Tweet
Beste Nucia mederwerk(st)er,
mijn pc in geinfecteerd met spyware.
Ik gebruik sophos anti virus en deze vind niet alleen virussen, maar ook spyware bestanden.
Hierbij de log bestand van sophos anti virus:
20080316 111257 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111257 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111259 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111259 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(2).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(3).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(4).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(5).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(6).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(7).sys" for user GHADEER-8191E90\Ghadeer
20080316 111311 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
20080316 111311 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(8).sys" for user GHADEER-8191E90\Ghadeer
20080316 111317 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111317 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111322 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111322 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111333 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111333 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111338 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111338 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111345 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
20080316 111345 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(2).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(3).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(4).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(5).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(6).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(7).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(8).sys" for user GHADEER-8191E90\Ghadeer
20080316 111535 Using detection data version 4.27E (detection engine 2.71.3). This version can detect 362848 items.
20080316 111535 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.
20080316 111559 File "C:\WINDOWS\TEMP\BN2.tmp" belongs to virus/spyware 'Troj/Pushdo-Gen'.
20080316 111559 On-access scanner has denied access to location "C:\WINDOWS\TEMP\BN2.tmp" for user NT AUTHORITY\SYSTEM
20080316 111801 File "C:\WINDOWS\TEMP\BN2.tmp" belongs to virus/spyware 'Troj/Pushdo-Gen'.
20080316 111801 On-access scanner has denied access to location "C:\WINDOWS\TEMP\BN2.tmp" for user NT AUTHORITY\SYSTEM
20080316 112004 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 112004 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 112007 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 112007 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 112008 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 112008 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 112850 Scan 'Scan my computer' started.
20080316 112935 Process "C:\WINDOWS\system32\WLCtrl32.dll
id:000002ec" belongs to virus/spyware 'Mal/Pushdo'.
20080316 112935 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Pushdo'.
20080316 113330 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP15\A0002211.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
20080316 113400 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP17\A0002703.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
20080316 113431 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004447.sys" belongs to virus/spyware 'Troj/Agent-GIS'.
20080316 113433 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004448.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
20080316 113434 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004449.exe" belongs to virus/spyware 'Troj/Pushdo-Gen'.
20080316 113447 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP32\A0006022.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
20080316 113453 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP33\A0006120.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
20080316 113500 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP35\A0009197.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
20080316 113601 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012016.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113603 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012017.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113605 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012018.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113607 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012019.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113609 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012020.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113612 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012021.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113615 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0015028.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113617 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0016028.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113652 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0019253.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113654 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0021257.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113656 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0024260.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113658 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025260.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113658 Virus/spyware 'Mal/Generic-A' has been detected in "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025264.sys\FILE:0000".
20080316 113701 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025288.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113703 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025293.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113704 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025347.com" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113707 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025359.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113707 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025392.com" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113708 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025406.exe" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113710 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025412.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113712 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025480.com" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113720 File "C:\WINDOWS\Nircmd.exe" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 114033 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
20080316 114210 Scanning "C:\WINDOWS\system32\drivers\Uan81.sys" returned SAV Interface error 0xa0040210: The file could not be accessed.
20080316 114234 Virus/spyware 'Mal/Pushdo' has been detected.
20080316 114234 Virus/spyware 'Troj/Agent-GDR' has been detected.
20080316 114234 Virus/spyware 'Troj/Agent-GIS' has been detected.
20080316 114234 Virus/spyware 'Troj/Pushdo-Gen' has been detected.
20080316 114234 Virus/spyware 'Troj/Agent-GPK' has been detected.
20080316 114234 Virus/spyware 'Troj/Wlloader-A' has been detected.
20080316 114234 Virus/spyware 'Mal/Generic-A' has been detected.
20080316 114234 Adware/PUA 'NirCmd' has been detected.
20080316 114235 Scan 'Scan my computer' completed.
