Mededeling

Collapse
No announcement yet.

schijfbewaker

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • schijfbewaker

    hoi ik zit met een groot probleem ik krijg steeds schijfbewaker en heb per ongeluk op oke gedrukt mijn computer is heel erg traag blijft vastlopen en krijg veel reclame wil je even kijken naar mijn hijackthis-log ik hoop dat je mij kan helpen
    bedankt alvast

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:29:16, on 10-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe
    C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\mrofinu1381.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [CtrlMod20] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe -m 71 -p"E:"
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1381.exe 61A847B5BBF72813319339466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [BM2b3728a5] Rundll32.exe "C:\WINDOWS\system32\fnawinji.dll",s
    O4 - HKLM\..\Run: [28041b39] rundll32.exe "C:\WINDOWS\system32\yubhcncn.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
    O4 - HKCU\..\Run: [busdriver_setup.exe] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\Rar$EX00.703\BUSDRI~1.EXE /r
    O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://realmadrid77.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149365884321
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 12091 bytes


    groetjes yoli

  • #2
    Download Malwarebytes' Anti-Malware op je bureaublad.
    Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
    Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
    Druk daarna op "Finish".
    Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
    Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
    Druk dan op de knop "Start Scan".
    Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
    Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
    Als het programma je computer wil laten herstarten, sta je dit toe.
    Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
    Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

    Comment


    • #3
      Malwarebytes' Anti-Malware 1.11
      Database versie: 610

      Scan type: Volledige Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
      Objecten gescand: 190652
      Verstreken tijd: 1 hour(s), 24 minute(s), 17 second(s)

      Geheugenprocessen geïnfecteerd: 1
      Geheugenmodulen geïnfecteerd: 3
      Registersleutels geïnfecteerd: 25
      Registerwaarden geïnfecteerd: 2
      Registerdata bestanden geïnfecteerd: 1
      Mappen geïnfecteerd: 7
      Bestanden geïnfecteerd: 17

      Geheugenprocessen geïnfecteerd:
      c:\WINDOWS\mrofinu1381.exe (Trojan.DownLoader) -> Unloaded process successfully.

      Geheugenmodulen geïnfecteerd:
      C:\WINDOWS\system32\efcYSkig.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\WINDOWS\system32\yubhcncn.dll (Trojan.Vundo) -> Unloaded module successfully.
      C:\Program Files\CPV\CPV8.dll (Trojan.Agent) -> Unloaded module successfully.

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e002fda0-add8-4816-a11b-d7870ea96e9e} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{e002fda0-add8-4816-a11b-d7870ea96e9e} (Trojan.Vundo) -> Delete on reboot.
      HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.DownLoader) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2b3728a5 (Trojan.Agent) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcyskig -> Quarantined and deleted successfully.

      Mappen geïnfecteerd:
      C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
      C:\Program Files\Save\Games (Adware.WhenUSave) -> Quarantined and deleted successfully.
      C:\Program Files\Save\Menu (Adware.WhenUSave) -> Quarantined and deleted successfully.
      C:\Program Files\Save\Piz (Adware.WhenUSave) -> Quarantined and deleted successfully.
      C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Program Files\CPV (Trojan.Downloader) -> Delete on reboot.

