Ga naar inhoud

w32 Blaster Worm

PCdwaas
 Delen

Aanbevolen berichten

PCdwaas Groentje

PCdwaas

Geplaatst:
  • Auteur
Geplaatst:

Het is antivir geworden. Na het scannen heb ik dit in quarantaine gezet.

Virus TR/Crypt.XPACK.Gen2Date discovered:08/10/2009Type:Trojan

Avira AntiVir Personal

Report file date: zaterdag 13 november 2010 21:41

Scanning for 3043866 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : PRIVATE-E727259

Version information:

BUILD.DAT : 10.0.0.592 31823 Bytes 9/08/2010 11:00:00

AVSCAN.EXE : 10.0.3.1 434344 Bytes 2/08/2010 15:09:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 1/04/2010 12:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 2/08/2010 15:10:00

LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 09:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 19:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 16:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/03/2010 11:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 15:10:03

VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/06/2010 15:10:04

VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 15:10:06

VBASE008.VDF : 7.10.11.133 3454464 Bytes 13/09/2010 20:30:28

VBASE009.VDF : 7.10.13.80 2265600 Bytes 2/11/2010 20:30:33

VBASE010.VDF : 7.10.13.81 2048 Bytes 2/11/2010 20:30:33

VBASE011.VDF : 7.10.13.82 2048 Bytes 2/11/2010 20:30:33

VBASE012.VDF : 7.10.13.83 2048 Bytes 2/11/2010 20:30:33

VBASE013.VDF : 7.10.13.116 147968 Bytes 4/11/2010 20:30:34

VBASE014.VDF : 7.10.13.147 146944 Bytes 7/11/2010 20:30:34

VBASE015.VDF : 7.10.13.180 123904 Bytes 9/11/2010 20:30:34

VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 20:30:35

VBASE017.VDF : 7.10.13.212 2048 Bytes 11/11/2010 20:30:35

VBASE018.VDF : 7.10.13.213 2048 Bytes 11/11/2010 20:30:35

VBASE019.VDF : 7.10.13.214 2048 Bytes 11/11/2010 20:30:35

VBASE020.VDF : 7.10.13.215 2048 Bytes 11/11/2010 20:30:35

VBASE021.VDF : 7.10.13.216 2048 Bytes 11/11/2010 20:30:35

VBASE022.VDF : 7.10.13.217 2048 Bytes 11/11/2010 20:30:35

VBASE023.VDF : 7.10.13.218 2048 Bytes 11/11/2010 20:30:35

VBASE024.VDF : 7.10.13.219 2048 Bytes 11/11/2010 20:30:35

VBASE025.VDF : 7.10.13.220 2048 Bytes 11/11/2010 20:30:35

VBASE026.VDF : 7.10.13.221 2048 Bytes 11/11/2010 20:30:35

VBASE027.VDF : 7.10.13.222 2048 Bytes 11/11/2010 20:30:35

VBASE028.VDF : 7.10.13.223 2048 Bytes 11/11/2010 20:30:35

VBASE029.VDF : 7.10.13.224 2048 Bytes 11/11/2010 20:30:36

VBASE030.VDF : 7.10.13.225 2048 Bytes 11/11/2010 20:30:36

VBASE031.VDF : 7.10.13.237 73728 Bytes 13/11/2010 20:30:36

Engineversion : 8.2.4.98

AEVDF.DLL : 8.1.2.1 106868 Bytes 2/08/2010 15:09:54

AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 13/11/2010 20:30:44

AESCN.DLL : 8.1.6.1 127347 Bytes 2/08/2010 15:09:53

AESBX.DLL : 8.1.3.1 254324 Bytes 2/08/2010 15:09:53

AERDL.DLL : 8.1.9.2 635252 Bytes 13/11/2010 20:30:43

AEPACK.DLL : 8.2.3.11 471416 Bytes 13/11/2010 20:30:42

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 2/08/2010 15:09:52

AEHEUR.DLL : 8.1.2.41 3043703 Bytes 13/11/2010 20:30:41

AEHELP.DLL : 8.1.14.0 246134 Bytes 13/11/2010 20:30:38

AEGEN.DLL : 8.1.3.24 401781 Bytes 13/11/2010 20:30:37

AEEMU.DLL : 8.1.2.0 393588 Bytes 2/08/2010 15:09:49

AECORE.DLL : 8.1.17.0 196982 Bytes 13/11/2010 20:30:37

AEBB.DLL : 8.1.1.0 53618 Bytes 2/08/2010 15:09:48

AVWINLL.DLL : 10.0.0.0 19304 Bytes 2/08/2010 15:09:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 2/08/2010 15:09:55

AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 2/08/2010 15:09:55

AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2/08/2010 15:09:56

AVARKT.DLL : 10.0.0.14 227176 Bytes 2/08/2010 15:09:54

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2/08/2010 15:09:55

SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 2/08/2010 15:09:56

NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 2/08/2010 15:10:08

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: zaterdag 13 november 2010 21:41

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\Software\Google\Update\network\secure-S-1-5-18\sk

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist

[NOTE] The registry entry is invisible.

c:\windows\explorer.exe

c:\WINDOWS\explorer.exe

[NOTE] The process is not visible.

