ComboFix 10-01-22.03 - Floor 23-01-2010 13:02:13.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.31.1043.18.510.395 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\scan.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\h8srtmainqt.dll c:\program files\Drmupgds c:\program files\Drmupgds\Drmupgds.exe c:\program files\Temporary c:\program files\Temporary\kernInst.exe c:\windows\b122.exe c:\windows\clmcs.exe c:\windows\mrofinu1148.exe c:\windows\Qtime.exe c:\windows\svchost.exe c:\windows\system32\drivers\fad.sys c:\windows\system32\drivers\H8SRTvxtawrfued.sys c:\windows\system32\H8SRTbwwopxmbph.dll c:\windows\system32\H8SRTfjkpaayscv.dll c:\windows\system32\h8srtkrl32mainweq.dll c:\windows\system32\H8SRTwbuxtatsbm.dat c:\windows\system32\H8SRTwuctfdxbdw.dll c:\windows\system32\H8SRTwxeymrqfoh.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\Microsoft\backup.ftp c:\windows\system32\Microsoft\backup.tftp c:\windows\system32\srcr.dat c:\windows\system32\ttlms.exe c:\windows\system32\qmgr.dll . . . is geïnfecteerd!! Besmet exemplaar van c:\windows\SYSTEM32\FTP.EXE werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\i386\FTP.EXE Besmet exemplaar van c:\windows\SYSTEM32\TFTP.EXE werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\i386\TFTP.EXE . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys -------\Legacy_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE -------\Legacy_TTLMS -------\Service_Generic Host Process for Win-32 Service -------\Legacy_Management_Consultants_(CLMCs) -------\Service_Management Consultants (CLMCs) (((((((((((((((((((( Bestanden Gemaakt van 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))) . 2010-01-23 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-23 11:51 . 2010-01-23 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-01-23 11:51 . 2010-01-23 11:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-23 11:51 . 2010-01-07 15:07 18520 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-23 11:49 . 2010-01-23 11:49 -------- d-s---w- c:\documents and settings\Administrator\UserData 2010-01-16 13:26 . 2010-01-16 13:26 388096 ----a-r- c:\documents and settings\Floor\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-16 13:26 . 2010-01-16 13:26 -------- d-----w- c:\program files\TrendMicro 2010-01-16 13:26 . 2010-01-16 13:26 -------- d-s---w- c:\documents and settings\Floor\UserData . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 12:12 . 2003-03-27 11:16 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-11-28 19:44 . 2003-03-27 11:02 53850 ----a-w- c:\windows\system32\PERFC013.DAT 2009-11-28 19:44 . 2003-03-27 11:02 364882 ----a-w- c:\windows\system32\PERFH013.DAT 2003-03-27 11:17 . 2003-03-27 11:17 32 --sha-w- c:\windows\{6A4151B6-1472-4E79-BEA6-3971A48F6907}.dat 2003-03-27 11:17 . 2003-03-27 11:17 32 --sha-w- c:\windows\SYSTEM32\{BC1751C7-A5DD-46DD-AFA4-42DBBBE7E3A9}.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2002-08-20 1511453] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-06 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-06 114688] "CARPService"="carpserv.exe" [2002-10-17 4608] "DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-09-03 50864] "ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-09-03 34488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-11 13312] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-27 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\SYSTEM32\DRIVERS\A311.sys [1-1-1980 1:00 30263] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\SYSTEM32\DRIVERS\A310.sys [1-1-1980 1:00 32823] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - ALG *NewlyCreated* - IPNAT . Inhoud van de 'Gedeelde Taken' map 2008-02-13 c:\windows\Tasks\Norton AntiVirus - Mijn computer scannen.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-09-03 21:28] 2003-04-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-03-27 20:49] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mStart Page = hxxp://www.euro.dell.com/ uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/ IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS VERWIJDERD - - - - HKU-Default-Run-Drmupgds - c:\program files\Drmupgds\Drmupgds.exe SafeBoot-TTLMS SafeBoot-W32MVS AddRemove-Carlson - c:\program files\Common Files\Carlson\carlton -u ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 13:11 Windows 5.1.2600 Service Pack 1 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\System32\ODBC32.dll - - - - - - - > 'lsass.exe'(660) c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(2848) c:\windows\System32\msi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\windows\System32\carpserv.exe c:\program files\Norton AntiVirus\navapsvc.exe c:\program files\Dell\AccessDirect\DadTray.exe . ************************************************************************** . Voltooingstijd: 2010-01-23 13:16:15 - machine werd herstart ComboFix-quarantined-files.txt 2010-01-23 12:16 Pre-Run: 15.564.558.336 bytes beschikbaar Post-Run: 15.834.693.632 bytes beschikbaar winxpsp1_nl_hom_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect - - End Of File - - 25C61132DDB0B421AD7D93FF4BE4B4E5