ComboFix 10-04-26.05 - Henry 27-04-2010 18:02:09.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.640.343 [GMT 2:00] Gestart vanuit: c:\documents and settings\Henry\Mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Henry\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\Henry\Onlangs geopend\bittorrent.startpagina.nl.url c:\documents and settings\Henry\Onlangs geopend\http--www.burnmedia-shop.com-epages-61419207.sf.url c:\documents and settings\Henry\Onlangs geopend\http--www.looney-tunez.org-confirm.phpid=2083&secret=545c3b57779acf4a051620d6d7521945.url c:\documents and settings\Henry\Onlangs geopend\tbontb__Startpagina.url c:\windows\system32\vmnat.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))) . 2010-04-27 12:48 . 2010-04-27 12:48 -------- d-----w- c:\documents and settings\Henry\Application Data\Malwarebytes 2010-04-27 12:47 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-27 12:47 . 2010-04-27 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-27 12:47 . 2010-04-27 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-27 12:47 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 09:05 . 2010-04-27 09:05 388096 ----a-r- c:\documents and settings\Henry\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-04-27 09:05 . 2010-04-27 09:05 -------- d-----w- c:\program files\Trend Micro 2010-04-21 08:53 . 2010-04-21 08:53 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-04-21 08:50 . 2010-04-21 08:50 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-04-18 21:00 . 2010-04-18 21:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-04-18 19:12 . 2007-12-18 06:15 3372824 ----a-w- c:\windows\Whales and Dolphins Premium.scr 2010-04-17 21:43 . 2010-04-17 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno 2010-04-17 21:42 . 2010-04-14 21:54 61696 ----a-w- c:\documents and settings\All Users\Application Data\BarQuery\barquery133.exe 2010-04-17 21:40 . 2006-10-10 13:39 405504 ----a-w- c:\windows\Living 3D Dolphins Full.scr 2010-04-17 21:39 . 2010-04-18 19:21 -------- d-----w- c:\program files\Freeze.com 2010-04-17 21:39 . 2010-04-18 13:39 -------- d-----w- c:\program files\BarQuery 2010-04-17 21:39 . 2010-04-17 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\BarQuery 2010-04-17 21:39 . 2010-04-17 21:39 -------- d-----w- c:\program files\Free Offers from Freeze.com 2010-04-17 21:38 . 2010-04-18 19:27 -------- d-----w- c:\program files\Winferno 2010-04-14 18:13 . 2010-04-14 18:13 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-04-13 13:52 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-12 19:51 . 2010-04-12 19:51 -------- d-----w- c:\program files\Google 2010-04-11 19:09 . 2010-04-11 19:10 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2010-04-10 22:17 . 2010-04-15 18:51 -------- d-----w- c:\documents and settings\Henry\Application Data\QuickScan 2010-04-10 20:31 . 2010-04-10 20:31 -------- d-----w- c:\program files\ToniArts 2010-04-10 20:17 . 2010-04-10 20:17 -------- d-----w- c:\documents and settings\Henry\Application Data\Uniblue 2010-04-10 19:52 . 2010-04-10 19:52 -------- d-----w- c:\documents and settings\Henry\Application Data\r2 Studios 2010-04-10 19:52 . 2010-04-10 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\r2 Studios 2010-04-10 19:52 . 2010-04-10 19:52 -------- d-----w- c:\program files\r2 Studios 2010-04-10 19:29 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2010-04-10 19:29 . 2008-04-13 17:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2010-04-10 19:19 . 2010-04-10 19:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-04-10 19:19 . 2010-04-27 15:34 -------- d-----w- c:\documents and settings\Henry\Application Data\skypePM 2010-04-10 19:13 . 2010-04-27 15:39 -------- d-----w- c:\documents and settings\Henry\Application Data\Skype 2010-04-10 19:12 . 2010-04-10 19:12 -------- d-----w- c:\program files\Common Files\Skype 2010-04-10 19:11 . 2010-04-10 19:12 -------- d-----r- c:\program files\Skype 2010-04-10 19:11 . 2010-04-10 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-04-10 19:02 . 2010-04-21 10:07 -------- d-----w- c:\documents and settings\Henry\Local Settings\Application Data\Temp 2010-04-10 18:56 . 2010-02-23 12:04 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2010-04-10 18:53 . 2010-04-10 18:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-10 18:53 . 2010-04-21 08:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-10 18:53 . 2010-04-10 18:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-10 18:53 . 