Pc geïnfecteerd met cyberlog x

Marky76 · 7 jul 2007

Beste,

Het is 2 jaar geleden dat ik nog eens spyware heb gehad, maar het is weer opgedoken.
Nochtans heb ik 2 anitvirus en spyware programmas: namelijk ZoneAlarm Pro en Nod32 en nog komt het erdoor ongeloofelijk!

Ik had een printscreen genomen maar dan kreeg ik het niet naar 100 kb om het hierop te plaatsen dus typ ik de melding voluit.

Code:

"Your system is probably infected with latest version of Spyware Cyberlog X

Type: Spyware

Infection lengt: 266.129 bytes

Risk: High

System affected: Windows 95,98,200,NT,2003 server, Windows XP

Behavior: Spyware. Cyberlog-X is a spyware programm that monitors user activity,
                            logs keystrokes, and tracks web sites visited.

Symptons: Low internet connection speed
                Low system performance
                Security center alerts
               Strange pop-up windows

Protection: Click OK to download antispyware software "wat ik natuurlijk niet heb gedaan"

En hij stel niet altijd dezelfde anti-virus produkten voor, soms Golden Antivirus en nog andere waarvan ik de naam niet meer weet.
Dus hij maakt zelf een internetverbinding zonder dat ik op het internet ben.

Mijn pc word traag en kan niet meer werken.
Ik word er nogal zenuwachtig van daar ik voor het werk wil werken en om de haverklap
van die pop-ups krijg en ZoneAlarm staat nochtans op de hoogste bescherming.
Die dure programma's houden blijkbaar toch nog niet alles tegen.

Kan iemand mij uit de miserie helpen??

Groeten, Mark.

Marky76 · 7 jul 2007

Beste,

Dit is de log van ComboFix:

Code:

"George" - 2007-07-07 19:03:32 - ComboFix 07-07-07.3 - Service Pack 2  


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\video activex access
C:\Program Files\video activex access\iesbpl.dll
C:\Program Files\video activex access\iesbunst.exe
C:\Program Files\video activex access\iesmin.exe
C:\Program Files\video activex access\iesmn.exe
C:\Program Files\video activex access\iesplg.dll
C:\Program Files\video activex access\iesunst.exe
C:\Program Files\video activex access\imsmain.exe
C:\Program Files\video activex access\imsunst.exe
C:\Program Files\video activex access\ot.ico
C:\Program Files\video activex access\ts.ico
C:\Program Files\video activex access\uninst.exe


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


(((((((((((((((((((((((((   Files Created from 2007-06-07 to 2007-07-07  )))))))))))))))))))))))))))))))


2007-07-07 19:03	51,200	--a------	C:\WINDOWS\nircmd.exe
2007-07-07 18:57	37,545	--a------	C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
2007-07-07 18:57	<DIR>	d--------	C:\WINDOWS\system32\RVAXO
2007-07-07 09:46	<DIR>	dr-h-----	C:\DOCUME~1\George\Onlangs geopend
2007-06-25 21:36	<DIR>	d--------	C:\DOCUME~1\George\APPLIC~1\MailFrontier
2007-06-25 21:28	75,512	--a------	C:\WINDOWS\zllsputility.exe
2007-06-25 21:28	54,936	--a------	C:\WINDOWS\system32\vsutil_loc040c.dll
2007-06-25 21:28	42,648	--a------	C:\WINDOWS\zllsputility_loc040c.dll
2007-06-25 21:28	22,168	--a------	C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-06-25 21:28	18,072	--a------	C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-06-25 21:28	1,087,216	--a------	C:\WINDOWS\system32\zpeng24.dll