      Bestanden geïnfecteerd:
      c:\WINDOWS\mrofinu1381.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\efcYSkig.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\gikSYcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\gikSYcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\yubhcncn.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\ncnchbuy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Program Files\CPV\CPV8.dll (Trojan.Agent) -> Delete on reboot.
      C:\System Volume Information\_restore{20DF6D58-C879-470D-A13B-E285BEC6010C}\RP631\A0077844.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{20DF6D58-C879-470D-A13B-E285BEC6010C}\RP631\A0077845.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{20DF6D58-C879-470D-A13B-E285BEC6010C}\RP631\A0077846.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{20DF6D58-C879-470D-A13B-E285BEC6010C}\RP631\A0077847.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{20DF6D58-C879-470D-A13B-E285BEC6010C}\RP640\A0077956.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{20DF6D58-C879-470D-A13B-E285BEC6010C}\RP713\A0112159.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\17PHolmes1381.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\mrofinu1381.exe.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\fnawinji.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\b155.exe (Heuristics.Downloader) -> Quarantined and deleted successfully.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:47:52, on 10-4-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\PSIService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe
      C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
      C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Logitech\QuickCam10\COCIManager.exe
      C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
      O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
      O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
      O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
      O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
      O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
      O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
      O2 - BHO: {57fd6eba-742f-07ba-52b4-738d73e6c3dd} - {dd3c6e37-d837-4b25-ab70-f247abe6df75} - C:\WINDOWS\system32\rrfbvxeq.dll
      O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
      O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
      O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [CtrlMod20] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe -m 71 -p"E:"
      O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [28041b39] rundll32.exe "C:\WINDOWS\system32\yubhcncn.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
      O4 - HKCU\..\Run: [busdriver_setup.exe] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\Rar$EX00.703\BUSDRI~1.EXE /r
      O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://realmadrid77.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149365884321
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O20 - Winlogon Notify: wvUljIaB - wvUljIaB.dll (file missing)
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
      O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
      O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

      --
      End of file - 13353 bytes


      ik hoop dat je mij kan helpen
      heb ook een aantal trojanhorse gezien
      krijg ook veel reclame rotzooi

      groetjes yoli

      Comment


      • #4
        Download dit bestand: zoek.exe
        Dubbelklik het, na een tijdje opent er een logje.
        Post de inhoud van dit logje in je volgende bericht

        Comment


        • #5
          ======C:\WINDOWS====
          ----a-w 0 2008-04-10 21:41:51 C:\WINDOWS\0.log
          ----a-w 1,303 2008-04-10 20:00:16 C:\WINDOWS\BM2b3728a5.txt
          --s-a-w 2,048 2008-04-10 21:40:39 C:\WINDOWS\bootstat.dat
          -c--a-w 400 2008-03-19 00:04:27 C:\WINDOWS\cdplayer.ini
          ----a-w 417,835 2008-04-10 01:06:14 C:\WINDOWS\comsetup.log
          ----a-w 1,161,897 2008-04-10 01:06:14 C:\WINDOWS\FaxSetup.log
          ----a-w 1,402,528 2008-04-10 01:06:14 C:\WINDOWS\iis6.log
          ----a-w 1,374 2008-04-10 01:06:03 C:\WINDOWS\imsins.BAK
          ----a-w 1,374 2008-04-10 01:06:14 C:\WINDOWS\imsins.log
          ----a-w 460,210 2008-04-04 09:09:00 C:\WINDOWS\Jane's Hotel. Family Hero Setup Log.txt
          ----a-w 23,134 2008-04-10 01:05:07 C:\WINDOWS\KB941693.log
          ----a-w 23,540 2008-04-10 01:01:51 C:\WINDOWS\KB944338.log
          ----a-w 21,690 2008-04-10 01:01:34 C:\WINDOWS\KB945553.log
          ----a-w 31,416 2008-04-10 01:06:03 C:\WINDOWS\KB947864.log
          ----a-w 22,936 2008-04-10 01:04:40 C:\WINDOWS\KB948590.log
          ----a-w 17,828 2008-04-10 01:06:14 C:\WINDOWS\KB948881.log
          ----a-w 82,966 2008-04-10 01:06:14 C:\WINDOWS\MedCtrOC.log
          ----a-w 1,073,111,040 2008-04-07 14:13:36 C:\WINDOWS\MEMORY.DMP
          ----a-w 59,776 2008-04-10 01:06:14 C:\WINDOWS\msgsocm.log
          ----a-w 378,888 2008-04-10 01:06:13 C:\WINDOWS\msmqinst.log
          ----a-w 116 2008-04-04 03:46:55 C:\WINDOWS\NeroDigital.ini
          ----a-w 206,136 2008-04-10 01:06:14 C:\WINDOWS\netfxocm.log
          ----a-w 255,760 2008-04-10 01:06:14 C:\WINDOWS\ntdtcsetup.log
          ----a-w 594,236 2008-04-10 01:06:14 C:\WINDOWS\ocgen.log
          ----a-w 73,462 2008-04-10 01:06:14 C:\WINDOWS\ocmsn.log
          ----a-w 21 2008-04-10 20:00:15 C:\WINDOWS\pskt.ini
          ---ha-w 54,156 2008-03-22 13:21:46 C:\WINDOWS\QTFont.qfn
          ----a-w 32,572 2008-04-10 21:39:05 C:\WINDOWS\SchedLgU.Txt
          ----a-w 251,579 2008-04-04 08:28:13 C:\WINDOWS\setupact.log
          ----a-w 59,106 2008-04-10 01:06:14 C:\WINDOWS\tabletoc.log
          ----a-w 550,874 2008-04-10 01:06:14 C:\WINDOWS\tsoc.log
          ----a-w 1,688 2008-04-07 14:14:47 C:\WINDOWS\unins000.dat
          ----a-w 716,264 2008-04-07 14:14:37 C:\WINDOWS\unins000.exe
          -c--a-w 92,761 2008-04-10 01:05:39 C:\WINDOWS\updspapi.log
          ----a-w 159 2008-04-10 21:41:47 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-04-10 21:41:06 C:\WINDOWS\wiaservc.log
          ----a-w 1,894,784 2008-04-12 19:37:50 C:\WINDOWS\WindowsUpdate.log
          -c--a-w 73,456 2008-04-04 01:56:40 C:\WINDOWS\wmsetup.log

