Mededeling

Collapse
No announcement yet.

'Essa voce precisa VER', huisgenoot

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    'Essa voce precisa VER', huisgenoot

    Hallo allen,

    Gisteren heb ik m'n eigen pc 'schoon' gemaakt na een besmetting via e-mail.

    zie: http://www.nucia.eu/forum/showthread.php?t=32463

    Omdat de 'beruchte' e-mail ook naar m'n huisgenoot werd verstuurd (vanaf mijn pc), is zijn pc ook besmet geraakt (vermoedelijk).

    Volgende heb ik reeds uitgevoerd:

    - AdAware erop;
    Scan 1 gaf vooral cookies. Verwijderen van alle cookies lukte niet zomaar.
    Er bleven een stuk of 85 van de 350 zoveel 'achter'.

    - Spybot Search and Destroy erop, maar tijdens het updaten liep deze vast: geen updates beschikbaar.. (vreemd).

    hmm.. reboot, en omdat ik gisteren de tip reeds kreeg om m'n eigen java versie te updaten daar ook maar even naar gekeken: alle JRE 5 updates verwijderd, idem voor de Jave 6 update 1 en 2.

    Nog een keer Adware draaien: weer het zelfde aantal niet weg te krijgen.
    ATF gedraait: ruimte maar liefst 2 GB (!) aan data op.

    RVAXO gedraait: kreeg exact dezelfde log als gisteren (alleen een andere user name):

    Log:
    ----------------RVAXO.exe first run-------------

    Files found:

    C:\WINDOWS\lnk_dados_2.dll
    C:\Documents and Settings\Blauw\user.dat
    C:\Documents and Settings\Blauw\Emails.dat
    C:\WINDOWS\Media\LTaskup.exe

    Uninstallers Rogue scanners:


    Folders Found:


    Hosts-file was reset, If you use a custom hosts file please replace it...

    --------------RVAXO.exe last run---------------

    Files found:

    Folders Found:

    --------------RVAXO.exe finished----------------



    Toen Adaware nog eens gedraait, en nu gingen wel alle besmettingen (cookies) eraf.

    Spybot Search and Destroy gedraait: Kon nu ineens wel updaten. Laten draaien en 2 zaken verwijderd (iets met firewall bypass en nog een register sleutel.

    Dus aldus: HijackThis gedraait, en hier 't logfiletje:



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:53:07, on 19-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\CNAB4RPK.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
    O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://server/Remote/msrdp.cab
    O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

    --
    End of file - 12352 bytes

    Hebben we hier te maken met een besmet systeem, of is ie ondertussen weer brandschoon?
    Labels: Geen
    • Citaat
  • #2
    Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      Combofix gedraaid; geen reboot waargenomen, wel een aantal meldingen van
      SpybotS&D (op 'toestaan' gedrukt).


      Combofix log:

      ComboFix 07-12-19.3 - Blauw 2007-12-19 15:10:15.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.145 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\Blauw\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
      .

