-
Items
304 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door supernikje
-
-
Kan aan Nero en office nog geraken in het slechtste geval, maar maak mij nu meer zorgen over de virussen die er nog opstaan.
Ben bang als ik die verwijder dat ik terug niet meer kan opstarten en weer alles moet installeren ((
Ben al hele dag bezig...
Weet iemand hoe ik op een veilige manier de gevonden virussen kan verwijderen.
IObit vond alleszins nog Trojaanse, Avira is aan het scannen en zal seffens log posten...
---------- Post toegevoegd om 17:04 ---------- Vorige post was om 16:56 ----------
Avira AntiVir Personal
Report file date: zondag 30 januari 2011 15:34
Scanning for 2435637 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ANGELS
Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 13/12/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 13/12/2010 07:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 13/12/2010 07:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 21:08:34
VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 21:08:34
VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 21:08:35
VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 21:08:35
VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 21:08:35
VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 21:08:35
VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 21:08:35
VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 21:08:35
VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 21:08:35
VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 21:08:35
VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 21:08:35
VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 21:08:35
VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 21:08:36
VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 21:08:37
VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 21:08:37
VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 21:08:38
VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 21:08:38
VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 21:08:39
VBASE019.VDF : 7.11.1.5 148480 Bytes 3/01/2011 21:08:39
VBASE020.VDF : 7.11.1.37 156672 Bytes 7/01/2011 21:08:40
VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 21:08:40
VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 21:08:41
VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 21:08:42
VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 21:08:42
VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 21:08:44
VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 21:08:45
VBASE027.VDF : 7.11.2.12 164352 Bytes 27/01/2011 21:08:46
VBASE028.VDF : 7.11.2.13 2048 Bytes 27/01/2011 21:08:46
VBASE029.VDF : 7.11.2.14 2048 Bytes 27/01/2011 21:08:46
VBASE030.VDF : 7.11.2.15 2048 Bytes 27/01/2011 21:08:46
VBASE031.VDF : 7.11.2.31 71168 Bytes 28/01/2011 21:08:47
Engineversion : 8.2.4.150
AEVDF.DLL : 8.1.2.1 106868 Bytes 13/12/2010 07:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 29/01/2011 21:08:59
AESCN.DLL : 8.1.7.2 127349 Bytes 13/12/2010 07:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 13/12/2010 07:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 13/12/2010 07:39:50
AEPACK.DLL : 8.2.4.8 512374 Bytes 29/01/2011 21:08:58
AEOFFICE.DLL : 8.1.1.15 205178 Bytes 29/01/2011 21:08:57
AEHEUR.DLL : 8.1.2.68 3178870 Bytes 29/01/2011 21:08:56
AEHELP.DLL : 8.1.16.0 246136 Bytes 13/12/2010 07:39:42
AEGEN.DLL : 8.1.5.2 397683 Bytes 29/01/2011 21:08:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 13/12/2010 07:39:42
AECORE.DLL : 8.1.19.2 196983 Bytes 29/01/2011 21:08:50
AEBB.DLL : 8.1.1.0 53618 Bytes 13/12/2010 07:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13/12/2010 07:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 13/12/2010 07:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 13/12/2010 07:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13/12/2010 07:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 13/12/2010 07:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13/12/2010 07:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13/12/2010 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 13/12/2010 07:40:20
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: zondag 30 januari 2011 15:34
Starting search for hidden objects.
The scan of running processes will be started
Scan process 'rsmsink.exe' - '33' Module(s) have been scanned
Scan process 'iexplore.exe' - '99' Module(s) have been scanned
Scan process 'iexplore.exe' - '93' Module(s) have been scanned
Scan process 'iexplore.exe' - '70' Module(s) have been scanned
Scan process 'msdtc.exe' - '46' Module(s) have been scanned
Scan process 'dllhost.exe' - '65' Module(s) have been scanned
Scan process 'dllhost.exe' - '51' Module(s) have been scanned
Scan process 'vssvc.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '65' Module(s) have been scanned
Scan process 'AAWTray.exe' - '26' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'alg.exe' - '38' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '48' Module(s) have been scanned
Scan process 'unsecapp.exe' - '42' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '30' Module(s) have been scanned
Scan process 'IS360srv.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'WiFiStation.exe' - '48' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '43' Module(s) have been scanned
Scan process 'msmsgs.exe' - '71' Module(s) have been scanned
Scan process 'ctfmon.exe' - '32' Module(s) have been scanned
Scan process 'cfp.exe' - '67' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '37' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'VTTimer.exe' - '24' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '56' Module(s) have been scanned
Scan process 'AAWService.exe' - '100' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'Explorer.EXE' - '108' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '161' Module(s) have been scanned
Scan process 'cmdagent.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'lsass.exe' - '64' Module(s) have been scanned
Scan process 'services.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '70' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Master boot sector HD1
[iNFO] No virus was found!
Master boot sector HD2
[iNFO] No virus was found!
Master boot sector HD3
[iNFO] No virus was found!
Master boot sector HD4
[iNFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '335' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\Program Files\Games\need for speed\NFSHP2\CRACK.ACE
[0] Archive type: ACE
--> NFSHP2.exe
[WARNING] Insufficient memory. The file was not scanned.
[WARNING] Insufficient memory. The file was not scanned.
C:\Program Files\Games\need for speed\NFSHP2\NFSHP2.ACE
[0] Archive type: ACE
--> actors\ActorDef\3DBack3.adf
[WARNING] Insufficient memory. The file was not scanned.
C:\System Volume Information\_restore{BA9855FB-FB1D-4E9D-BBD5-9602BC89D4C3}\RP2\A0000690.exe
[DETECTION] Is the TR/Kazy.9765.8 Trojan
Beginning disinfection:
C:\System Volume Information\_restore{BA9855FB-FB1D-4E9D-BBD5-9602BC89D4C3}\RP2\A0000690.exe
[DETECTION] Is the TR/Kazy.9765.8 Trojan
[WARNING] The file was ignored!
End of the scan: zondag 30 januari 2011 17:02
Used time: 1:26:01 Hour(s)
The scan has been done completely.
5537 Scanned directories
186367 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
186366 Files not concerned
6477 Archives were scanned
4 Warnings
0 Notes
200586 Objects were scanned with rootkit scan
0 Hidden objects were found
-
deze log na ad-aware
Logfile created: 30/01/2011 14:47:56
Ad-Aware version: 9.0.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Owner
*********************** Definitions database information ***********************
Lavasoft definition file: 150.257
Genotype definition file version: 2011/01/27 17:00:29
Extended engine definition file: 8242.0
******************************** Scan results: *********************************
Scan profile name: Slim. scan (ID: smart)
Objects scanned: 16494
Objects detected: 15
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 15
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *fastclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408869 Family ID: 0
Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409125 Family ID: 0
Description: *statcounter* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409185 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Scan and cleaning complete: Finished correctly after 1969 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Slim. scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sat Jan 29 23:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sat Jan 29 05:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sat Jan 29 11:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sat Jan 29 17:30:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Jan 29 23:30:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: ANGELS
Processor name: AMD Sempron 3000+
Processor identifier: x86 Family 6 Model 10 Stepping 0
Processor speed: ~1992MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 2560, number of processors 1, processor features: [MMX,SSE,3DNow]
Physical memory available: 776687616 bytes
Physical memory total: 1610072064 bytes
Virtual memory available: 1856925696 bytes
Virtual memory total: 2147352576 bytes
Memory load: 51%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:
Running processes:
PID: 716 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 800 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 836 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 892 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1052 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1112 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1256 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: C:\WINDOWS\system32\svchost.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 1476 name: C:\WINDOWS\system32\svchost.exe owner: Lokale service domain: NT AUTHORITY
PID: 1800 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1872 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1912 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2028 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
PID: 156 name: C:\Program Files\IObit\IObit Security 360\IS360srv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 212 name: C:\Program Files\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT AUTHORITY
PID: 524 name: C:\WINDOWS\Explorer.EXE owner: Owner domain: ANGELS
PID: 1228 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1676 name: C:\WINDOWS\SOUNDMAN.EXE owner: Owner domain: ANGELS
PID: 1696 name: C:\WINDOWS\system32\VTTimer.exe owner: Owner domain: ANGELS
PID: 1712 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Owner domain: ANGELS
PID: 1904 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Owner domain: ANGELS
PID: 144 name: C:\WINDOWS\system32\ctfmon.exe owner: Owner domain: ANGELS
PID: 1504 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Owner domain: ANGELS
PID: 1332 name: C:\Program Files\Hercules\WiFi Station\WiFiStation.exe owner: Owner domain: ANGELS
PID: 2176 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2352 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2576 name: C:\WINDOWS\System32\alg.exe owner: Lokale service domain: NT AUTHORITY
PID: 4012 name: C:\WINDOWS\system32\wuauclt.exe owner: Owner domain: ANGELS
PID: 1016 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Owner domain: ANGELS
PID: 1488 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Owner domain: ANGELS
PID: 1148 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Owner domain: ANGELS
PID: 2224 name: C:\Program Files\Avira\AntiVir Desktop\avscan.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2496 name: C:\Program Files\Avira\AntiVir Desktop\avscan.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2672 name: C:\WINDOWS\System32\vssvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2092 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3824 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3848 name: C:\Program Files\IObit\IObit Security 360\is360.exe owner: Owner domain: ANGELS
PID: 1188 name: C:\WINDOWS\system32\msdtc.exe owner: Netwerkservice domain: NT AUTHORITY
PID: 3588 name: C:\Program Files\IObit\IObit Security 360\IS360tray.exe owner: Owner domain: ANGELS
PID: 3544 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Owner domain: ANGELS
PID: 3636 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Owner domain: ANGELS
Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Preloader van browseui
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Cache-daemon voor onderdeelcategorieën
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: SoundMan
imagepath: SOUNDMAN.EXE
Name: VTTimer
imagepath: VTTimer.exe
Name: avgnt
imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: WinSys2
imagepath: C:\WINDOWS\system32\winsys2.exe
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name:
imagepath: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE
Name:
location: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\WiFi Station.lnk
imagepath: C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Menu Start\Programma's\Opstarten\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: ALG
displayname: Application Layer Gateway-service
Name: AntiVirSchedulerService
displayname: Avira AntiVir Scheduler
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: AudioSrv
displayname: Windows Audio
Name: COMSysApp
displayname: COM+-systeemtoepassing
Name: CryptSvc
displayname: Services voor cryptografie
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Service voor het rapporteren van fouten
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+-gebeurtenissysteem
Name: FastUserSwitchingCompatibility
displayname: Compatibiliteit voor Snelle gebruikerswisseling
Name: helpsvc
displayname: Help en ondersteuning
Name: IS360service
displayname: IS360service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MSDTC
displayname: Distributed Transaction Coordinator
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC-services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Verbindingsbeheer voor RAS
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall (WF) / Internet-verbinding delen (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore-service
Name: SSDPSRV
displayname: SSDP Discovery-service
Name: SwPrv
displayname: MS Software Shadow Copy Provider
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Thema's
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: VSS
displayname: Volume Shadow Copy
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration-service
-
Hallo,Ik zit hier even met m'n handen in het haar.Mijn anti-virus had volgend virus gevonden ; csrss.exe. Ik verwijderde deze en m'n pc startte nt meer op, zelfs niet in veilige modus.Door op een F-toets te drukken ben ik uiteindelijk in het systeemherstel geraakt, zo heb ik kunnen opstarten via de herstelpartitie. Ik had keuze tussen een volledige of gedeeltelijk herstel. Bij het eerste zouden al m'n bestanden verloren gaan, dus heb ik voor de gedeeltelijke gekozen.m'n pc start nu opnieuw, maar kan bv gn word of powerpoint meer starten, krijg het bericht deze actie is alleen geldig voor producten die momenteel zijn geïnstalleerd.Ik heb geen software om office opnieuw te installeren, office was al geïnstalleerd op m'n pc bij aankoop (of vanaf harde schijf herinner het me nt).Hoe kan ik office opniuew aan het werk krijgen.Ik had ook een gratische versie van Nero, dit