ComboFix 12-01-13.05 - Gebruiker 14-01-2012 18:52:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1471.1151 [GMT -8:00]
Gestart vanuit: d:\documenten en settings\gebruiker\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\windows\alcrmv.exe
d:\documenten en settings\All Users\Menu Start\HP Image Zone .lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-15 to 2012-01-15 ))))))))))))))))))))))))))))))
.
.
2011-12-28 03:04 . 2011-12-28 03:12 -------- d-----w- C:\Xenofex 2
2011-12-27 05:04 . 2011-12-27 05:04 -------- d-----w- C:\Alien Skin
2011-12-27 05:03 . 2011-12-27 05:03 -------- d-----w- C:\Eye Candy 4000
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 10:50 . 2004-08-04 00:58 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:50 . 2004-08-04 00:58 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-21 08:02 . 2012-01-02 02:23 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-09-02 13:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-09-02 13:00 . 61A79E8D4A440095EA2EB9FD694CD1AE . 25600 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-27 39408]
"HijackThis startup scan"="c:\program files\Trend Micro\HiJackThis\HijackThis.exe" [2010-03-26 388096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26-12-2011 17:09 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26-12-2011 17:09 136176]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-27 01:09]
.
2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-27 01:09]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - d:\documenten en settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\go0m6gub.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2012-01-14 18:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2012-01-14 18:58:22
ComboFix-quarantined-files.txt 2012-01-15 02:58
.
Pre-Run: 87.869.317.120 bytes beschikbaar
Post-Run: 87.833.919.488 bytes beschikbaar
.
- - End Of File - - 19EE67D8E2AB8A01BB399CF232F2305A