ComboFix 11-01-31.02 - Muriël Wijnia 11-02-2011 13:27:43.5.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.502.344 [GMT 1:00] Gestart vanuit: c:\documents and settings\Muriël Wijnia\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Muriël Wijnia\Bureaublad\CFScript.txt..txt AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . - VERMINDERDE FUNCTIONALITEIT MODUS - FILE :: "c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\" "c:\program files\BearShareV9nl.exe" "c:\windows\system32\svchostmgr.exe" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\BearShareV9nl.exe c:\program files\Internet Explorer\complete.dat c:\program files\Internet Explorer\dmlconf.dat c:\program files\pbsyoqye c:\program files\pbsyoqye\xhhocqiu.exe c:\windows\system32\Process.exe c:\windows\system32\restart.exe c:\windows\system32\svchostmgr.exe . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))) . 2011-02-11 12:29 . 2011-02-11 12:29 -------- d-----w- c:\program files\pbsyoqye 2011-02-05 17:51 . 2011-02-09 15:47 4096 ----a-w- c:\windows\system32\reboot.exe 2011-02-05 17:51 . 2011-02-05 17:51 -------- d-----w- c:\windows\system32\regdacl 2011-02-05 16:22 . 2011-02-11 11:36 -------- d--h--r- c:\documents and settings\Muriël Wijnia\Onlangs geopend 2011-02-05 10:45 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-05 10:45 . 2011-02-05 10:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-05 10:45 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-05 09:12 . 2011-02-05 10:38 29996 ---h--w- c:\documents and settings\Muriël Wijnia\Application Data\ntuser.dat 2011-02-04 20:46 . 2011-02-04 21:35 -------- d-----w- c:\program files\temp 2011-01-26 16:57 . 2011-01-26 16:57 -------- d-----w- c:\documents and settings\Muriël Wijnia\Application Data\AVS4YOU 2011-01-26 16:51 . 2011-01-26 17:20 -------- d-----w- c:\program files\AVS4YOU 2011-01-26 16:51 . 2011-01-26 17:18 -------- d-----w- c:\program files\Common Files\AVSMedia 2011-01-26 16:51 . 2011-01-26 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2011-01-26 16:51 . 2010-09-14 16:38 24576 ----a-w- c:\windows\system32\msxml3a.dll 2011-01-24 20:48 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll 2011-01-21 19:57 . 2011-01-21 19:57 84718440 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc7.tmp 2011-01-12 15:30 . 2011-01-12 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\F9C . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:42 . 2008-04-15 12:00 441856 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:02 . 2009-08-17 09:34 1864192 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:32 . 2009-08-17 09:34 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:51 . 2009-08-17 09:36 919552 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:51 . 2009-08-17 09:36 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:51 . 2009-08-17 09:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:24 . 2009-08-17 09:34 735232 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:49 . 2009-08-17 09:36 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2009-02-09 11:00 739328 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 15:14 . 2009-02-09 11:19 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-09 15:14 . 2009-08-17 09:34 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 14:30 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-11-18 18:15 . 2009-08-27 17:16 86016 ----a-w- c:\windows\system32\isign32.dll 2009-11-18 14:55 . 2009-11-18 14:55 6666536 ------w- c:\program files\DivXWebPlayerInstaller.exe 2009-11-04 16:42 . 2009-11-04 16:42 90357136 ------w- c:\program files\HEMA_NL_Fotoservice.exe . ------- Sigcheck ------- [-] 2009-08-17 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\ xhhocqiu.exe [2011-2-10 108544] c:\documents and settings\Muri‰l Wijnia\Menu Start\Programma's\Opstarten\ xhhocqiu.exe [2011-2-11 108544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\SYSTEM32\Userinit.exe,,c:\program files\pbsyoqye\xhhocqiu.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 15:18 528912 ------w- c:\program files\QuickTime\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2011-02-08 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19] 2009-12-16 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19] 2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{C8CDEBEB-C8F4-4236-A3EA-32FA8E7D8D28}.job - c:\windows\system32\msfeedssync.exe [2009-08-17 09:36] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-11 13:29 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ . Voltooingstijd: 2011-02-11 13:31:36 ComboFix-quarantined-files.txt 2011-02-11 12:31 ComboFix2.txt 2011-02-11 11:34 ComboFix3.txt 2010-11-13 17:19 Pre-Run: 14.884.601.856 bytes beschikbaar Post-Run: 14.869.082.112 bytes beschikbaar - - End Of File - - 4349150A44A23B2B49AC7B9C602B4DAE