2010-04-10 18:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-04-10 18:53 . 2010-04-27 15:31 -------- d-----w- c:\windows\system32\drivers\Avg 2010-04-10 18:52 . 2010-04-10 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-04-10 18:46 . 2010-04-10 18:46 -------- d-----w- c:\program files\AVG 2010-04-10 18:45 . 2010-04-10 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-04-10 12:43 . 2010-04-10 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-04-10 12:31 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-27 15:56 . 2008-04-20 18:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2010-04-27 15:56 . 2008-04-20 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2010-04-18 19:22 . 2010-04-18 19:22 118784 ----a-w- c:\windows\Web\Wallpaper\Waterfalls Animated Wallpaper dir\uninstall.exe 2010-04-17 09:04 . 2006-03-02 12:00 55674 ----a-w- c:\windows\system32\perfc013.dat 2010-04-17 09:04 . 2006-03-02 12:00 369970 ----a-w- c:\windows\system32\perfh013.dat 2010-04-15 19:45 . 2008-04-20 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-15 17:20 . 2009-01-18 14:02 -------- d-----w- c:\documents and settings\Jeannette\Application Data\Belastingdienst 2010-04-10 20:31 . 2008-10-19 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-10 18:22 . 2008-12-10 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2010-04-10 16:22 . 2008-12-10 09:39 -------- d-----w- c:\documents and settings\Henry\Application Data\iolo 2010-04-10 12:45 . 2009-04-21 06:15 -------- d-----w- c:\program files\Alwil Software 2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:20 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:09 . 2006-03-02 12:00 2194304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:09 . 2004-08-04 00:58 2071168 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:35 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-02-28 13:48 . 2009-02-28 13:48 2268783 ----a-w- c:\program files\SH-S202N_SB02.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-02-23 12:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Versato"="c:\program files\MediaKey\MagicRun.exe" [2002-02-22 24576] "Google Update"="c:\documents and settings\Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-10 136176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "InvHelp.exe"="c:\program files\3Com\3Com Wireless Utility\InvHelp.exe" [2005-07-12 45056] "StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10-4-2010 20:53 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10-4-2010 20:53 242896] R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [20-4-2008 21:37 11889] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10-4-2010 20:49 308064] R2 BarQuery Service;BarQuery Service;c:\documents and settings\All Users\Application Data\BarQuery\barquery133.exe [17-4-2010 23:42 61696] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [28-10-2008 23:01 54960] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-2-2009 18:57 717296] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10-4-2010 20:52 369920] S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [15-2-2009 14:04 357568] S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [27-5-2008 20:05 40060] S3 VNic;ULan Network Driver Module;c:\windows\system32\DRIVERS\VNic.sys --> c:\windows\system32\DRIVERS\VNic.sys [?] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - GTNDIS5 . Inhoud van de 'Gedeelde Taken' map 2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1788223648-725345543-1004Core.job - c:\documents and settings\Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-10 19:02] 2010-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1788223648-725345543-1004UA.job - c:\documents and settings\Henry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-10 19:02] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.symbaloo.com/nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\VMware\VMware Player\vsocklib.dll TCP: {2F2584BD-298C-41E7-A2D5-ECC62AFC82DB} = 192.168.1.254 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . . ------- Bestandsassociaties ------- . JSEFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-27 18:09 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2010-04-27 18:12:05 ComboFix-quarantined-files.txt 2010-04-27 16:11 Pre-Run: 59.502.678.016 bytes beschikbaar Post-Run: 60.603.875.328 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - E75491A0330EC6C69D7088AF0F423BC1