20080316 114235 Summary of results for scan 'Scan my computer':
Items scanned: 35546
Errors: 1
Items quarantined: 16
Items dealt with: 0
zoals je bij de laatste zinnen ziet, zijn er 16 items gevonden en deze kan ik niet met sophos verwijderd worden.
voornamelijk komt het bestand C:\WINDOWS\system32\WLCtrl32.dll veel voor.
ik heb ook combofix gebrobeerd en het resulteerde het volgende log:
ComboFix 08-03-14.4 - Ghadeer 2008-03-16 12:11:23.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Ghadeer\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\symavc32.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))
.
2008-03-16 11:27 . 2008-03-16 11:27 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-16 10:34 . 2008-03-16 10:34 372 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Ghadeer\Application Data\PC Tools
2008-03-16 09:18 . 2008-03-16 12:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-03-16 01:53 . 2008-03-16 09:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-03-16 00:57 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
2008-03-16 00:56 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-03-16 00:44 . 2008-03-16 00:44 2,572 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-16 00:42 . 2008-03-16 09:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-16 00:42 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-16 00:42 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-16 00:42 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-16 00:42 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-16 00:41 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 00:36 . 2008-03-16 09:18 <DIR> d-------- C:\Program Files\Sophos
2008-03-16 00:35 . 2007-09-10 13:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-03-16 00:35 . 2007-09-10 13:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-03-16 00:26 . 2008-03-16 00:30 <DIR> d-------- C:\Program Files\MSN Messenger
2008-03-16 00:17 . 2008-03-16 00:35 <DIR> d-------- C:\savxpsa
2008-02-26 22:05 . 2008-02-26 22:05 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 21:55 . 2008-03-16 00:26 <DIR> d-------- C:\Program Files\Windows Live
2008-02-26 21:55 . 2008-02-26 22:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 21:55 . 2008-02-26 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 12:42 . 2008-03-16 12:15 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 09:16 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81.sys
2008-03-16 08:23 --------- d-----w C:\Program Files\McAfee.com
2008-03-16 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-15 23:41 --------- d-----w C:\Program Files\Google
2008-03-12 16:52 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(3).sys
2008-03-11 19:04 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(4).sys
2008-03-11 19:04 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(2).sys
2008-03-09 13:39 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(5).sys
2008-03-09 11:08 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(6).sys
2008-03-09 09:23 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(7).sys
2008-03-07 15:35 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(8).sys
2008-03-05 16:56 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\LimeWire
2008-02-12 20:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-12 18:15 --------- d-----w C:\Program Files\AC3Filter
2008-02-12 18:03 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\DivX
2008-02-11 21:34 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Leadertech
2008-02-11 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 20:51 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\AdobeUM
2008-02-11 20:51 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\AdobeAUM
2008-02-11 20:49 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Teleca
2008-02-11 20:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-11 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-11 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-11 20:45 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-11 20:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\MCA36.tmp
2008-02-10 13:07 --------- d-----w C:\Program Files\McAfee
2008-02-10 12:29 --------- d-----w C:\Program Files\Yahoo!
2008-02-10 12:19 --------- d-----w C:\Program Files\DivX
2008-02-09 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 11:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 11:16 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Apple Computer
2008-02-09 11:15 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-09 11:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-09 11:14 --------- d-----w C:\Program Files\Real
2008-02-09 11:14 --------- d-----w C:\Program Files\Common Files\Real
2008-02-09 11:13 --------- d-----w C:\Program Files\QuickTime
2008-02-09 11:13 --------- d-----w C:\Program Files\Bonjour
2008-02-09 11:12 --------- d-----w C:\Program Files\Apple Software Update
2008-02-09 11:11 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-09 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 11:03 --------- d-----w C:\Program Files\DivXCodec
2008-02-09 11:02 --------- d-----w C:\Program Files\GustoSoft
2008-01-29 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 06:07 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Paltalk
2008-01-26 21:41 --------- d-----w C:\Program Files\HPQ
2008-01-26 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MCA41.tmp
2008-01-26 21:17 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\McAfee
2008-01-26 09:10 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Yahoo!
2008-01-25 18:11 --------- d-----w C:\Program Files\Java
2008-01-25 18:10 --------- d-----w C:\Program Files\Common Files\Java
2008-01-24 20:17 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-22 10:20 1,639 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion zd8000 (EL023EA#ABH)_YN_0Pavi_QCNF5441H1T_EU_46_I3082_SQuanta_V36.31_BF.34_T050920_WXP2_L413_M511_J80_7Inte l_8Pentium 4_92.99_#080122_N10EC8139_(EL023EA#ABH)_XMOBILE_CN10_Z_2F.34_G10023150.MRK
2008-01-22 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqLog
2008-01-22 09:55 --------- d-----w C:\Program Files\ATI Technologies
2008-01-22 09:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 00:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 21:05 344064]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 12:13 185896]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 12:18:00 245760]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-16 00:41:16 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-16 12:15 11776 C:\WINDOWS\system32\WLCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Ghadeer\\Mijn documenten\\Mijn muziek\\Troep\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 Uan81;Uan81;C:\WINDOWS\system32\Drivers\Uan81.sys [2008-03-16 10:16]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 13:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 13:08]
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-16 17:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 12:15:59
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\TEMP\BN4.tmp
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-16 12:20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 11:20:00
.
2008-03-16 09:34:54 --- E O F ---
ik hoop dat u mij verder kunt helpen, alvast bedankt
mijn pc in geinfecteerd met spyware.
Ik gebruik sophos anti virus en deze vind niet alleen virussen, maar ook spyware bestanden.
Hierbij de log bestand van sophos anti virus:
20080316 111257 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111257 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111259 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111259 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(2).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(3).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(4).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(5).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(6).sys" for user GHADEER-8191E90\Ghadeer
20080316 111310 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
20080316 111310 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(7).sys" for user GHADEER-8191E90\Ghadeer
20080316 111311 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
20080316 111311 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(8).sys" for user GHADEER-8191E90\Ghadeer
20080316 111317 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111317 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111322 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111322 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111333 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111333 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111338 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 111338 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 111345 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
20080316 111345 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(2).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(3).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(4).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(5).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(6).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(7).sys" for user GHADEER-8191E90\Ghadeer
20080316 111346 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
20080316 111346 On-access scanner has denied access to location "C:\WINDOWS\system32\drivers\Uan81(8).sys" for user GHADEER-8191E90\Ghadeer
20080316 111535 Using detection data version 4.27E (detection engine 2.71.3). This version can detect 362848 items.
20080316 111535 User (NT AUTHORITY\Lokale service) has started on-access scanning for this machine.
20080316 111559 File "C:\WINDOWS\TEMP\BN2.tmp" belongs to virus/spyware 'Troj/Pushdo-Gen'.
20080316 111559 On-access scanner has denied access to location "C:\WINDOWS\TEMP\BN2.tmp" for user NT AUTHORITY\SYSTEM
20080316 111801 File "C:\WINDOWS\TEMP\BN2.tmp" belongs to virus/spyware 'Troj/Pushdo-Gen'.
20080316 111801 On-access scanner has denied access to location "C:\WINDOWS\TEMP\BN2.tmp" for user NT AUTHORITY\SYSTEM
20080316 112004 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 112004 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 112007 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 112007 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 112008 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 112008 On-access scanner has denied access to location "C:\WINDOWS\system32\WLCtrl32.dll" for user GHADEER-8191E90\Ghadeer
20080316 112850 Scan 'Scan my computer' started.
20080316 112935 Process "C:\WINDOWS\system32\WLCtrl32.dll
id:000002ec" belongs to virus/spyware 'Mal/Pushdo'.20080316 112935 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Pushdo'.
20080316 113330 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP15\A0002211.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
20080316 113400 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP17\A0002703.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
20080316 113431 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004447.sys" belongs to virus/spyware 'Troj/Agent-GIS'.
20080316 113433 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004448.sys" belongs to virus/spyware 'Troj/Agent-GDR'.
20080316 113434 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP25\A0004449.exe" belongs to virus/spyware 'Troj/Pushdo-Gen'.
20080316 113447 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP32\A0006022.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
20080316 113453 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP33\A0006120.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
20080316 113500 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP35\A0009197.dll" belongs to virus/spyware 'Troj/Agent-GPK'.
20080316 113601 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012016.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113603 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012017.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113605 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012018.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113607 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012019.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113609 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012020.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113612 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0012021.sys" belongs to virus/spyware 'Troj/Wlloader-A'.
