Ga naar inhoud

Macdub

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    8

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Berichten die geplaatst zijn door Macdub

    Windows security alert

    in Archief Internet & Netwerk

    Geplaatst:

    Ik heb SDFix laten lopen. Bijgevoegd het rapportje + HiJack.log :

    SDFix: Version 1.104

    Run by Administrator on wo 12/09/2007 at 22:43

    Microsoft Windows XP [versie 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:

    Checking Services:

    Restoring Windows Registry Values

    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:

    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS

    No streams found.

    C:\WINDOWS\system32

    No streams found.

    C:\WINDOWS\system32\svchost.exe

    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe

    No streams found.

    Final Check:

    Remaining Services:

    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"

    "D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

    "E:\\Setup.exe"="E:\\Setup.exe:*:Enabled:Setup Wizard of WRT54GR"

    "C:\\Documents and Settings\\Eigenaar\\Local Settings\\Temporary Internet Files\\Content.IE5\\05A7KPQN\\wap54gv2-EU_wizard_tcm126-48507[1]\\wap54g-EU-20040505\\Setup.exe"="C:\\Documents and Settings\\Eigenaar\\Local Settings\\Temporary Internet Files\\Content.IE5\\05A7KPQN\\wap54gv2-EU_wizard_tcm126-48507[1]\\wap54g-EU-20040505\\Setup.exe:*:Enabled:Setup Wizard of WAP54G"

    "D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "D:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="D:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"

    "D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"

    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

    Remaining Files:

    ---------------

    Files with Hidden Attributes:

    C:\Program Files\Canon\Canon Setup Utility 2.0\uinstrsc.dll

    C:\Program Files\Canon\Canon Setup Utility 2.1\uinstrsc.dll

    C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe

    C:\Program Files\Canon\Canon Setup Utility 2.1\Maint.exe

    C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

    C:\Program Files\InterActual\InterActual Player\iti5.tmp

    Finished!

    Logfile of HijackThis v1.99.1

    Scan saved at 23:15:53, on 12/09/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    c:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    C:\WINDOWS\system32\svchost.exe

    d:\Program Files\Spyware Doctor\svcntaux.exe

    d:\Program Files\Spyware Doctor\swdsvc.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\system32\svchost.exe

    d:\Program Files\Spyware Doctor\SDTrayApp.exe

    d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    C:\Program Files\Softwin\BitDefender10\vsserv.exe

    c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    c:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\System32\alg.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\WINDOWS\SOUNDMAN.EXE

    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    D:\Program Files\SPAMfighter\SFAgent.exe

    D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    D:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    C:\Program Files\Softwin\BitDefender10\bdagent.exe

    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\iPod\bin\iPodService.exe

    D:\Program Files\Hitman Pro\srhelper.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    D:\Program Files\Nikon\NkView6\NkvMon.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    d:\Program Files\WinRAR\WinRAR.exe

    C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\Rar$EX00.609\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

    O4 - HKLM\..\Run: [uSBToolTip] "d:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

    O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

    O4 - HKLM\..\Run: [sDTray] "d:\Program Files\Spyware Doctor\SDTrayApp.exe"

    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "d:\Program Files\Hitman Pro\srhelper.exe"

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -

    O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Windows security alert

    in Archief Internet & Netwerk

    Geplaatst:

    Ik heb gisteren AVG laten draaien en die heeft enkele zaken gevonden, waaronder "printer.exe". Deze werden deze maal ook verwijderd. Voorlopig heb ik de popup-melding niet meer gekregen, maar krijg nog steeds geen toegang tot het configuratiescherm van Windows. Nog steeds moet ik de systeembeheerder contacteren.

    Hoe kan ik dit terug in orde krijgen ? Moet ik HiJack nog eens laten lopen en posten ?

    Alvast bedankt.

    Windows security alert

    in Archief Internet & Netwerk

    Geplaatst:

    Ik heb geprobeerd via veilige modus, maar dit lukt ook niet.

    Ik merk nu ook dat ik zelfs geen toegang meer heb tot "Programmatoegang en-instellingen".

    Ik krijg dan volgende opmerking : "De bewerking is geannuleerd vanwege op uw systeem geldende beperkingen. Neem contact met de systeembeheerder op."

    Ik heb Bitdefender nog eens laten lopen met volgende log-file tot gevolg :

    //-----------------------------------------------------------------

    //

    // Product BitDefender Free Edition v10

    // Product 10.2

    //

    // Created on: 11/09/2007 17:27:26

    //

    //-----------------------------------------------------------------

    Virus Statistics

    Scan path : C:\

    D:\

    Folders : 5289

    Files : 287894

    Memory processes scanned : 56

    Archives : 2120

    Runtime packers : 10026

    Identified viruses : 4

    Infected files : 4

    Memory processes infected : 1

    Suspect files : 1

    Warnings : 0

    Disinfected files : 0

    Deleted files : 0

    Moved files : 3

    I/O errors : 33

    Scan time : 01:48:50

    Scan speed (files/sec) : 44

    Spyware Statistics

    Registry keys scanned : 1821

    Registry keys infected : 0

    Cookies scanned : 92

    Cookies infected : 0

    Spyware files infected : 0

    Spyware threats detected : 0

    Virus definitions : 872069

    Scan plugins : 16

    Archive plugins : 41

    Unpack plugins : 7

    Mail plugins : 6

    System plugins : 5

    Virus scan options

    Detection

    [X] Scan boot sectors

    [X] Memory Processes

    [X] Scan archives

    [X] Scan runtime packers

    [X] Scan email

    File mask

    [ ] Programs

    [X] All files

    [ ] User defined extensions:

    [ ] Exclude extensions: ;

    Action

    Infected objects

    [ ] Ignore

    [X] Disinfect

    [ ] Delete

    [ ] Move to quarantine

    [ ] Prompt user

    Second action

    [ ] Ignore

    [ ] Delete

    [X] Move to quarantine

    [ ] Prompt user

    Virus scan options

    [X] Enable warnings

    [X] Enable heuristics

    [ ] Show all files in log

    [X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1189524446.log

    Spyware scan options

    [X] Scan for riskware

    [ ] Skip dial and applications from scan

    [X] Registry keys

    [X] Cookies

    Summary:

    <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Infected: Win32.Worm.Agent.PYD

    <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Disinfection failed

    <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Move failed

    <System>=>C:\WINDOWS\system32\printer.exe (full dump) Infected: Win32.Worm.Agent.PYD

    <System>=>C:\WINDOWS\system32\printer.exe (full dump) Disinfection failed

    <System>=>C:\WINDOWS\system32\printer.exe (full dump) Move failed

    C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Infected: Trojan.Clicker.CM

    C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Disinfection failed

    C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\O7WC7D6W\popup[1].htm Moved

    C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Infected: Generic.Qhost.60FEA05A

    C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Disinfection failed

    C:\WINDOWS\system32\drivers\etc\hosts.20070908-084738.backup Moved

    C:\WINDOWS\system32\drivers\etc\hosts.bak Infected: Generic.Qhost.017E6D49

    C:\WINDOWS\system32\drivers\etc\hosts.bak Disinfection failed

    C:\WINDOWS\system32\drivers\etc\hosts.bak Moved

    D:\Dirk\Mijn documenten\Mijn mail\Outlook.pst=>[subject: E-mail met bijlage (attachment): view.htm][From: Dubin, Dirk (D.)]=>view.htm Suspect: Exploit.Html.Ieslice.P

    Windows security alert

    in Archief Internet & Netwerk

    Geplaatst:

    Opnieuw gescand.

    Met Avast niets gevonden.

    Met Bitdefender het volgende gevonden :

    //-----------------------------------------------------------------

    //

    // Product BitDefender Free Edition v10

    // Product 10.2

    //

    // Created on: 10/09/2007 20:15:14

    //

    //-----------------------------------------------------------------

    Virus Statistics

    Scan path : C:\WINDOWS\system32\printer.exe

    Folders : 0

    Files : 116

    Memory processes scanned : 53

    Archives : 6

    Runtime packers : 0

    Identified viruses : 1

    Infected files : 1

    Memory processes infected : 1

    Suspect files : 0

    Warnings : 0

    Disinfected files : 0

    Deleted files : 0

    Moved files : 0

    I/O errors : 0

    Scan time : 00:00:47

    Scan speed (files/sec) : 2

    Spyware Statistics

    Registry keys scanned : 1819

    Registry keys infected : 0

    Cookies scanned : 76

    Cookies infected : 0

    Spyware files infected : 0

    Spyware threats detected : 0

    Virus definitions : 872056

    Scan plugins : 16

    Archive plugins : 41

    Unpack plugins : 7

    Mail plugins : 6

    System plugins : 5

    Virus scan options

    Detection

    [X] Scan boot sectors

    [X] Memory Processes

    [X] Scan archives

    [X] Scan runtime packers

    [X] Scan email

    File mask

    [ ] Programs

    [X] All files

    [ ] User defined extensions:

    [ ] Exclude extensions: ;

    Action

    Infected objects

    [ ] Ignore

    [X] Disinfect

    [ ] Delete

    [ ] Move to quarantine

    [ ] Prompt user

    Second action

    [ ] Ignore

    [ ] Delete

    [X] Move to quarantine

    [ ] Prompt user

    Virus scan options

    [X] Enable warnings

    [X] Enable heuristics

    [ ] Show all files in log

    [X] Report file: C:\Documents and Settings\Eigenaar\Application Data\BitDefender\Desktop\Profiles\Logs\user_0001\1189448114.log

    Spyware scan options

    [X] Scan for riskware

    [ ] Skip dial and applications from scan

    [X] Registry keys

    [X] Cookies

    Summary:

    <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Infected: Win32.Worm.Agent.PYD

    <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Disinfection failed

    <System>=>C:\WINDOWS\system32\printer.exe (memory dump) Move failed

    <System>=>C:\WINDOWS\system32\printer.exe (full dump) Infected: Win32.Worm.Agent.PYD

    <System>=>C:\WINDOWS\system32\printer.exe (full dump) Disinfection failed

    <System>=>C:\WINDOWS\system32\printer.exe (full dump) Move failed

    Windows security alert

    in Archief Internet & Netwerk

    Geplaatst:

    Wie kan mij verder helpen ?

    Ik krijg iedere paar minuten een melding "Windows security alert".

    Ik heb ondertussen al Ad-aware en Spybot laten draaien zonder succes.

    Voor de rest draait er continu Avast v4.7

    Ondertussen heb ik ook HijackThis laten lopen met onderstaande log als gevolg :

    Logfile of HijackThis v1.99.1

    Scan saved at 20:20:19, on 9/09/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    c:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.exe

    C:\WINDOWS\system32\printer.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    D:\Program Files\SPAMfighter\SFAgent.exe

    D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    C:\WINDOWS\system32\slserv.exe

    D:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    D:\Program Files\Hitman Pro\srhelper.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    D:\Program Files\Nikon\NkView6\NkvMon.exe

    c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    c:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\WINDOWS\system32\wuauclt.exe

    D:\Program Files\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe

    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [uSB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController

    O4 - HKLM\..\Run: [uSBToolTip] "d:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"

    O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [sPAMfighter Agent] "D:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Hitman Pro SurfRight Helper] "d:\Program Files\Hitman Pro\srhelper.exe"

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

    O4 - Startup: system.exe

    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: autorun.exe

    O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O11 - Options group: [iNTERNATIONAL] International*

    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

    O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

    O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    Hoe moet ik nu verder, want het probleem blijft hetzelfde ?

Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.