Vraag & Antwoord

Beveiliging & privacy

TROJAN VUNDO

11 antwoorden
  • Goedendag, Er is laatst iets op de computer geinstalleerd en sindsdien heb ik last van een trojan.vundo. HIj zegt File: C:\WINNT\syste32\hgdax.dll. Dit virus valt niet te verwijderen via spyware doctor en Hitman pro en noem maar op. Geen van de virus scanners kan 'm vinden. Ik heb nu hijackthis gedownload en daar is de volgende .txt bestand uitgekomen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:13, on 2008-01-03 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Server\Apache2\Apache2\bin\Apache.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Server\Apache2\Apache2\bin\Apache.exe C:\Server\MySQL\bin\mysqld-nt.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\rundll32.exe C:\WINNT\system32\regsvr32.exe C:\WINNT\system32\regsvr32.exe C:\WINNT\system32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iFinger\iFinger.exe C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr .Exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F3 - REG:win.ini: load=C:\WINNT\system32\hgdax.exe O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINNT\system32\efcyxxv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Aircppao\yehfpjrk.dll O2 - BHO: (no name) - {91E17C53-63D3-472D-B006-858C8BD4435F} - C:\WINNT\system32\hgdax.dll O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [{8B-B3-3E-E8-ZN}] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BundleDownloader\27.ex_ P2D002 O4 - HKLM\..\Run: [PostCast Server] C:\Server\PostCast Server\postcastserver.exe O4 - HKLM\..\Run: [rerilwrs] rundll32.exe "C:\Program Files\mzezmtqz\yfmpyhyf.dll",Init O4 - HKLM\..\Run: [pepiraha] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pepiraha.dll" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [kdapmnmd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kdapmnmd.dll" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm .exe" O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: .protected O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: .protected O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINNT\system32\SHDOCVW.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O20 - Winlogon Notify: efcyxxv - C:\WINNT\SYSTEM32\efcyxxv.dll O23 - Service: Apache2 - Apache Software Foundation - C:\Server\Apache2\Apache2\bin\Apache.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: MySQL - Unknown owner - C:\Server\MySQL\bin\mysqld-nt (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 7304 bytes Wat moet ik nu doen om dit probleem te kunnen oplossen?
  • Hoi Montinio, Download [b:3b2bb4ef24][url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url][/b:3b2bb4ef24] naar je [b:3b2bb4ef24]bureaublad[/b:3b2bb4ef24] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:3b2bb4ef24]download Combofix opnieuw[/b:3b2bb4ef24]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:3b2bb4ef24]combofix.exe[/u:3b2bb4ef24] Kies voor "Continue" door [b:3b2bb4ef24]1[/b:3b2bb4ef24] te typen gevolgd door [b:3b2bb4ef24]ENTER[/b:3b2bb4ef24]. Tijdens het runnen van de fix, [b:3b2bb4ef24]NIET[/b:3b2bb4ef24] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:3b2bb4ef24]combofix.txt[/b:3b2bb4ef24] openen. [i:3b2bb4ef24]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:3b2bb4ef24] Succes! Pim
  • Ik heb dus combofix.exe gedownload en dus de auto scan er overlaten gaan. De scan eindigt met voltooid deel_1. Verder gaat de scan niet. Combofix geeft ook geen melding voor herstart etc.. Dus ik herstart zelf, maar ik krijg helemaal geen log met combofix.txt in het beeld. Wat is het probleem?
  • Ga naar start --> uitvoeren en typ daar: [b:af270e79ac]Combofix /u[/b:af270e79ac] Dit zal Combofix verwijderen. Daarna download combofix opnieuw: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe Probeer via bovenstaande methode een log hiermee te maken. Mocht dit weer niet lukken, verwijder Combofix opnieuw, download het opnieuw, start je computer in [url=http://users.telenet.be/marcvn/spyware/1378056.htm]Veilige modus[/url] en probeer op die manier een log te maken :) Succes! Pim
  • Gelukt:) Combofix deed het wel in veilige modus. Hier is de combofix.txt: ComboFix 08-01-05.1 - Administrator 2008-01-05 12:05:22.11 - [color=red:84b22000e3][b:84b22000e3]FAT32[/b:84b22000e3][/color:84b22000e3]x86 MINIMAL Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1043.18.398 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\.protected C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\.protected C:\Documents and Settings\All Users\Application Data.\clolkraz.dll C:\Documents and Settings\All Users\Application Data.\ejopqpmn.dll C:\Documents and Settings\All Users\Application Data.\hezotubq.dll C:\Documents and Settings\All Users\Application Data.\kdapmnmd.dll C:\Documents and Settings\All Users\Application Data.\lwxehmrs.dll C:\Documents and Settings\All Users\Application Data.\pepiraha.dll C:\Documents and Settings\All Users\Application Data.\sfynexkt.dll C:\Documents and Settings\All Users\Application Data.\zcxefcbu.dll C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\.protected C:\Program Files\Aircppao C:\Program Files\Aircppao\yehfpjrk.dll C:\Program Files\Gxtazgkf C:\Program Files\Gxtazgkf\ahvjvnto.dll C:\Program Files\Idgvsxyx C:\Program Files\Idgvsxyx\zneglhac.dll C:\Program Files\Jhkswxoc C:\Program Files\Jhkswxoc\jvvipule.dll C:\Program Files\Lqoccqmd C:\Program Files\Lqoccqmd\gfuqmzje.dll C:\Program Files\Microsoft ActiveSync\wcescomm .exe C:\Program Files\Mkdrrxjl C:\Program Files\Mkdrrxjl\sxlyigvz.dll C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\mzezmtqz C:\Program Files\mzezmtqz\yfmpyhyf.dll C:\Program Files\Qzkrzynl C:\Program Files\Qzkrzynl\zylisfry.dll C:\Program Files\SecCenter C:\Program Files\SecCenter\scprot4 .exe C:\Program Files\SecCenter\scprot4.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe C:\Program Files\Zjaqswas C:\Program Files\Zjaqswas\tjdzksdp.dll C:\WINNT\.protected C:\WINNT\PerfInfo C:\WINNT\PerfInfo\3xOm4hqJMWuc.exe C:\WINNT\PerfInfo\3xOm4hqJMWud.exe C:\WINNT\ppqvmpqr C:\WINNT\ppqvmpqr\1.png C:\WINNT\ppqvmpqr\2.png C:\WINNT\ppqvmpqr\3.png C:\WINNT\ppqvmpqr\4.png C:\WINNT\ppqvmpqr\5.png C:\WINNT\ppqvmpqr\6.png C:\WINNT\ppqvmpqr\bottom-rc.gif C:\WINNT\ppqvmpqr\content.png C:\WINNT\ppqvmpqr\download.gif C:\WINNT\ppqvmpqr\frame-bottom-left.gif C:\WINNT\ppqvmpqr\frame-h1bg.gif C:\WINNT\ppqvmpqr\head.png C:\WINNT\ppqvmpqr\indexuc.html C:\WINNT\ppqvmpqr\indexud.html C:\WINNT\ppqvmpqr\main.css C:\WINNT\ppqvmpqr\net.png C:\WINNT\ppqvmpqr\pc-mag.gif C:\WINNT\ppqvmpqr\pc.gif C:\WINNT\ppqvmpqr\poloska1.png C:\WINNT\ppqvmpqr\poloska2.png C:\WINNT\ppqvmpqr\poloska3.png C:\WINNT\ppqvmpqr\promouc1.html C:\WINNT\ppqvmpqr\promouc2.html C:\WINNT\ppqvmpqr\promouc3.html C:\WINNT\ppqvmpqr\promouc4.html C:\WINNT\ppqvmpqr\promouc5.html C:\WINNT\ppqvmpqr\promoud1.html C:\WINNT\ppqvmpqr\promoud2.html C:\WINNT\ppqvmpqr\promoud3.html C:\WINNT\ppqvmpqr\promoud4.html C:\WINNT\ppqvmpqr\promoud5.html C:\WINNT\ppqvmpqr\reg.png C:\WINNT\ppqvmpqr\repair.png C:\WINNT\ppqvmpqr\scr-1.png C:\WINNT\ppqvmpqr\scr-2.png C:\WINNT\ppqvmpqr\styles.css C:\WINNT\ppqvmpqr\top-rc.gif C:\WINNT\ppqvmpqr\vline.gif C:\WINNT\system32\drivers\etc\.protected C:\WINNT\system32\efcyxxv.dll C:\WINNT\system32\fccdccb.dll C:\WINNT\system32\hgdax.dll C:\WINNT\system32\hgdax.exe C:\WINNT\system32\mcrh.tmp C:\WINNT\system32\ndaTqsVqrX.dll C:\WINNT\system32\njprckha C:\WINNT\system32\njprckha\bg1.gif C:\WINNT\system32\njprckha\bgtop.gif C:\WINNT\system32\njprckha\bottom1.gif C:\WINNT\system32\njprckha\essentials.gif C:\WINNT\system32\njprckha\icon1.ico C:\WINNT\system32\njprckha\install1.gif C:\WINNT\system32\njprckha\left1.gif C:\WINNT\system32\njprckha\li.gif C:\WINNT\system32\njprckha\logo.gif C:\WINNT\system32\njprckha\main.htm C:\WINNT\system32\njprckha\mainframe.htm C:\WINNT\system32\njprckha\njprckha1.exe C:\WINNT\system32\njprckha\njprckha2.exe C:\WINNT\system32\njprckha\njprckha3.exe C:\WINNT\system32\njprckha\reinstall1.gif C:\WINNT\system32\njprckha\right1.gif C:\WINNT\system32\njprckha\s1.htm C:\WINNT\system32\njprckha\s2.htm C:\WINNT\system32\njprckha\s3.htm C:\WINNT\system32\njprckha\SMTop1.gif C:\WINNT\system32\njprckha\SMTop2.gif C:\WINNT\system32\njprckha\SMTop3.gif C:\WINNT\system32\njprckha\SMTop4.gif C:\WINNT\system32\njprckha\soft1_off.gif C:\WINNT\system32\njprckha\soft1_off_ext.gif C:\WINNT\system32\njprckha\soft1_on.gif C:\WINNT\system32\njprckha\soft1_on_ext.gif C:\WINNT\system32\njprckha\soft2_off.gif C:\WINNT\system32\njprckha\soft2_off_ext.gif C:\WINNT\system32\njprckha\soft2_on.gif C:\WINNT\system32\njprckha\soft2_on_ext.gif C:\WINNT\system32\njprckha\soft3_off.gif C:\WINNT\system32\njprckha\soft3_off_ext.gif C:\WINNT\system32\njprckha\soft3_on.gif C:\WINNT\system32\njprckha\soft3_on_ext.gif C:\WINNT\system32\njprckha\softbottom_off.gif C:\WINNT\system32\njprckha\softbottom_on.gif C:\WINNT\system32\njprckha\softleft_off.gif C:\WINNT\system32\njprckha\softleft_on.gif C:\WINNT\system32\njprckha\top1.gif C:\WINNT\system32\njprckha\top2.gif C:\WINNT\system32\njprckha\turnoff1.gif C:\WINNT\system32\njprckha\turnon1.gif C:\WINNT\system32\xadgh.ini C:\WINNT\system32\xadgh.ini2 [code:1:84b22000e3] <pre> "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray .exe" moved to QooBox "C:\Program Files\SecCenter\scprot4 .exe" moved to QooBox "C:\Program Files\MSN Messenger\msnmsgr .exe" replaces infected copy of "C:\Program Files\MSN Messenger\msnmsgr.exe" "C:\Program Files\Microsoft ActiveSync\wcescomm .exe" moved to QooBox "C:\Program Files\Microsoft ActiveSync\wcescomm .exe" replaces infected copy of "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" </pre> [/code:1:84b22000e3] . . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))) . 2008-01-05 12:11 . 08-01-05 12:11 0 --a----t- C:\ib4 2008-01-05 12:11 . 08-01-05 12:11 0 --a----t- C:\ib3 2008-01-05 12:11 . 08-01-05 12:11 0 --a----t- C:\ib2 2008-01-05 10:03 . 00-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe 2008-01-04 16:55 . 08-01-04 16:55 <DIR> d-------- C:\FOUND.002 2008-01-03 18:58 . 08-01-03 18:58 <DIR> d-------- C:\WINNT\vkhdjtck 2008-01-03 13:12 . 08-01-03 13:12 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-29 10:47 . 07-10-18 00:16 79,688 --a------ C:\WINNT\system32\drivers\iksyssec.sys 2007-12-29 10:47 . 07-10-18 00:15 62,280 --a------ C:\WINNT\system32\drivers\iksysflt.sys 2007-12-29 10:47 . 07-10-18 00:14 41,288 --a------ C:\WINNT\system32\drivers\ikfilesec.sys 2007-12-29 10:47 . 07-10-18 00:16 29,000 --a------ C:\WINNT\system32\drivers\kcom.sys 2007-12-29 10:46 . 07-12-29 10:46 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-12-29 10:46 . 07-12-29 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2007-12-29 10:46 . 05-09-23 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll 2007-12-29 10:46 . 02-05-15 16:16 462,848 --a------ C:\WINNT\system32\msaatext.dll 2007-12-29 10:46 . 02-05-15 16:16 360,448 --a------ C:\WINNT\system32\oleacc.dll 2007-12-29 10:46 . 02-05-15 16:16 360,448 --a------ C:\WINNT\system32\dllcache\oleacc.dll 2007-12-29 10:46 . 02-05-15 16:16 356,352 --a------ C:\WINNT\system32\oleaccrc.dll 2007-12-29 10:46 . 02-05-15 16:16 356,352 --a------ C:\WINNT\system32\dllcache\oleaccrc.dll 2007-12-29 10:22 . 07-12-29 10:22 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-27 16:25 . 07-12-27 16:25 <DIR> d-------- C:\FOUND.001 2007-12-27 11:54 . 07-12-27 11:54 104,448 --a------ C:\WINNT\system32\drvjef.dll 2007-12-27 11:46 . 07-12-27 11:46 <DIR> d-------- C:\Program Files\Game_Maker7 2007-12-27 11:46 . 07-12-27 11:46 0 --ah----- C:\WINNT\SwSys2.bmp 2007-12-27 11:46 . 07-12-27 11:46 0 --ah----- C:\WINNT\SwSys1.bmp 2007-12-26 12:55 . 07-12-29 20:41 1,092 --a------ C:\WINNT\system32\d3d8caps.dat 2007-12-26 12:20 . 07-12-26 12:20 <DIR> d-------- C:\Program Files\Game_Maker6 2007-12-25 11:59 . 07-12-25 11:59 <DIR> d-------- C:\Program Files\Chami 2007-12-23 13:57 . 00-01-14 17:14 45,568 -ra------ C:\WINNT\UniFish3.exe 2007-12-23 13:56 . 07-12-23 13:56 <DIR> d-------- C:\Program Files\Hasbro Interactive 2007-12-08 14:50 . 07-12-08 14:51 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-29 14:33 2,705,408 ----a-w C:\WINNT\system32\dllcache\MSHTML.DLL 2007-10-27 19:33 1,226,752 ----a-w C:\WINNT\system32\quartz.dll 2007-10-27 19:33 1,226,752 ----a-w C:\WINNT\system32\dllcache\quartz.dll 2007-10-24 17:00 222,720 ----a-w C:\WINNT\system32\wmasf.dll 2007-10-24 17:00 222,720 ------w C:\WINNT\system32\dllcache\wmasf.dll 2007-10-24 17:00 2,064,384 ------w C:\WINNT\system32\dllcache\wmvcore.dll 2007-10-17 07:23 96,016 ----a-w C:\WINNT\system32\dllcache\mqlogmgr.dll 2007-10-17 07:23 8,464 ------w C:\WINNT\system32\dllcache\mqrperf.dll 2007-10-17 07:23 77,072 ----a-w C:\WINNT\system32\dllcache\mqdscli.dll 2007-10-17 07:23 71,440 ----a-w C:\WINNT\system32\dllcache\mqsec.dll 2007-10-17 07:23 50,448 ----a-w C:\WINNT\system32\dllcache\mqclus.dll 2007-10-17 07:23 440,592 ----a-w C:\WINNT\system32\dllcache\mqqm.dll 2007-10-17 07:23 42,256 ----a-w C:\WINNT\system32\dllcache\mqdssrv.dll 2007-10-17 07:23 404,240 ----a-w C:\WINNT\system32\dllcache\mqsnap.dll 2007-10-17 07:23 30,992 ------w C:\WINNT\system32\dllcache\mqcertui.dll 2007-10-17 07:23 293,648 ----a-w C:\WINNT\system32\dllcache\mq1repl.dll 2007-10-17 07:23 29,968 ------w C:\WINNT\system32\dllcache\mqdbodbc.dll 2007-10-17 07:23 267,536 ----a-w C:\WINNT\system32\dllcache\mqmigrat.dll 2007-10-17 07:23 23,824 ----a-w C:\WINNT\system32\dllcache\mqupgrd.dll 2007-10-17 07:23 228,624 ----a-w C:\WINNT\system32\dllcache\mqoa.dll 2007-10-17 07:23 218,384 ----a-w C:\WINNT\system32\dllcache\mqads.dll 2007-10-17 07:23 164,624 ------w C:\WINNT\system32\dllcache\msmqocm.dll 2007-10-17 07:23 117,008 ----a-w C:\WINNT\system32\dllcache\mqutil.dll 2007-10-17 07:23 102,672 ----a-w C:\WINNT\system32\dllcache\mqrt.dll 2007-10-17 07:23 10,000 ----a-w C:\WINNT\system32\dllcache\mqperf.dll 2007-10-17 07:17 26,384 ------w C:\WINNT\system32\dllcache\mqbkup.exe 2007-10-16 13:51 98,064 ----a-w C:\WINNT\system32\dllcache\mqmig.exe 2007-10-16 13:51 77,712 ------w C:\WINNT\system32\dllcache\mqac.sys 2007-10-16 13:51 14,096 ----a-w C:\WINNT\system32\dllcache\mq1sync.exe 2007-10-16 13:51 14,096 ------w C:\WINNT\system32\dllcache\mqsvc.exe 2007-10-11 15:21 70,144 ----a-w C:\WINNT\system32\dllcache\INSENG.DLL 2007-10-11 15:21 580,096 ----a-w C:\WINNT\system32\dllcache\WININET.DLL 2007-10-11 15:21 498,176 ----a-w C:\WINNT\system32\dllcache\MSTIME.DLL 2007-10-11 15:21 463,872 ----a-w C:\WINNT\system32\dllcache\URLMON.DLL 2007-10-11 15:21 403,456 ----a-w C:\WINNT\system32\dllcache\SHLWAPI.DLL 2007-10-11 15:21 236,032 ----a-w C:\WINNT\system32\dllcache\IEPEERS.DLL 2007-10-11 15:21 143,872 ----a-w C:\WINNT\system32\dllcache\CDFVIEW.DLL 2007-10-11 15:21 132,096 ----a-w C:\WINNT\system32\dllcache\MSRATING.DLL 2007-10-11 15:21 1,340,416 ----a-w C:\WINNT\system32\dllcache\SHDOCVW.DLL 2007-10-11 15:21 1,018,880 ----a-w C:\WINNT\system32\dllcache\BROWSEUI.DLL 2007-10-11 09:31 12,288 ----a-w C:\WINNT\system32\dllcache\JSPROXY.DLL 2007-10-11 09:30 351,744 ----a-w C:\WINNT\system32\dllcache\DXTMSFT.DLL 2007-10-11 09:30 34,816 ----a-w C:\WINNT\system32\dllcache\PNGFILT.DLL 2007-10-11 09:30 192,512 ----a-w C:\WINNT\system32\dllcache\DXTRANS.DLL 2006-10-02 11:23 271 ---h--w C:\Program Files\desktop.ini 2006-10-02 11:23 22,085 ---h--w C:\Program Files\folder.htt 2006-06-22 19:34 217 ----a-w C:\Program Files\setup.ini 2006-05-16 20:29 290,816 ----a-w C:\Program Files\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe 2000-01-10 23:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . [code:1:84b22000e3]<pre> ----a-w 1,065,800 2008-01-03 09:56:42 C:\Program Files\Spyware Doctor\SDTrayApp .exe ----a-w 20,058,152 2007-12-28 10:57:20 C:\Program Files\Skype\Phone\Skype .exe ----a-w 35,328 2007-12-28 10:56:06 C:\Program Files\Winamp\winampa .exe </pre>[/code:1:84b22000e3] ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} {41C29B07-6F91-4966-91BE-2E2841643C83} [HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}] [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1] [HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}] [HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [08-01-05 09:19 6856704] "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm .exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 21:05 112400 C:\WINNT\system32\mobsync.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "PostCast Server"="C:\Server\PostCast Server\postcastserver.exe" [ ] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [ ] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 21:05 189200] C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 11:15:56] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-12-25 15:54:40] iFinger 2.0.lnk - C:\Program Files\iFinger\iFinger.exe [2007-01-16 20:20:35] Monitor Apache Servers.lnk - C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe [2005-10-09 19:17:20] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync] WcesWlgn.dll 06-06-27 19:23 14120 C:\WINNT\system32\WcesWlgn.dll R1 oreans32;oreans32;C:\WINNT\system32\drivers\oreans32.sys [07-08-09 11:21 ] R3 EL90BC;3Com EtherLink XL B/C Adapter-stuurprogramma;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 20:22 ] R3 ichaud;Service voor AC'97-stuurprogramma (WDM);C:\WINNT\system32\drivers\ichaud.sys [99-10-22 22:54 ] S3 K320bus;Sony Ericsson K320 driver (WDM);C:\WINNT\system32\DRIVERS\K320bus.sys [06-08-18 11:10 ] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 12:15:09 Windows 5.0.2195 Service Pack 4 FAT NTAPI detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-05 12:18:11 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-01-05 11:18:00 . 2007-12-14 15:12:32 --- E O F --- EN HIER HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:26:35, on 5-1-2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Server\Apache2\Apache2\bin\Apache.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINNT\System32\svchost.exe C:\Server\MySQL\bin\mysqld-nt.exe C:\Server\Apache2\Apache2\bin\Apache.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iFinger\iFinger.exe C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [PostCast Server] C:\Server\PostCast Server\postcastserver.exe O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm .exe" O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINNT\system32\SHDOCVW.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Apache2 - Apache Software Foundation - C:\Server\Apache2\Apache2\bin\Apache.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: MySQL - Unknown owner - C:\Server\MySQL\bin\mysqld-nt (file missing) O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6030 bytes :) Wat te doen nu?
