Hallo,
Sinds twee dagen krijg ik deze melding
Als anti-virus heb ik Norton en deze is up-date, daarnaast gebruik ik windows xp.
Zojuist heb ik twee scans uitgevoerd met Malwarebytes, maar de melding komt nog steeds.
Hieronder de logs:
eerste scan
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4201
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15-6-2010 21:18:41
mbam-log-2010-06-15 (21-18-41).txt
Scantype: Snelle scan
Objecten gescand: 194226
Verstreken tijd: 21 minuut/minuten, 34 seconde(n)
Geheugenprocessen geïnfecteerd: 2
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 15
Geheugenprocessen geïnfecteerd:
C:\WINDOWS\Yvyroa.exe (Trojan.Fraudpack) -> Unloaded process successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycx.exe (Trojan.Fraudpack) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\urmstuls.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsekihumevixi (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v71iql7hi7 (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Trojan.Agent) -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\WINDOWS\urmstuls.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\Yvyroa.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycx.exe (Trojan.Fraudpack) -> Delete on reboot.
C:\Documents and Settings\naam\Local Settings\Temp\lcggf0805.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycv.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycw.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Rar$EX02.937\keymaker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Rar$EX02.937\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\H8SRTf2e2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrzr.exe (Trojan.Agent) -> Delete on reboot.
tweede scan
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4201
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15-6-2010 21:46:35
mbam-log-2010-06-15 (21-46-35).txt
Scantype: Snelle scan
Objecten gescand: 193285
Verstreken tijd: 21 minuut/minuten, 21 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Sinds twee dagen krijg ik deze melding
Als anti-virus heb ik Norton en deze is up-date, daarnaast gebruik ik windows xp.
Zojuist heb ik twee scans uitgevoerd met Malwarebytes, maar de melding komt nog steeds.
Hieronder de logs:
eerste scan
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4201
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15-6-2010 21:18:41
mbam-log-2010-06-15 (21-18-41).txt
Scantype: Snelle scan
Objecten gescand: 194226
Verstreken tijd: 21 minuut/minuten, 34 seconde(n)
Geheugenprocessen geïnfecteerd: 2
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 9
Registerwaarden geïnfecteerd: 4
Registerdata geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 15
Geheugenprocessen geïnfecteerd:
C:\WINDOWS\Yvyroa.exe (Trojan.Fraudpack) -> Unloaded process successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycx.exe (Trojan.Fraudpack) -> Unloaded process successfully.
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\urmstuls.dll (Trojan.Hiloti) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsekihumevixi (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v71iql7hi7 (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Trojan.Agent) -> Quarantined and deleted successfully.
Registerdata geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\WINDOWS\urmstuls.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\Yvyroa.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycx.exe (Trojan.Fraudpack) -> Delete on reboot.
C:\Documents and Settings\naam\Local Settings\Temp\lcggf0805.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycv.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Ycw.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Rar$EX02.937\keymaker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\Rar$EX02.937\Setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Defense.lnk (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\naam\Local Settings\Temp\H8SRTf2e2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrzr.exe (Trojan.Agent) -> Delete on reboot.
tweede scan
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4201
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
15-6-2010 21:46:35
mbam-log-2010-06-15 (21-46-35).txt
Scantype: Snelle scan
Objecten gescand: 193285
Verstreken tijd: 21 minuut/minuten, 21 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Laatst bewerkt:
