Vraag & Antwoord
Trojan-Downloader.Agent.DUJ
12 antwoorden
- Spyware Doctor beweert dat mijn computer met bovenvermelde infectie is besmet. Verwijderen kan volgens hen echter alleen maar via registratie en dus betalen.
Is dit zo ? Krijg je dat niet op een andere manier weg ? Eigenlijk heb ik er -denk ik toch- weinig last van. (computer werkt behoorlijk). Kan ik die Trojan zonder gevaar laten waar ie zit ?
Alvast bedankt voor de reactie's. - Wat is de locatie waar deze gevonden wordt?
Spyware Doctor ben ik doorgaans niet zo'n fan van..
Download Hijackthis-setup naar je [u:208b09c06b]Bureaublad[/u:208b09c06b].
Open HJTInstall en bepaal de locatie waar je Hijackthis wilt installeren.
Druk vervolgens op Install, na enkele seconde zal Hijackthis automatisch openen.
Kies nu voor [b:208b09c06b]'Do a system scan and save a logfile'[/b:208b09c06b].
Er opent een kladblok bestand met een logfile. Selecteer deze tekst helemaal ([b:208b09c06b]ctrl-A[/b:208b09c06b]), kopieer ([b:208b09c06b]ctrl C[/b:208b09c06b]) en plak deze tekst in je volgende bericht.
Succes! 8)
Pim - Sorry, sorry voor de late reactie Pim.
Normaal gezien krijg ik altijd een mailtje als ik iemand antwoordt op mijn posts. Dit gebeurde deze keer niet en wegens te druk, enz. enz… zie ik je antwoord nú pas.
Hier volgt de log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:24, on 1/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRAM FILES\MAXTOR\MAXBLAST\TIMOUNTERMONITOR.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\MAXTOR\SCHEDULE2\SCHEDHLP.EXE
C:\GARMIN\GSTART.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\MAXTOR\MAXBLAST\MAXBLASTMONITOR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] RunDLL32.exe C:\WINDOWS\system32\nvcpl.dll ,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2CAF9389-62C2-11D7-A914-00A0C96F4D57} (PrjPixelSharp.CtlPixelSharp) - http://www.monitorsdirect.com/pro/pro_tools/CtlPixelSharp.CAB
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://arnolondiuarius.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194114208531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194114192015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://bernkastelcam.homedns.org/activex/AxisCamControl.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://www.mosel-cam.dnsalias.org/activex/AMC.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://jobs.glaverbel.com/dana-cached/setup/JuniperSetup.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/qdiagh.cab?326
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {F9345AB4-7CB5-11D7-A914-00A0C96F4D57} (PrjBestView.CtlBestView) - http://www.monitorsdirect.com/pro/pro_tools/CtlBestView.CAB
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
–
End of file - 10103 bytes
Groeten,
Paul. - Hoi Paul,
Zou je eens de exacte locatie kunnen melden waar het gevonden wordt?
Pim - Ik heb Spyware doctor nog eens laten scannen en er wordt melding gemaakt van dezelfde "infectie".
Waar precies die zich bevindt wordt echter niet vermeld…
Als ik meer informatie opvraag, wordt ik met
http://www.pctools.com/en/mrc/infections/id/Trojan-Downloader.Agent.DUJ
doorverbonden en vind daar het volgende: - Waarom je geen mail krijgt, geen idee, leg het eens voor in het feedback forum: http://forum.computertotaal.nl/phpBB2/viewforum.php?f=20
Doe daarna eens dit:
* [u:3314a5627c]Clean de Cache and Cookies in IE[/u:3314a5627c]:
* Sluit Internet Explorer.
* Ga naar Configuratiescherm > Internet Opties > tab Algemeen
* Klik de Cookies verwijderen knop
* Klik op de Bestanden verwijderen knop ernaast
* Vink aan: Ook alle off line items verwijderen, klik OK
* [u:3314a5627c]Clean de Cache and Cookies in Firefox[/u:3314a5627c] (In geval Firefox geïnstalleerd is):
* Go to Extra > Opties.
* Klik Privacy in het menu.
* Klik op de knop wissen (Geschiedenis, Cookies, Cache).
* Klik OK om het venster opnieuw te sluiten.
* [u:3314a5627c]Clean andere Temporary files + Prullenbak[/u:3314a5627c]
* Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
* Laat het je systeem scannen op bestanden die moeten verwijderd worden
* Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
* Klik daarna op OK.
Ga naar [b:3314a5627c] en klik onderaan op [b:3314a5627c]Accept[/b:3314a5627c].
Deze scanner werkt uitsluitend met - Hoi,
Het heeft flink wat uurtjes geduurd maar hier is hij dan:
——————————————————————————-
KASPERSKY ONLINE SCANNER REPORT
Tuesday 6 May 2008 5:56:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 741235
——————————————————————————-
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 168104
Number of viruses found: 6
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 03:34:15
Infected Object Name / Virus Name / Last Action
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe NSIS: infected - 6 skipped
C:\Documents and Settings\All Users\Application Data\Adobe\Catalogi\foto's.psa Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7ccd1b42eb896889830a1d63f46560f4_6fc065a9-7d07-4076-82b2-b21cc6904cef Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\arno\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\arno\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\arno\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\arno\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\arno\Local Settings\Geschiedenis\History.IE5\MSHist012008050520080506\index.dat Object is locked skipped
C:\Documents and Settings\arno\Local Settings\Temp\perfectnavUninstall.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f skipped
C:\Documents and Settings\arno\Local Settings\Temp\perfectnavUninstall.exe NSIS: infected - 1 skipped
C:\Documents and Settings\arno\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005/Cabs.w1.cab/HyperbarSS3.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005/Cabs.w1.cab/Hyperbar.dll Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005/Cabs.w1.cab Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.HyperBar.b skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\arno\Mijn documenten\Mijn ontvangen bestanden\WarezP2P.exe NSIS: infected - 6 skipped
C:\Documents and Settings\arno\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\arno\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Application Data\Identities\{D2A7849A-3AE9-45C5-9571-4C373113628C}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Application Data\Identities\{D2A7849A-3AE9-45C5-9571-4C373113628C}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Application Data\Identities\{D2A7849A-3AE9-45C5-9571-4C373113628C}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Application Data\Identities\{D2A7849A-3AE9-45C5-9571-4C373113628C}\Microsoft\Outlook Express\Postvak IN.dbx Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\paul\ntuser.dat Object is locked skipped
C:\Documents and Settings\paul\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Cdivx.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Program Files\Cdivx.exe/stream/data0009 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Cdivx.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Program Files\Cdivx.exe NSIS: infected - 3 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C0DB6295-59EE-4E5F-874E-D44835EF3217}\RP439\A0188215.hta Object is locked skipped
C:\System Volume Information\_restore{C0DB6295-59EE-4E5F-874E-D44835EF3217}\RP524\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOME.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Caretake.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT049d6.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT049e0.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed. - Verwijder deze twee bestanden:
C:\arno\Mijn documenten\Mijn ontvangen bestanden\[b:087bf45921]WarezP2P.exe[/b:087bf45921]
C:\Program Files\[b:087bf45921]Cdivx.exe[/b:087bf45921]
Maak je prullenbak leeg en herstart je PC.
Hoe is het met je problemen? - Hallo Pim,
1) Ik veronderstel dat verwijderen van beide bestanden via Verkenner voldoende is ? (inmiddels gebeurd)
2) Echte problemen heb ik momenteel niet (voor alle duidelijkheid: ik heb het over mijn computer :wink: )
Alleen verontrustte de scan door Spyware doctor me wel. Hoef ik me verder hier niets van aan te trekken ? Verder vond ook Kaspersky 6 virussen. Zijn die onschadelijk ?
3) Ten slotte: zoals gemeld onder
http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=188823
ben ik na de slechte ervaringen met AVG8 op een andere virusscanner overgeschakeld en merkte meteen dat mijn computer veel sneller werkt
(geen 10 x misschien, maar toch…) - Ik zou me er niet echt druk om maken, waarschijnlijk een false positieve.
En verwijderen via de verkenner was voldoende inderdaad, goed om te horen dat het weer lekker draait.
De gebruikte tools mag je weer verwijderen.
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Groet,
Pim - Bedankt Pim !
- Graag gedaan Paul
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
