Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

laatste tijd af en toe virusattacks, logje checken

None
12 antwoorden
  • laatste tijd af en toe last van spontane virusattacks, komt die norman steeds met pop-ups en dan heb ik in een paar minuten een stuk of 10 virussen. Als ik vervolgens met alles ga scannen vindt geen van de hieronder genoemde programma's iets nieuws.


    Ik gebruik de volgende programma's:
    WinXP Home
    Norman Virus Control
    ZoneAlarm Firewall
    Ad-Awara
    Spybot
    Spysweeper

    heb nog een logje van HijackThis, misschien staat daar wat in.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:38:45, on 22-6-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Norman\bin\ZANDA.EXE
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\Norman\bin\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN
    ipsvc.exe
    C:\NORMAN\Nvc\BIN
    vcoas.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\bin\ZLH.EXE
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\spybot\TeaTimer.exe
    C:\System Wiper\SystemWiper.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Documenten en Settings\Kid Jansen\werk mappen\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https:/
    egister.passport.net
    eg.srf?xpwiz=true&lc=1043&langid=1043
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\freshdownload\fdcatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SDHelper.dll
    O2 - BHO: (no name) - {604B283A-4E26-4504-98E7-72859F949547} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0
    l\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\spybot\TeaTimer.exe
    O4 - HKCU\..\Run: [iIWiper] C:\System Wiper\SystemWiper.exe m
    O4 - Startup: Internet-update.lnk = C:\Norman\bin
    iu.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Microsoft Office2003\one_note_sep\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Internet-update.lnk = C:\Norman\bin
    iu.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download &All by FD - file://C:\freshdownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - file://C:\freshdownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\FRONTP~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: MyCom - {BC278A0D-2E18-4E6C-A91B-F63CF7368F75} - http://www.mycom.nl (file missing) (HKCU)
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN
    vcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Een restantje:
    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:8be915bd69]O2 - BHO: (no name) - {604B283A-4E26-4504-98E7-72859F949547} - (no file)[/b:8be915bd69]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Waar worden de virussen gevonden?
  • iedere keer in C:\windows\system32 en dan soms nog verder in verschillende directories, soms duurt het maar een paar seconde soms wel een minuut of 10 lang. De ene keer help het wel om ZoneAlarm op "Stop all internet activity" te zetten, maar soms ook niet.
    Maar ik hoor over het algemeen dat Norman best redelijk is, dus ik neem aan dat als ik uitgebreid gescant heb er niet nog wat overblijft. Duurt alleen altijd best wel lang met Norman (ca. 2,5 uur).

    heb hijackthis ff gedraaid, hier is de nieuwe log:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:11:49, on 22-6-2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Norman\bin\ZANDA.EXE
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Norman\bin\ZLH.EXE
    C:\WINDOWS\StartupMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\spybot\TeaTimer.exe
    C:\System Wiper\SystemWiper.exe
    C:\Norman\Nvc\BIN\NIP.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\Norman\bin\NJEEVES.EXE
    C:\NORMAN\Nvc\BIN
    ipsvc.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN
    vcoas.exe
    C:\WINDOWS\System32\alg.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\system32\cidaemon.exe
    D:\Documenten en Settings\Kid Jansen\werk mappen\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https:/
    egister.passport.net
    eg.srf?xpwiz=true&lc=1043&langid=1043
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\freshdownload\fdcatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\spybot\SDHelper.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0
    l\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\spybot\TeaTimer.exe
    O4 - HKCU\..\Run: [iIWiper] C:\System Wiper\SystemWiper.exe m
    O4 - Startup: Internet-update.lnk = C:\Norman\bin
    iu.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Microsoft Office2003\one_note_sep\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Internet-update.lnk = C:\Norman\bin
    iu.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Download &All by FD - file://C:\freshdownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - file://C:\freshdownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin
    pjpi150_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\FRONTP~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: MyCom - {BC278A0D-2E18-4E6C-A91B-F63CF7368F75} - http://www.mycom.nl (file missing) (HKCU)
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN
    ipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN
    vcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Logje lijkt me ok.

