Hey Juisterr,
Hier ben ik weer.
Eerst en vooral bedankt voor zoveel moeite.
Ik heb gedaan wat je hierboven schreef en hieronder is de log van Combofix.
ComboFix 10-10-04.02 - leo 05-10-2010 19:54:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.197 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documenten\Server\admin.txt
c:\documents and settings\All Users\Documenten\Server\server.dat
c:\documents and settings\leo\Onlangs geopend\Thumbs.db
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\shimg.dll
Besmet exemplaar van c:\windows\system32\drivers\imapi.sys werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - Kitty had a snack
c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!
c:\windows\explorer.exe . . . is geïnfecteerd!!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-05 to 2010-10-05 ))))))))))))))))))))))))))))))
.
2010-10-05 15:19 . 2010-10-05 15:19 4100960 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-10-05 15:19 . 2010-10-05 15:19 2065760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-10-05 15:19 . 2010-10-05 15:19 4394336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-10-01 17:56 . 2010-10-01 17:56 8975800 ----a-w- c:\documents and settings\leo\Application Data\Azureus\tmp\AZU8938929296252887391.tmp\Vuze_4 .5.0.4c_win32.exe
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-23 13:58 . 2010-09-23 13:58 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 13:58 . 2010-09-23 13:58 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 13:58 . 2010-09-23 13:58 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 13:58 . 2010-09-23 13:58 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 13:58 . 2010-09-23 13:58 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 13:58 . 2010-09-23 13:58 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 13:56 . 2010-09-23 13:56 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-08 14:07 . 2010-09-08 14:11 -------- d-----w- c:\program files\Windows Live Safety Center
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-05 18:11 . 2010-03-01 18:28 -------- d-----w- c:\documents and settings\leo\Application Data\LimeWire
2010-10-05 17:36 . 2010-01-03 16:19 -------- d-----w- c:\documents and settings\leo\Application Data\HPAppData
2010-10-05 17:31 . 2010-04-28 16:06 -------- d-----w- c:\program files\Norton Security Scan
2010-10-05 17:31 . 2010-03-14 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-10-05 17:31 . 2010-03-17 17:04 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-01 17:58 . 2010-04-25 11:37 -------- d-----w- c:\documents and settings\leo\Application Data\Azureus
2010-09-29 12:22 . 2009-12-29 22:29 84072 ----a-w- c:\documents and settings\leo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 11:07 . 2009-12-31 17:48 -------- d-----w- c:\program files\Google
2010-09-27 12:38 . 2010-03-01 20:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-05 10:01 . 2010-09-05 10:01 61440 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-321009c8-n\decora-sse.dll
2010-09-05 10:01 . 2010-09-05 10:01 503808 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-48aa3318-n\msvcp71.dll
2010-09-05 10:01 . 2010-09-05 10:01 348160 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-48aa3318-n\msvcr71.dll
2010-09-05 10:01 . 2010-09-05 10:01 499712 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-48aa3318-n\jmc.dll
2010-09-05 10:01 . 2010-09-05 10:01 12800 ----a-w- c:\documents and settings\Evert\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-321009c8-n\decora-d3d.dll
2010-08-09 12:38 . 2010-08-09 12:38 503808 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4caa099b-n\msvcp71.dll
2010-08-09 12:38 . 2010-08-09 12:38 348160 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4caa099b-n\msvcr71.dll
2010-08-09 12:38 . 2010-08-09 12:38 61440 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-66e39b4e-n\decora-sse.dll
2010-08-09 12:38 . 2010-08-09 12:38 499712 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-4caa099b-n\jmc.dll
2010-08-09 12:38 . 2010-08-09 12:38 12800 ----a-w- c:\documents and settings\leo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-66e39b4e-n\decora-d3d.dll
2010-07-24 12:01 . 2010-07-24 12:01 61440 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4afaa843-n\decora-sse.dll
2010-07-24 12:01 . 2010-07-24 12:01 12800 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab 32-4afaa843-n\decora-d3d.dll
2010-07-24 12:01 . 2010-07-24 12:01 503808 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-7245bad8-n\msvcp71.dll
2010-07-24 12:01 . 2010-07-24 12:01 499712 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-7245bad8-n\jmc.dll
2010-07-24 12:01 . 2010-07-24 12:01 348160 ----a-w- c:\documents and settings\Bennert\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6a e-7245bad8-n\msvcr71.dll
2010-07-16 10:07 . 2009-12-30 17:16 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 10:07 . 2010-07-16 10:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 10:01 . 2009-12-30 17:16 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 15:51 . 2004-08-04 12:00 498912 ----a-w- c:\windows\system32\perfh013.dat
2010-07-13 15:51 . 2004-08-04 12:00 91832 ----a-w- c:\windows\system32\perfc013.dat
.
------- Sigcheck -------
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 10:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30-12-2009 19:16 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30-12-2009 19:16 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16-7-2010 12:07 308136]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
2010-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-10-05 20:17:28 - machine werd herstart
ComboFix-quarantined-files.txt 2010-10-05 18:17
Pre-Run: 31.838.318.592 bytes beschikbaar
Post-Run: 31.855.931.392 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - EAA3ECD9673A8751672746DC289E35CD
Weergegeven resultaten: 1 t/m 10 van 49
Discussie: Threat melding :-(
Threaded View
-
5 October 2010, 20:30 #11Up-to-date
- Geregistreerd
- 7 July 2005
- Locatie
- Temse
- Berichten
- 80
- Bedankjes
- 31
- Bedankt
- 2 keer in 2 posts
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
e-mail melding
Door gabriel in forum WindowsReacties: 7Laatste bericht: 3 February 2008, 18:05 -
NOD32 melding ??
Door g_man in forum MalwareReacties: 2Laatste bericht: 22 December 2007, 17:50 -
Melding in Hotmail
Door Bartmen in forum FeedbackReacties: 11Laatste bericht: 25 November 2007, 13:54 -
xml melding ? hmm
Door teken in forum InternetReacties: 3Laatste bericht: 3 November 2006, 19:24
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers