Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan horse generic11 vult hardeschijf ruimte?

KAPE
1 antwoord
  • Beste,

    Sinds een paar weken geeft mijn AVG virus scanner verschillende trojan horse meldingen. Deze vallen allemaal onder het type "trojan horse generic11". Nadat ik deze verwijder, komen ze binnen twee weken weer terug.

    Sinds deze melding raakt mijn harde schijf om de haverklap vol. Ik ben binnen een week 7 gigabyte kwijt geraakt, terwijl ik niets heb gedownload o.i.d. Als ik bij de eigenschappen van een willekeurige map kijk valt het op dat er een groot verschil zit tussen "grootte" en "grootte op schijf". Nu weet ik zelf wel dat het normaal is dat hier een paar mb verschil in zit, maar bij mij zit dit verschil tussen de 500 mb en 1,5 gigabyte per map!

    Mbam geeft geen meldingen van malware.

    Ik heb ook maar even een hijackthis log gemaakt, want ik zag dat dat kan helpen bij het oplossen van het probleem. Ik hoop dat jullie mij verder kunnen helpen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:15:27, on 20-10-2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Priva\Priva Office\Client\ClientUpdateService.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Borland\InterBase\bin\ibguard.exe
    C:\Program Files\Borland\InterBase\bin\ibserver.exe
    C:\Program Files\Firebird\InterClient\bin\interserver.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Priva\Common\Itnetwork\PTPD.EXE
    C:\Program Files\Priva\Common\Itnetwork\PTPUI.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Priva\Priva Office\Server\Bin\POBPM.exe
    C:\Program Files\Priva\Priva Office\Server\Bin\SyslogViewer.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Firebird\InterClient\bin\interserver.exe
    C:\Program Files\Firebird\InterClient\bin\interserver.exe
    C:\Program Files\Firebird\InterClient\bin\interserver.exe
    C:\Program Files\Firebird\InterClient\bin\interserver.exe
    C:\Program Files\Priva\Priva Office\Client\PODesktop.exe
    C:\Program Files\Firebird\InterClient\bin\interserver.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beurs.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1715567821-879983540-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'officeghserver')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Background process manager.lnk = Server\Bin\POBPM.exe
    O4 - Global Startup: Priva Office Syslog Viewer.lnk = Server\Bin\SyslogViewer.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2100CB4F-A1A1-45B6-AC0C-252248AA8C61} (UsrMngmtForm Control) - http://localhost:8080/UsrMngmt.ocx
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://webclient.greendirect.nl/91e/webclient/isetup.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E83E1125-A956-4C30-9DF6-A4AC93FABFA4}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AE9479BA - Unknown owner - C:\WINDOWS\Fonts\66BDCF4A.EXE (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: pcAnywhere-hostservice (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Priva Office Client Updater (ClientAutoUpdate) - Priva B.V. - C:\Program Files\Priva\Priva Office\Client\ClientUpdateService.exe
    O23 - Service: Priva Office Greenhouse server (GHServer) - Priva Hortimation BV - C:\Program Files\Priva\Priva Office\Server\Bin\GHServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Priva Office PCU Instruction (InstrPCU) - Priva Hortimation BV - C:\Program Files\Priva\Priva Office\Server\Bin\InstrPCU.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
    O23 - Service: Firebird interserver (InterServer) - Firebird SQL - C:\Program Files\Firebird\InterClient\bin\interserver.exe
    O23 - Service: Priva Office LogData manager (LogDataMgr) - Priva BV - C:\Program Files\Priva\Priva Office\Server\Bin\LogDataMgr.exe
    O23 - Service: Priva Office MeteoData manager (MeteoDataMgr) - Priva BV - C:\Program Files\Priva\Priva Office\Server\Bin\MeteoDataMgr.exe
    O23 - Service: Priva Office Server (OfficeGHServer) - Alexandria Software Consulting - C:\Program Files\Priva\Priva Office\tools\tomcatservice.exe
    O23 - Service: Priva Office Posys Mirror (PosysMirror) - Priva B.V. - C:\Program Files\Priva\Priva Office\Server\Bin\PosysM.exe
    O23 - Service: Priva Office Database Server (PromtDbmsServer) - Priva BV - C:\Program Files\Priva\Priva Office\Server\Bin\promtdbmsserver.exe
    O23 - Service: Priva Office Database Loader (PromtLoader) - Priva Hortimation BV - C:\Program Files\Priva\Priva Office\Server\Bin\PromtLoader.exe
    O23 - Service: PTP Daemon (PTPD) - Priva Hortimation B.V. - C:\Program Files\Priva\Common\Itnetwork\PTPD.EXE
    O23 - Service: PTP User Interface (PTPUI) - Priva Hortimation B.V. - C:\Program Files\Priva\Common\Itnetwork\PTPUI.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Priva Office Data logger (sv_logger) - Unknown owner - C:\Program Files\Priva\Priva Office\Server\Bin\sv_logger.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Priva Office Syslog (SysLog) - Priva B.V. - C:\Program Files\Priva\Priva Office\Server\Bin\syslog.exe
    O23 - Service: Priva Office Toolkit Agent (TKAgent) - Unknown owner - C:\Program Files\Priva\Priva Office\tools\srvany.exe


    End of file - 9088 bytes

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.