Ga naar inhoud

Aanbevolen berichten

Geplaatst:

ComboFix 09-03-06.02 - gebruiker 2009-03-07 21:15:22.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.705 [GMT 1:00]

Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt..txt

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

* Nieuw herstelpunt werd aangemaakt

FILE ::

c:\windows\f23567.dat

c:\windows\f5087.dat

c:\windows\freddy36.exe

c:\windows\nl09.exe

c:\windows\nl10.exe

c:\windows\nl49f4d98.dat

c:\windows\nlmark2.dat

c:\windows\pp2.exe

c:\windows\system32\nfr.assembly

c:\windows\system32\nfr.gpref

c:\windows\t55ft2788f44.dat

c:\windows\t55ft2789f44.dat

c:\windows\t55ft2799f44.dat

c:\windows\t55ft2807f44.dat

c:\windows\t55ft3223f44.dat

c:\windows\t55ft3518f44.dat

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\websrvx

c:\program files\websrvx\upx.exe

c:\windows\9gdfgjf23\

c:\windows\f23567.dat

c:\windows\f5087.dat

c:\windows\freddy36.exe

c:\windows\nl09.exe

c:\windows\nl10.exe

c:\windows\nl49f4d98.dat

c:\windows\nlmark2.dat

c:\windows\pp2.exe

c:\windows\system32\nfr.assembly

c:\windows\system32\nfr.gpref

c:\windows\t55ft2788f44.dat

c:\windows\t55ft2789f44.dat

c:\windows\t55ft2799f44.dat

c:\windows\t55ft2807f44.dat

c:\windows\t55ft3223f44.dat

c:\windows\t55ft3518f44.dat

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-02-07 to 2009-03-07 ))))))))))))))))))))))))))))))

.

2009-03-07 11:05 . 2009-03-07 11:05 12,800 --a------ c:\windows\system32\dll32.dll

2009-03-05 23:35 . 2009-03-05 23:35 <DIR> d-------- c:\documents and settings\gebruiker\Application Data\Malwarebytes

2009-03-05 23:35 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-05 23:35 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-05 23:34 . 2009-03-05 23:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-05 23:34 . 2009-03-05 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-05 22:45 . 2009-03-05 22:45 <DIR> d-------- c:\program files\Trend Micro

2009-03-05 20:05 . 2009-03-05 20:05 1 --a------ c:\windows\9gdfgjf23

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-05 19:32 --------- d-----w c:\documents and settings\All Users\Application Data\avg7

2009-02-24 10:30 --------- d-----w c:\program files\Lx_cats

2009-02-02 15:29 --------- d-----w c:\documents and settings\gebruiker\Application Data\AVG7

2009-01-25 20:51 --------- d-----w c:\program files\Football Generation

2009-01-18 20:01 --------- d-----w c:\documents and settings\gebruiker\Application Data\LimeWire

2008-10-23 13:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102320081024\index.dat

2008-10-26 12:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\MSHist012008102620081027\index.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-03-07_15.36.19.76 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-07 20:21:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1200128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]

"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-27 590848]

"QuickTime Task"="c:\windows\system32\qttask.exe" [2007-09-03 28672]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056]

"LXCDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]

"lxcdmon.exe"="c:\program files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]

"EzPrint"="c:\program files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 c:\windows\AGRSMMSG.exe]

"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-08-17 219136]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-05 22:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-11-30 19:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= DivXa32.acm

"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"ibmmessages"=c:\program files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

"TP4EX"=tp4ex.exe

"TPHOTKEY"=c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

"EZEJMNAP"=c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray

"TPKMAPHELPER"=c:\program files\ThinkPad\Utilities\TpKmapAp.exe -helper

"ibmmessages"=c:\program files\IBM\Messages By IBM\\ibmmessages.exe

"ACWLIcon"=c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe

"ACTray"=c:\program files\ThinkPad\ConnectUtilities\ACTray.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"80:TCP"= 80:TCP:websrvx

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-03-02 100656]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-03-02 19760]

R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-05-10 11520]

R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-05-10 6016]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]

S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2008-12-25 38656]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2009-03-06 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 05:51]

2009-03-07 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-pp - c:\windows\pp2.exe

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://breedband.telenet.be

mWindow Title = Telenet Internet

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game07.zylom.com/activex/zylomgamesplayer.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-07 21:21:56

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16????????????????????????

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(876)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(932)

c:\program files\ThinkPad\ConnectUtilities\ACGina.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACON.dll

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll

c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll

c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll

c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\progra~1\Grisoft\AVG7\avgamsvr.exe

c:\progra~1\Grisoft\AVG7\avgupsvc.exe

c:\progra~1\Grisoft\AVG7\avgemc.exe

c:\program files\IBM\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Raxco\PerfectDisk\PDAgent.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\TPHDEXLG.exe

c:\windows\system32\TpKmpSvc.exe

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\ati2evxx.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\windows\system32\acs.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\lxcdcoms.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

.

**************************************************************************

.

Voltooingstijd: 2009-03-07 21:27:54 - machine werd herstart

ComboFix-quarantined-files.txt 2009-03-07 20:27:52

ComboFix2.txt 2009-03-07 14:37:44

Pre-Run: 6.287.441.920 bytes beschikbaar

Post-Run: 6,304,731,136 bytes beschikbaar

244 --- E O F --- 2009-03-06 09:00:19

Dat was ik vergeten. Mijn excuses,

Ben

Geplaatst:

Deze vetgedrukte map mag je nog verwijderen met Windows Verkenner :

c:\windows\9gdfgjf23

En dan opruimen :

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Geplaatst:

Hartelijk bedankt voor al uw tijd en moeite die je hierin gestoken hebt. ( Zo heb je waarschijnlijk al een kast vol :D)

Filmpje bekijken via Facebook had in dit geval wel wat gevolgen.

Groeten en tot ...

Ben

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.