wat doen met "warnings" of"hidden objects" na een scan?

Status
Niet open voor verdere reacties.
Dag luitjes,

ik ben nogal vlug ongerust, daarom deze vraag. Mijn virusscan is free Avira.
Hierbij het rapport:

Alvast bedankt bij voorbaat

Avira Free Antivirus
Report file date: vrijdag 13 april 2012 00:16

Scanning for 3616202 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NATASJA-PC

Version information:
BUILD.DAT : 12.0.0.898 41963 Bytes 31/01/2012 14:50:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 19/02/2012 18:17:22
AVSCAN.DLL : 12.1.0.18 54224 Bytes 19/02/2012 18:17:22
LUKE.DLL : 12.1.0.19 68304 Bytes 19/02/2012 18:17:22
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 19/02/2012 18:17:23
AVREG.DLL : 12.1.0.36 229128 Bytes 6/04/2012 14:05:26
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 17:05:07
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1/02/2012 17:05:07
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 15:15:29
VBASE005.VDF : 7.11.26.45 2048 Bytes 28/03/2012 15:15:30
VBASE006.VDF : 7.11.26.46 2048 Bytes 28/03/2012 15:15:30
VBASE007.VDF : 7.11.26.47 2048 Bytes 28/03/2012 15:15:30
VBASE008.VDF : 7.11.26.48 2048 Bytes 28/03/2012 15:15:30
VBASE009.VDF : 7.11.26.49 2048 Bytes 28/03/2012 15:15:30
VBASE010.VDF : 7.11.26.50 2048 Bytes 28/03/2012 15:15:30
VBASE011.VDF : 7.11.26.51 2048 Bytes 28/03/2012 15:15:32
VBASE012.VDF : 7.11.26.52 2048 Bytes 28/03/2012 15:15:32
VBASE013.VDF : 7.11.26.53 2048 Bytes 28/03/2012 15:15:32
VBASE014.VDF : 7.11.26.107 221696 Bytes 30/03/2012 15:15:33
VBASE015.VDF : 7.11.26.179 224768 Bytes 2/04/2012 15:16:29
VBASE016.VDF : 7.11.26.241 142336 Bytes 4/04/2012 09:31:04
VBASE017.VDF : 7.11.27.41 247808 Bytes 8/04/2012 14:05:20
VBASE018.VDF : 7.11.27.107 161280 Bytes 12/04/2012 16:42:58
VBASE019.VDF : 7.11.27.108 2048 Bytes 12/04/2012 16:42:58
VBASE020.VDF : 7.11.27.109 2048 Bytes 12/04/2012 16:42:59
VBASE021.VDF : 7.11.27.110 2048 Bytes 12/04/2012 16:42:59
VBASE022.VDF : 7.11.27.111 2048 Bytes 12/04/2012 16:42:59
VBASE023.VDF : 7.11.27.112 2048 Bytes 12/04/2012 16:42:59
VBASE024.VDF : 7.11.27.113 2048 Bytes 12/04/2012 16:42:59
VBASE025.VDF : 7.11.27.114 2048 Bytes 12/04/2012 16:42:59
VBASE026.VDF : 7.11.27.115 2048 Bytes 12/04/2012 16:42:59
VBASE027.VDF : 7.11.27.116 2048 Bytes 12/04/2012 16:42:59
VBASE028.VDF : 7.11.27.117 2048 Bytes 12/04/2012 16:42:59
VBASE029.VDF : 7.11.27.118 2048 Bytes 12/04/2012 16:43:00
VBASE030.VDF : 7.11.27.119 2048 Bytes 12/04/2012 16:43:00
VBASE031.VDF : 7.11.27.128 51712 Bytes 12/04/2012 22:12:43
Engineversion : 8.2.10.42
AEVDF.DLL : 8.1.2.2 106868 Bytes 8/02/2012 10:19:00
AESCRIPT.DLL : 8.1.4.16 446842 Bytes 5/04/2012 09:31:42
AESCN.DLL : 8.1.8.2 131444 Bytes 8/02/2012 10:18:52
AESBX.DLL : 8.2.5.5 606579 Bytes 14/03/2012 16:22:43
AERDL.DLL : 8.1.9.15 639348 Bytes 8/09/2011 22:16:06
AEPACK.DLL : 8.2.16.9 807287 Bytes 30/03/2012 15:15:37
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 5/04/2012 09:31:38
AEHEUR.DLL : 8.1.4.15 4628855 Bytes 12/04/2012 22:12:44
AEHELP.DLL : 8.1.19.1 254327 Bytes 2/04/2012 15:16:31
AEGEN.DLL : 8.1.5.23 409973 Bytes 7/03/2012 20:19:47
AEEXP.DLL : 8.1.0.29 82293 Bytes 12/04/2012 22:12:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/09/2011 22:46:01
AECORE.DLL : 8.1.25.6 201078 Bytes 15/03/2012 19:07:04
AEBB.DLL : 8.1.1.0 53618 Bytes 1/09/2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 23/09/2011 11:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 23/09/2011 10:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 23/09/2011 10:55:01
AVARKT.DLL : 12.1.0.23 209360 Bytes 19/02/2012 18:17:22
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23/09/2011 10:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 16/09/2011 01:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 23/09/2011 11:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 23/09/2011 11:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23/09/2011 12:37:25
RCTEXT.DLL : 12.1.1.16 96208 Bytes 12/02/2012 16:26:44

