Programmawaarschuwing van Symantec NIS

Status
Niet open voor verdere reacties.
phal

phal

Gebruiker
Lid geworden
18 nov 2001
Berichten
227
Sinds kort komt de volgende waarschuwing van Symantec Norton Internet Security op het scherm:
Programmawaarschuwing - Laag risico
Luisteren naar fhrzsw naar verbindingen van andere computers is geblokkeerd.
Programma: fhrzsw.exe
Pad: C:\Documents and Settings\Eigenaar
Datum/tijd: 4/10/2008 12:13
Lokaal adres: Alle lokale netwerkadapters: 26559
Wat wilt u doen?

Hier kan de gebruiker dan kiezen voor toestaan of blokkeren van poorten.

In de mappen Documents and Settings van de accounts die op deze pc actief zijn, vind ik verschillende bestandjes zoals fhrzsw.exe maar dan met andere zinloze namen. Ik heb deze bestanden reeds verwijderd maar ze komen vanzelf terug.

Norton Antivirus vindt geen virussen, Ad-aware en Spybot S&D zeggen hier niets over ...
Toch is dit niet normaal.
Wie heeft hier ervaring mee? Wie weet wat er gedaan moet worden om dit te stoppen?
 
Kaspersky online scan leverde een indrukwekkend resultaat op. Hoe is dit mogelijk als je ziet dat Norton Antivirus wekelijks mijn pc scant en geen virussen vindt?

De superantispyware heeft niets gevonden behalve een lijst met cookies.

Hieronder het verslag van Kaspersky:
De vreemde bestanden waarover ik het had worden er in weergegeven als volgt : C:\Documents and Settings\Flore\fhrzsw.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped

Code: 
-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, January 04, 2008 5:02:21 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  4/01/2008
 Kaspersky Anti-Virus database records: 502461
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\
	F:\

