Mededeling

Collapse
No announcement yet.

TR/Trash.Gen

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • TR/Trash.Gen

    Beste helpers, ik heb een PC in huis met daarop al enkele maanden regelmatig deze melding. Avira popt op waarna ik deze in quarantaine plaats. AntiMalwarebites draai ik regelmatig, deze vindt echter niets. Hoe krijg ik dit weg. Op internet lees ik dat dit een niet zo'n prettige trojan is.

    PC draait op XP professional en is niet traag. Soms bleef de cursor wel hangen en moest ik rebooten. Nadat ik de PC een maand geleden van binnen superschoon geblazen had, alles losgehad heb en voorzien heb van een nieuwe batterij was dat over. Tot gisteren. Nadat ik CCleaner en AMB gedraaid had heb ik nu net weer een vastloper. Bestaat er een relatie met de infectie?

    Thnx

  • #2
    Hallo,

    Kan je aangeven welk bestand (naam en volledig pad) gedetecteerd wordt?

    Volg deze instructies: http://www.nucia.eu/forum/threads/12...ericht-plaatst!
    Post de gevraagde logjes.

    Comment


    • #3
      Quarantaine: C:\System Volume Information\_restore{D8BE129D-2A8C-4235-9AA8-263225196297}RP1046\A0368666.dll


      DDS (Ver_2012-11-20.01) - NTFS_x86
      Internet Explorer: 8.0.6001.18702
      Run by 2. Betty at 10:16:03 on 2013-11-20
      Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.567 [GMT 1:00]
      .
      AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
      .
      ============== Running Processes ================
      .
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\SearchFilterHost.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k NetworkService
      C:\WINDOWS\system32\svchost.exe -k LocalService
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.ascendingall.com/
      dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
      BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
      BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
      BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
      TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
      EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
      uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
      mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
      mRun: [CTHelper] CTHELPER.EXE
      mRun: [UpdReg] c:\windows\UpdReg.EXE
      mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
      mRun: [SoundMan] SOUNDMAN.EXE
      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
      mRun: [nwiz] nwiz.exe /install
      mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
      mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
      dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
      dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
      dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
      StartupFolder: c:\docume~1\29857~1.bet\menust~1\progra~1\opstar~1\MICROS~1.LNK -
      StartupFolder: c:\docume~1\alluse~1.win\menust~1\progra~1\opstar~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
      IE: Append to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360874699265
      DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
      DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
      TCP: NameServer = 212.54.40.25 212.54.35.25
      TCP: Interfaces\{D706CB79-1168-4EFD-B1C0-933A39A6025F} : DHCPNameServer = 212.54.40.25 212.54.35.25
      Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
      SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
      LSA: Authentication Packages = msv1_0 nwprovau
      .
      ============= SERVICES / DRIVERS ===============
      .
      R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-18 37352]
      R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-18 84024]
      R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-18 108088]
      R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-18 88840]
      R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-12-18 21992]
      S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
      S2 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users.windows\application data\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe --> c:\documents and settings\all users.windows\application data\browserdefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
      S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
      S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
      S4 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-10-18 815160]
      S4 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
      S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
      .
      =============== Created Last 30 ================
      .
      2013-11-17 20:23:32 -------- d--h--r- c:\documents and settings\2. betty\Onlangs geopend
      .
      ==================== Find3M ====================
      .
      2013-10-14 14:11:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-10-14 14:11:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-09-04 11:59:22 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-12-27 13:19:28 670072 ----a-w- c:\program files\autoruns.exe
      2009-12-27 13:19:28 559992 ----a-w- c:\program files\autorunsc.exe
      .
      ============= FINISH: 10:17:31,79 ===============


      GMER 2.1.19163 - http://www.gmer.net
      Rootkit scan 2013-11-20 10:57:09
      Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6Y080L0 rev.YAR41BW0 76,34GB
      Running: 5s3ctmjn.exe; Driver: C:\DOCUME~1\29857~1.BET\LOCALS~1\Temp\uwloqpob.sys


      ---- System - GMER 2.1 ----

      SSDT F7C977A4 ZwClose
      SSDT F7C9775E ZwCreateKey
      SSDT F7C977AE ZwCreateSection
      SSDT F7C97754 ZwCreateThread
      SSDT F7C97763 ZwDeleteKey
      SSDT F7C9776D ZwDeleteValueKey
      SSDT F7C9779F ZwDuplicateObject
      SSDT F7C97772 ZwLoadKey
      SSDT F7C97740 ZwOpenProcess
      SSDT F7C97745 ZwOpenThread
      SSDT F7C977C7 ZwQueryValueKey
      SSDT F7C9777C ZwReplaceKey
      SSDT F7C977B8 ZwRequestWaitReplyPort
      SSDT F7C97777 ZwRestoreKey
      SSDT F7C977B3 ZwSetContextThread
      SSDT F7C977BD ZwSetSecurityObject
      SSDT F7C97768 ZwSetValueKey
      SSDT F7C977C2 ZwSystemDebugControl
      SSDT F7C9774F ZwTerminateProcess

      ---- Kernel code sections - GMER 2.1 ----

      .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF65B2360, 0x372FAD, 0xE8000020]
      ? C:\DOCUME~1\29857~1.BET\LOCALS~1\Temp\mbr.sys De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !

      ---- User code sections - GMER 2.1 ----

      .text C:\WINDOWS\system32\SearchIndexer.exe[360] kernel32.dll!WriteFile 7C7E12FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585539 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC14 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4175799F C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417578D1 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175793C C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577A2 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757804 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A02 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2244] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 41757866 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585539 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659B81 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D1BD C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC14 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C4696 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 4175799F C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417578D1 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175793C C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577A2 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757804 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A02 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 41757866 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 4165DC70 C:\WINDOWS\system32\IEFRAME.dll
      .text C:\Program Files\Internet Explorer\iexplore.exe[2312] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 41757D07 C:\WINDOWS\system32\IEFRAME.dll

      ---- Devices - GMER 2.1 ----

      AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys

      ---- EOF - GMER 2.1 ----

      Comment


      • #4
        Click image for larger version

Name:	Avira report 1.jpg
Views:	1
Size:	298,5 KB
ID:	1067415Click image for larger version

Name:	Avira report 2.jpg
Views:	1
Size:	300,9 KB
ID:	1067416

        Comment


        • #5
          Wis je systeemherstelpunten, dat lost het probleem op.
          http://users.telenet.be/marcvn/spywa...emherstel.html

          Comment


          • #6
            Heb ik gedaan en heb al een paar dagen geen melding meer gehad idd.

            Het probleem lijkt mij opgelost !

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X