20080316 113615 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0015028.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113617 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP50\A0016028.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113652 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0019253.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113654 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0021257.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113656 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0024260.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113658 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025260.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113658 Virus/spyware 'Mal/Generic-A' has been detected in "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025264.sys\FILE:0000".
20080316 113701 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025288.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113703 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025293.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113704 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP51\A0025347.com" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113707 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025359.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113707 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025392.com" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113708 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025406.exe" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113710 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025412.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 113712 File "C:\System Volume Information\_restore{F04A3372-3927-4252-8FCD-8B3F0E59B53B}\RP52\A0025480.com" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 113720 File "C:\WINDOWS\Nircmd.exe" belongs to adware/PUA 'NirCmd' (of type 5).
20080316 114033 File "C:\WINDOWS\system32\WLCtrl32.dll" belongs to virus/spyware 'Mal/Generic-A'.
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(2).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(3).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(4).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(5).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(6).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(7).sys\FILE:0000".
20080316 114210 Virus/spyware 'Mal/Generic-A' has been detected in "C:\WINDOWS\system32\drivers\Uan81(8).sys\FILE:0000".
20080316 114210 Scanning "C:\WINDOWS\system32\drivers\Uan81.sys" returned SAV Interface error 0xa0040210: The file could not be accessed.
20080316 114234 Virus/spyware 'Mal/Pushdo' has been detected.
20080316 114234 Virus/spyware 'Troj/Agent-GDR' has been detected.
20080316 114234 Virus/spyware 'Troj/Agent-GIS' has been detected.
20080316 114234 Virus/spyware 'Troj/Pushdo-Gen' has been detected.
20080316 114234 Virus/spyware 'Troj/Agent-GPK' has been detected.
20080316 114234 Virus/spyware 'Troj/Wlloader-A' has been detected.
20080316 114234 Virus/spyware 'Mal/Generic-A' has been detected.
20080316 114234 Adware/PUA 'NirCmd' has been detected.
20080316 114235 Scan 'Scan my computer' completed.
20080316 114235 Summary of results for scan 'Scan my computer':
Items scanned: 35546
Errors: 1
Items quarantined: 16
Items dealt with: 0
zoals je bij de laatste zinnen ziet, zijn er 16 items gevonden en deze kan ik niet met sophos verwijderd worden.
voornamelijk komt het bestand C:\WINDOWS\system32\WLCtrl32.dll veel voor.
ik heb ook combofix gebrobeerd en het resulteerde het volgende log:
ComboFix 08-03-14.4 - Ghadeer 2008-03-16 12:11:23.2 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Ghadeer\Bureaublad\ComboFix.exe
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\symavc32.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))
.
2008-03-16 11:27 . 2008-03-16 11:27 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-16 10:34 . 2008-03-16 10:34 372 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Ghadeer\Application Data\PC Tools
2008-03-16 09:18 . 2008-03-16 12:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
2008-03-16 09:18 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2008-03-16 01:53 . 2008-03-16 09:16 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2008-03-16 00:57 . 2007-03-09 09:56 17,920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe
2008-03-16 00:56 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-03-16 00:44 . 2008-03-16 00:44 2,572 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-16 00:42 . 2008-03-16 09:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-16 00:42 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-16 00:42 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-16 00:42 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-16 00:42 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-16 00:41 . 2008-03-16 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-16 00:36 . 2008-03-16 09:18 <DIR> d-------- C:\Program Files\Sophos
2008-03-16 00:35 . 2007-09-10 13:09 101,120 --a------ C:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2008-03-16 00:35 . 2007-09-10 13:08 33,408 --a------ C:\WINDOWS\system32\drivers\savonaccessfilter.sys
2008-03-16 00:26 . 2008-03-16 00:30 <DIR> d-------- C:\Program Files\MSN Messenger
2008-03-16 00:17 . 2008-03-16 00:35 <DIR> d-------- C:\savxpsa
2008-02-26 22:05 . 2008-02-26 22:05 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-26 21:55 . 2008-03-16 00:26 <DIR> d-------- C:\Program Files\Windows Live
2008-02-26 21:55 . 2008-02-26 22:03 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 21:55 . 2008-02-26 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 12:42 . 2008-03-16 12:15 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 09:16 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81.sys
2008-03-16 08:23 --------- d-----w C:\Program Files\McAfee.com
2008-03-16 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-15 23:41 --------- d-----w C:\Program Files\Google
2008-03-12 16:52 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(3).sys
2008-03-11 19:04 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(4).sys
2008-03-11 19:04 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(2).sys
2008-03-09 13:39 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(5).sys
2008-03-09 11:08 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(6).sys
2008-03-09 09:23 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(7).sys
2008-03-07 15:35 26,496 ----a-w C:\WINDOWS\system32\drivers\Uan81(8).sys
2008-03-05 16:56 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\LimeWire
2008-02-12 20:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-12 18:15 --------- d-----w C:\Program Files\AC3Filter
2008-02-12 18:03 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\DivX
2008-02-11 21:34 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Leadertech
2008-02-11 20:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-11 20:51 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\AdobeUM
2008-02-11 20:51 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\AdobeAUM
2008-02-11 20:49 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Teleca
2008-02-11 20:46 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-11 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-11 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-11 20:45 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-11 20:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-10 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\MCA36.tmp
2008-02-10 13:07 --------- d-----w C:\Program Files\McAfee
2008-02-10 12:29 --------- d-----w C:\Program Files\Yahoo!
2008-02-10 12:19 --------- d-----w C:\Program Files\DivX
2008-02-09 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 11:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-09 11:16 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Apple Computer
2008-02-09 11:15 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-09 11:14 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-09 11:14 --------- d-----w C:\Program Files\Real
2008-02-09 11:14 --------- d-----w C:\Program Files\Common Files\Real
2008-02-09 11:13 --------- d-----w C:\Program Files\QuickTime
2008-02-09 11:13 --------- d-----w C:\Program Files\Bonjour
2008-02-09 11:12 --------- d-----w C:\Program Files\Apple Software Update
2008-02-09 11:11 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-09 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 11:03 --------- d-----w C:\Program Files\DivXCodec
2008-02-09 11:02 --------- d-----w C:\Program Files\GustoSoft
2008-01-29 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 06:07 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Paltalk
2008-01-26 21:41 --------- d-----w C:\Program Files\HPQ
2008-01-26 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MCA41.tmp
2008-01-26 21:17 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\McAfee
2008-01-26 09:10 --------- d-----w C:\Documents and Settings\Ghadeer\Application Data\Yahoo!
2008-01-25 18:11 --------- d-----w C:\Program Files\Java
2008-01-25 18:10 --------- d-----w C:\Program Files\Common Files\Java
2008-01-24 20:17 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-22 10:20 1,639 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Pavilion zd8000 (EL023EA#ABH)_YN_0Pavi_QCNF5441H1T_EU_46_I3082_SQuanta_V36.31_BF.34_T050920_WXP2_L413_M511_J80_7Inte l_8Pentium 4_92.99_#080122_N10EC8139_(EL023EA#ABH)_XMOBILE_CN10_Z_2F.34_G10023150.MRK
2008-01-22 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqLog
2008-01-22 09:55 --------- d-----w C:\Program Files\ATI Technologies
2008-01-22 09:27 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-16 00:41 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-07-25 21:05 344064]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 12:13 185896]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-06-21 12:18:00 245760]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-16 00:41:16 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LogCrypt]
LogCrypt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-16 12:15 11776 C:\WINDOWS\system32\WLCtrl32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Ghadeer\\Mijn documenten\\Mijn muziek\\Troep\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 Uan81;Uan81;C:\WINDOWS\system32\Drivers\Uan81.sys [2008-03-16 10:16]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 13:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 13:08]
.
Inhoud van de 'Gedeelde Taken' map
"2008-02-16 17:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 12:15:59
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\TEMP\BN4.tmp
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Voltooingstijd: 2008-03-16 12:20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-16 11:20:00
.
2008-03-16 09:34:54 --- E O F ---
ik hoop dat u mij verder kunt helpen, alvast bedankt
Comment