    Download rkfiles.zip .
    Pak de bestanden uit naar de map c:\rkfiles.
    Start de computer in veilige modus.
    Ga via de verkenner naar de map c:\rkfiles en dubbelklik op rkfiles.bat.
    De computer wordt nu gescand.
    Als het dosvenster sluit, start je de computer terug in normale modus.
    Zoek het bestand C:\log.txt
    Post de inhoud van dit bestand.
  • ik heb dat gebeuren wat je zei gedaan, hier is de inhoud van dat logje:

    C:\rkfiles

    PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Files Found in system Folder…………
    ————————
    C:\WINDOWS\system32\P2ECOM.dll: UPX!
    C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
    C:\WINDOWS\system32\MFC42.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFC42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFCD42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFCN42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFCO42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
    C:\WINDOWS\system32\MFC42.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFC42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFCD42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFCN42D.PDB: dwProvSpec2
    C:\WINDOWS\system32\MFCO42D.PDB: dwProvSpec2

    Files Found in all users startup Folder…………
    ————————
    C:\WINDOWS\system32\P2ECOM.dll: UPX!
    Files Found in all users windows Folder…………
    ————————
    C:\WINDOWS\IFinst27.exe: UPX!
    Finished
    bye
  • Laat volgende bestanden scannen op Jotti:
    C:\WINDOWS\system32\P2ECOM.dll
    C:\WINDOWS\IFinst27.exe
    Meldt het resultaat.
  • File: IFinst27.exe
    Status:
    MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
    MD5 9c17bca3ef837bacded7e4299508e71d
    Packers detected:
    UPX
    Scanner results
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    VBA32
    Found nothing

    Last file scanned at least one scanner reported something about: Trojan.Win32.P2E.n in P2ECOM.dll, detected by:

    Scanner Malware name
    AntiVir TR/P2E.N
    ArcaVir Trojan.P2e.N
    Avast X
    AVG Antivirus P2E.W
    BitDefender Trojan.P2e.N
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus Trojan.Win32.P2E.n
    NOD32 Win32/P2E.N
    Norman Virus Control X
    VBA32 Trojan.Win32.P2E.n


    You're free to (mis)interpret these automated, flawed statistics at your own discretion.

    41050 files (26523 of those unique) have been uploaded & scanned since 07/06/2005, the day of the last database purge.
    7075 of those 26523 files contained a virus or any other form of malware.
    This page has been visited 64927 times in this time period.

    If you have suggestions and/or comments, please send me them!
















    File: P2ECOM.dll
    Status:
    INFECTED/MALWARE
    MD5 ebf3dda3d78fa612d3ce48c71d29245b
    Packers detected:
    -
    Scanner results
    AntiVir
    Found TR/P2E.N
    ArcaVir
    Found Trojan.P2e.N
    Avast
    Found nothing
    AVG Antivirus
    Found P2E.W
    BitDefender
    Found Trojan.P2e.N
    ClamAV
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found Trojan.Win32.P2E.n
    NOD32
    Found Win32/P2E.N
    Norman Virus Control
    Found nothing
    VBA32
    Found Trojan.Win32.P2E.n

    Last file scanned at least one scanner reported something about: TR/Dldr.Donn.AA in De51387.exe, detected by:

    Scanner Malware name
    AntiVir TR/Dldr.Donn.AA
    ArcaVir Trojan.Trojandownloader.Donn.U
    Avast Win32:Trojano-057
    AVG Antivirus Downloader.Donn.Q
    BitDefender Trojan.Downloader.Donn.U
    ClamAV Trojan.Small.P
    Dr.Web Trojan.DownLoader.260
    F-Prot Antivirus security risk or a "backdoor" program
    Fortinet X
    Kaspersky Anti-Virus Trojan-Downloader.Win32.Donn.aa
    NOD32 Win32/TrojanDownloader.Donn.B
    Norman Virus Control Sandbox: W32/Downloader
    VBA32 X


    You're free to (mis)interpret these automated, flawed statistics at your own discretion.

    41041 files (26519 of those unique) have been uploaded & scanned since 07/06/2005, the day of the last database purge.
    7074 of those 26519 files contained a virus or any other form of malware.
    This page has been visited 64917 times in this time period.

    If you have suggestions and/or comments, please send me them!
  • P2ECOM.dll mag weg.

    IFinst27.exe zou ik eens hernoemen naar IFinst27.old.
  • Is gebeurd, denk je dat het zo verholpen is?
    Ben ik nu klaar, of zijn er nog meer dingen die ik moet doen?
  • Kijk even wat het geeft.

    Als je nog meldingen krijgt meld je deze.
  • OK, doe ik, als je niks van me hoort kan je ervan uit gaan dat ik geen meldingen meer heb gehad. Natuurlijk ook nog bedankt voor de hulp, hoop dat het nu afgelopen is.
  • nergens meer last van gehad, dus zal wel goed zijn

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.