Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
frank2908
hallo,
Na het verwijderen van een aantal trojan virussen, maakt de pc constant verbinding met internet. alsof ik iets aan het downloaden/uploaden ben. Voorheen was dit niet..
Heb alle aanwijzingen gevolgd zoals op het prikbord beschreven.
Alvast bedankt
Frank
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:53, on 27-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\Anvshell.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Documents and Settings\Frank\Application Data\_16ec8a107f8d4ffa89e54995d1fe7756\down\mu005.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: sstray.exe /r
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM\..\Run: “C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide
O4 - HKLM\..\Run: C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: C:\Documents and Settings\Frank\Local Settings\Temp\part.exe
O4 - HKCU\..\Run: C:\DOCUME~1\Frank\LOCALS~1\Temp\zchMiB.exe
O4 - HKCU\..\Run: C:\Documents and Settings\Frank\Application Data\_16ec8a107f8d4ffa89e54995d1fe7756\down\mu005.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233760446828
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Starting the file scan:
Begin scan in ‘C:\’
C:\hiberfil.sys
The file could not be opened!
C:\pagefile.sys
The file could not be opened!
C:\Documents and Settings\Frank\Application Data\_16ec8a107f8d4ffa89e54995d1fe7756\down\hosts000.exe
Contains a recognition pattern of the (harmful) BDS/VB.hrs back-door program
The file was deleted!
C:\Documents and Settings\Frank\Application Data\_16ec8a107f8d4ffa89e54995d1fe7756\down\log000.exe
Is the TR/Dropper.Gen Trojan
The file was deleted!
C:\Documents and Settings\Frank\Application Data\_16ec8a107f8d4ffa89e54995d1fe7756\down\nDler001.exe
Is the TR/Dldr.VB.lav Trojan
The file was deleted!
C:\Documents and Settings\Frank\Application Data\_16ec8a107f8d4ffa89e54995d1fe7756\down\rp000.exe
Is the TR/Dropper.Gen Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\4RJSV5OH\logc.exe
Is the TR/Dropper.Gen Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\8ZI42NKR\zchMiB.exe
Is the TR/Autoit.GFQ Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\AQOJM2N1\minisvr4.exe
Is the TR/Agent.qka Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\GNDJI4CD\rp.exe
Is the TR/Dropper.Gen Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\GNDJI4CD\rp.exe
Is the TR/Dropper.Gen Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\JRGIVDT0\nDler.exe
Is the TR/Dldr.VB.lav Trojan
The file was deleted!
C:\Documents and Settings\Frank\Local Settings\Temporary Internet Files\Content.IE5\QT1RSFG7\nuke.exe
Contains a recognition pattern of the (harmful) BDS/VB.hrs back-door program
The file was deleted!
End of the scan: vrijdag 27 maart 2009 00:22
Used time: 1:14:28 Hour(s)
The scan has been canceled!
3191 Scanning directories
205525 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
13 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
205508 Files not concerned
1322 Archives were scanned
2 Warnings
13 Notes