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 17:06:17	4,212	---h--w	C:\WINDOWS\system32\zllictbl.dat
2007-07-07 17:04:44	384	----a-w	C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000006-00001102-00000004-20021102}.dat
2007-07-07 17:04:44	384	----a-w	C:\WINDOWS\system32\DVCState-{00000005-00000000-00000006-00001102-00000004-20021102}.dat
2007-07-07 15:27:43	512	----a-w	C:\ScanSectorLog.dat
2007-07-04 17:57:47	--------	d-----w	C:\Program Files\Popsy
2007-06-17 06:19:07	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-05-29 18:19:20	--------	d-----w	C:\Program Files\Intelore
2007-05-26 11:45:41	--------	d-----w	C:\Program Files\ICOO Loader
2007-05-26 11:02:08	--------	d-----w	C:\Program Files\APRP
2007-05-24 15:48:32	--------	d-----w	C:\Program Files\ElcomSoft
2007-05-22 19:12:58	--------	d-----w	C:\DOCUME~1\George\APPLIC~1\Intelore
2007-05-22 19:10:41	--------	d-----w	C:\Program Files\ABF software
2007-05-19 15:59:07	512,096	----a-w	C:\WINDOWS\system32\drivers\amon.sys
2007-05-19 15:59:06	298,104	----a-w	C:\WINDOWS\system32\imon.dll
2007-05-19 15:59:05	15,424	----a-w	C:\WINDOWS\system32\drivers\nod32drv.sys
2007-05-16 15:19:43	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-05-12 13:55:07	--------	d-----w	C:\Program Files\Windows Live Toolbar
2007-05-12 13:54:06	--------	d-----w	C:\Program Files\MSN Messenger
2007-04-25 14:22:52	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2007-04-18 16:15:26	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20	271,224	----a-w	C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18	208,248	----a-w	C:\WINDOWS\system32\muweb.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16	59032	--a------	C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2006-10-31 08:55	1803720	--a------	C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33	322368	--a------	C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45	544032	--a------	C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-19 17:59]
"RegistryMechanic"="" []
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hitman Pro SurfRight Helper"="D:\Program Files\Hitman Pro\srhelper.exe" [2006-02-05 21:30]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-08-08 14:49]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"Steam"="D:\Program Files\Steam.exe" [2007-06-28 18:44]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^George^Menu Start^Programma's^Opstarten^Joint Operations Typhoon Rising Registration.lnk]
backup=C:\WINDOWS\pss\Joint Operations Typhoon Rising Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
D:\Program Files\Babylon\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iexplore.exe]
C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
D:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\system32\LXSUPMON.EXE RUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Schedule"=2 (0x2)
"SAVScan"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba6b8742-ea51-11d9-a493-806d6172696f}]
AutoRun\command- D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba6b8743-ea51-11d9-a493-806d6172696f}]
AutoRun\command- E:\Setup.EXE


Contents of the 'Scheduled Tasks' folder
2007-05-12 13:54:40  C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 19:08:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 19:09:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-07 19:09

	--- E O F ---

Denken jullie dat het inorde is?

Groeten, Mark

vlad · 19 jun 2008

zelfde probleem

hey

ik heb hetzelfde probleem
maar ik krijg het niet weg
kan iemand mij helpen hoe ik het moet wegkrijgen.
want als hierboven vermeld staat
begijp ik niks van

groeten vlad

Ton52 · 19 jun 2008

Logs worden hier niet nagekeken, dat kan wel bij o.a. BlueMedicine.

Lees dit eerst voor je een HijackThislog plaatst!
http://support.bluemedicine.be/mybb/forumdisplay.php?fid=10

Daarna kun je hier je HijackThislog plaatsen.
http://support.bluemedicine.be/mybb/forumdisplay.php?fid=11

Vermeld daar ook welke problemen er zijn, en wat je al gedaan hebt om het op te lossen.
Je moet je wel even registreren, maar dat is net als op ‘Helpmij’ gratis en eenmalig.

Pc geïnfecteerd met cyberlog x

Marky76

Gebruiker

Marky76

Gebruiker

vlad

Gebruiker

Ton52

Terugkerende gebruiker

Nieuwste berichten

Wij waarderen jouw privacy