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: vrijdag 13 april 2012 00:16

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'Skype.exe' - '140' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '129' Module(s) have been scanned
Scan process 'sidebar.exe' - '115' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'avgnt.exe' - '74' Module(s) have been scanned
Scan process 'wmdcBase.exe' - '42' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '70' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '22' Module(s) have been scanned
Scan process 'sttray.exe' - '38' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '155' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'taskhost.exe' - '53' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '105' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '52' Module(s) have been scanned
Scan process 'mdm.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'avguard.exe' - '67' Module(s) have been scanned
Scan process 'aestsrv.exe' - '8' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'sched.exe' - '41' Module(s) have been scanned
Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'Hpservice.exe' - '28' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'STacSV.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '151' Module(s) have been scanned
Scan process 'svchost.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '71' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1213' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Windows\SoftwareDistribution\Download\c532404b2ca33c73a904ad66446f68594bc8c50b
[0] Archive type: Portable Executable Resource
--> object
[1] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[2] Archive type: 7-Zip
--> WriterProdLang.cab
[3] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!
--> object
[1] Archive type: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archive type: 7-Zip
--> LanguageSelector64.cab
[3] Archive type: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNING] The file could not be read!


End of the scan: vrijdag 13 april 2012 09:20
Used time: 9:04:17 Hour(s)

The scan has been done completely.

27236 Scanned directories
420112 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
420112 Files not concerned
2456 Archives were scanned
2 Warnings
1 Notes
616853 Objects were scanned with rootkit scan
1 Hidden objects were found
 
In de regel is het niet zeker zo dat een verborgen object (of rootkit) ALTIJD kwaadaardig is. ik ken bepaalde rootkit scanners die 10-tallen verborgen processen weergeven. dit soort scanner maakt echter geen onderscheid tussen de kwaadaardige processen en de goede, gewoon omdat ze dit doel niet hebben.

het is dus zeker 'gevaarlijk' van als leek een rootkitscanner op je systeem los te laten en alle gevonden processen te killen en verwijderen. het kan zijn dat je systeem niet eens meer opstart!

In jouw specifieke geval raad ik eerder aan het stappenplan van Swake bij vermoeden van infectie op te volgen.

@Swake: jij neemt over?
 
Status
Niet open voor verdere reacties.
Terug
Bovenaan Onderaan