Scan Statistics:
	Total number of scanned objects: 219663
	Number of viruses found: 6
	Number of infected objects: 41
	Number of suspicious objects: 0
	Duration of the scan process: 01:48:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-04_Log.ALUSchedulerSvc.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP41EBFA52.htm	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP80547925.htm	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A52D8D0A.TMP	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx	Object is locked	skipped
C:\Documents and Settings\All Users\Documenten\Frieke backup van mails\Verwijderde items.dbx/[From "Henry P.Mcdaniel" <ibt@baverlaw.com>][Date Sun, 4 Feb 2007 02:00:52 -0500]/UNNAMED/Greeting	Infected: Email-Worm.Win32.Zhelatin.o	skipped
C:\Documents and Settings\All Users\Documenten\Frieke backup van mails\Verwijderde items.dbx/[From "Henry P.Mcdaniel" <ibt@baverlaw.com>][Date Sun, 4 Feb 2007 02:00:52 -0500]/UNNAMED	Infected: Email-Worm.Win32.Zhelatin.o	skipped
C:\Documents and Settings\All Users\Documenten\Frieke backup van mails\Verwijderde items.dbx/[From "Deleon W.Wallace" <hyvove@beetleworld.co.jp>][Date Sat, 3 Feb 2007 17:10:22 -0700]/UNNAMED/Postcard.exe	Infected: Email-Worm.Win32.Zhelatin.o	skipped
C:\Documents and Settings\All Users\Documenten\Frieke backup van mails\Verwijderde items.dbx/[From "Deleon W.Wallace" <hyvove@beetleworld.co.jp>][Date Sat, 3 Feb 2007 17:10:22 -0700]/UNNAMED	Infected: Email-Worm.Win32.Zhelatin.o	skipped
C:\Documents and Settings\All Users\Documenten\Frieke backup van mails\Verwijderde items.dbx	Mail MS Outlook 5: infected - 4	skipped
C:\Documents and Settings\Claudine\Local Settings\Temporary Internet Files\Content.IE5\LP08JRE0\9411963681[1].exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\Documents and Settings\Eigenaar\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\bl.db	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\is2.db	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Identities\{35378362-50D7-443C-A7D9-CBFB94D28089}\Microsoft\Outlook Express\Folders.dbx	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Identities\{35378362-50D7-443C-A7D9-CBFB94D28089}\Microsoft\Outlook Express\Offline.dbx	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\MSHist012008010420080105\index.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Perflib_Perfdata_140c.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Perflib_Perfdata_1664.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Perflib_Perfdata_8ec.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\~DFD8BC.tmp	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\UKM6N2F4\9411963681[1].exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\Documents and Settings\Eigenaar\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Eigenaar\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Flore\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Flore\fhrzsw.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\Documents and Settings\Flore\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Geschiedenis\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Temp\Perflib_Perfdata_1020.dat	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Temp\Perflib_Perfdata_1028.dat	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Temp\Perflib_Perfdata_70c.dat	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Temp\~DFC0B2.tmp	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Flore\Local Settings\Temporary Internet Files\Content.IE5\V12A92FI\9411963681[1].exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\Documents and Settings\Flore\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Flore\NtUser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Korneel\Bureaublad\ffmiao.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\Documents and Settings\Korneel\Local Settings\Temp\spoolsv.exe	Infected: Trojan.Win32.Agent.drw	skipped
C:\Documents and Settings\Korneel\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Korneel\NtUser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Korneel\nyyurl.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log	Object is locked	skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log	Object is locked	skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log	Object is locked	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc1.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc10.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc11.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc12.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc13.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc14.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc15.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc16.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc17.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc2.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc3.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc4.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc5.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc6.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc7.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc8.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1003\Dc9.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1005\Dc13.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1005\Dc14.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{3139759A-BE25-487C-BCEA-C5C2E972C1EE}\RP250\A0087271.exe	Infected: not-a-virus:Server-Proxy.Win32.3proxy.k	skipped
C:\System Volume Information\_restore{3139759A-BE25-487C-BCEA-C5C2E972C1EE}\RP250\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\ACEEvent.evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
F:\4220ef89c56bea10b7d84a\update\update.exe	Object is locked	skipped
F:\c0f41a57bc6e766a22\update\update.exe	Object is locked	skipped
F:\Frieke\Downloads\mirc614.exe/data0001.bin	Infected: not-a-virus:Client-IRC.Win32.mIRC.614	skipped
F:\Frieke\Downloads\mirc614.exe	mIRC: infected - 1	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Oneil <imxasb@estilo2.es>][Date Fri, 19 Jan 2007 20:30:43 -0300]/UNNAMED/Full	Infected: Email-Worm.Win32.Zhelatin.a	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Oneil <imxasb@estilo2.es>][Date Fri, 19 Jan 2007 20:30:43 -0300]/UNNAMED	Infected: Email-Worm.Win32.Zhelatin.a	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Samson Bond <mqts@woollenscarves.com>][Date Sat, 20 Jan 2007 16:16:06 +0900]/UNNAMED/Full	Infected: Email-Worm.Win32.Zhelatin.a	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Samson Bond <mqts@woollenscarves.com>][Date Sat, 20 Jan 2007 16:16:06 +0900]/UNNAMED	Infected: Email-Worm.Win32.Zhelatin.a	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Jacobs <cbflfo@genient.com>][Date Fri, 2 Feb 2007 20:42:03 +0100]/UNNAMED/Flash	Infected: Email-Worm.Win32.Zhelatin.m	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Jacobs <cbflfo@genient.com>][Date Fri, 2 Feb 2007 20:42:03 +0100]/UNNAMED	Infected: Email-Worm.Win32.Zhelatin.m	skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx	Mail MS Outlook 5: infected - 6	skipped
F:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped

Scan process completed.
 
Laatst bewerkt door een moderator:
-------------------------------------------------------------------------------------------------
De ‘backup van mails’ kun je zelf verwijderen.
‘Temporary Internet Files’ kun je zelf ook opruimen.
De ‘Temp’map kun je zelf ook leeg maken.