  • Belangrijk dat je deze stappen zo snel mogelijk achter elkaar uitvoert! 1. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:c9e55a83be] Folder:: C:\WINNT\vkhdjtck C:\FOUND.001 C:\FOUND.002 File:: C:\WINNT\system32\drvjef.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "8E718888-423F-11D2-876E-00A0C9082467"=- "41C29B07-6F91-4966-91BE-2E2841643C83"=- [-HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}] [-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1] [-HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}] [-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic] [/b:c9e55a83be] Sla dit op op je Bureaublad als [b:c9e55a83be]CFScript.txt[/b:c9e55a83be] Sleep [b:c9e55a83be]CFScript.txt[/b:c9e55a83be] in [b:c9e55a83be]ComboFix.exe[/b:c9e55a83be] zoals getoond in onderstaand voorbeeld : [img:c9e55a83be]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:c9e55a83be] Dit zal [b:c9e55a83be]ComboFix[/b:c9e55a83be] doen herstarten. Start opnieuw op als daarom gevraagd wordt. 2. Download [url=http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe]RenV.exe[/url] naar je Bureaublad. Open Kladblok, kopiëer en plak het volgende (ENKEL de INHOUD van het code-venster) in een leeg venster: [code:1:c9e55a83be] ----a-w 1,065,800 2008-01-03 09:56:42 C:\Program Files\Spyware Doctor\SDTrayApp .exe ----a-w 20,058,152 2007-12-28 10:57:20 C:\Program Files\Skype\Phone\Skype .exe ----a-w 35,328 2007-12-28 10:56:06 C:\Program Files\Winamp\winampa .exe [/code:1:c9e55a83be] Sla dit op op je Bureaublad als [b:c9e55a83be]Log.txt[/b:c9e55a83be] Sleep [b:c9e55a83be]Log.txt[/b:c9e55a83be] in [b:c9e55a83be]RenV.exe[/b:c9e55a83be] zoals getoond in onderstaand voorbeeld: [img:c9e55a83be]http://img.photobucket.com/albums/v666/sUBs/RenV.gif[/img:c9e55a83be] 3. Ga naar [url=http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html][b:c9e55a83be][color=blue:c9e55a83be]Kaspersky Online Scanner[/color:c9e55a83be][/b:c9e55a83be][/url] en klik onderaan op [b:c9e55a83be]Accept[/b:c9e55a83be]. Deze scanner werkt uitsluitend met [color=blue:c9e55a83be]Internet Explorer 6 en hoger[/color:c9e55a83be] !! Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. [b:c9e55a83be]Sta dit toe[/b:c9e55a83be].[list:c9e55a83be][*:c9e55a83be]Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op [b:c9e55a83be]Next[/b:c9e55a83be]. [*:c9e55a83be]Klik vervolgens op de toets [b:c9e55a83be]Scan Settings[/b:c9e55a83be]. Onder de tekst [i:c9e55a83be]Scan using the following antivirus database[/i:c9e55a83be]: kies je de tweede mogelijkheid: [b:c9e55a83be]extended - protect your[/b:c9e55a83be] ..... Onder de tekst [i:c9e55a83be]Scan options[/i:c9e55a83be]: zet je de twee vinkjes: [b:c9e55a83be]Scan Archives[/b:c9e55a83be] .... en [b:c9e55a83be]Scan Mail Bases[/b:c9e55a83be] .... [*:c9e55a83be]Klik dan op de toets [b:c9e55a83be]OK[/b:c9e55a83be]. [*:c9e55a83be]Start nu het scannen door op de tekst [color=blue:c9e55a83be][b:c9e55a83be]My Computer[/b:c9e55a83be][/color:c9e55a83be] te klikken. [img:c9e55a83be]http://www.jawwi.nl/english/tutorials/kaspersky/image/img6s.jpg[/img:c9e55a83be] Hou er rekening mee dat deze scan een tijdje in beslag neemt. [*:c9e55a83be]Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan. Klik op de toets [b:c9e55a83be]Save Report As[/b:c9e55a83be] te klikken. Sla het rapport op je Bureaublad op met als naam [b:c9e55a83be]kavscan.txt[/b:c9e55a83be][/list:u:c9e55a83be] Post dit rapport in je volgende bericht. Post dit rapport, [b:c9e55a83be]samen met een vers combofix[/b:c9e55a83be] logje in je volgende bericht. Succes! Pim
  • Het is gelukt. Hier is de kavscan.txt ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, January 06, 2008 1:04:25 PM Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/01/2008 Kaspersky Anti-Virus database records: 503040 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Scan Statistics: Total number of scanned objects: 31517 Number of viruses found: 14 Number of infected objects: 88 Number of suspicious objects: 0 Duration of the scan process: 02:01:27 Infected Object Name / Virus Name / Last Action C:\WINNT\system32\config\software.LOG Object is locked skipped C:\WINNT\system32\config\default.LOG Object is locked skipped C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped C:\WINNT\system32\config\SAM.LOG Object is locked skipped C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped C:\WINNT\system32\config\SECURITY Object is locked skipped C:\WINNT\system32\config\SOFTWARE Object is locked skipped C:\WINNT\system32\config\SYSTEM Object is locked skipped C:\WINNT\system32\config\DEFAULT Object is locked skipped C:\WINNT\system32\config\SAM Object is locked skipped C:\WINNT\system32\Perflib_Perfdata_2ec.dat Object is locked skipped C:\WINNT\Debug\PASSWD.LOG Object is locked skipped C:\WINNT\Debug\oakley.log Object is locked skipped C:\WINNT\Debug\ipsecpa.log Object is locked skipped C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINNT\WindowsUpdate.log Object is locked skipped C:\WINNT\SchedLgU.Txt Object is locked skipped C:\WINNT\CSC\00000001 Object is locked skipped C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Default User\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08980000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0000.