Mededeling

Collapse
No announcement yet.

Trojan Spy Bzub

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Trojan Spy Bzub

    Beste Nucia mederwerk(st)er,

    Na het scannen van mijn pc met het programma pc tools swyware doctor, krijgt ik een melding dat mijn pc is geinfecteerd op trojan-spy.Bzub.
    En wanneer ik steeds internet explorer opstart, krijg ik een melding van spyware doctor dat hij trojan spy bzub (risico hoog) in het bestand C:\Windows\System32\Bootvi.dll geblokeerd heeft.

    Ik heb nu het programma combofix uitgevoerd met het volgende resultaat:

    ComboFix 08-02-23 - aniso1000 2008-02-23 10:41:11.4 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\aniso1000\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))
    .

    2008-02-23 10:03 . 2008-02-23 10:03 76 --a------ C:\WINDOWS\system32\ikhcore.cfg
    2008-02-16 18:57 . 2008-02-23 09:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2008-02-16 18:57 . 2008-02-23 09:38 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\SUPERAntiSpyware.com
    2008-02-16 18:57 . 2008-02-16 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-02-14 01:09 . 2008-02-14 01:09 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
    2008-02-14 01:08 . 2008-02-23 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-02-14 01:05 . 2008-02-14 01:06 <DIR> d-------- C:\Program Files\Common Files\McAfee
    2008-02-13 23:56 . 2008-02-21 07:14 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-02-13 23:56 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-02-13 23:56 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-02-13 23:56 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-02-13 23:56 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-02-13 22:21 . 19,584 C:\WINDOWS\system32\drivers\pbrfqwan.dat
    2008-02-13 22:17 . 2004-08-04 13:00 84,992 --a------ C:\WINDOWS\system32\bootvi.dll
    2008-02-11 23:27 . 2004-07-03 22:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2008-02-11 23:27 . 2004-09-06 17:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
    2008-02-10 17:50 . 2004-07-03 21:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
    2008-02-10 17:50 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
    2008-02-10 17:24 . 2008-02-10 17:50 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
    2008-02-10 15:32 . 2008-02-10 15:33 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\Media Player Classic
    2008-02-10 15:21 . 2008-02-10 15:25 <DIR> d-------- C:\Program Files\Mediatwins software
    2008-02-10 15:16 . 2008-02-10 16:02 <DIR> d-------- C:\Program Files\VideoLAN
    2008-02-10 15:06 . 2008-02-10 15:44 <DIR> d-------- C:\Program Files\Essentials Codec Pack
    2008-02-10 15:03 . 2008-02-10 15:03 <DIR> d-------- C:\Program Files\Cucusoft
    2008-02-10 15:03 . 2008-02-10 15:03 <DIR> d-------- C:\ConverterOutput
    2008-02-10 15:03 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
    2008-02-10 15:03 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
    2008-02-10 15:03 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
    2008-02-10 15:03 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
    2008-02-10 15:03 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
    2008-02-10 15:03 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
    2008-02-10 15:02 . 2008-02-10 15:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-02-10 14:59 . 2008-02-10 14:59 <DIR> d-------- C:\Program Files\3ivx
    2008-02-10 14:46 . 2008-02-10 14:46 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\AVS4YOU
    2008-02-10 14:45 . 2008-02-10 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-02-10 14:40 . 2008-02-10 16:11 <DIR> d-------- C:\Program Files\AVS4YOU
    2008-02-10 14:00 . 2008-02-10 14:00 28 --a------ C:\WINDOWS\v2d.INI
    2008-02-10 13:58 . 2008-02-10 14:01 <DIR> d-------- C:\Program Files\Total Video2DVD Author
    2008-02-10 01:20 . 2008-02-10 01:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\Program Files\Sony Ericsson
    2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\nakshawani
    2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
    2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-02-09 10:22 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-09 10:22 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-09 10:20 . 2008-02-09 10:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
    2008-02-04 20:30 . 2008-02-09 15:40 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\DNA
    2008-02-04 19:52 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack(2)
    2008-02-04 07:06 . 2008-02-04 07:06 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\Talkback
    2008-02-04 07:03 . 2008-02-16 18:39 335 --a------ C:\WINDOWS\nsreg.dat
    2008-01-30 06:51 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\Free WMA to MP3 Converter
    2008-01-27 23:51 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\Paltalk Messenger
    2008-01-27 23:51 . 2008-02-09 15:41 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\Paltalk
    2008-01-24 20:18 . 2008-01-24 20:18 <DIR> d-------- C:\lectures

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-23 09:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-23 09:06 --------- d-----w C:\Program Files\LimeWire
    2008-02-23 09:03 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\OpenOffice.org2
    2008-02-22 23:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-02-22 22:02 --------- d-----w C:\Program Files\Incomplete
    2008-02-22 20:09 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\LimeWire
    2008-02-16 18:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-16 15:30 --------- d-----w C:\Program Files\Norton Security Scan
    2008-02-16 09:48 --------- d-----w C:\Program Files\McAfee
    2008-02-14 00:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-02-14 00:12 --------- d-----w C:\Program Files\McAfee.com
    2008-02-14 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
    2008-02-11 22:28 --------- d-----w C:\Program Files\Common Files\AVSMedia
    2008-02-11 22:28 --------- d-----w C:\Program Files\AVSMedia
    2008-02-10 00:20 --------- d-----w C:\Program Files\Common Files\Real
    2008-02-10 00:19 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-02-10 00:19 --------- d-----w C:\Program Files\Google
    2008-02-09 14:42 --------- d-----w C:\Program Files\Common Files\Teleca Shared
    2008-02-09 14:40 --------- d-----w C:\Program Files\CDBurnerXP
    2008-02-09 09:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-09 09:15 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-02-04 19:16 --------- d-----w C:\Program Files\Real
    2008-01-13 15:42 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\Autodesk
    2008-01-13 15:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
    2008-01-13 15:39 --------- d-----w C:\Program Files\AutoCAD 2008
    2008-01-13 15:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-01-10 06:45 --------- d-----w C:\Program Files\MSXML 6.0
    2008-01-09 05:55 --------- d-----w C:\Program Files\AutoCAD 2007
    2008-01-06 08:02 --------- d-----w C:\Program Files\Privacy Guardian
    2008-01-06 08:02 --------- d-----w C:\Program Files\Aide PDF to DXF Converter
    2008-01-06 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-01 23:07 --------- d-----w C:\Documents and Settings\aniso1000\Application Data\skypePM
    2008-01-01 15:48 691,481 ----a-w C:\WINDOWS\unins000.exe
    2008-01-01 12:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-23 12:07 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-23 09:06 --------- d-----w C:\Program Files\LimeWire(2)
    2007-12-23 08:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
    2007-12-23 08:49 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-12-23 08:47 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\PC Tools
    2007-12-23 08:47 --------- d-----w C:\Program Files\Best_Security_Tips
    2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    2007-12-07 01:08 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BD5DF91-FD16-44DC-B5F3-0F0F7B3C60AF}]
    2004-08-04 13:00 84992 --a------ C:\WINDOWS\system32\bootvi.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
    2007-07-08 15:51 1380352 --a------ C:\Program Files\Best_Security_Tips\tbBest.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {DA30EFF8-CCC6-4162-A20D-67402A26A215}
    {31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {0BF43445-2F28-4351-9252-17FE6E806AA0}

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBest.dll [2007-07-08 15:51 1380352]

    [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 17:21 68856]
    "thunkbyte"="C:\DOCUME~1\ANISO1~1\APPLIC~1\CHINHO~1\StoreAim.exe" [ ]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 16:36 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "BearFlix"="C:\Program Files\BearFlix\BearFlix.exe" [ ]
    "Inter Site Book Dent"="C:\Documents and Settings\All Users\Application Data\film build inter site\Trust 01.exe" [ ]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 01:19 185896]
    "Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [ ]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
    "Internet Sweeper"="C:\WINDOWS\system32\SWEEPER.exe" [2002-05-05 16:27 159744]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    C:\Documents and Settings\aniso1000\Menu Start\Programma's\Opstarten\
    OpenOffice.org 2.2 .lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-30 17:21:58 126136]
    Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2007-08-02 18:54:17 4529152]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exexpsp2res.dll,-22019
    "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\BearFlix\\bearflix.exe"=
    "C:\\Program Files\\LimeWire\\emule.exe"=
    "C:\\Documents and Settings\\aniso1000\\Local Settings\\Temp\\Rar$EX00.625\\emule.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 glszpyhk;glszpyhk;C:\WINDOWS\system32\drivers\pbrfqwan.dat
    R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
    R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 16:22]
    S2 0125421203755848mcinstcleanup;McAfee Application Installer Cleanup (0125421203755848);C:\DOCUME~1\ANISO1~1\LOCALS~1\Temp\012542~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog

    *Newly Created Service* - 0125421203755848MCINSTCLEANUP
    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-02-23 09:00:00 C:\WINDOWS\Tasks\AEDF20629150DC8E.job"
    - c:\docume~1\aniso1~1\applic~1\chinho~1\HelpCopyAxis.exe
    "2008-02-23 09:21:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-02-15 21:27:55 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-23 10:44:27
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-02-23 10:45:41
    ComboFix-quarantined-files.txt 2008-02-23 09:45:36
    ComboFix2.txt 2008-02-23 08:59:36
    ComboFix3.txt 2008-02-23 08:49:40
    ComboFix4.txt 2008-02-23 08:30:51
    .
    2008-02-13 20:12:49 --- E O F ---

    Ik hoop dat u mij verder kunt helpen. alvast bedankt
    Labels: Geen
    • Citaat
  • #2
    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:



    File::
    C:\WINDOWS\Tasks\AEDF20629150DC8E.job
    C:\WINDOWS\system32\ikhcore.cfg
    C:\WINDOWS\system32\drivers\pbrfqwan.dat
    C:\WINDOWS\system32\bootvi.dll

    Driver::
    glszpyhk

    Folder::
    C:\Documents and Settings\All Users\Application Data\film build inter site
    C:\DOCUME~1\ANISO1~1\APPLIC~1\CHINHO~1
    C:\PROGRA~1\CHINHO~1

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BD5DF91-FD16-44DC-B5F3-0F0F7B3C60AF}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "thunkbyte"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BearFlix"=-
    "Inter Site Book Dent"=-
    "Media Codec Update Service"=-



    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord.
    • Citaat

    Comment

    • #3
      volgende log:

      ComboFix 08-02-23 - aniso1000 2008-02-23 12:26:35.5 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.147 [GMT 1:00]
      Gestart vanuit: C:\Documents and Settings\aniso1000\Bureaublad\ComboFix.exe
      Command switches used :: C:\Documents and Settings\aniso1000\Bureaublad\CFScript.txt
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

      FILE ::
      C:\WINDOWS\system32\bootvi.dll
      C:\WINDOWS\system32\drivers\pbrfqwan.dat
      C:\WINDOWS\system32\ikhcore.cfg
      C:\WINDOWS\Tasks\AEDF20629150DC8E.job
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\DOCUME~1\ANISO1~1\APPLIC~1\CHINHO~1
      C:\DOCUME~1\ANISO1~1\APPLIC~1\CHINHO~1\0
      C:\DOCUME~1\ANISO1~1\APPLIC~1\CHINHO~1\wnubzqvz.exe
      C:\Documents and Settings\All Users\Application Data\film build inter site
      C:\PROGRA~1\CHINHO~1
      C:\WINDOWS\system32\bootvi.dll
      C:\WINDOWS\system32\drivers\pbrfqwan.dat
      C:\WINDOWS\system32\ikhcore.cfg
      C:\WINDOWS\Tasks\AEDF20629150DC8E.job

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

      .
      -------\LEGACY_GLSZPYHK
      -------\glszpyhk


      (((((((((((((((((((( Bestanden Gemaakt van 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))
      .

