Archief - pc besmet

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
d

deejay117

Legacy Member
Na een grondige virusscan zie ik dat mijn virusscanner wat beestjes gevonden heeft op mijn pc.
Ik post hier allessinds al de resultaten van mijn virusscanner en een hijacktis logje.
Alvast bedankt voor de hulp.

Location;Diagnosis;Status;Severity
;=============================================================;;0
;Start task at 02:50:38 on machine 'HP13431268886';;0
;Operating System: Windows XP (SP 3);;0
;CPU: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz;;0
;Scan area: C:\;;0
;Command line parameter: @#@#C:\Norman\temp\00001109.scan ;;0
;=============================================================;;0
;Scanner engine: 6.6.12. Last update: 27/01/2011 13:49:58;;0
;Total number of variants: 9462214 (nvcbin.def 9441749, nvcmacro.def 20465);;0
;NVC version: 8.1.0.88 / Nov 17 2010;;0
;NCL version: 6.6.12.0;;0
;NCM version: 1.8.3.0;;0
;Starting boot sector scanning...;;0
;Boot sector scanning completed.;;0
C:\pagefile.sys;Could not be accessed: C:\pagefile.sys (file) [0x00000005:Access denied];;1
C:\pagefile.sys; [44 ms];File could not be scanned (access denied).;1;44676
C:\Documents and Settings\Alain\Application Data\Microsoft\HTML Help\hh.dat;Could not complete scan: C:\Documents and Settings\Alain\Application Data\Microsoft\HTML Help\hh.dat#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\Documents and Settings\Alain\Application Data\Microsoft\HTML Help\hh.dat; [108 ms];File could not be fully scanned.;1;108026
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Moved to quarantine: C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2 (file);;0
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Malware found: Java/Agent.CG. Type: Trojan [bpac/a$1.class];;5
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Deleted during repair: C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2#bpac/a$1.class (file);;0
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Malware found: Suspicious_Gen2.FXKOE. Type: Trojan [bpac/a.class];;5
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Deleted during repair: C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2#bpac/a.class (file);;0
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Malware found: Java/Agent.CH. Type: Trojan [bpac/b.class];;5
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Deleted during repair: C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2#bpac/b.class (file);;0
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Malware found: JAVA/Dloader.AG. Type: Trojan [bpac/KAVS.class];;5
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2;Deleted during repair: C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2#bpac/KAVS.class (file);;0
C:\Documents and Settings\Alain\Application Data\Sun\Java\Deployment\cache\6.0\0\51063600-5f63f0b2; [694 ms];File cleaned.;3;694390
C:\Documents and Settings\Alain\Bureaublad\75123.part1.rar;Could not complete scan: C:\Documents and Settings\Alain\Bureaublad\75123.part1.rar#<> (file) [0x00220000:Ncl: Function or interface version not supported];;0
C:\Documents and Settings\Alain\Bureaublad\75123.part1.rar; [50 ms];File could not be fully scanned.;1;50793
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudHDDDefragmenter.zip;Cannot scan encrypted file: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudHDDDefragmenter.zip#sbRecovery.reg (file) [0x00220006:The archive is encrypted and can not be handled];;0
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudHDDDefragmenter.zip;Cannot scan encrypted file: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudHDDDefragmenter.zip#sbRecovery.ini (file) [0x00220006:The archive is encrypted and can not be handled];;0
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudHDDDefragmenter.zip; [1 s];File is password protected.;1;1769055
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip;Cannot scan encrypted file: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip#sbRecovery.reg (file) [0x00220006:The archive is encrypted and can not be handled];;0
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip;Cannot scan encrypted file: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip#sbRecovery.ini (file) [0x00220006:The archive is encrypted and can not be handled];;0
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip; [2 s];File is password protected.;1;2995855
C:\i386\WEXTRACT.EX_;Could not complete scan: C:\i386\WEXTRACT.EX_#wextract.exe#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe;Moved to quarantine: C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe (file);;0
C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe;Malware found: W32/Obfuscated.L. Type: Possible new, unknown virus (Sandbox);;5
C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe;Deleted during repair: C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe (file);;0
file: \\?\C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe
report:
[ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: [email protected] - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Anti debug/emulation code present.
* File length: 264704 bytes.


C:\Program Files\Easiestutils\YouTube FLV to AVI easy converter\flv2mp3.exe; [2 s];File cleaned.;3;2364661
C:\Program Files\Google\Update\1.2.183.23\GoogleUpdateHelper.msi;Could not complete scan: C:\Program Files\Google\Update\1.2.183.23\GoogleUpdateHelper.msi#file0#<> (file) [0x00220005:CRC error in archive];;0
C:\Program Files\Microsoft Office\Office\1043\MSOWC.SLL;Could not complete scan: C:\Program Files\Microsoft Office\Office\1043\MSOWC.SLL#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\Program Files\Microsoft Office\Office\1043\MSOWC.SLL; [330 ms];File could not be fully scanned.;1;330972
C:\Program Files\Nero\Nero 7\Nero Mobile\SetupNeroMobile.exe;IO error while scanning: C:\Program Files\Nero\Nero 7\Nero Mobile\SetupNeroMobile.exe#noname.nsis#file0#file6#NERO_I~2.007 (file) [0x0001001c:File read error during scan];;0
C:\Program Files\WinRAR\Default.SFX;Could not complete scan: C:\Program Files\WinRAR\Default.SFX#<> (file) [0x00000001:Invalid function];;0
C:\Program Files\WinRAR\Default.SFX; [1 s];File could not be fully scanned.;1;1606845
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe;Could not complete scan: C:\WINDOWS\$NtServicePackUninstall$\wextract.exe#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe; [413 ms];File could not be fully scanned.;1;413613
C:\WINDOWS\Help\sndvol32.chw;Could not complete scan: C:\WINDOWS\Help\sndvol32.chw#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\WINDOWS\Help\sndvol32.chw; [44 ms];File could not be fully scanned.;1;44949
C:\WINDOWS\Installer\31a7545.msp;Could not complete scan: C:\WINDOWS\Installer\31a7545.msp#file1#<> (file) [0x00220005:CRC error in archive];;0
C:\WINDOWS\Installer\31a754a.msp;Could not complete scan: C:\WINDOWS\Installer\31a754a.msp#file1#<> (file) [0x00220005:CRC error in archive];;0
C:\WINDOWS\ServicePackFiles\i386\wextract.exe;Could not complete scan: C:\WINDOWS\ServicePackFiles\i386\wextract.exe#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\WINDOWS\ServicePackFiles\i386\wextract.exe; [445 ms];File could not be fully scanned.;1;445361
C:\WINDOWS\system32\wextract.exe;Could not complete scan: C:\WINDOWS\system32\wextract.exe#<> (file) [0x00220001:Cannot parse or unpack this object];;0
C:\WINDOWS\system32\wextract.exe; [823 ms];File could not be fully scanned.;1;823234
;=============================================================;;0
Scan result;;Malware found.;2
286916;Objects scanned (files and items inside archives).;;0
67977;Files scanned.;;0
1;Files skipped (access problems).;;0
0;Files on Exclude list excluded.;;0
8235;Archive files (or archives inside archives).;;0
14;Archive files that could not be properly scanned.;;0
5;Infections found.;;0
0;Files with multiple infections found.;;0
0;Files repaired.;;0
5;Files deleted.;;0
0;Files will be deleted at next computer restart.;;0
1;Infections detected by Sandbox.;;0
58870510221;Bytes scanned (files and archive content).;;0
55131261605;Bytes found in files.;;0
;Elapsed time: 3:25:04 (hh:mm:ss);;0
d

deejay117

Legacy Member
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:43, on 28/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Ngs\Bin\Nnf.exe
C:\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Npm\Bin\scheduler.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Norman\Nse\bin\NSESVC.EXE
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Real\RealPlayer\RecordingManager.exe
C:\Program Files\WinAVI Video Converter\WinAVI.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Title1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Title1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:4001;https=localhost:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Personal ID] C:\COOLSP~1\PERSON~1\PID.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205798740593
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205798774125
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nnf.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\Nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe

--
End of file - 9683 bytes
J

Juisterr

Legacy Member
Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
  • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga naar het tabblad "Updates" en Update MBAM.
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien MBAM vraagt om een herstart, doe dit dan ook.

Het log wordt automatisch bewaard door MalwareBytes Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
d

deejay117

Legacy Member
OK dat zal ik doen juist vond norman nog iets raar Bestandsnaam TFC.exe Diagnose W32/SmallDrp.AZGM dit gebeurde tijdens het surfen via google.
d

deejay117

Legacy Member
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 5653

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/02/2011 14:03:25
mbam-log-2011-02-01 (14-03-25).txt

Scantype: Snelle scan
Objecten gescand: 161249
Verstreken tijd: 7 minuut/minuten, 24 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
J

Juisterr

Legacy Member
update je mbam scanner en doe een nieuwe scan, plaats de uitslag samen met een nieuw Hijackthis logje.
d

deejay117

Legacy Member
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 5659

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/02/2011 16:50:30
mbam-log-2011-02-02 (16-50-30).txt

Scantype: Snelle scan
Objecten gescand: 165027
Verstreken tijd: 13 minuut/minuten, 51 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
d

deejay117

Legacy Member
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:55, on 2/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Ngs\Bin\Nnf.exe
C:\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\COOLSP~1\PERSON~1\PID.EXE
C:\Norman\Npm\Bin\scheduler.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Norman\Nse\bin\NSESVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:4001;https=localhost:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Personal ID] C:\COOLSP~1\PERSON~1\PID.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1205798740593
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1205798774125
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Common Toolkit Service - SPAMfighter - C:\Program Files\Common Files\Common Toolkit Suite\FighterSuiteService.exe
O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nnf.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\Nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe

--
End of file - 10385 bytes
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan