Macdub
-
Items
8 -
Registratiedatum
-
Laatst bezocht
Macdub's prestaties
-
Ik heb SDFix laten lopen. Bijgevoegd het rapportje + HiJack.log : SDFix: Version 1.104 Run by Administrator on wo 12/09/2007 at 22:43 Microsoft Windows XP [versie 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser" "D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "E:\\Setup.exe"="E:\\Setup.exe:*:Enabled:Setup Wizard of WRT54GR" "C:\\Documents and Settings\\Eigenaar\\Local Settings\\Temporary Internet Files\\Content.IE5\\05A7KPQN\\wap54gv2-EU_wizard_tcm126-48507[1]\\wap54g-EU-20040505\\Setup.exe"="C:\\Documents and Settings\\Eigenaar\\Local Settings\\Temporary Internet Files\\Content.IE5\\05A7KPQN\\wap54gv2-EU_wizard_tcm126-48507[1]\\wap54g-EU-20040505\\Setup.exe:*:Enabled:Setup Wizard of WAP54G" "D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="D:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform" "D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Files with Hidden Attributes: C:\Program Files\Canon\Canon Setup Utility 2.0\uinstrsc.dll C:\Program Files\Canon\Canon Setup Utility 2.1\uinstrsc.dll C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe C:\Program Files\Canon\Canon Setup Utility 2.1\Maint.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp C:\Program Files\InterActual\InterActual Player\iti5.tmp Finished! Logfile of HijackThis v1.99.1 Scan saved at 23:15:53, on 12/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe c:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\svchost.exe d:\Program Files\Spyware Doctor\svcntaux.exe d:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe d:\Program Files\Spyware Doctor\SDTrayApp.exe d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe c:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe D:\Program Files\SPAMfighter\SFAgent.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe D:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Hitman Pro\srhelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe D:\Program Files\Nikon\NkView6\NkvMon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE d:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Rar$EX00.609\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [uSBToolTip] "d:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sDTray] "d:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "d:\Program Files\Hitman Pro\srhelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
-
Ik heb gisteren AVG laten draaien en die heeft enkele zaken gevonden, waaronder "printer.exe". Deze werden deze maal ook verwijderd. Voorlopig heb ik de popup-melding niet meer gekregen, maar krijg nog steeds geen toegang tot het configuratiescherm van Windows. Nog steeds moet ik de systeembeheerder contacteren. Hoe kan ik dit terug in orde krijgen ? Moet ik HiJack nog eens laten lopen en posten ? Alvast bedankt.
-
Ik heb geprobeerd via veilige modus, maar dit lukt ook niet. Ik merk nu ook dat ik zelfs geen toegang meer heb tot "Programmatoegang en-instellingen". Ik krijg dan volgende opmerking : "De bewerking is geannuleerd vanwege op uw systeem geldende beperkingen. Neem contact met de systeembeheerder op." Ik heb Bitdefender nog eens laten lopen met volgende log-file tot gevolg : //----------------------------------------------------------------- // // Product BitDefender Free Edition v10 // Product 10.2 // // Created on: 11/09/2007 17:27:26 // //----------------------------------------------------------------- Virus Statistics Scan path : C:\ D:\ Folders : 5289 Files : 287894 Memory processes scanned : 56 Archives : 2120 Runtime packers : 10026 Identified viruses : 4 Infected files : 4 Memory processes infected : 1 Suspect files : 1 Warnings : 0 Disinfected files : 0 Deleted files : 0 Moved files : 3 I/O errors : 33 Scan time : 01:48:50 Scan speed (files/sec) : 44 Spyware Statistics Registry keys scanned : 1821 Registry keys infected : 0 Cookies scanned : 92 Cookies infected : 0 Spyware files infected : 0 Spyware threats detected : 0 Virus definitions : 872069 Scan plugins : 16 Archive plugins : 41 Unpack plugins : 7 Mail plugins : 6 System plugins : 5 Virus scan options Detection [X] Scan boot sectors [X] Memory Processes [X] Scan archives [X] Scan runtime packers [X] Scan email File mask [ ] Programs [X] All files [ ] User defined extensions: [ ] Exclude extensions: ; Action Infected objects [ ] Ignore [X] Disinfect [ ] Delete [ ] Move to quarantine [ ] Prompt user Second action [ ] Ignore [ ] Delete [X] Move to quarantine [ ] Prompt user Virus scan options [X] Enable warnings [X] Enable heuristics [ ] Show all files in log [X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1189524446.log Spyware scan options [X] Scan for riskware [ ] Skip dial and applications from scan [X] Registry keys [X] Cookies Summary: <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Infected: Win32.Worm.Agent.PYD <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Disinfection failed <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Move failed <System>=>C:\WINDOWS\system32\printer.exe (full dump) Infected: Win32.Worm.Agent.PYD <System>=>C:\WINDOWS\system32\printer.exe (full dump) Disinfection failed <System>=>C:\WINDOWS\system32\printer.exe (full dump) Move failed C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Infected: Trojan.Clicker.CM C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Disinfection failed C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Moved C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Infected: Generic.Qhost.60FEA05A C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Disinfection failed C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Moved C:\WINDOWS\system32\drivers\etc\hosts.bak Infected: Generic.Qhost.017E6D49 C:\WINDOWS\system32\drivers\etc\hosts.bak Disinfection failed C:\WINDOWS\system32\drivers\etc\hosts.bak Moved D:\Dirk\Mijn documenten\Mijn mail\Outlook.pst=>[subject: E-mail met bijlage (attachment): view.htm][From: Dubin, Dirk (D.)]=>view.htm Suspect: Exploit.Html.Ieslice.P
-
Hoe kan ik dit nu verder oplossen, want Bitdefender krijgt dit niet weg ?
-
Opnieuw gescand. Met Avast niets gevonden. Met Bitdefender het volgende gevonden : //----------------------------------------------------------------- // // Product BitDefender Free Edition v10 // Product 10.2 // // Created on: 10/09/2007 20:15:14 // //----------------------------------------------------------------- Virus Statistics Scan path : C:\WINDOWS\system32\printer.exe Folders : 0 Files : 116 Memory processes scanned : 53 Archives : 6 Runtime packers : 0 Identified viruses : 1 Infected files : 1 Memory processes infected : 1 Suspect files : 0 Warnings : 0 Disinfected files : 0 Deleted files : 0 Moved files : 0 I/O errors : 0 Scan time : 00:00:47 Scan speed (files/sec) : 2 Spyware Statistics Registry keys scanned : 1819 Registry keys infected : 0 Cookies scanned : 76 Cookies infected : 0 Spyware files infected : 0 Spyware threats detected : 0 Virus definitions : 872056 Scan plugins : 16 Archive plugins : 41 Unpack plugins : 7 Mail plugins : 6 System plugins : 5 Virus scan options Detection [X] Scan boot sectors [X] Memory Processes [X] Scan archives [X] Scan runtime packers [X] Scan email File mask [ ] Programs [X] All files [ ] User defined extensions: [ ] Exclude extensions: ; Action Infected objects [ ] Ignore [X] Disinfect [ ] Delete [ ] Move to quarantine [ ] Prompt user Second action [ ] Ignore [ ] Delete [X] Move to quarantine [ ] Prompt user Virus scan options [X] Enable warnings [X] Enable heuristics [ ] Show all files in log [X] Report file: C:\Documents and Settings\Eigenaar\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1189448114.log Spyware scan options [X] Scan for riskware [ ] Skip dial and applications from scan [X] Registry keys [X] Cookies Summary: <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Infected: Win32.Worm.Agent.PYD <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Disinfection failed <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Move failed <System>=>C:\WINDOWS\system32\printer.exe (full dump) Infected: Win32.Worm.Agent.PYD <System>=>C:\WINDOWS\system32\printer.exe (full dump) Disinfection failed <System>=>C:\WINDOWS\system32\printer.exe (full dump) Move failed
-
Het komt van volgend proces : printer.exe En nu ?
-
Ja, dit is een melding met buttons (ok, annuleren), maar hoe kan je terugvinden in taakbeheer van welk proces het komt ?
-
Wie kan mij verder helpen ? Ik krijg iedere paar minuten een melding "Windows security alert". Ik heb ondertussen al Ad-aware en Spybot laten draaien zonder succes. Voor de rest draait er continu Avast v4.7 Ondertussen heb ik ook HijackThis laten lopen met onderstaande log als gevolg : Logfile of HijackThis v1.99.1 Scan saved at 20:20:19, on 9/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe c:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe D:\Program Files\SPAMfighter\SFAgent.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\slserv.exe D:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe D:\Program Files\Hitman Pro\srhelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Nikon\NkView6\NkvMon.exe c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe c:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [uSBToolTip] "d:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "d:\Program Files\Hitman Pro\srhelper.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - Startup: system.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: autorun.exe O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Hoe moet ik nu verder, want het probleem blijft hetzelfde ?
