Archief - Pc loopt vast

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

deejay117

Legacy Member
Allereerst mijn beste wensen voor 2009.
Mijn pc loopt de laatste dagen regelmatig vast dus dan moet ik de grote knop inhouden en hem weer aanzetten.
Ik heb al gescand met malwarebytes maar deze vind niets.
Met Norman Malware Cleaner een ful scan gedaan en deze vond er 2 namelijk
w32/onlinegames.cmvyd

orman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/12/29 11:23:18

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/12/29 11:23:18, Variants: 2376740

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode with network) Service Pack 3
Logged on user: EUROSYS\Eigenaar

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scan started: 03/01/2009 05:11:15


Scanning running processes and process memory...

Number of processes/threads found: 759
Number of processes/threads scanned: 759
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 59s


Scanning file system...

Scanning: C:\*.*

C:\RECYCIER\NTXEGEOT.EXE (Infected with W32/OnLineGames.CMVY)
Deleted file

C:\System Volume Information\_restore{3CD55357-6C35-40D7-9F55-742201E6F1AA}\RP33\A0009431.EXE (Infected with W32/OnLineGames.CMVY)
Deleted file

Running post-scan cleanup routine:

Number of files found: 103213
Number of archives unpacked: 255
Number of files scanned: 103168
Number of files not scanned: 45
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 40m 5s

deejay117

Legacy Member
Combofix er ook eens op los gelaten in veilige modus deze heeft dit verwijderd c:\windows\system32\api32.dll

ComboFix 09-01-01.02 - Eigenaar 2009-01-03 22:32:45.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.767.593 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\api32.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-03 to 2009-01-03 ))))))))))))))))))))))))))))))
.

2009-01-02 18:52 . 2009-01-03 22:22 <DIR> dr-h----- c:\documents and settings\Eigenaar\Onlangs geopend
2009-01-02 02:33 . 2009-01-02 02:38 <DIR> d-------- c:\documents and settings\Eigenaar\Application Data\vlc
2008-12-31 18:34 . 2008-12-31 18:34 <DIR> d-------- c:\program files\WinAVIVideoConverter
2008-12-30 23:14 . 2008-12-30 23:14 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-30 23:14 . 2008-12-30 23:14 1,409 --a------ c:\windows\QTFont.for
2008-12-16 23:03 . 2009-01-03 05:29 <DIR> d-------- C:\RECYCIER
2008-12-08 04:55 . 2008-12-08 06:34 <DIR> d-------- c:\program files\Absolute MP3 Splitter

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 13:18 --------- d-----w c:\program files\Norman
2009-01-02 01:32 --------- d-----w c:\program files\VideoLAN
2009-01-01 23:44 --------- d-----w c:\program files\WMR11
2008-12-30 22:01 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-30 22:01 --------- d-----w c:\program files\SpywareBlaster
2008-12-15 21:11 3,888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS
2008-12-08 05:36 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-08 04:36 --------- d-----w c:\program files\Audacity
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-03 03:08 --------- d-----w c:\program files\Java
2008-11-23 23:19 --------- d-----w c:\program files\3D MP3 Sound Recorder G2
2008-11-23 04:29 --------- d-----w c:\program files\POI-Warner MioMap Edition
2008-11-16 01:17 --------- d-----w c:\documents and settings\Eigenaar\Application Data\Vso
2008-11-15 03:34 --------- d-----w c:\program files\7-Zip
2008-11-12 16:40 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro 3
2008-11-12 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\Hitman Pro
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 22:17 --------- d-----w c:\program files\Lavasoft
2008-11-07 22:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-07 17:44 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-07 04:13 --------- d-----w c:\program files\Winamp
2008-11-07 02:22 --------- d-----w c:\program files\Lavalys
2008-11-07 01:30 --------- d-----w c:\program files\WMV9_VCM
2008-10-28 21:30 47,360 ----a-w c:\documents and settings\Eigenaar\Application Data\pcouffin.sys
2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-07 09:41 164 ----a-w C:\install.dat
2008-10-03 10:05 247,326 ----a-w c:\windows\system32\strmdll.dll
1999-05-03 14:01 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL
1998-12-08 23:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL
1998-12-08 23:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL
1998-12-08 23:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL
1998-12-08 23:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL
1998-12-08 23:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL
2002-09-11 12:00 94,784 --sh--w c:\windows\twain.dll
2008-04-14 17:02 50,688 --sh--w c:\windows\twain_32.dll
2008-04-14 17:02 1,028,096 --sh--w c:\windows\system32\mfc42.dll
2008-04-14 17:02 57,344 --sh--w c:\windows\system32\msvcirt.dll
2008-04-14 17:02 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 17:02 343,040 --sha-w c:\windows\system32\msvcrt.dll
2008-04-14 17:02 551,936 --sh--w c:\windows\system32\oleaut32.dll
2008-04-14 17:02 84,992 --sh--w c:\windows\system32\olepro32.dll
2008-04-14 17:03 12,288 --sh--w c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Poort voor Symantec Fax Starter Edition.lnk - c:\program files\Microsoft Office\Office\1043\OLFSNT40.EXE [1999-05-03 46077]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 18:02 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 04:21 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2002-04-26 18:53 12288 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AME_CSA]
--a------ 2002-10-30 03:26 757760 c:\windows\system32\AmeCSA.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BearShare Pro\\Bearshare.exe"=
"c:\\Documents and Settings\\Eigenaar\\Mijn documenten\\leechftp\\Leechftp.exe"=

S0 Eot61;Eot61; []
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys []
S2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-10-07 20448]
S2 NVOY;Norman's Very Own supplY of resources;"c:\program files\Norman\npm\bin\nvoy.exe" [2008-10-09 121912]
S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\DRIVERS\AmeAtmPc.sys [2007-12-29 118391]
S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55808]
S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55808]
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88172.sys [2007-12-29 11264]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\DRIVERS\DUBE100B.sys [2008-01-26 18560]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-10-07 322616]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-10-07 19512]
S3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-10-07 191544]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\Bin\Nvcsched.exe" [2008-10-09 154680]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore

O16 -: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
c:\windows\Downloaded Program Files\hcImpl.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:36:06
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...


**************************************************************************
.
Voltooingstijd: 2009-01-03 22:38:33
ComboFix-quarantined-files.txt 2009-01-03 21:37:15
ComboFix2.txt 2009-01-03 04:59:35

Pre-Run: 96.737.415.168 bytes beschikbaar
Post-Run: 96,785,846,272 bytes beschikbaar

167 --- E O F --- 2008-12-11 14:07:09

deejay117

Legacy Member
Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:22 , on 3/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL USB Modem Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.eurosys.be/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1198954035578
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5251/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2060CA14-690D-41A0-AE10-2DB9660A24AB}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{2060CA14-690D-41A0-AE10-2DB9660A24AB}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe

--
End of file - 6294 bytes

Jurgenv1

Legacy Member
* Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.
  • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
  • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
Extra Nota:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

deejay117

Legacy Member
Het programma was in het Nederlands ik heb op snelle scan geklikt en laten scannen.
Hier het logje.

Malwarebytes' Anti-Malware 1.31
Database versie: 1604
Windows 5.1.2600 Service Pack 3

4/01/2009 1:53:07
mbam-log-2009-01-04 (01-53-07).txt

Scan type: Snelle Scan
Objecten gescand: 53715
Verstreken tijd: 8 minute(s), 27 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)


En hier het Hijackthis logje.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:48 , on 4/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ADSL USB Modem Connection.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Poort voor Symantec Fax Starter Edition.lnk = C:\Program Files\Microsoft Office\Office\1043\OLFSNT40.EXE
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.eurosys.be/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1198954035578
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5251/mcfscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2060CA14-690D-41A0-AE10-2DB9660A24AB}: NameServer = 195.238.2.22 195.238.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{2060CA14-690D-41A0-AE10-2DB9660A24AB}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe

--
End of file - 6472 bytes

Alvast bedankt om het na te kijken.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan