-Run: 9.754.529.792 bytes beschikbaar Post-Run: 14.771.601.408 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 255 --- E O F --- 2009-06-17 19:32