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000001.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09080000.VBN Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ABC0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC00001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC00002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ABC0002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA40002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A1C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A400000.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A280000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A3C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AEC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08C40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01340000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\093C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\075C0000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01100000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F00001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06900000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01100001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B00000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B00001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\MSHist012008010620080107\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Administrator\Bureaublad\Mappen\Yme spul\OmertaScript.exe/file01 Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped C:\Documents and Settings\Administrator\Bureaublad\Mappen\Yme spul\OmertaScript.exe Inno: infected - 1 skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\history.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\parent.lock Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\search.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\index2.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\profile256.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\voicemail256.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\chat512.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\call256.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\callmember256.dbb Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\user1024.dbb Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll Infected: not-a-virus:AdWare.Win32.BHO.lq skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20080104-201640-846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20080104-201640-719.dll Infected: Trojan.Win32.Obfuscated.mi skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped C:\Program Files\Omerta Script\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\pepiraha.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\kdapmnmd.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\ejopqpmn.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\sfynexkt.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\lwxehmrs.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\zcxefcbu.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\clolkraz.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\hezotubq.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Aircppao\yehfpjrk.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Mkdrrxjl\sxlyigvz.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Jhkswxoc\jvvipule.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Qzkrzynl\zylisfry.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Idgvsxyx\zneglhac.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Gxtazgkf\ahvjvnto.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Zjaqswas\tjdzksdp.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\Program Files\Lqoccqmd\gfuqmzje.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped C:\QooBox\Quarantine\C\WINNT\system32\njprckha\njprckha1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.aa skipped C:\QooBox\Quarantine\C\WINNT\system32\njprckha\njprckha3.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped C:\QooBox\Quarantine\C\WINNT\system32\fccdccb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped C:\QooBox\Quarantine\C\WINNT\system32\drvjef.dll.vir Infected: Trojan.Win32.Dialer.yz skipped C:\QooBox\Quarantine\catchme2008-01-05_121445.12.zip/efcyxxv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped C:\QooBox\Quarantine\catchme2008-01-05_121445.12.zip/hgdax.