Vraag & Antwoord

Beveiliging & privacy

laatste tijd af en toe virusattacks, logje checken

12 antwoorden
  • laatste tijd af en toe last van spontane virusattacks, komt die norman steeds met pop-ups en dan heb ik in een paar minuten een stuk of 10 virussen. Als ik vervolgens met alles ga scannen vindt geen van de hieronder genoemde programma's iets nieuws. Ik gebruik de volgende programma's: WinXP Home Norman Virus Control ZoneAlarm Firewall Ad-Awara Spybot Spysweeper heb nog een logje van HijackThis, misschien staat daar wat in. Logfile of HijackThis v1.99.1 Scan saved at 14:38:45, on 22-6-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\Nvc\BIN\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\Norman\bin\ZLH.EXE C:\WINDOWS\StartupMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\spybot\TeaTimer.exe C:\System Wiper\SystemWiper.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\System32\svchost.exe D:\Documenten en Settings\Kid Jansen\werk mappen\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.passport.net/reg.srf?xpwiz=true&lc=1043&langid=1043 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\freshdownload\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SDHelper.dll O2 - BHO: (no name) - {604B283A-4E26-4504-98E7-72859F949547} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\spybot\TeaTimer.exe O4 - HKCU\..\Run: [iIWiper] C:\System Wiper\SystemWiper.exe m O4 - Startup: Internet-update.lnk = C:\Norman\bin\niu.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Microsoft Office2003\one_note_sep\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Internet-update.lnk = C:\Norman\bin\niu.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &All by FD - file://C:\freshdownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - file://C:\freshdownload\fdiectx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\FRONTP~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: MyCom - {BC278A0D-2E18-4E6C-A91B-F63CF7368F75} - http://www.mycom.nl (file missing) (HKCU) O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Een restantje: Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:8be915bd69]O2 - BHO: (no name) - {604B283A-4E26-4504-98E7-72859F949547} - (no file)[/b:8be915bd69] Klik daarna op "Fix checked" en sluit HijackThis af. Waar worden de virussen gevonden?
  • iedere keer in C:\windows\system32 en dan soms nog verder in verschillende directories, soms duurt het maar een paar seconde soms wel een minuut of 10 lang. De ene keer help het wel om ZoneAlarm op "Stop all internet activity" te zetten, maar soms ook niet. Maar ik hoor over het algemeen dat Norman best redelijk is, dus ik neem aan dat als ik uitgebreid gescant heb er niet nog wat overblijft. Duurt alleen altijd best wel lang met Norman (ca. 2,5 uur). heb hijackthis ff gedraaid, hier is de nieuwe log: Logfile of HijackThis v1.99.1 Scan saved at 20:11:49, on 22-6-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Norman\bin\ZLH.EXE C:\WINDOWS\StartupMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\spybot\TeaTimer.exe C:\System Wiper\SystemWiper.exe C:\Norman\Nvc\BIN\NIP.EXE C:\WINDOWS\system32\taskmgr.exe C:\Norman\bin\NJEEVES.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\Nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\cidaemon.exe D:\Documenten en Settings\Kid Jansen\werk mappen\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.passport.net/reg.srf?xpwiz=true&lc=1043&langid=1043 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\freshdownload\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\nl\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\spybot\TeaTimer.exe O4 - HKCU\..\Run: [iIWiper] C:\System Wiper\SystemWiper.exe m O4 - Startup: Internet-update.lnk = C:\Norman\bin\niu.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Microsoft Office2003\one_note_sep\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Internet-update.lnk = C:\Norman\bin\niu.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &All by FD - file://C:\freshdownload\fdiectx2.htm O8 - Extra context menu item: Download with &FD - file://C:\freshdownload\fdiectx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\FRONTP~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: MyCom - {BC278A0D-2E18-4E6C-A91B-F63CF7368F75} - http://www.mycom.nl (file missing) (HKCU) O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Logje lijkt me ok. Download [url=http://skads.org/special/rkfiles.zip]rkfiles.zip [/url]. Pak de bestanden uit naar de map c:\rkfiles. Start de computer in veilige modus. Ga via de verkenner naar de map c:\rkfiles en dubbelklik op rkfiles.bat. De computer wordt nu gescand. Als het dosvenster sluit, start je de computer terug in normale modus. Zoek het bestand C:\log.txt Post de inhoud van dit bestand.
  • ik heb dat gebeuren wat je zei gedaan, hier is de inhoud van dat logje: C:\rkfiles PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\system32\P2ECOM.dll: UPX! C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\MFC42.PDB: dwProvSpec2 C:\WINDOWS\system32\MFC42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCD42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCN42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCO42D.PDB: dwProvSpec2 C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\MFC42.PDB: dwProvSpec2 C:\WINDOWS\system32\MFC42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCD42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCN42D.PDB: dwProvSpec2 C:\WINDOWS\system32\MFCO42D.PDB: dwProvSpec2 Files Found in all users startup Folder............ ------------------------ C:\WINDOWS\system32\P2ECOM.dll: UPX! Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\IFinst27.exe: UPX! Finished bye
  • Laat volgende bestanden scannen op [url=http://virusscan.jotti.org/]Jotti[/url]: C:\WINDOWS\system32\P2ECOM.dll C:\WINDOWS\IFinst27.exe Meldt het resultaat.
  • File: IFinst27.exe Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) MD5 9c17bca3ef837bacded7e4299508e71d Packers detected: UPX Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VBA32 Found nothing Last file scanned at least one scanner reported something about: Trojan.Win32.P2E.n in P2ECOM.dll, detected by: Scanner Malware name AntiVir TR/P2E.N ArcaVir Trojan.P2e.N Avast X AVG Antivirus P2E.W BitDefender Trojan.P2e.N ClamAV X Dr.Web X F-Prot Antivirus X Fortinet X Kaspersky Anti-Virus Trojan.Win32.P2E.n NOD32 Win32/P2E.N Norman Virus Control X VBA32 Trojan.Win32.P2E.n You're free to (mis)interpret these automated, flawed statistics at your own discretion. 41050 files (26523 of those unique) have been uploaded & scanned since 07/06/2005, the day of the last database purge. 7075 of those 26523 files contained a virus or any other form of malware. This page has been visited 64927 times in this time period. If you have suggestions and/or comments, please send me them! File: P2ECOM.dll Status: INFECTED/MALWARE MD5 ebf3dda3d78fa612d3ce48c71d29245b Packers detected: - Scanner results AntiVir Found TR/P2E.N ArcaVir Found Trojan.P2e.N Avast Found nothing AVG Antivirus Found P2E.W BitDefender Found Trojan.P2e.N ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found Trojan.Win32.P2E.n NOD32 Found Win32/P2E.N Norman Virus Control Found nothing VBA32 Found Trojan.Win32.P2E.n Last file scanned at least one scanner reported something about: TR/Dldr.Donn.AA in De51387.exe, detected by: Scanner Malware name AntiVir TR/Dldr.Donn.AA ArcaVir Trojan.Trojandownloader.Donn.U Avast Win32:Trojano-057 AVG Antivirus Downloader.Donn.Q BitDefender Trojan.Downloader.Donn.U ClamAV Trojan.Small.P Dr.Web Trojan.DownLoader.260 F-Prot Antivirus security risk or a "backdoor" program Fortinet X Kaspersky Anti-Virus Trojan-Downloader.Win32.Donn.aa NOD32 Win32/TrojanDownloader.Donn.B Norman Virus Control Sandbox: W32/Downloader VBA32 X You're free to (mis)interpret these automated, flawed statistics at your own discretion. 41041 files (26519 of those unique) have been uploaded & scanned since 07/06/2005, the day of the last database purge. 7074 of those 26519 files contained a virus or any other form of malware. This page has been visited 64917 times in this time period. If you have suggestions and/or comments, please send me them!
  • P2ECOM.dll mag weg. IFinst27.exe zou ik eens hernoemen naar IFinst27.old.
  • Is gebeurd, denk je dat het zo verholpen is? Ben ik nu klaar, of zijn er nog meer dingen die ik moet doen?
  • Kijk even wat het geeft. Als je nog meldingen krijgt meld je deze.
  • OK, doe ik, als je niks van me hoort kan je ervan uit gaan dat ik geen meldingen meer heb gehad. Natuurlijk ook nog bedankt voor de hulp, hoop dat het nu afgelopen is.
  • nergens meer last van gehad, dus zal wel goed zijn

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.