ComboFix 09-11-05.01 - administrator 06-11-2009 11:03.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.446.235 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator.HKUIJPER\Bureaublad\ComboFix.exe AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning disabled* (Outdated) {611BB719-8209-4835-8DD9-4EA45728D01C} FW: Trend Micro Client-Server Security Agent Firewall *disabled* {611BB719-8209-4835-8DD9-4EA45728D01C} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-2341419976-4154969138-3281525980-500 ----- BITS: Mogelijk geïnfecteerde sites ----- hxxp://hk-srv01:8530 . (((((((((((((((((((( Bestanden Gemaakt van 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))) . 2009-11-06 09:19 . 2009-11-06 09:19 19488 ----a-w- c:\documents and settings\Administrator.HKUIJPER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-06 08:09 . 2009-11-06 08:09 28 ----a-w- c:\documents and settings\Administrator.HKUIJPER\Application Data\Godlike\ultimatewt.dll 2009-11-06 08:09 . 2009-11-06 08:09 -------- d-----w- c:\documents and settings\Administrator.HKUIJPER\Application Data\Godlike 2009-11-06 08:09 . 2009-11-06 08:09 -------- d-----w- c:\program files\Godlike Developers 2009-11-06 07:45 . 2009-11-06 07:45 -------- d--h--r- c:\documents and settings\areijnen\Onlangs geopend 2009-11-05 12:11 . 2009-11-05 12:11 -------- d-----w- c:\documents and settings\areijnen\Local Settings\Application Data\Mozilla 2009-11-05 08:01 . 2009-11-06 08:38 -------- d--h--r- c:\documents and settings\Administrator.HKUIJPER\Onlangs geopend 2009-10-23 08:47 . 2009-10-23 08:47 -------- d-----w- c:\windows\system32\XPSViewer 2009-10-23 08:46 . 2009-10-23 08:46 -------- d-----w- c:\program files\MSBuild 2009-10-23 08:46 . 2009-10-23 08:46 -------- d-----w- c:\program files\Reference Assemblies 2009-10-23 08:45 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-23 08:45 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-10-23 08:45 . 2009-10-23 08:45 -------- d-----w- C:\3acaf9035133c910837ff9 2009-10-23 08:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-10-23 08:45 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-23 08:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-10-23 08:45 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-23 08:45 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-23 08:40 . 2009-10-23 08:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-10-21 16:20 . 2009-10-21 16:20 -------- d-sh--w- c:\documents and settings\areijnen\IECompatCache 2009-10-21 12:00 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-10-21 10:58 . 2009-10-21 10:58 -------- d-----w- c:\windows\ie8updates 2009-10-21 10:57 . 2009-08-29 08:00 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-10-21 10:57 . 2009-08-29 08:00 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-21 10:44 . 2009-10-21 10:44 -------- d-sh--w- c:\documents and settings\Administrator.HKUIJPER\PrivacIE 2009-10-21 10:40 . 2009-10-21 10:40 -------- d-sh--w- c:\documents and settings\Administrator.HKUIJPER\IETldCache 2009-10-21 10:28 . 2009-10-21 10:31 -------- dc-h--w- c:\windows\ie8 2009-10-21 09:21 . 2009-10-21 09:21 -------- d-----w- c:\documents and settings\Administrator.HKUIJPER\Local Settings\Application Data\Google 2009-10-21 09:19 . 2009-10-21 09:20 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-21 09:16 . 2009-10-21 09:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-21 09:15 . 2009-10-21 09:15 152576 ----a-w- c:\documents and settings\Administrator.HKUIJPER\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-21 08:56 . 2009-10-21 08:56 -------- d-----w- c:\documents and settings\NetworkService\Menu Start 2009-10-21 08:27 . 2008-04-14 20:09 88064 ------w- c:\windows\system32\dllcache\msxml6r.dll 2009-10-21 08:27 . 2008-09-10 01:16 1307648 ------w- c:\windows\system32\dllcache\msxml6.dll 2009-10-21 08:27 . 2008-04-14 20:09 88064 ------w- c:\windows\system32\msxml6r.dll 2009-10-21 08:27 . 2008-09-10 01:16 1307648 ----a-w- c:\windows\system32\msxml6.dll 2009-10-21 08:27 . 2008-04-14 20:32 1001472 ------w- c:\windows\system32\dllcache\wmvdmoe2.dll 2009-10-21 08:27 . 2008-04-14 20:32 897024 ------w- c:\windows\system32\dllcache\wmspdmoe.dll 2009-10-21 08:27 . 2008-04-14 20:32 221184 ------w- c:\windows\system32\dllcache\wmpns.dll 2009-10-21 08:27 . 2008-04-14 20:32 1119744 ------w- c:\windows\system32\dllcache\wmsdmoe2.dll 2009-10-21 08:27 . 2008-04-14 20:32 98304 ------w- c:\windows\system32\dllcache\wmpband.dll 2009-10-21 08:27 . 2008-04-14 20:32 114688 ------w- c:\windows\system32\dllcache\wmpasf.dll 2009-10-21 08:27 . 2008-04-14 20:32 151552 ------w- c:\windows\system32\dllcache\wmidx.dll 2009-10-21 08:27 . 2008-04-14 20:06 189952 ------w- c:\windows\system32\dllcache\wmerror.dll 2009-10-21 08:25 . 2008-04-14 20:32 53248 ------w- c:\windows\system32\tsgqec.dll 2009-10-21 08:25 . 2008-04-14 20:32 50688 ------w- c:\windows\system32\tspkg.dll 2009-10-21 08:25 . 