ComboFix 12-02-13.01 - Rianne 14-02-2012 15:26:34.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.597 [GMT 1:00] Gestart vanuit: c:\documents and settings\Rianne\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Rianne\Bureaublad\CFScript.txt AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . FILE :: "c:\windows\system32\1.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\666f5ccdc083047b37ce5bc5616c0b c:\666f5ccdc083047b37ce5bc5616c0b\amd64\filterpipelineprintproc.dll c:\666f5ccdc083047b37ce5bc5616c0b\amd64\msxpsdrv.cat c:\666f5ccdc083047b37ce5bc5616c0b\amd64\msxpsdrv.inf c:\666f5ccdc083047b37ce5bc5616c0b\amd64\msxpsinc.gpd c:\666f5ccdc083047b37ce5bc5616c0b\amd64\msxpsinc.ppd c:\666f5ccdc083047b37ce5bc5616c0b\amd64\mxdwdrv.dll c:\666f5ccdc083047b37ce5bc5616c0b\amd64\xpssvcs.dll c:\666f5ccdc083047b37ce5bc5616c0b\i386\filterpipelineprintproc.dll c:\666f5ccdc083047b37ce5bc5616c0b\i386\msxpsdrv.cat c:\666f5ccdc083047b37ce5bc5616c0b\i386\msxpsdrv.inf c:\666f5ccdc083047b37ce5bc5616c0b\i386\msxpsinc.gpd c:\666f5ccdc083047b37ce5bc5616c0b\i386\msxpsinc.ppd c:\666f5ccdc083047b37ce5bc5616c0b\i386\mxdwdrv.dll c:\666f5ccdc083047b37ce5bc5616c0b\i386\xpssvcs.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MEMSWEEP2 -------\Service_MEMSWEEP2 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))) . . . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-25 21:57 . 2008-04-15 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 14:40 . 2008-04-15 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 06:12 . 2008-04-15 12:00 60928 ----a-w- c:\windows\system32\packager.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-02-14_09.34.33 ))))))))))))))))))))))))))))))))))))))))) . + 2012-02-14 14:31 . 2012-02-14 14:31 16384 c:\windows\Temp\Perflib_Perfdata_520.dat + 2012-02-12 12:28 . 2012-02-14 11:22 76487 c:\windows\pchealth\helpctr\OfflineCache\index.dat - 2012-02-12 12:28 . 2012-02-12 12:28 76487 c:\windows\pchealth\helpctr\OfflineCache\index.dat + 2012-02-12 12:28 . 2012-02-14 11:22 2378 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2012-02-12 12:28 . 2012-02-14 11:20 8972 c:\windows\pchealth\helpctr\Config\Cntstore.bin . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-12 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-08-08 112632] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-08-08 1062224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128] "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437] "OE"="c:\program files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe" [2010-08-08 238928] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12-2-2012 14:08 196320] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12-2-2012 14:16 64080] R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24-2-2005 12:29 162176] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [12-2-2012 15:01 341072] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12-2-2012 15:29 136176] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12-2-2012 15:29 136176] . Inhoud van de 'Gedeelde Taken' map . 2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 14:29] . 2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 14:29] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.telegraaf.nl/ uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-14 15:32 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(404) c:\program files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEHook.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe c:\windows\System32\PAStiSvc.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Voltooingstijd: 2012-02-14 15:36:33 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-14 14:36 ComboFix2.txt 2012-02-14 09:36 . Pre-Run: 150.879.948.800 bytes beschikbaar Post-Run: 150.950.821.888 bytes beschikbaar . - - End Of File - - F3BBBCD0DD778244837D77696A713330