Vraag & Antwoord

Beveiliging & privacy

Virus Alert pop-ups, System alerts etc. Ytz

4 antwoorden
  • Heej Roelof2, Ik heb de scan al gedaan, resultaten zijn wel te merken, is het nu al gefixt? hier de logs: Hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:06:36, on 26-7-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll, O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 3657 bytes ----8888888888888888888888888888888888888888888888888888---- En MalwareBytes log: Malwarebytes' Anti-Malware 1.23 Database versie: 993 Windows 5.1.2600 Service Pack 3 13:35:49 26-7-2008 mbam-log-7-26-2008 (13-35-49).txt Scan type: Snelle Scan Objecten gescand: 42697 Verstreken tijd: 4 minute(s), 12 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 2 Registersleutels geïnfecteerd: 25 Registerwaarden geïnfecteerd: 4 Registerdata bestanden geïnfecteerd: 2 Mappen geïnfecteerd: 7 Bestanden geïnfecteerd: 33 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: C:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Delete on reboot. C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot. Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\CLSID\{c44fbf55-dd6c-4b54-a39d-54cc66649ee2} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dc0485b6-c000-4184-8c9c-3905bb5d7c55} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9873e994-669e-4044-ba64-e5d9ad534a55} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9873e994-669e-4044-ba64-e5d9ad534a55} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{095ecf68-07dc-4046-8107-c4c25f834f25} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{78b24dfe-7135-43ee-b2a9-fa716350449e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{ea71fa48-8f6a-41ba-b797-7104b6250e39} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5eb6ecdf-9b7f-4c8f-980f-14cbf159e617} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{72585f60-1d5f-4b66-8806-53e3973d64b5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2de47cac-da9e-4b9b-84f6-7a6c5a03e91e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6dc6034a-a777-4dca-bd0d-8054c31b1d26} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c3661711-c008-41a4-8e26-ade10aed1e65} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b468d36d-c8cb-4a82-b0e0-393a2fa0256c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b468d36d-c8cb-4a82-b0e0-393a2fa0256c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.bwfa (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{72585f60-1d5f-4b66-8806-53e3973d64b5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76396-OEM-0080715-47017) -> Quarantined and deleted successfully. Mappen geïnfecteerd: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\WINDOWS\wnslvxtf.dll (Trojan.Zlob) -> Delete on reboot. C:\WINDOWS\erfn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\nfavxwdbmfe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Bureaublad\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Bureaublad\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Bureaublad\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Favorieten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Favorieten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\tom\Favorieten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. Wietse
  • Hoi, Is het logje gemaakt nadat je MBAM gedraaid hebt. En staat er geen "virus alert" meer bij je klok. Groetjes, Roelof
  • Bij mijn klok had ik het al weggehaald, via intl.cpl Deze logs zijn NA de scan gemaakt idd.
  • oke, Dan is je computer voor zover ik kan zien schoon. Lees om herhaling te voorkomen deze [url=http://www.jawwi.nl/tips/beveiligen.html]beveiligingstips[/url] nog eens door. Groetjes, Roelof

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.