      2008-02-16 18:57 . 2008-02-23 09:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
      2008-02-16 18:57 . 2008-02-23 09:38 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\SUPERAntiSpyware.com
      2008-02-16 18:57 . 2008-02-16 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-02-14 01:09 . 2008-02-14 01:09 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
      2008-02-14 01:08 . 2008-02-23 09:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
      2008-02-14 01:05 . 2008-02-14 01:06 <DIR> d-------- C:\Program Files\Common Files\McAfee
      2008-02-13 23:56 . 2008-02-21 07:14 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-02-13 23:56 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-02-13 23:56 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-02-13 23:56 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-02-13 23:56 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-02-11 23:27 . 2004-07-03 22:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
      2008-02-11 23:27 . 2004-09-06 17:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
      2008-02-10 17:50 . 2004-07-03 21:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
      2008-02-10 17:50 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
      2008-02-10 17:24 . 2008-02-10 17:50 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
      2008-02-10 15:32 . 2008-02-10 15:33 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\Media Player Classic
      2008-02-10 15:21 . 2008-02-10 15:25 <DIR> d-------- C:\Program Files\Mediatwins software
      2008-02-10 15:16 . 2008-02-10 16:02 <DIR> d-------- C:\Program Files\VideoLAN
      2008-02-10 15:06 . 2008-02-10 15:44 <DIR> d-------- C:\Program Files\Essentials Codec Pack
      2008-02-10 15:03 . 2008-02-10 15:03 <DIR> d-------- C:\Program Files\Cucusoft
      2008-02-10 15:03 . 2008-02-10 15:03 <DIR> d-------- C:\ConverterOutput
      2008-02-10 15:03 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
      2008-02-10 15:03 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
      2008-02-10 15:03 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
      2008-02-10 15:03 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
      2008-02-10 15:03 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
      2008-02-10 15:03 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
      2008-02-10 15:02 . 2008-02-10 15:02 <DIR> d-------- C:\Program Files\Common Files\Download Manager
      2008-02-10 14:59 . 2008-02-10 14:59 <DIR> d-------- C:\Program Files\3ivx
      2008-02-10 14:46 . 2008-02-10 14:46 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\AVS4YOU
      2008-02-10 14:45 . 2008-02-10 14:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
      2008-02-10 14:40 . 2008-02-10 16:11 <DIR> d-------- C:\Program Files\AVS4YOU
      2008-02-10 14:00 . 2008-02-10 14:00 28 --a------ C:\WINDOWS\v2d.INI
      2008-02-10 13:58 . 2008-02-10 14:01 <DIR> d-------- C:\Program Files\Total Video2DVD Author
      2008-02-10 01:20 . 2008-02-10 01:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
      2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\Program Files\Sony Ericsson
      2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\nakshawani
      2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
      2008-02-09 15:42 . 2008-02-09 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
      2008-02-09 10:22 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
      2008-02-09 10:22 . 2007-07-01 04:36 1,032,192 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
      2008-02-09 10:20 . 2008-02-09 10:23 <DIR> d-------- C:\WINDOWS\system32\nl-nl
      2008-02-04 20:30 . 2008-02-09 15:40 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\DNA
      2008-02-04 19:52 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack(2)
      2008-02-04 07:06 . 2008-02-04 07:06 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\Talkback
      2008-02-04 07:03 . 2008-02-16 18:39 335 --a------ C:\WINDOWS\nsreg.dat
      2008-01-30 06:51 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\Free WMA to MP3 Converter
      2008-01-27 23:51 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\Paltalk Messenger
      2008-01-27 23:51 . 2008-02-09 15:41 <DIR> d-------- C:\Documents and Settings\aniso1000\Application Data\Paltalk
      2008-01-24 20:18 . 2008-01-24 20:18 <DIR> d-------- C:\lectures