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped C:\QooBox\Quarantine\catchme2008-01-05_121445.12.zip ZIP: infected - 2 skipped Scan process completed. EN HIER IS DE VERSE COMBOFIX.TXT ComboFix 08-01-05.1 - Administrator 06-01-2008 13:10:15.13 - [color=red:8fcb62a4a2][b:8fcb62a4a2]FAT32[/b:8fcb62a4a2][/color:8fcb62a4a2]x86 MINIMAL Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1043.18.400 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))) . 2008-01-06 13:10 . 06-01-08 13:10 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_1b4.dat 2008-01-06 13:06 . 06-01-08 13:06 464,058 ---h----- C:\WINNT\ShellIconCache 2008-01-06 10:54 . 06-01-08 10:54 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab 2008-01-06 10:54 . 06-01-08 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-05 10:03 . 31-08-00 08:00 51,200 --a------ C:\WINNT\NirCmd.exe 2008-01-03 13:12 . 03-01-08 13:12 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-29 10:47 . 18-10-07 00:16 79,688 --a------ C:\WINNT\system32\drivers\iksyssec.sys 2007-12-29 10:47 . 18-10-07 00:15 62,280 --a------ C:\WINNT\system32\drivers\iksysflt.sys 2007-12-29 10:47 . 18-10-07 00:14 41,288 --a------ C:\WINNT\system32\drivers\ikfilesec.sys 2007-12-29 10:47 . 18-10-07 00:16 29,000 --a------ C:\WINNT\system32\drivers\kcom.sys 2007-12-29 10:46 . 29-12-07 10:46 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-12-29 10:46 . 29-12-07 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2007-12-29 10:46 . 23-09-05 08:29 626,688 --a------ C:\WINNT\system32\msvcr80.dll 2007-12-29 10:46 . 15-05-02 16:16 462,848 --a------ C:\WINNT\system32\msaatext.dll 2007-12-29 10:46 . 15-05-02 16:16 360,448 --a------ C:\WINNT\system32\oleacc.dll 2007-12-29 10:46 . 15-05-02 16:16 360,448 --a------ C:\WINNT\system32\dllcache\oleacc.dll 2007-12-29 10:46 . 15-05-02 16:16 356,352 --a------ C:\WINNT\system32\oleaccrc.dll 2007-12-29 10:46 . 15-05-02 16:16 356,352 --a------ C:\WINNT\system32\dllcache\oleaccrc.dll 2007-12-29 10:22 . 29-12-07 10:22 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-27 11:46 . 27-12-07 11:46 0 --ah----- C:\WINNT\SwSys2.bmp 2007-12-27 11:46 . 27-12-07 11:46 0 --ah----- C:\WINNT\SwSys1.bmp 2007-12-26 12:55 . 29-12-07 20:41 1,092 --a------ C:\WINNT\system32\d3d8caps.dat 2007-12-26 12:20 . 26-12-07 12:20 <DIR> d-------- C:\Program Files\Game_Maker6 2007-12-25 11:59 . 25-12-07 11:59 <DIR> d-------- C:\Program Files\Chami 2007-12-23 13:57 . 14-01-00 17:14 45,568 -ra------ C:\WINNT\UniFish3.exe 2007-12-08 14:50 . 08-12-07 14:51 <DIR> d-------- C:\Program Files\LimeWire . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-29 14:33 2,705,408 ----a-w C:\WINNT\system32\dllcache\MSHTML.DLL 2007-10-27 19:33 1,226,752 ----a-w C:\WINNT\system32\quartz.dll 2007-10-27 19:33 1,226,752 ----a-w C:\WINNT\system32\dllcache\quartz.dll 2007-10-24 17:00 222,720 ----a-w C:\WINNT\system32\wmasf.dll 2007-10-24 17:00 222,720 ------w C:\WINNT\system32\dllcache\wmasf.dll 2007-10-24 17:00 2,064,384 ------w C:\WINNT\system32\dllcache\wmvcore.dll 2007-10-17 07:23 96,016 ----a-w C:\WINNT\system32\dllcache\mqlogmgr.dll 2007-10-17 07:23 8,464 ------w C:\WINNT\system32\dllcache\mqrperf.dll 2007-10-17 07:23 77,072 ----a-w C:\WINNT\system32\dllcache\mqdscli.dll 2007-10-17 07:23 71,440 ----a-w C:\WINNT\system32\dllcache\mqsec.dll 2007-10-17 07:23 50,448 ----a-w C:\WINNT\system32\dllcache\mqclus.dll 2007-10-17 07:23 440,592 ----a-w C:\WINNT\system32\dllcache\mqqm.dll 2007-10-17 07:23 42,256 ----a-w C:\WINNT\system32\dllcache\mqdssrv.dll 2007-10-17 07:23 404,240 ----a-w C:\WINNT\system32\dllcache\mqsnap.dll 2007-10-17 07:23 30,992 ------w C:\WINNT\system32\dllcache\mqcertui.dll 2007-10-17 07:23 293,648 ----a-w C:\WINNT\system32\dllcache\mq1repl.dll 2007-10-17 07:23 29,968 ------w C:\WINNT\system32\dllcache\mqdbodbc.dll 2007-10-17 07:23 267,536 ----a-w C:\WINNT\system32\dllcache\mqmigrat.dll 2007-10-17 07:23 23,824 ----a-w C:\WINNT\system32\dllcache\mqupgrd.dll 2007-10-17 07:23 228,624 ----a-w C:\WINNT\system32\dllcache\mqoa.dll 2007-10-17 07:23 218,384 ----a-w C:\WINNT\system32\dllcache\mqads.dll 2007-10-17 07:23 164,624 ------w C:\WINNT\system32\dllcache\msmqocm.dll 2007-10-17 07:23 117,008 ----a-w C:\WINNT\system32\dllcache\mqutil.dll 2007-10-17 07:23 102,672 ----a-w C:\WINNT\system32\dllcache\mqrt.dll 2007-10-17 07:23 10,000 ----a-w C:\WINNT\system32\dllcache\mqperf.dll 2007-10-17 07:17 26,384 ------w C:\WINNT\system32\dllcache\mqbkup.exe 2007-10-16 13:51 98,064 ----a-w C:\WINNT\system32\dllcache\mqmig.exe 2007-10-16 13:51 77,712 ------w C:\WINNT\system32\dllcache\mqac.sys 2007-10-16 13:51 14,096 ----a-w C:\WINNT\system32\dllcache\mq1sync.exe 2007-10-16 13:51 14,096 ------w C:\WINNT\system32\dllcache\mqsvc.exe 2007-10-11 15:21 70,144 ----a-w C:\WINNT\system32\dllcache\INSENG.DLL 2007-10-11 15:21 580,096 ----a-w C:\WINNT\system32\dllcache\WININET.DLL 2007-10-11 15:21 498,176 ----a-w C:\WINNT\system32\dllcache\MSTIME.DLL 2007-10-11 15:21 463,872 ----a-w C:\WINNT\system32\dllcache\URLMON.DLL 2007-10-11 15:21 403,456 ----a-w C:\WINNT\system32\dllcache\SHLWAPI.DLL 2007-10-11 15:21 236,032 ----a-w C:\WINNT\system32\dllcache\IEPEERS.DLL 2007-10-11 15:21 143,872 ----a-w C:\WINNT\system32\dllcache\CDFVIEW.DLL 2007-10-11 15:21 132,096 ----a-w C:\WINNT\system32\dllcache\MSRATING.DLL 2007-10-11 15:21 1,340,416 ----a-w C:\WINNT\system32\dllcache\SHDOCVW.DLL 2007-10-11 15:21 1,018,880 ----a-w C:\WINNT\system32\dllcache\BROWSEUI.DLL 2007-10-11 09:31 12,288 ----a-w C:\WINNT\system32\dllcache\JSPROXY.DLL 2007-10-11 09:30 351,744 ----a-w C:\WINNT\system32\dllcache\DXTMSFT.DLL 2007-10-11 09:30 34,816 ----a-w C:\WINNT\system32\dllcache\PNGFILT.DLL 2007-10-11 09:30 192,512 ----a-w C:\WINNT\system32\dllcache\DXTRANS.DLL 2006-10-02 11:23 271 ---h--w C:\Program Files\desktop.ini 2006-10-02 11:23 22,085 ---h--w C:\Program Files\folder.htt 2006-06-22 19:34 217 ----a-w C:\Program Files\setup.ini 2006-05-16 20:29 290,816 ----a-w C:\Program Files\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe 2000-01-10 23:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((( snapshot@za 2008-01-05_12.16.22.73 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-05 15:54:18 57,196 ----a-w C:\WINNT\.jagex_cache_32\loginapplet\cache--444661539.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINNT\erdnt\subs\F3M\ERDNT.EXE + 2005-05-24 11:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 14:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 14:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [28-12-07 11:57 20058152] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-01-08 09:19 6856704] "H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm .exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [19-06-03 21:05 112400 C:\WINNT\system32\mobsync.exe] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [28-12-07 11:56 35328] "PostCast Server"="C:\Server\PostCast Server\postcastserver.exe" [ ] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [ ] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [03-01-08 10:56 1065800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [19-06-03 21:05 189200] C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 11:15:56] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-12-25 15:54:40] iFinger 2.0.lnk - C:\Program Files\iFinger\iFinger.exe [2007-01-16 20:20:35] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync] WcesWlgn.dll 27-06-06 19:23 14120 C:\WINNT\system32\WcesWlgn.dll S1 oreans32;oreans32;C:\WINNT\system32\drivers\oreans32.sys [09-08-07 11:21 ] S3 EL90BC;3Com EtherLink XL B/C Adapter-stuurprogramma;C:\WINNT\system32\DRIVERS\el90xbc5.sys [23-10-99 20:22 ] S3 ichaud;Service voor AC'97-stuurprogramma (WDM);C:\WINNT\system32\drivers\ichaud.sys [22-10-99 22:54 ] S3 K320bus;Sony Ericsson K320 driver (WDM);C:\WINNT\system32\DRIVERS\K320bus.sys [18-08-06 11:10 ] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-06 13:12:04 Windows 5.0.2195 Service Pack 4 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINNT\system32\winlogon.exe -> C:\WINNT\system32\NavLogon.dll . Voltooingstijd: 06-01-2008 13:12:47 ComboFix-quarantined-files.txt 2008-01-06 12:12:44 ComboFix3.txt 2008-01-05 11:18:16 ComboFix2.txt 2008-01-06 09:46:20 . 2007-12-14 15:12:32 --- E O F --- Wat te doen nu :) ?
  • Ziet er prima uit :) Hoe is het inmiddels met je problemen?
  • Nou ik moet zeggen, dat de computer veel sneller is en ik heb geen last meer van het virus :D Heel erg bedankt voor deze duidelijke hulp:). Mvg, Montinio
  • Graag gedaan Montinio :wink: Doe het volgende nog even :) Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] (by Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:a712af1236]Select All[/b:a712af1236]. Klik op de knop [b:a712af1236]Empty Selected[/b:a712af1236]. Het volgende doen als je ook [u:a712af1236]FireFox[/u:a712af1236] als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:a712af1236]Select All[/b:a712af1236]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:a712af1236]Empty Selected.[/b:a712af1236] Het volgende doen als je ook [u:a712af1236]Opera[/u:a712af1236] als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:a712af1236]Select All[/b:a712af1236]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:a712af1236]Empty Selected[/b:a712af1236]. Ga naar het tabblad "Main" en klik op de knop [b:a712af1236]Exit[/b:a712af1236] om het programma af te sluiten. Deinstalleer Combofix: Ga naar start --> uitvoeren en typ daar: [b:a712af1236]combofix /u[/b:a712af1236] Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Pim
  • Oke is goed. Bedankt voor alles _o_ :D Groeten, Montinio:)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.