The scan of running processes will be started

Scan process 'msdtc.exe' - '40' Module(s) have been scanned

Scan process 'dllhost.exe' - '59' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '48' Module(s) have been scanned

Scan process 'avscan.exe' - '67' Module(s) have been scanned

Scan process 'avcenter.exe' - '62' Module(s) have been scanned

Scan process 'avgnt.exe' - '50' Module(s) have been scanned

Scan process 'sched.exe' - '56' Module(s) have been scanned

Scan process 'avshadow.exe' - '25' Module(s) have been scanned

Scan process 'avguard.exe' - '54' Module(s) have been scanned

Scan process 'iexplore.exe' - '147' Module(s) have been scanned

Scan process 'ctfmon.exe' - '25' Module(s) have been scanned

Scan process 'iexplore.exe' - '95' Module(s) have been scanned

Scan process 'notepad.exe' - '26' Module(s) have been scanned

Scan process 'explorer.exe' - '91' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '63' Module(s) have been scanned

Scan process 'WMPNSCFG.exe' - '26' Module(s) have been scanned

Scan process 'AdobeARM.exe' - '59' Module(s) have been scanned

Scan process 'FSRremoS.EXE' - '18' Module(s) have been scanned

Scan process 'ICO.EXE' - '17' Module(s) have been scanned

Scan process 'hkcmd.exe' - '29' Module(s) have been scanned

Scan process 'alg.exe' - '33' Module(s) have been scanned

Scan process 'WMPNetwk.exe' - '53' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'spoolsv.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '173' Module(s) have been scanned

Scan process 'svchost.exe' - '38' Module(s) have been scanned

Scan process 'svchost.exe' - '53' Module(s) have been scanned

Scan process 'lsass.exe' - '58' Module(s) have been scanned

Scan process 'services.exe' - '35' Module(s) have been scanned

Scan process 'winlogon.exe' - '76' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '392' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Documents and Settings\Administrator\Desktop\BSINSTALLNL.exe

[DETECTION] Contains virus patterns of Adware ADWARE/WhenU.A.54

C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\BSINSTALLNL.exe

[DETECTION] Contains recognition pattern of the DR/SaveNow.BO.219 dropper

C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\WinAVI Video Converter 7.1 and crack plus codecs.rar

[0] Archive type: RAR

[DETECTION] Is the TR/Agent.93184.M Trojan

--> WinAVI_Video_Converter 7.1 and crack plus codecs\WinAVI_Video_Converter 7.1 and crack\keygen.exe

[DETECTION] Is the TR/Agent.93184.M Trojan

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\defender.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

C:\System Volume Information\_restore{A747292F-A55F-4370-8347-48474412C30C}\RP13\A0002406.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

Beginning disinfection:

C:\System Volume Information\_restore{A747292F-A55F-4370-8347-48474412C30C}\RP13\A0002406.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '47a8b8f8.qua'.

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\defender.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5f759796.qua'.

C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\WinAVI Video Converter 7.1 and crack plus codecs.rar

[DETECTION] Is the TR/Agent.93184.M Trojan

[NOTE] The file was moved to the quarantine directory under the name '0d22cd73.qua'.

C:\Documents and Settings\Administrator\My Documents\Mijn ontvangen bestanden\BSINSTALLNL.exe

[DETECTION] Contains recognition pattern of the DR/SaveNow.BO.219 dropper

[NOTE] The file was moved to the quarantine directory under the name '6b708280.qua'.

C:\Documents and Settings\Administrator\Desktop\BSINSTALLNL.exe

[DETECTION] Contains virus patterns of Adware ADWARE/WhenU.A.54

[NOTE] The file was moved to the quarantine directory under the name '2ef4afba.qua'.

End of the scan: zondag 14 november 2010 00:16

Used time: 1:36:58 Hour(s)

The scan has been done completely.

4868 Scanned directories

221605 Files were scanned

5 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

5 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

221600 Files not concerned

1607 Archives were scanned

0 Warnings

5 Notes

372230 Objects were scanned with rootkit scan

3 Hidden objects were found

Link naar reactie
Delen op andere sites
  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

kape Grootmeester

kape

Geplaatst:
Geplaatst:

OK, wil je dan even dit onderstaande uitvoeren en dan opnieuw laten scannen met Antivir :

Download hier CCleaner en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Link naar reactie
Delen op andere sites
PCdwaas Groentje

PCdwaas

Geplaatst:
  • Auteur
Geplaatst:

Kheb het bovenstaande gedaan en daarna avg terug geïnstalleerd en nog eens laten scannen. Geen virussen of dergelijke

gevonden. Alles ziet er terug normaal uit nu. Ik hoop dat het zo blijft :-) .Ik weet niet of ik nog iets moet doen nu?

Zoniet, hartelijk dank voor je hulp!!!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Uitstekend nieuws ... Enkel Combofix moet je dan nog verwijderen. Dat doe je zo :

Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

En dan mag je hieronder deze vraag als "OPGELOST" aanklikken :-)

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.