ComboFix 10-08-18.05 - Administrator 20-08-2010 11:13:09.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1535.1084 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\DUMP418d.tmp" "c:\windows\DUMP4381.tmp" "c:\windows\DUMP43fe.tmp" "c:\windows\DUMP44aa.tmp" "c:\windows\DUMP44b9.tmp" "c:\windows\DUMP4601.tmp" "c:\windows\DUMP468e.tmp" "c:\windows\DUMP5da0.tmp" "c:\windows\DUMP6ea8.tmp" "c:\windows\DUMP6eb7.tmp" "c:\windows\system32\drivers\yzvmi.sys" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Hitman Pro c:\program files\Hitman Pro\alkep.dat c:\program files\Hitman Pro\alrem.dat c:\program files\Hitman Pro\boot.bak c:\program files\Hitman Pro\downloads\downloads.bin c:\program files\Hitman Pro\hitmanpro2.exe c:\program files\Hitman Pro\icons\ff-s.ico c:\program files\Hitman Pro\icons\ff.ico c:\program files\Hitman Pro\icons\ie-s.ico c:\program files\Hitman Pro\icons\ie.ico c:\program files\Hitman Pro\icons\msnmsgr.ico c:\program files\Hitman Pro\icons\oe-s.ico c:\program files\Hitman Pro\icons\oe.ico c:\program files\Hitman Pro\icons\ol-s.ico c:\program files\Hitman Pro\icons\ol.ico c:\program files\Hitman Pro\logs\buynow.gif c:\program files\Hitman Pro\logs\Hitman_Pro_2010-08-19_18-37-27.htm c:\program files\Hitman Pro\logs\Hitman_Pro_2010-08-19_18-41-25.htm c:\program files\Hitman Pro\logs\Hitman_Pro_2010-08-19_18-46-39.htm c:\program files\Hitman Pro\logs\hitmanpro.jpg c:\program files\Hitman Pro\pacomp.exe c:\program files\Hitman Pro\pacrypt.exe c:\program files\Hitman Pro\paext.exe c:\program files\Hitman Pro\prompt.exe c:\program files\Hitman Pro\Registry.pol c:\program files\Hitman Pro\srhelper.exe c:\program files\Hitman Pro\strider.bin c:\program files\Hitman Pro\surfright.exe c:\program files\Hitman Pro\unins000.dat c:\program files\Hitman Pro\unins000.exe c:\program files\Hitman Pro\uninstall.exe c:\program files\Hitman Pro\unrar3.dll c:\program files\Hitman Pro\update.exe c:\program files\Hitman Pro\wget.exe c:\program files\Hitman Pro\xphelper.exe c:\windows\DUMP418d.tmp c:\windows\DUMP4381.tmp c:\windows\DUMP43fe.tmp c:\windows\DUMP44aa.tmp c:\windows\DUMP44b9.tmp c:\windows\DUMP4601.tmp c:\windows\DUMP468e.tmp c:\windows\DUMP5da0.tmp c:\windows\DUMP6ea8.tmp c:\windows\DUMP6eb7.tmp c:\windows\system32\drivers\yzvmi.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hitmanpro2 -------\Legacy_yzvmi -------\Service_yzvmi (((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))) . 2010-08-20 08:02 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-08-20 07:58 . 2010-08-20 07:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-20 07:58 . 2010-08-20 07:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-20 07:58 . 2010-08-20 07:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-20 07:58 . 2010-08-20 07:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-08-20 07:58 . 2010-08-20 09:03 -------- d-----w- c:\windows\system32\drivers\Avg 2010-08-20 07:54 . 2010-08-20 07:54 -------- d-----w- c:\program files\AVG 2010-08-20 07:54 . 2010-08-20 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-08-19 21:40 . 2010-08-19 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7 2010-08-19 18:22 . 2010-08-19 18:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-19 18:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-19 18:22 . 2010-08-19 18:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-19 18:22 . 2010-08-19 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-19 18:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-19 16:19 . 2010-08-19 16:19 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-08-19 16:19 . 2010-08-19 16:19 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-08-19 16:05 . 2010-08-19 16:05 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys 2010-08-19 15:30 . 2010-08-19 15:30 -------- d-----w- c:\program files\BitTorrent 2010-08-19 15:30 . 2010-08-19 16:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent 2010-08-19 15:23 . 2010-08-19 15:23 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-08-19 15:23 . 2010-08-19 15:23 -------- d-----w- c:\program files\Windows Live 2010-08-19 14:43 . 2010-08-19 15:19 -------- d-----w- c:\windows\SxsCaPendDel 2010-08-19 14:34 . 2004-08-03 20:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys 2010-08-19 14:34 . 2004-08-03 20:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys 2010-08-19 08:55 . 2008-03-13 01:10 445504 ----a-r- c:\windows\system32\vp6vfw.dll 2010-08-18 20:44 . 2010-08-18 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania 2010-08-18 20:40 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-08-18 20:37 . 2010-08-18 20:39 -------- d-----w- c:\program files\TmNationsForever 2010-08-18 20:27 . 2010-08-18 20:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI 2010-08-18 20:27 . 2010-08-18 20:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI 2010-08-18 20:22 . 2006-05-03 09:57 520192 ------w- c:\windows\system32\ati2sgag.exe 2010-08-18 20:22 . 2010-08-18 20:23 -------- d-----w- c:\program files\ATI Technologies 2010-08-18 20:21 . 2010-08-18 20:21 -------- d-----w- C:\ATI 2010-08-18 18:19 . 2010-08-18 18:19 -------- d-----w- c:\windows\system32\LogFiles 2010-08-18 17:44 . 2001-09-06 17:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-08-18 17:44 . 2001-09-06 17:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-19 15:19 . 2008-10-31 21:42 -------- d-----w- c:\program files\Windows Desktop Search 2010-08-19 14:45 . 2004-08-04 12:00 78210 ----a-w- c:\windows\system32\perfc013.dat 2010-08-19 14:45 . 2004-08-04 12:00 459216 ----a-w- c:\windows\system32\perfh013.dat 2010-08-18 20:23 . 2008-10-31 19:31 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-18 20:22 . 2008-10-31 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((( SnapShot@2010-08-20_07.34.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2009-07-11 23:07 . 2009-07-11 23:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-11 23:19 . 2009-07-11 23:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll + 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll + 2010-08-20 09:19 . 2010-08-20 09:19 16384 c:\windows\Temp\Perflib_Perfdata_b0.dat + 2007-07-30 18:19 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll + 2008-10-31 02:21 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll + 2008-10-31 02:21 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe + 2010-08-20 08:02 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2010-08-20 08:02 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2008-10-31 02:21 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll + 2008-10-31 02:21 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-04 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-04 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll + 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll + 2008-10-31 02:21 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll + 2008-10-31 02:21 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll + 2008-10-31 02:21 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll + 2007-07-30 18:18 . 2009-08-06 17:23 215920 c:\windows\system32\muweb.dll + 2008-10-31 02:21 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2008-10-31 02:21 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2008-10-31 02:21 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2010-08-20 07:54 . 2010-08-20 07:54 424448 c:\windows\Installer\128474.msi + 2009-07-11 18:46 . 2009-07-11 18:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-11 18:46 . 2009-07-11 18:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll + 2008-10-31 02:21 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll + 2008-10-31 02:21 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-08-20 07:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\BitTorrent\\BitTorrent.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-8-2010 9:58 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-8-2010 9:58 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [20-8-2010 9:56 308136] S2 vmzsmyns;SetPoint Mouse Filter Monitor;c:\windows\System32\svchost.exe -k netsvcs [4-8-2004 14:00 14336] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 12:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uInternet Settings,ProxyOverride = IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.85.164.21/activex/AMC.cab . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe AddRemove-{9B77AF57-F7B2-488F-8B75-1DDDCC447545}_is1 - c:\program files\Hitman Pro\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-20 11:19 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(532) c:\windows\system32\Ati2evxx.dll c:\windows\system32\iphlpapi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\crypserv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Voltooingstijd: 2010-08-20 11:22:58 - machine werd herstart ComboFix-quarantined-files.txt 2010-08-20 09:22 ComboFix2.txt 2010-08-20 07:37 Pre-Run: 25.845.059.584 bytes beschikbaar Post-Run: 25.978.920.960 bytes beschikbaar - - End Of File - - DD3ECBA9F904EBA2D82C907260CC38EE