Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
Ralph
Hallo,
Het probleem
Sinds een paar dagen is internet erg traag op mijn pc. Na enige tijd (ca 10 minuten) wordt zelfs de verbinding volledig verbroken. Tevens krijg ik regelmatig de melding van mijn virusscanner (Avira Antivir Personal) dat TR/Dropper.gen gevonden is.
Daarop heb ik besloten alle stappen bij “VOER DIT EERST UIT, VOORDAT JE DE LOGJES PLAATST!!” uit te voeren. Hieronder de resultaten.
1 Gedaan.
2 In veilige modus de virusscanner laten draaien. De melding die verscheen:
Object: ccdrive32.exe
Detection: TR/Dropper.gen
Deze melding stond er twee keer.
Nadat ik het probleem wilde laten fixen door de scanner, kreeg ik de volgende melding:
You may not have the required permission or the file is locked. Please make sure that you have administrative rights for this action. Vervolgens heb ik Delete locked file after reboot aangevinkt en de pc opnieuw opgestart.
Nadat deze opnieuw was opgestart, begon hij opnieuw met scannen. Ditmaal met als resultaat:
Object: A0001031.exe
Detection: TR/Dropper.gen
Object: A0001044.exe
Detection: TR/Crypt.XPACK.gen
Object: A0002039.exe
Detection: TR/Dropper.gen
Object: A0006057.exe
Detection: TR/Dropper.gen
Dit heb ik allemaal laten fixen door de scanner.
Hier de logfile na het scannen:
Logfile created: 30-11-2009 22:32:26
Lavasoft Ad-Aware version: 8.1.2
User performing scan: Ralph Vrijens
*********************** Definitions database information ***********************
Lavasoft definition file: 149.104
Genotype definition file version: 2009/11/30 09:42:49
******************************** Scan results: *********************************
Scan profile name: Vol. scan (ID: full)
Objects scanned: 71566
Objects detected: 35
Type Detected
==========================
Processes…….: 0
Registry entries: 0
Hostfile entries: 0
Files………..: 0
Folders………: 0
LSPs…………: 0
Cookies………: 35
Browser hijacks.: 0
MRU objects…..: 0
Removed items:
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *betanews* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409366 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *betanews* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409366 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0
Scan and cleaning complete: Finished correctly after 3230 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vol. scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:0, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:0, value: Daily 1
ID: time, enabled:0, value: Mon Nov 30 22:04:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily2, enabled:0, value: Daily 2
ID: time, enabled:0, value: Mon Nov 30 04:04:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily3, enabled:0, value: Daily 3
ID: time, enabled:0, value: Mon Nov 30 10:04:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily4, enabled:0, value: Daily 4
ID: time, enabled:0, value: Mon Nov 30 16:04:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Nov 30 22:04:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:0, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: RALPH
Processor name: Intel(R) Pentium(R) 4 CPU 3.20GHz
Processor identifier: x86 Family 15 Model 4 Stepping 3
Processor speed: ~3215MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1027, number of processors 2, processor features:
Physical memory available: 242917376 bytes
Physical memory total: 1073197056 bytes
Virtual memory available: 1982750720 bytes
Virtual memory total: 2147352576 bytes
Memory load: 77%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 560 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 608 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 632 name: \??\C:\WINDOWS\SYSTEM32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 676 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 688 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 944 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1040 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1096 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1224 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1348 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 1472 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1520 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1804 name: C:\WINDOWS\Explorer.EXE owner: Ralph Vrijens domain: RALPH
PID: 1852 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 424 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
PID: 460 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 540 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 548 name: C:\WINDOWS\SOUNDMAN.EXE owner: Ralph Vrijens domain: RALPH
PID: 1024 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Ralph Vrijens domain: RALPH
PID: 1136 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1072 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: Ralph Vrijens domain: RALPH
PID: 1248 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1212 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Ralph Vrijens domain: RALPH
PID: 1292 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Ralph Vrijens domain: RALPH
PID: 1400 name: C:\Program Files\AutoSizer\AutoSizer.exe owner: Ralph Vrijens domain: RALPH
PID: 1528 name: C:\WINDOWS\system32\ctfmon.exe owner: Ralph Vrijens domain: RALPH
PID: 1628 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1652 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: Ralph Vrijens domain: RALPH
PID: 1768 name: C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: Ralph Vrijens domain: RALPH
PID: 2164 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY
PID: 2908 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Ralph Vrijens domain: RALPH
PID: 3072 name: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe owner: Ralph Vrijens domain: RALPH
PID: 2144 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2068 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3824 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Ralph Vrijens domain: RALPH
PID: 1364 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 212 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Ralph Vrijens domain: RALPH
Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Preloader van browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Cache-daemon voor onderdeelcategorieën
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: Microsoft Driver Setup
imagepath: C:\WINDOWS\ccdrive32.exe
Name: Malwarebytes' Anti-Malware
imagepath: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: SoundMan
imagepath: SOUNDMAN.EXE
Name: NeroFilterCheck
imagepath: C:\WINDOWS\system32\NeroCheck.exe
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name:
Name: SunJavaUpdateSched
imagepath: “C:\Program Files\Java\jre6\bin\jusched.exe”
Name: avgnt
imagepath: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
Name:
imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Name:
imagepath: C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: ALG
displayname: Application Layer Gateway-service
Name: AntiVirSchedulerService
displayname: Avira AntiVir Scheduler
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Intelligente achtergrondsoverdrachtservice
Name: Bonjour Service
displayname: Bonjour-service
Name: CryptSvc
displayname: Services voor cryptografie
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+-gebeurtenissysteem
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MDM
displayname: Machine Debug Manager
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC-services
Name: RasMan
displayname: Verbindingsbeheer voor RAS
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore-service
Name: SSDPSRV
displayname: SSDP Discovery-service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Thema's
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatische updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration-service
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
3 Gedaan.
4 Gedaan.
Spybot heeft gevonden en verwijderd: DoubleClick (Tracking Cookie)
5 Gedaan.
6 Gedaan.
7 Gedaan.
Bij deze het logje van MBAM:
Malwarebytes' Anti-Malware 1.41
Database versie: 3263
Windows 5.1.2600 Service Pack 3
30-11-2009 23:33:00
mbam-log-2009-11-30 (23-33-00).txt
Scan type: Snelle Scan
Objecten gescand: 102222
Verstreken tijd: 12 minute(s), 23 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
8 Gedaan.
9 Gedaan.
10 Gedaan. Bij deze kreeg ik wel een foutmelding. Maar na het wegklikken ervan, bleek er verder niets aan de hand te zijn.
Bij deze de log van HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:44, on 1-12-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.fok.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: nwiz.exe /install
O4 - HKLM\..\Run: SOUNDMAN.EXE
O4 - HKLM\..\Run: C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU\..\Run: “C:\Program Files\AutoSizer\AutoSizer.exe”
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243541154109
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
–
End of file - 7447 bytes
11 Check.
Ik hoop dat mijn pc nu weer een beetje opgeschoond is. Mocht er nog iets gedaan moeten worden, dan hoor ik dat graag.
)