ComboFix 09-04-04.01 - Administrator 2009-04-09 14:18:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.730 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: f:\malware\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . (((((((((((((((((((( Bestanden Gemaakt van 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))) . 2009-04-09 13:21 . 2009-04-09 13:21 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-09 13:21 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-09 13:21 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-09 11:52 . 2009-04-09 13:32 dr-h----- c:\documents and settings\Administrator\Onlangs geopend 2009-04-09 11:44 . 2009-04-09 11:46 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-04-09 11:40 . 2009-04-09 14:18 d-------- C:\quarantine 2009-04-09 11:04 . 2009-04-09 11:04 d-------- c:\program files\Trend Micro 2009-04-08 11:39 . 2008-12-21 01:03 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-04-08 11:39 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-04-08 11:39 . 2007-03-08 07:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-04-08 11:39 . 2008-12-21 01:03 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-04-08 11:39 . 2008-12-21 01:03 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-04-08 11:39 . 2008-12-21 01:03 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-04-08 11:39 . 2008-12-21 01:03 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-04-08 11:39 . 2008-12-21 01:03 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-04-08 11:39 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-04-08 11:33 . 2009-04-08 11:33 118 --a------ c:\windows\system32\MRT.INI 2009-04-08 11:17 . 2009-04-08 11:17 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-08 11:17 . 2009-04-08 11:17 d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-04-08 11:09 . 2009-04-08 11:09 99,332 --a------ c:\windows\mse.exe 2009-04-03 10:52 . 2009-04-03 10:52 d-------- c:\documents and settings\All Users\Application Data\[u]0[/u]0327937 2009-04-03 10:52 . 2009-04-08 11:08 d-------- c:\documents and settings\All Users\Application Data\[u]0[/u]0326937 2009-04-01 10:40 . 2009-04-01 10:40 d-------- c:\documents and settings\Administrator\Application Data\Logs 2009-03-31 11:24 . 2009-03-31 11:24 98,308 --a------ c:\windows\msc.exe 2009-03-26 13:48 . 2009-03-26 13:48 d-------- c:\program files\MSXML 4.0 2009-03-26 11:17 . 2008-06-14 19:36 272,640 --------- c:\windows\system32\drivers\bthport.sys 2009-03-26 11:17 . 2008-06-14 19:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-26 11:16 . 2008-08-14 15:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-26 11:16 . 2008-08-14 15:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-26 11:16 . 2008-08-14 15:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-26 11:16 . 2008-08-14 15:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-26 11:16 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-26 11:14 . 2009-04-09 10:37 d--h----- c:\windows\$hf_mig$ 2009-03-26 11:14 . 2006-09-06 17:43 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-03-10 15:09 . 2009-03-10 15:09 d-------- c:\windows\system32\IOSUBSYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-09 10:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-01 08:33 --------- d-----w c:\program files\Google 2009-03-24 10:35 25,088 ----a-w c:\windows\system32\userinit.exe 2009-03-19 08:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Image Zone Express 2009-03-02 10:24 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-02 09:38 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-17 11:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Belastingdienst 2009-02-09 14:08 1,846,912 ----a-w c:\windows\system32\win32k.sys . ------- Sigcheck ------- 2009-03-24 12:35 25088 9b18e2b6db69000da40ab377bdd8e2e9 c:\windows\system32\userinit.exe 2008-04-15 14:00 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TCASUTIEXE"="TCAUDIAG -off" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-01-13 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-01-13 114688] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-12-09 58464] R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2008-12-09 21233] R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2008-12-09 19534] S0 cerc6;cerc6; [x] S2 gupdate1c9927e6d0a2bcc;Google Updateservice (gupdate1c9927e6d0a2bcc);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 133104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map 2009-04-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 12:50] 2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 12:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyServer = ztmisa3:80 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-09 14:19:51 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'lsass.exe'(716) c:\windows\system32\EntApi.dll . Voltooingstijd: 2009-04-09 14:21:11 ComboFix-quarantined-files.txt 2009-04-09 12:21:08 ComboFix2.txt 2009-04-09 11:31:28 ComboFix3.txt 2009-04-09 09:44:07 Pre-Run: 13.900.316.672 bytes beschikbaar Post-Run: 13,894,082,560 bytes beschikbaar 134 --- E O F --- 2009-04-09 08:38:16