ComboFix 11-02-13.03 - Muriël Wijnia 14-02-2011 15:57:03.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.502.226 [GMT 1:00] Gestart vanuit: c:\documents and settings\Muriël Wijnia\Bureaublad\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\dmlconf.dat . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))) . 2011-02-14 11:39 . 2011-02-14 11:39 -------- d--h--r- c:\documents and settings\Muriël Wijnia\Onlangs geopend 2011-02-14 11:35 . 2011-02-14 11:35 388096 ----a-r- c:\documents and settings\Muriël Wijnia\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-02-14 11:27 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-14 11:27 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-14 11:27 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-14 11:27 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-14 11:27 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-02-14 11:27 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-02-14 11:27 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-02-14 11:27 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr 2011-02-14 11:27 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-14 11:27 . 2011-02-14 11:27 -------- d-----w- c:\program files\Alwil Software 2011-02-14 11:27 . 2011-02-14 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2011-02-11 23:41 . 2011-02-11 23:47 -------- d-----w- c:\documents and settings\Muriël Wijnia\DoctorWeb 2011-02-11 15:39 . 2011-02-14 11:53 -------- d-----w- c:\program files\pbsyoqye 2011-02-05 17:51 . 2011-02-09 15:47 90112 ----a-w- c:\windows\system32\regdacl.exe 2011-02-05 10:45 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-05 10:45 . 2011-02-05 10:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-05 10:45 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-04 20:46 . 2011-02-04 21:35 -------- d-----w- c:\program files\temp 2011-01-26 16:57 . 2011-01-26 16:57 -------- d-----w- c:\documents and settings\Muriël Wijnia\Application Data\AVS4YOU 2011-01-26 16:51 . 2011-01-26 17:20 -------- d-----w- c:\program files\AVS4YOU 2011-01-26 16:51 . 2011-01-26 17:18 -------- d-----w- c:\program files\Common Files\AVSMedia 2011-01-26 16:51 . 2011-01-26 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2011-01-26 16:51 . 2010-09-14 16:38 24576 ----a-w- c:\windows\system32\msxml3a.dll 2011-01-24 20:48 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll 2011-01-21 19:57 . 2011-01-21 19:57 84718440 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc7.tmp . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:42 . 2008-04-15 12:00 441856 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2008-04-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:02 . 2009-08-17 09:34 1864192 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:32 . 2009-08-17 09:34 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:51 . 2009-08-17 09:36 919552 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:51 . 2009-08-17 09:36 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:51 . 2009-08-17 09:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:24 . 2009-08-17 09:34 735232 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:49 . 2009-08-17 09:36 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2009-02-09 11:00 739328 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 15:14 . 2009-02-09 11:19 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-09 15:14 . 2009-08-17 09:34 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 14:30 . 2008-04-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-11-18 18:15 . 2009-08-27 17:16 86016 ----a-w- c:\windows\system32\isign32.dll 2009-11-18 14:55 . 2009-11-18 14:55 6666536 ------w- c:\program files\DivXWebPlayerInstaller.exe 2009-11-04 16:42 . 2009-11-04 16:42 90357136 ------w- c:\program files\HEMA_NL_Fotoservice.exe . ------- Sigcheck ------- [-] 2009-08-17 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2011-02-11_12.29.07 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-14 12:57 . 2011-02-14 12:57 16384 c:\windows\temp\Perflib_Perfdata_78.dat - 2009-08-27 17:15 . 2009-08-17 09:36 68608 c:\windows\system32\dllcache\hmmapi.dll + 2009-08-27 17:15 . 2009-08-17 09:36 68608 c:\windows\system32\dllcache\hmmapi.dll + 2011-02-09 11:24 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll + 2009-08-27 17:14 . 2010-07-16 11:57 221184 c:\windows\system32\dllcache\wordpad.exe - 2009-08-27 17:14 . 2010-07-16 11:57 221184 c:\windows\system32\dllcache\wordpad.exe - 2009-08-27 17:15 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll + 2009-08-27 17:15 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll + 2009-08-27 17:15 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll - 2009-08-27 17:15 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll - 2009-08-27 17:15 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll + 2009-08-27 17:15 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll + 2009-08-27 17:15 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll - 2009-08-27 17:15 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll + 2009-08-27 17:15 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll - 2009-08-27 17:15 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll - 2009-08-27 17:15 . 2009-08-17 09:34 331776 c:\windows\system32\dllcache\msadce.dll + 2009-08-27 17:15 . 2009-08-17 09:34 331776 c:\windows\system32\dllcache\msadce.dll + 2011-02-09 11:24 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll - 2009-08-27 17:16 . 2009-08-17 09:34 1674752 c:\windows\system32\dllcache\setup_wm.exe + 2009-08-27 17:16 . 2009-08-17 09:34 1674752 c:\windows\system32\dllcache\setup_wm.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 03:47 35760 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14-2-2011 12:27 294608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14-2-2011 12:27 17744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map 2011-02-14 c:\windows\Tasks\User_Feed_Synchronization-{C8CDEBEB-C8F4-4236-A3EA-32FA8E7D8D28}.job - c:\windows\system32\msfeedssync.exe [2009-08-17 09:36] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB . - - - - ORPHANS VERWIJDERD - - - - MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-14 16:02 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,c7,ba,83,69,22,42,4f,8d,ee,76,\ . Voltooingstijd: 2011-02-14 16:04:24 ComboFix-quarantined-files.txt 2011-02-14 15:04 ComboFix2.txt 2011-02-11 15:47 ComboFix3.txt 2011-02-11 12:31 ComboFix4.txt 2011-02-11 11:34 ComboFix5.txt 2011-02-14 14:55 Pre-Run: 15.151.013.888 bytes beschikbaar Post-Run: 15.149.105.152 bytes beschikbaar - - End Of File - - 614238B200B5754F992C0512E8E9CF68