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-02-23 11:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-02-23 11:32 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\OpenOffice.org2
      2008-02-23 09:06 --------- d-----w C:\Program Files\LimeWire
      2008-02-22 23:16 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Google Updater
      2008-02-22 22:02 --------- d-----w C:\Program Files\Incomplete
      2008-02-22 20:09 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\LimeWire
      2008-02-16 18:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-02-16 15:30 --------- d-----w C:\Program Files\Norton Security Scan
      2008-02-16 09:48 --------- d-----w C:\Program Files\McAfee
      2008-02-14 00:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\McAfee.com
      2008-02-14 00:12 --------- d-----w C:\Program Files\McAfee.com
      2008-02-14 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
      2008-02-11 22:28 --------- d-----w C:\Program Files\Common Files\AVSMedia
      2008-02-11 22:28 --------- d-----w C:\Program Files\AVSMedia
      2008-02-10 00:20 --------- d-----w C:\Program Files\Common Files\Real
      2008-02-10 00:19 --------- d-----w C:\Program Files\Google
      2008-02-09 14:42 --------- d-----w C:\Program Files\Common Files\Teleca Shared
      2008-02-09 14:40 --------- d-----w C:\Program Files\CDBurnerXP
      2008-02-09 09:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-09 09:15 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-02-04 19:16 --------- d-----w C:\Program Files\Real
      2008-01-13 15:42 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\Autodesk
      2008-01-13 15:39 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
      2008-01-13 15:39 --------- d-----w C:\Program Files\AutoCAD 2008
      2008-01-13 15:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Autodesk
      2008-01-10 06:45 --------- d-----w C:\Program Files\MSXML 6.0
      2008-01-09 05:55 --------- d-----w C:\Program Files\AutoCAD 2007
      2008-01-06 08:02 --------- d-----w C:\Program Files\Privacy Guardian
      2008-01-06 08:02 --------- d-----w C:\Program Files\Aide PDF to DXF Converter
      2008-01-06 07:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
      2008-01-01 23:07 --------- d-----w C:\Documents and Settings\aniso1000\Application Data\skypePM
      2008-01-01 15:48 691,481 ----a-w C:\WINDOWS\unins000.exe
      2008-01-01 12:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
      2007-12-23 12:07 --------- d-----w C:\Program Files\MSN Messenger
      2007-12-23 09:06 --------- d-----w C:\Program Files\LimeWire(2)
      2007-12-23 08:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
      2007-12-23 08:49 --------- d-----w C:\Program Files\Windows Live Toolbar
      2007-12-23 08:47 --------- d---a-w C:\Documents and Settings\aniso1000\Application Data\PC Tools
      2007-12-23 08:47 --------- d-----w C:\Program Files\Best_Security_Tips
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
      2007-07-08 15:51 1380352 --a------ C:\Program Files\Best_Security_Tips\tbBest.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      {DA30EFF8-CCC6-4162-A20D-67402A26A215}
      {31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
      {2318C2B1-4965-11D4-9B18-009027A5CD4F}
      {0BF43445-2F28-4351-9252-17FE6E806AA0}

      [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= C:\Program Files\Best_Security_Tips\tbBest.dll [2007-07-08 15:51 1380352]

      [HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-30 17:21 68856]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 16:36 90112]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
      "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-10 01:19 185896]
      "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
      "Internet Sweeper"="C:\WINDOWS\system32\SWEEPER.exe" [2002-05-05 16:27 159744]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

      C:\Documents and Settings\aniso1000\Menu Start\Programma's\Opstarten\
      OpenOffice.org 2.2 .lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56 393216]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-30 17:21:58 126136]
      Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2007-08-02 18:54:17 4529152]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exexpsp2res.dll,-22019
      "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\BearFlix\\bearflix.exe"=
      "C:\\Program Files\\LimeWire\\emule.exe"=
      "C:\\Documents and Settings\\aniso1000\\Local Settings\\Temp\\Rar$EX00.625\\emule.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
      R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 16:22]
      S2 0125421203755848mcinstcleanup;McAfee Application Installer Cleanup (0125421203755848);C:\DOCUME~1\ANISO1~1\LOCALS~1\Temp\012542~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog

      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-02-23 11:21:00 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      "2008-02-15 21:27:55 C:\WINDOWS\Tasks\Norton Security Scan.job"
      - C:\Program Files\Norton Security Scan\Nss.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-02-23 12:32:50
      Windows 5.1.2600 Service Pack 2 NTFS

      detected NTDLL code modification:
      ZwClose

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Voltooingstijd: 2008-02-23 12:35:21 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-02-23 11:35:16
      ComboFix2.txt 2008-02-23 09:45:42
      ComboFix3.txt 2008-02-23 08:59:36
      ComboFix4.txt 2008-02-23 08:49:40
      ComboFix5.txt 2008-02-23 08:30:51
      .
      2008-02-13 20:12:49 --- E O F ---
      • Citaat

      Comment

      • #4
        Doe dit nog:

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Post als laatste nog een nieuw logje van Hijackthis ter controle
        • Citaat

        Comment

        Vorige template Volgende
        Sorry, you are not authorized to view this page
        Working...
        X