Ga naar inhoud

Windows security alert


Macdub

Aanbevolen berichten

Wie kan mij verder helpen ?

Ik krijg iedere paar minuten een melding "Windows security alert".

Ik heb ondertussen al Ad-aware en Spybot laten draaien zonder succes.

Voor de rest draait er continu Avast v4.7

Ondertussen heb ik ook HijackThis laten lopen met onderstaande log als gevolg :

Logfile of HijackThis v1.99.1

Scan saved at 20:20:19, on 9/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

c:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

D:\Program Files\SPAMfighter\SFAgent.exe

D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\system32\slserv.exe

D:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Hitman Pro\srhelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\Nikon\NkView6\NkvMon.exe

c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

c:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

O4 - HKLM\..\Run: [uSBToolTip] "d:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "d:\Program Files\Hitman Pro\srhelper.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

O4 - Startup: system.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: autorun.exe

O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Hoe moet ik nu verder, want het probleem blijft hetzelfde ?

Link naar reactie
Delen op andere sites

  • Reacties 21
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Dit kan dus een virus zijn, ik raad je aan om nog een antivirus te donwloaden van de download sectie en de file printer.exe te scannen. (Bevindt zich in C:\Windows\system32/printer.exe)

Heb zelf eens gekeken in men system32 of er zo'n bestand staat dat printer.exe staat en dat is er dus niet.. Men vermoeden dat het een virus is gaat dus nog meer omhoog.

Link naar reactie
Delen op andere sites

Opnieuw gescand.

Met Avast niets gevonden.

Met Bitdefender het volgende gevonden :

//-----------------------------------------------------------------

//

// Product BitDefender Free Edition v10

// Product 10.2

//

// Created on: 10/09/2007 20:15:14

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\WINDOWS\system32\printer.exe

Folders : 0

Files : 116

Memory processes scanned : 53

Archives : 6

Runtime packers : 0

Identified viruses : 1

Infected files : 1

Memory processes infected : 1

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 0

Scan time : 00:00:47

Scan speed (files/sec) : 2

Spyware Statistics

Registry keys scanned : 1819

Registry keys infected : 0

Cookies scanned : 76

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 872056

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\Eigenaar\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1189448114.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

<System>=>C:\WINDOWS\system32\printer.exe (memory dump) Infected: Win32.Worm.Agent.PYD

<System>=>C:\WINDOWS\system32\printer.exe (memory dump) Disinfection failed

<System>=>C:\WINDOWS\system32\printer.exe (memory dump) Move failed

<System>=>C:\WINDOWS\system32\printer.exe (full dump) Infected: Win32.Worm.Agent.PYD

<System>=>C:\WINDOWS\system32\printer.exe (full dump) Disinfection failed

<System>=>C:\WINDOWS\system32\printer.exe (full dump) Move failed

Link naar reactie
Delen op andere sites

Dit vond ik dus over het "printer.exe"

If you find a program with the name printer.exe on your pc, your pc may be infected with a trojan known as 'lunii'. printer.exe is considered to be a security risk, not only because antivirus programs flag lunii trojan as a trojan, but also because other sites consider it a Trojan as well.

lunii trojan is likely a Trojan and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of printer.exe may cause serious harm to your system and will likely cause a number of problems, loss of data, loss of control or leaking private information.

You should visit our Anonymous Surfing section to make sure your system is not giving away information like that of printer.exe.

Link naar reactie
Delen op andere sites

Ik heb geprobeerd via veilige modus, maar dit lukt ook niet.

Ik merk nu ook dat ik zelfs geen toegang meer heb tot "Programmatoegang en-instellingen".

Ik krijg dan volgende opmerking : "De bewerking is geannuleerd vanwege op uw systeem geldende beperkingen. Neem contact met de systeembeheerder op."

Ik heb Bitdefender nog eens laten lopen met volgende log-file tot gevolg :

//-----------------------------------------------------------------

//

// Product BitDefender Free Edition v10

// Product 10.2

//

// Created on: 11/09/2007 17:27:26

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

D:\

Folders : 5289

Files : 287894

Memory processes scanned : 56

Archives : 2120

Runtime packers : 10026

Identified viruses : 4

Infected files : 4

Memory processes infected : 1

Suspect files : 1

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 3

I/O errors : 33

Scan time : 01:48:50

Scan speed (files/sec) : 44

Spyware Statistics

Registry keys scanned : 1821

Registry keys infected : 0

Cookies scanned : 92

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 872069

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1189524446.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

<System>=>C:\WINDOWS\system32\printer.exe (memory dump) Infected: Win32.Worm.Agent.PYD

<System>=>C:\WINDOWS\system32\printer.exe (memory dump) Disinfection failed

<System>=>C:\WINDOWS\system32\printer.exe (memory dump) Move failed

<System>=>C:\WINDOWS\system32\printer.exe (full dump) Infected: Win32.Worm.Agent.PYD

<System>=>C:\WINDOWS\system32\printer.exe (full dump) Disinfection failed

<System>=>C:\WINDOWS\system32\printer.exe (full dump) Move failed

C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Infected: Trojan.Clicker.CM

C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Disinfection failed

C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Moved

C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Infected: Generic.Qhost.60FEA05A

C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Moved

C:\WINDOWS\system32\drivers\etc\hosts.bak Infected: Generic.Qhost.017E6D49

C:\WINDOWS\system32\drivers\etc\hosts.bak Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.bak Moved

D:\Dirk\Mijn documenten\Mijn mail\Outlook.pst=>[subject: E-mail met bijlage (attachment): view.htm][From: Dubin, Dirk (D.)]=>view.htm Suspect: Exploit.Html.Ieslice.P

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.