Deze kun je zelf ook opruimen.
C:\Documents and Settings\Korneel\Bureaublad\ffmiao.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Korneel\Local Settings\Temp\spoolsv.exe Infected: Trojan.Win32.Agent.drw skipped
C:\Documents and Settings\Korneel\nyyurl.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
F:\Frieke\Downloads\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
F:\Frieke\Downloads\mirc614.exe mIRC: infected - 1 skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Oneil <imxasb@estilo2.es>][Date Fri, 19 Jan 2007 20:30:43 -0300]/UNNAMED/Full Infected: Email-Worm.Win32.Zhelatin.a skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Oneil <imxasb@estilo2.es>][Date Fri, 19 Jan 2007 20:30:43 -0300]/UNNAMED Infected: Email-Worm.Win32.Zhelatin.a skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Samson Bond <mqts@woollenscarves.com>][Date Sat, 20 Jan 2007 16:16:06 +0900]/UNNAMED/Full Infected: Email-Worm.Win32.Zhelatin.a skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Samson Bond <mqts@woollenscarves.com>][Date Sat, 20 Jan 2007 16:16:06 +0900]/UNNAMED Infected: Email-Worm.Win32.Zhelatin.a skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Jacobs <cbflfo@genient.com>][Date Fri, 2 Feb 2007 20:42:03 +0100]/UNNAMED/Flash Infected: Email-Worm.Win32.Zhelatin.m skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx/[From Jacobs <cbflfo@genient.com>][Date Fri, 2 Feb 2007 20:42:03 +0100]/UNNAMED Infected: Email-Worm.Win32.Zhelatin.m skipped
F:\Kopie e-mail mappen\Philip\Verwijderde items.dbx Mail MS Outlook 5: infected - 6 skipped

Maak daarnaast je prullenbak leeg.
En schakel systeemherstel uit, start de computer opnieuw op en schakel het weer in.

Laat nadien nog een keer scannen.
 
Alle hierboven vermelde stappen heb ik al uitgevoerd behalve het scannen. Ik veronderstel dat ik hiervoor ook Kaspersky online scan moet gebruiken?

Het bestand 'spoolsv.exe' liet zich niet zomaar verwijderen. Om dat te kunnen doen heb ik het bestand verplaats naar de rootdirectory, opgestart in veilige modus en de opdrachtprompt geactiveerd. Op die manier heb ik het bestand kunnen verwijderen.

De onlinescan zal ik morgen uitvoeren want dat duurt al vlug een paar uur.

Alvast bedankt.
 
De on-line virusscan van Kaspersky is klaar.

Hier is het verslag:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 05, 2008 11:30:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/01/2008
Kaspersky Anti-Virus database records: 502838
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 183932
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:38:35

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP41EBFA52.htm Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\AP80547925.htm Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\F369D780.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\Eigenaar\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Identities\{35378362-50D7-443C-A7D9-CBFB94D28089}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Identities\{35378362-50D7-443C-A7D9-CBFB94D28089}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\MSHist012008010420080105\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Geschiedenis\History.IE5\MSHist012008010520080106\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Perflib_Perfdata_90c.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Perflib_Perfdata_dd8.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\Perflib_Perfdata_f40.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temp\~DF3F66.tmp Object is locked skipped
C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Eigenaar\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Eigenaar\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Flore\fhrzsw.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Flore\letyhs.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Flore\yuntql.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Korneel\Local Settings\spoolsv.exe Infected: Trojan.Win32.Agent.drw skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1005\Dc13.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1005\Dc14.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\4220ef89c56bea10b7d84a\update\update.exe Object is locked skipped
F:\c0f41a57bc6e766a22\update\update.exe Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Ziet dit er goed uit?
 
Deze heb je nog niet verwijderd, maar het zijn er al veel minder.

C:\Documents and Settings\Flore\fhrzsw.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Flore\letyhs.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Flore\yuntql.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\Documents and Settings\Korneel\Local Settings\spoolsv.exe Infected: Trojan.Win32.Agent.drw skipped

Deze zitten in de prullenbak (is een verborgen map)

C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1005\Dc13.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped
C:\RECYCLER\S-1-5-21-299502267-1532298954-725345543-1005\Dc14.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.k skipped

Verder zie ik geen problemen
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan Onderaan