ComboFix 09-04-04.01 - Administrator 2009-04-09 14:18:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.1022.730 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: f:\malware\CFScript.txt
* Nieuw herstelpunt werd aangemaakt
* Resident AV is active
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-03-09 to 2009-04-09 ))))))))))))))))))))))))))))))
.
2009-04-09 13:21 . 2009-04-09 13:21
d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 13:21 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-09 13:21 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-09 11:52 . 2009-04-09 13:32 dr-h----- c:\documents and settings\Administrator\Onlangs geopend
2009-04-09 11:44 . 2009-04-09 11:46 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 11:40 . 2009-04-09 14:18 d-------- C:\quarantine
2009-04-09 11:04 . 2009-04-09 11:04 d-------- c:\program files\Trend Micro
2009-04-08 11:39 . 2008-12-21 01:03 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-04-08 11:39 . 2007-04-17 11:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-08 11:39 . 2007-03-08 07:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-08 11:39 . 2008-12-21 01:03 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-04-08 11:39 . 2008-12-21 01:03 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-08 11:39 . 2008-12-21 01:03 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-04-08 11:39 . 2008-12-21 01:03 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-04-08 11:39 . 2008-12-21 01:03 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-08 11:39 . 2008-12-19 11:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-04-08 11:33 . 2009-04-08 11:33 118 --a------ c:\windows\system32\MRT.INI
2009-04-08 11:17 . 2009-04-08 11:17 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-08 11:17 . 2009-04-08 11:17 d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-04-08 11:09 . 2009-04-08 11:09 99,332 --a------ c:\windows\mse.exe
2009-04-03 10:52 . 2009-04-03 10:52 d-------- c:\documents and settings\All Users\Application Data\[u]0[/u]0327937
2009-04-03 10:52 . 2009-04-08 11:08 d-------- c:\documents and settings\All Users\Application Data\[u]0[/u]0326937
2009-04-01 10:40 . 2009-04-01 10:40 d-------- c:\documents and settings\Administrator\Application Data\Logs
2009-03-31 11:24 . 2009-03-31 11:24 98,308 --a------ c:\windows\msc.exe
2009-03-26 13:48 . 2009-03-26 13:48 d-------- c:\program files\MSXML 4.0
2009-03-26 11:17 . 2008-06-14 19:36 272,640 --------- c:\windows\system32\drivers\bthport.sys
2009-03-26 11:17 . 2008-06-14 19:36 272,640 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-26 11:16 . 2008-08-14 15:27 2,193,536 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-26 11:16 . 2008-08-14 15:27 2,149,888 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-26 11:16 . 2008-08-14 15:27 2,070,400 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-26 11:16 . 2008-08-14 15:27 2,028,544 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-26 11:16 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-26 11:14 . 2009-04-09 10:37 d--h----- c:\windows\$hf_mig$
2009-03-26 11:14 . 2006-09-06 17:43 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-03-10 15:09 . 2009-03-10 15:09 d-------- c:\windows\system32\IOSUBSYS
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 10:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 08:33 --------- d-----w c:\program files\Google
2009-03-24 10:35 25,088 ----a-w c:\windows\system32\userinit.exe
2009-03-19 08:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Image Zone Express
2009-03-02 10:24 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 09:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-17 11:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Belastingdienst
2009-02-09 14:08 1,846,912 ----a-w c:\windows\system32\win32k.sys
.
------- Sigcheck -------
2009-03-24 12:35 25088 9b18e2b6db69000da40ab377bdd8e2e9 c:\windows\system32\userinit.exe
2008-04-15 14:00 26112 6818a533ed3b2fa9936df3daf45352df c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG -off" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-01-13 114688]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-12-09 58464]
R2 tcaicchg;tcaicchg;c:\windows\system32\TCAICCHG.SYS [2008-12-09 21233]
R2 TCAITDI;TCAITDI Protocol;c:\windows\system32\drivers\TCAITDI.SYS [2008-12-09 19534]
S0 cerc6;cerc6; [x]
S2 gupdate1c9927e6d0a2bcc;Google Updateservice (gupdate1c9927e6d0a2bcc);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
2009-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 12:50]
2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-19 12:39]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = ztmisa3:80
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 14:19:51
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\EntApi.dll
.
Voltooingstijd: 2009-04-09 14:21:11
ComboFix-quarantined-files.txt 2009-04-09 12:21:08
ComboFix2.txt 2009-04-09 11:31:28
ComboFix3.txt 2009-04-09 09:44:07
Pre-Run: 13.900.316.672 bytes beschikbaar
Post-Run: 13,894,082,560 bytes beschikbaar
134 --- E O F --- 2009-04-09 08:38:16