Vraag & Antwoord

Beveiliging & privacy

Voortdurend terugkerende Malware

Anoniem
M@rc
3 antwoorden
 • Hallo iedereen,

  Ik maak mijn computer vaak schoon met het programma ad-aware 6 (alle updates).
  Meestal vind ad-aware niets, op twee bestanden na. Dit zijn:

  Vendor:Roings
  Category:Malware
  Object Type:RegKey
  Size:-
  Location:SOFTWARE\ssprint\
  Last Activity:21-4-2004
  Risk LevelLow
  Comment:
  Description:No Detail Information Available.

  en

  Vendor:Roings
  Category:Malware
  Object Type:RegKey
  Size:-
  Location:SOFTWARE\roimoi\
  Last Activity:21-4-2004
  Risk LevelLow
  Comment:
  Description:No Detail Information Available.

  Ik verwijder deze register waardes, maar ze komen bij elke scan weer opduiken.
  Ik heb al gekeken d.m.v msconfig welke programma's opstarten en daar zitten geen verdachte bestanden bij.

  Iemand enig idee?
 • Download HijackThis.
  Sla het bestand op in een eigen map. Niet op je bureaublad of in je Temp-files. HijackThis maakt namelijk backups in de map waar het opgestart wordt.
  Run het programma. Klik op scan, save log en sla het log op als een .txt bestand.
  Kopieer en plak de inhoud in je volgende bericht.
 • Logfile of HijackThis v1.97.7
  Scan saved at 21:52:24, on 25-4-2004
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\Program Files\Messenger Plus! 2\MsgPlus.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  C:\WINDOWS\System32\devldr32.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
  C:\WINDOWS\system32\ZONELABS\vsmon.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\Program Files\MSN Messenger\msnmsgr.exe
  D:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
  C:\WINDOWS\system32\ntvdm.exe
  D:\E\downloads\branden\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.multikabel.nl
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TBY
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startpagina.nl/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: (no name) - - (no file)
  R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
  R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
  O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - (no file)
  O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {091F64AA-FC97-4C8C-B297-EDC5916C96BE} - C:\WINDOWS\uN95Rq.dll
  O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
  O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
  O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
  O9 - Extra button: Messenger (HKLM)
  O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
  O14 - IERESET.INF: START_PAGE_URL=http://www.multikabel.nl
  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
  O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) -
  O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
  O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37866.4623958333
  O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
  O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} - http://kr.pristontale.com/nprotect/nprotect/npx.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

  M'n hijack this :)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.