      2007-12-19 14:04 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2007-12-19 14:03 . 2007-12-19 14:03 <DIR> d-------- C:\Program Files\Common Files\Java
      2007-12-19 13:52 . 2007-12-19 13:52 <DIR> d-------- C:\Program Files\Trend Micro
      2007-12-19 12:22 . 2007-12-19 12:22 <DIR> d-------- C:\Documents and Settings\Blauw\Application Data\gtopala
      2007-12-19 11:45 . 2007-12-19 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2007-12-19 10:33 . 2007-12-19 10:33 <DIR> d-------- C:\Program Files\Lavasoft
      2007-12-19 10:32 . 2007-12-19 10:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2007-12-19 10:32 . 2007-12-19 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2007-12-18 16:35 . 2007-12-18 16:35 10 --a------ C:\Documents and Settings\Gast\user.dat
      2007-12-18 16:35 . 2007-12-18 16:35 0 --a------ C:\Documents and Settings\Gast\Emails.dat
      2007-11-27 21:34 . 2007-11-27 21:34 <DIR> d-------- C:\Program Files\MSECache
      2007-11-27 21:33 . 2007-11-27 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2007-11-20 00:14 . 2007-11-20 00:14 <DIR> d-------- C:\Program Files\GeoVid
      2007-11-20 00:14 . 2007-11-20 00:16 <DIR> d-------- C:\Documents and Settings\Blauw\Application Data\GeoVid
      2007-11-20 00:14 . 2005-06-07 16:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-12-19 14:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-12-19 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2007-12-19 14:02 --------- d-----w C:\Program Files\SPAMfighter
      2007-12-19 13:04 --------- d-----w C:\Program Files\Java
      2007-12-13 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2007-11-21 21:05 --------- d-----w C:\Program Files\Norton Internet Security
      2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
      2007-11-06 00:07 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
      2007-11-06 00:07 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
      2007-11-06 00:07 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
      2007-11-06 00:07 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
      2007-11-06 00:07 --------- d-----w C:\Program Files\Symantec
      2007-10-31 20:11 --------- d-----w C:\Documents and Settings\Blauw\Application Data\OpenOffice.org2
      2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
      2007-10-30 18:55 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
      2007-10-30 18:55 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
      2007-10-30 18:55 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
      2007-10-30 18:55 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
      2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
      2007-10-30 18:55 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
      2007-10-30 18:55 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
      2007-10-30 18:55 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
      2007-10-30 18:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
      2007-10-30 18:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-29 17:14 --------- d-----w C:\Program Files\Common Files\Application
      2007-10-29 17:14 --------- d-----w C:\Program Files\Common Files\Ankiro
      2007-10-27 15:31 --------- d-----w C:\Program Files\Uniblue
      2007-10-27 15:31 --------- d-----w C:\Documents and Settings\Blauw\Application Data\Uniblue
      2007-10-26 17:58 --------- d-----w C:\Documents and Settings\Blauw\Application Data\Windows Desktop Search
      2007-10-26 17:57 --------- d-----w C:\Program Files\Windows Desktop Search
      2007-10-26 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2007-10-20 19:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3
      2007-10-20 19:23 --------- d-----w C:\Program Files\Open Office
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 07:09]
      "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe"
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 21:05]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
      "InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1999-12-14 10:12]
      "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 10:42]
      "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-13 23:16]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 22:11]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
      "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 00:11]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
      "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
      "RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-14 10:42]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

      C:\Documents and Settings\Blauw\Menu Start\Programma's\Opstarten\
      Mediacontrole Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-26 23:23:07]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-04-12 17:17:53]
      Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-01]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

      R2 RCFOX;SonicWALL IPsec Driver;C:\WINDOWS\system32\Drivers\RCFOX.sys [2003-09-29 14:06]
      R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 15:29]
      R3 rcvpn;SonicWALL VPN Adapter;C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 14:01]
      S3 SIWIO;SIWIO;C:\WINDOWS\TEMP\SiwIo.sys

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a24d6718-ae22-11dc-978f-006073ef60b0}]
      \Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

      *Newly Created Service* - CATCHME
      *Newly Created Service* - COMHOST
      *Newly Created Service* - PROCEXP90
      .
      Inhoud van de 'Gedeelde Taken' map
      "2007-12-19 14:03:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
      - C:\Program Files\Windows Defender\MpCmdRun.exe
      "2007-12-17 21:59:49 C:\WINDOWS\Tasks\Norton Internet Security - Volledige systeemscan - Blauw.job"
      - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
      "2007-12-16 16:29:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
      - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
      "2007-10-26 17:44:39 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
      - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
      .
      **************************************************************************

      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-12-19 15:13:18
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
      -> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
      .
      Voltooingstijd: 2007-12-19 15:14:08
      .
      2007-12-19 12:28:13 --- E O F ---
      • Citaat

      Comment

      • #4
        Verwijder deze bestanden:
        C:\Documents and Settings\Gast\user.dat
        C:\Documents and Settings\Gast\Emails.dat

        Maak dan je prullenbak leeg.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Dan denk ik dat alles weer OK is
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X