opent ook niet meer waar zou ik dat kunnen vinden?Ik heb avira, spybot, ad-aware,cw-schredder,IObit Security 360 en HiJackThis geïnstalleerd. Avira vindt terug een virus A0000690.exe, ik durf het nt meer te verwijderen bang dat hij weer gaat craschen... Hoe en in welke volgorde ga ik best te werk?Ik heb een Spirit 3000 en werk met windows XP sp2.Alvast bedankt...Dit krijg ik als log na het scannen met IObit Security 360IObit Security 360OS:Windows XPVersie:1.6.0.2Define Versie:2408Verstreken Tijd:00:22:27Objecten Gescand:51301Bedreigingen gevonden:31|Naam|Type|Beschrijving|ID|Tracking Cookies, Cookies, Cookie:owner@advertising.com/, 7-12Tracking Cookies, Cookies, Cookie:owner@imrworldwide.com/cgi-bin, 7-1507Tracking Cookies, Cookies, Cookie:owner@com.com/, 7-9Tracking Cookies, Cookies, Cookie:owner@bs.serving-sys.com/, 7-1515Tracking Cookies, Cookies, Cookie:owner@free-av.com/, 7-2181Tracking Cookies, Cookies, Cookie:owner@server.iad.liveperson.net/, 7-1565Tracking Cookies, Cookies, Cookie:owner@www.fixya.com/, 7-2258Tracking Cookies, Cookies, Cookie:owner@statcounter.com/, 7-1543Tracking Cookies, Cookies, Cookie:owner@specificclick.net/, 7-1521Tracking Cookies, Cookies, Cookie:owner@www.addfreestats.com/cgi-bin, 7-1838Tracking Cookies, Cookies, Cookie:owner@apmebf.com/, 7-1643Tracking Cookies, Cookies, Cookie:owner@fastclick.net/, 7-1401Tracking Cookies, Cookies, Cookie:owner@xiti.com/, 7-2256Tracking Cookies, Cookies, Cookie:owner@revsci.net/, 7-1556Tracking Cookies, Cookies, Cookie:owner@quantserve.com/, 7-2072Tracking Cookies, Cookies, Cookie:owner@atdmt.com/, 7-1541Tracking Cookies, Cookies, Cookie:owner@pointroll.com/, 7-2045Tracking Cookies, Cookies, Cookie:owner@insightexpressai.com/, 7-1899Tracking Cookies, Cookies, Cookie:owner@fixya.com/, 7-2258Tracking Cookies, Cookies, Cookie:owner@trafficmp.com/, 7-21Tracking Cookies, Cookies, Cookie:owner@ads.pointroll.com/, 7-13Tracking Cookies, Cookies, Cookie:owner@www.free-av.com/, 7-2181Tracking Cookies, Cookies, Cookie:owner@m.webtrends.com/, 7-2219Tracking Cookies, Cookies, Cookie:owner@smartadserver.com/, 7-1608Tracking Cookies, Cookies, Cookie:owner@stat.onestat.com/, 7-1544Tracking Cookies, Cookies, Cookie:owner@doubleclick.net/, 7-1379Tracking Cookies, Cookies, Cookie:owner@serving-sys.com/, 7-1515Tracking Cookies, Cookies, Cookie:owner@did-it.com/, 7-1776Trojan.Win32/Agent, File, C:\WINDOWS\system32\sw20.exe, 4-12828Trojan.Win32/Agent, File, C:\WINDOWS\system32\winsys.exe, 4-14343Trojan.Win32/Agent, File, C:\WINDOWS\system32\winsys2.exe, 4-14344
---------- Post toegevoegd om 14:53 ---------- Vorige post was om 14:41 ----------
Dit is de log na het scannen met HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:12, on 30/01/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296343290093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296343282984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6033 bytes
---------- Post toegevoegd om 15:00 ---------- Vorige post was om 14:53 ----------
Wat ik voordien al had en nu ook opnieuw is dat ik Flash Player regelmatig terug moe(s)t installeren
Problemen na verwijderen virus csrss.exe
in Archief Bestrijding malware & virussen
Geplaatst:
Kweezie,
Bedankt voor je uitleg...
Ik had mijn bericht ook op een ander forum geplaatst waar me hetzelfde aangeraden werd.
Weliswaar niet zo mooi stap voor stap uitgelegd als jij dat doet , maar ik heb gisteren dus al een volledige scan uitgevoerd waarna me gevraagd werd om terug op te starten en gelukkig deed m'n PC het nog. Ben nu nog even een snelle scan aan het uitvoeren (denk later nog eens een volledige), ik post eerst m'n log na de volledige scan van gisteren en als deze scan rond is post ik die log ook nog.
Amaï 'k heb dus wel geluk gehad dat er nog wat te redden viel van m'n PC .
Nogmaals bedankt !!!
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Databaseversie: 5640
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
30/01/2011 21:28:25
mbam-log-2011-01-30 (21-28-25).txt
Scantype: Volledige scan (C:\|)
Objecten gescand: 200074
Verstreken tijd: 1 uur/uren, 12 minuut/minuten, 7 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 7
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP2\A0000690.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002018.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002019.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002020.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002021.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002022.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ba9855fb-fb1d-4e9d-bbd5-9602bc89d4c3}\RP5\A0002023.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.