2008-04-14 20:32 712704 ------w- c:\windows\system32\windowscodecs.dll 2009-10-21 08:25 . 2008-04-14 20:32 346112 ------w- c:\windows\system32\windowscodecsext.dll 2009-10-21 08:25 . 2008-04-14 20:32 69120 ------w- c:\windows\system32\wlanapi.dll 2009-10-21 08:25 . 2008-04-14 20:32 276992 ------w- c:\windows\system32\wmphoto.dll 2009-10-21 08:25 . 2008-04-14 20:33 32866 ------w- c:\windows\slrundll.exe 2009-10-21 08:25 . 2009-10-21 08:25 -------- d-----w- c:\windows\l2schemas 2009-10-21 08:25 . 2009-10-21 08:25 -------- d-----w- c:\windows\system32\nl 2009-10-21 08:25 . 2009-10-21 08:25 -------- d-----w- c:\windows\system32\bits 2009-10-21 08:12 . 2008-04-13 22:21 101120 ------w- c:\windows\system32\drivers\bthpan.sys 2009-10-19 07:58 . 2009-10-19 07:58 -------- d-----w- C:\temp 2009-10-19 07:53 . 2009-05-07 13:04 52752 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2009-10-19 07:53 . 2009-05-07 13:04 50192 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2009-10-19 07:53 . 2009-10-19 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro 2009-10-19 07:51 . 2009-10-19 07:51 -------- d-----w- c:\documents and settings\LocalService\Menu Start 2009-10-19 07:50 . 2009-10-19 09:01 74142 ----a-w- c:\windows\system32\prfc0413.dat 2009-10-19 07:50 . 2009-10-19 09:01 456270 ----a-w- c:\windows\system32\prfh0413.dat 2009-10-19 07:50 . 2009-10-19 07:50 -------- d-----w- c:\windows\system32\log 2009-10-19 07:49 . 2009-03-10 19:05 83728 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2009-10-16 07:31 . 2009-07-17 16:22 1440768 ------w- c:\windows\system32\dllcache\query.dll 2009-10-16 07:29 . 2009-09-04 21:05 58880 ------w- c:\windows\system32\dllcache\msasn1.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 08:26 . 2006-09-27 09:17 -------- d-----w- c:\program files\Trend Micro 2009-10-27 13:44 . 2007-08-16 15:37 19488 ----a-w- c:\documents and settings\areijnen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-26 08:34 . 2004-09-03 06:06 523174 ----a-w- c:\windows\system32\perfh013.dat 2009-10-26 08:34 . 2004-09-03 06:06 95348 ----a-w- c:\windows\system32\perfc013.dat 2009-10-21 09:38 . 2006-09-21 10:04 -------- d-----w- c:\program files\Java 2009-10-21 08:29 . 2004-09-03 05:54 89191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-09-11 14:20 . 2004-08-04 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2004-08-04 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2004-08-04 02:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2004-08-04 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-04 344064] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "FMStart"="c:\program files\GFI\FAXmaker Client\fmstart.exe" [2000-05-10 56832] "OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-06-02 935208] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384] "OE"="c:\program files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2009-05-13 492808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-21 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247] c:\documents and settings\areijnen\Menu Start\Programma's\Opstarten\ Client-Server Security Agent.lnk - c:\program files\Trend Micro\Client Server Security Agent\PccNTMon.exe [2005-11-2 935208] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "disablecad"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStartMenuSubFolders"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoPrinters"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoChangeAnimation"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\tmpreflt.sys [6-9-2006 19:27 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [30-10-2007 11:48 335376] S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [19-10-2009 8:53 50192] S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [6-9-2006 19:27 225296] S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\Trend Micro\Client Server Security Agent\TmPfw.exe [19-10-2009 8:49 497008] S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [19-10-2009 8:49 685320] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hp.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS VERWIJDERD - - - - AddRemove-{18AE8ACB-0419-45F6-9CF6-155E128A4BCE}_is1 - c:\program files\Godlike Developers\WinTools.net ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 11:08 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-21818731-2310255137-1897987711-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,51,ab,d5,31,ef,cc,46,af,19,d5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,51,ab,d5,31,ef,cc,46,af,19,d5,\ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(936) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2009-11-06 11:09 ComboFix-quarantined-files.txt 2009-11-06 10:09 Pre-Run: 68.499.271.680 bytes beschikbaar Post-Run: 68.509.507.584 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BEB065FDC92B5A57F07C2A9A739C7382