Vraag & Antwoord

Beveiliging & privacy

Warning Spyware Detected

3 antwoorden
  • Een kennis heeft zijn laptop bij mij gebracht die steeds aangeeft dat er infecties zijn. Het bureau blad is blauw met een waarschuwing (afbeelding) [b:b393c76c27]Warning Spyware Detected[/b:b393c76c27] Inmiddels heb ik combofix al gebruikt, hier de log: ComboFix 08-06-05.3 - Compaq Presario 2008-06-06 15:31:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.128 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Compaq Presario\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active [color=red:b393c76c27][b:b393c76c27]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:b393c76c27][/color:b393c76c27] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Compaq Presario\Bureaublad\Error Cleaner.url C:\Documents and Settings\Compaq Presario\Bureaublad\Privacy Protector.url C:\Documents and Settings\Compaq Presario\Bureaublad\Spyware&Malware Protection.url C:\Documents and Settings\Compaq Presario\Favorieten\Error Cleaner.url C:\Documents and Settings\Compaq Presario\Favorieten\Privacy Protector.url C:\Documents and Settings\Compaq Presario\Favorieten\Spyware&Malware Protection.url C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\system32\awttutUm.dll C:\WINDOWS\system32\ngvnrjfg.ini C:\WINDOWS\system32\WinCtrl32.dll C:\WINDOWS\system32\xGMUvyay.ini C:\WINDOWS\system32\xGMUvyay.ini2 C:\WINDOWS\system32\yayvUMGx.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE (((((((((((((((((((( Bestanden Gemaakt van 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))) . 2008-06-06 06:10 . 2008-06-06 06:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-06-06 06:05 . 2008-06-06 06:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3 2008-06-06 04:16 . 2008-06-06 04:16 <DIR> dr-h----- C:\Documents and Settings\Compaq Presario\Onlangs geopend 2008-06-06 04:13 . 2008-06-06 04:13 <DIR> d-------- C:\Program Files\ESET 2008-06-06 04:13 . 2008-06-06 04:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-06 03:24 . 2008-06-06 03:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb 2008-06-06 03:21 . 2005-09-01 14:50 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen 2008-06-06 03:21 . 2005-09-01 16:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-06-06 03:21 . 2005-09-01 16:43 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving 2008-06-06 03:21 . 2005-09-01 16:43 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten 2008-06-06 03:21 . 2005-09-01 16:43 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-06-06 03:21 . 2005-09-01 16:43 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten 2008-06-06 03:21 . 2005-09-01 16:43 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad 2008-06-06 03:21 . 2008-06-06 03:24 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-06 02:59 . 2008-06-06 06:10 1,086 --a------ C:\WINDOWS\WINCMD.INI 2008-06-06 02:47 . 2008-06-06 02:47 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-06 02:47 . 2008-06-06 02:47 <DIR> d-------- C:\Documents and Settings\Compaq Presario\Application Data\U3 2008-06-05 10:19 . 2008-06-05 10:19 95,232 --a------ C:\WINDOWS\system32\gfjrnvgn.dll 2008-06-05 10:10 . 2008-06-05 10:10 <DIR> d-------- C:\Documents and Settings\Compaq Presario\Application Data\shc9c5j0ee0p 2008-06-05 10:09 . 2008-06-05 05:56 245,760 --a------ C:\WINDOWS\nogxfvblvrp.dll 2008-06-05 10:09 . 2008-06-05 05:56 180,224 --a------ C:\WINDOWS\adgpfoxs.dll 2008-06-05 10:09 . 2008-06-05 05:56 151,552 --a------ C:\WINDOWS\nmwegbsf.dll 2008-06-05 10:09 . 2008-06-05 05:56 94,208 --a------ C:\WINDOWS\eaps.exe 2008-06-05 10:09 . 2008-06-05 10:09 92,160 --a------ C:\WINDOWS\system32\lphcec5j0ee0p.exe 2008-06-05 10:09 . 2008-06-06 02:40 90,838 --a------ C:\WINDOWS\system32\phcec5j0ee0p.bmp 2008-06-05 10:09 . 2008-06-05 05:56 81,920 --a------ C:\WINDOWS\xbqmfsed.exe 2008-06-05 10:09 . 2008-06-06 02:40 52,736 --a------ C:\WINDOWS\system32\blphcec5j0ee0p.scr . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 02:15 --------- d-----w C:\Program Files\Aquatica Waterworlds 2008-06-06 01:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-06 01:07 --------- d-----w C:\Program Files\Symantec 2008-06-06 01:03 --------- d-----w C:\Program Files\CCleaner 2008-06-06 01:01 --------- d-----w C:\Program Files\Norton AntiVirus 2008-06-06 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-06-05 08:34 28,928 ----a-w C:\WINDOWS\system32\drivers\Winvb26.sys 2008-06-04 16:24 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-13 07:39 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe 2007-11-13 07:30 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-11-13 07:29 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2005-11-30 12:40 2,990,512 ----a-w C:\Program Files\hitmanpro231.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C607C322-F4DF-44B7-98F5-FCAE55BADEA0}] 2008-06-05 05:56 245760 --a------ C:\WINDOWS\nogxfvblvrp.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 09:19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744] "ATIModeChange"="Ati2mdxx.exe" [2003-12-08 06:17 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-15 21:00 335872] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-11-18 08:31 241664] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 10:03 110592 C:\WINDOWS\system32\bthprops.cpl] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "adgpfoxs"= {6F284B43-2642-4915-A7E6-3535FF3590C6} - C:\WINDOWS\adgpfoxs.dll [2008-06-05 05:56 180224] "erpobmsw"= {18D807A1-80EB-4BDA-AD8B-D091FDF7E768} - C:\WINDOWS\erpobmsw.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32] WinCtrl32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb26.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R0 Winvb26;Winvb26;C:\WINDOWS\system32\Drivers\Winvb26.sys [2008-06-05 10:34] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21] . Inhoud van de 'Gedeelde Taken' map "2008-01-11 14:01:13 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 15:40:04 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll -> C:\WINDOWS\system32\WinCtrl32.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\ApntEx.exe . ************************************************************************** . Voltooingstijd: 2008-06-06 15:44:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 13:44:03 Pre-Run: 30,554,705,920 bytes beschikbaar Post-Run: 30,481,301,504 bytes beschikbaar 151 --- E O F --- 2008-05-28 08:00:09 Deze heeft zo te zien al e.e.a. verwijderd. ------------------------------------------------ Meteen maar een HJT logje erbij: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:50, on 6-6-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: QXK Olive - {C607C322-F4DF-44B7-98F5-FCAE55BADEA0} - C:\WINDOWS\nogxfvblvrp.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing) O21 - SSODL: adgpfoxs - {6F284B43-2642-4915-A7E6-3535FF3590C6} - C:\WINDOWS\adgpfoxs.dll O21 - SSODL: erpobmsw - {18D807A1-80EB-4BDA-AD8B-D091FDF7E768} - C:\WINDOWS\erpobmsw.dll (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5610 bytes Welke helper wil mij even bijstaan om te kijken of er nog vervolg acties nodig zijn? Al vast bedankt.
  • Het ziet er volgens mij wel goed uit. Zijn er nog problemen dan? Dan had je het virus dat ik nu ook heb. Als het goed is misten er dus ook dingen uit je start menu en kan je niet in taakbeheer komen enzo? Ik heb gescand met AVG antivirus en bij mij is het nu weg. Ook moet je even rogueremover free downloaden. Dan updaten en scannen en doet zou het echt helemaal weg moeten zijn.
  • Klopt, diverse zaken waren geblokkeerd zoals inderdaad taakbeheer. Zover ik kan nagaan zijn er geen problemen meer en heeft combofix het meeste gespuis verwijderd :D NOD32 heeft daarna ook nog e.e.a. verwijderd en hij loopt weer als een zonnetje. Bedankt voor de tip rogueremover, maar het lijkt mij niet meer nodig.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.