Mededeling

Collapse
No announcement yet.

16 infected items

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • 16 infected items

    Beste Nucia mederwerk(st)er,

    mijn pc in geinfecteerd met spyware.
    Ik gebruik sophos anti virus en deze vind niet alleen virussen, maar ook spyware bestanden.
    Hierbij de log bestand van sophos anti virus:


    20080316 111257 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 111257 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 111259 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 111259 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
    20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(2).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
    20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(3).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
    20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(4).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
    20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(5).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
    20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(6).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
    20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(7).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111311 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
    20080316 111311 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(8).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111317 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 111317 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 111322 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 111322 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 111333 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 111333 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 111338 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 111338 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 111345 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
    20080316 111345 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(2).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
    20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(3).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
    20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(4).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
    20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(5).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
    20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(6).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
    20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(7).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
    20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(8).sys" for user GHADEER-8191E90\Ghadeer
    20080316 111535 Using detection data version 4.27E (detection engine 2.71.3). This version can detect 362848 items.
    20080316 111535 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.
    20080316 111559 File "C:\WINDOWS\TEMP\BN2.tmp" belongs to virus/spyware 'Troj/Pushdo-Gen'.
    20080316 111559 On-access scanner has denied access to location "C:\WINDOWS\TEMP\BN2.tmp" for user NT AUTHORITY\SYSTEM
    20080316 111801 File "C:\WINDOWS\TEMP\BN2.tmp" belongs to virus/spyware 'Troj/Pushdo-Gen'.
    20080316 111801 On-access scanner has denied access to location "C:\WINDOWS\TEMP\BN2.tmp" for user NT AUTHORITY\SYSTEM
    20080316 112004 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 112004 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 112007 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 112007 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 112008 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 112008 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
    20080316 112850 Scan 'Scan my computer' started.
    20080316 112935 Process "C:\WINDOWS\system32\WLCtrl32.dllid:000002ec" belongs to virus/spyware 'Mal/Pushdo'.
    20080316 112935 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Pushdo'.
    20080316 113330 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP15\A0002211.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
    20080316 113400 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP17\A0002703.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
    20080316 113431 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004447.sys" belongs to virus/spyware 'Troj/Agent-GIS'.
    20080316 113433 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004448.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
    20080316 113434 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004449.exe" belongs to virus/spyware 'Troj/Pushdo-Gen'.
    20080316 113447 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP32\A0006022.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
    20080316 113453 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP33\A0006120.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
    20080316 113500 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP35\A0009197.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
    20080316 113601 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012016.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
    20080316 113603 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012017.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
    20080316 113605 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012018.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
    20080316 113607 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012019.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
    20080316 113609 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012020.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
    20080316 113612 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012021.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
    20080316 113615 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0015028.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113617 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0016028.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113652 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0019253.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113654 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0021257.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113656 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0024260.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113658 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025260.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113658 Virus/spyware 'Mal/Generic-A' has been detected in "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025264.sys\FILE:0000".
    20080316 113701 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025288.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113703 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025293.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113704 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025347.com" belongs to adware/PUA 'NirCmd' (of type 5).
    20080316 113707 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025359.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113707 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025392.com" belongs to adware/PUA 'NirCmd' (of type 5).
    20080316 113708 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025406.exe" belongs to adware/PUA 'NirCmd' (of type 5).
    20080316 113710 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025412.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 113712 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025480.com" belongs to adware/PUA 'NirCmd' (of type 5).
    20080316 113720 File "C:\WINDOWS\Nircmd.exe" belongs to adware/PUA 'NirCmd' (of type 5).
    20080316 114033 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
    20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
    20080316 114210 Scanning "C:\WINDOWS\system32\drivers\Uan81.sys" returned SAV Interface error 0xa0040210: The file could not be accessed.
    20080316 114234 Virus/spyware 'Mal/Pushdo' has been detected.
    20080316 114234 Virus/spyware 'Troj/Agent-GDR' has been detected.
    20080316 114234 Virus/spyware 'Troj/Agent-GIS' has been detected.
    20080316 114234 Virus/spyware 'Troj/Pushdo-Gen' has been detected.
    20080316 114234 Virus/spyware 'Troj/Agent-GPK' has been detected.
    20080316 114234 Virus/spyware 'Troj/Wlloader-A' has been detected.
    20080316 114234 Virus/spyware 'Mal/Generic-A' has been detected.
    20080316 114234 Adware/PUA 'NirCmd' has been detected.
    20080316 114235 Scan 'Scan my computer' completed.
    20080316 114235 Summary of results for scan 'Scan my computer':
    Items scanned: 35546
    Errors: 1
    Items quarantined: 16
    Items dealt with: 0







    zoals je bij de laatste zinnen ziet, zijn er 16 items gevonden en deze kan ik niet met sophos verwijderd worden.
    voornamelijk komt het bestand C:\WINDOWS\system32\WLCtrl32.dll veel voor.

    ik heb ook combofix gebrobeerd en het resulteerde het volgende log:


    ComboFix 08-03-14.4 - Ghadeer 2008-03-16 12:11:23.2 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Ghadeer\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\symavc32.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))
    .

    2008-03-16 11:27 . 2008-03-16 11:27 <DIR> d--h----- C:\WINDOWS\PIF
    2008-03-16 10:34 . 2008-03-16 10:34 372 --a------ C:\WINDOWS\system32\MRT.INI
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Ghadeer\Application Data\PC Tools
    2008-03-16 09:18 . 2008-03-16 12:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
    2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
    2008-03-16 01:53 . 2008-03-16 09:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
    2008-03-16 00:57 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
    2008-03-16 00:56 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
    2008-03-16 00:44 . 2008-03-16 00:44 2,572 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-03-16 00:42 . 2008-03-16 09:17 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-03-16 00:42 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-03-16 00:42 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-03-16 00:42 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-03-16 00:42 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-03-16 00:41 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-03-16 00:36 . 2008-03-16 09:18 <DIR> d-------- C:\Program Files\Sophos
    2008-03-16 00:35 . 2007-09-10 13:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
    2008-03-16 00:35 . 2007-09-10 13:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
    2008-03-16 00:26 . 2008-03-16 00:30 <DIR> d-------- C:\Program Files\MSN Messenger
    2008-03-16 00:17 . 2008-03-16 00:35 <DIR> d-------- C:\savxpsa
    2008-02-26 22:05 . 2008-02-26 22:05 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-02-26 21:55 . 2008-03-16 00:26 <DIR> d-------- C:\Program Files\Windows Live
    2008-02-26 21:55 . 2008-02-26 22:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-02-26 21:55 . 2008-02-26 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-16 12:42 . 2008-03-16 12:15 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-16 09:16 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81.sys
    2008-03-16 08:23 --------- d-----w C:\Program Files\McAfee.com
    2008-03-16 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-03-15 23:41 --------- d-----w C:\Program Files\Google
    2008-03-12 16:52 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(3).sys
    2008-03-11 19:04 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(4).sys
    2008-03-11 19:04 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(2).sys
    2008-03-09 13:39 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(5).sys
    2008-03-09 11:08 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(6).sys
    2008-03-09 09:23 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(7).sys
    2008-03-07 15:35 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(8).sys
    2008-03-05 16:56 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\LimeWire
    2008-02-12 20:57 --------- d-----w C:\Program Files\MSXML 4.0
    2008-02-12 18:15 --------- d-----w C:\Program Files\AC3Filter
    2008-02-12 18:03 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\DivX
    2008-02-11 21:34 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Leadertech
    2008-02-11 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-11 20:51 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\AdobeUM
    2008-02-11 20:51 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\AdobeAUM
    2008-02-11 20:49 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Teleca
    2008-02-11 20:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
    2008-02-11 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
    2008-02-11 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-02-11 20:45 --------- d-----w C:\Program Files\Sony Ericsson
    2008-02-11 20:44 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-02-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\MCA36.tmp
    2008-02-10 13:07 --------- d-----w C:\Program Files\McAfee
    2008-02-10 12:29 --------- d-----w C:\Program Files\Yahoo!
    2008-02-10 12:19 --------- d-----w C:\Program Files\DivX
    2008-02-09 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-09 11:21 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-09 11:16 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Apple Computer
    2008-02-09 11:15 --------- d-----w C:\Program Files\Common Files\xing shared
    2008-02-09 11:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-02-09 11:14 --------- d-----w C:\Program Files\Real
    2008-02-09 11:14 --------- d-----w C:\Program Files\Common Files\Real
    2008-02-09 11:13 --------- d-----w C:\Program Files\QuickTime
    2008-02-09 11:13 --------- d-----w C:\Program Files\Bonjour
    2008-02-09 11:12 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-09 11:11 --------- d-----w C:\Program Files\Common Files\Apple
    2008-02-09 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-02-09 11:03 --------- d-----w C:\Program Files\DivXCodec
    2008-02-09 11:02 --------- d-----w C:\Program Files\GustoSoft
    2008-01-29 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-28 06:07 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Paltalk
    2008-01-26 21:41 --------- d-----w C:\Program Files\HPQ
    2008-01-26 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MCA41.tmp
    2008-01-26 21:17 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\McAfee
    2008-01-26 09:10 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Yahoo!
    2008-01-25 18:11 --------- d-----w C:\Program Files\Java
    2008-01-25 18:10 --------- d-----w C:\Program Files\Common Files\Java
    2008-01-24 20:17 --------- d-----w C:\Program Files\Microsoft.NET
    2008-01-22 10:20 1,639 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion zd8000 (EL023EA#ABH)_YN_0Pavi_QCNF5441H1T_EU_46_I3082_SQuanta_V36.31_BF.34_T050920_WXP2_L413_M511_J80_7Inte l_8Pentium 4_92.99_#080122_N10EC8139_(EL023EA#ABH)_XMOBILE_CN10_Z_2F.34_G10023150.MRK
    2008-01-22 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqLog
    2008-01-22 09:55 --------- d-----w C:\Program Files\ATI Technologies
    2008-01-22 09:27 --------- d-----w C:\Program Files\microsoft frontpage
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 00:41 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 21:05 344064]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 12:13 185896]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 12:18:00 245760]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-16 00:41:16 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
    LogCrypt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
    WLCtrl32.dll 2008-03-16 12:15 11776 C:\WINDOWS\system32\WLCtrl32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Documents and Settings\\Ghadeer\\Mijn documenten\\Mijn muziek\\Troep\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    R0 Uan81;Uan81;C:\WINDOWS\system32\Drivers\Uan81.sys [2008-03-16 10:16]
    R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 13:09]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 13:08]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2008-02-16 17:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-16 12:15:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\WLCtrl32.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\TEMP\BN4.tmp
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2008-03-16 12:20:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-16 11:20:00
    .
    2008-03-16 09:34:54 --- E O F ---






    ik hoop dat u mij verder kunt helpen, alvast bedankt

  • #2
    Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

    File::
    C:\WINDOWS\system32\WLCtrl32.dll
    C:\WINDOWS\system32\LogCrypt.dll
    C:\WINDOWS\system32\drivers\Uan81.sys
    C:\WINDOWS\system32\drivers\Uan81(3).sys
    C:\WINDOWS\system32\drivers\Uan81(4).sys
    C:\WINDOWS\system32\drivers\Uan81(2).sys
    C:\WINDOWS\system32\drivers\Uan81(5).sys
    C:\WINDOWS\system32\drivers\Uan81(6).sys
    C:\WINDOWS\system32\drivers\Uan81(7).sys
    C:\WINDOWS\system32\drivers\Uan81(8).sys

    Driver::
    Uan81.sys

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]


    Sla dit op op je Bureaublad als CFScript.txt

    Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



    Dit zal ComboFix doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
    Groet,
    Pimmerd

    Comment

    Sorry, you are not authorized to view this page
    Working...
    X