          Entries: 38 (36)
          Directories: 0 Files: 38
          Bytes: 1,082,079,362 Blocks: 2,113,454
          ======C:\WINDOWS\system32=====
          ----a-w 14 2008-04-10 10:12:09 C:\WINDOWS\System32\clkcnt.txt
          ----a-w 36,352 2008-04-09 21:50:52 C:\WINDOWS\System32\ddcYoPGX.dll
          -csh--r 88 2008-03-14 12:49:09 C:\WINDOWS\System32\E7627C6FE1.sys
          ----a-w 36,352 2008-04-09 21:50:17 C:\WINDOWS\System32\fccbYrop.dll
          ----a-w 134,072 2008-04-10 01:13:25 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 36,352 2008-04-09 18:45:19 C:\WINDOWS\System32\geBqpNeB.dll
          ----a-w 36,352 2008-04-09 18:46:30 C:\WINDOWS\System32\jkkICsqO.dll
          ----a-w 6,300 2008-04-01 13:46:19 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          -csha-w 3,766 2008-03-22 13:22:00 C:\WINDOWS\System32\KGyGaAvL.sys
          ----a-w 127 2008-04-10 01:04:06 C:\WINDOWS\System32\MRT.INI
          ----a-w 62,480 2008-03-31 00:46:56 C:\WINDOWS\System32\perfc009.dat
          ----a-w 81,380 2008-03-31 00:46:56 C:\WINDOWS\System32\perfc013.dat
          ----a-w 401,200 2008-03-31 00:46:56 C:\WINDOWS\System32\perfh009.dat
          ----a-w 465,926 2008-03-31 00:46:56 C:\WINDOWS\System32\perfh013.dat
          -c--a-w 1,022,422 2008-03-31 00:46:52 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 91,712 2008-04-10 07:00:12 C:\WINDOWS\System32\rrfbvxeq.dll
          ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
          ----a-w 2,206 2008-04-10 01:13:46 C:\WINDOWS\System32\wpa.dbl
          ----a-w 36,352 2008-04-09 18:42:03 C:\WINDOWS\System32\wvUkJyYS.dll

          Entries: 19 (17)
          Directories: 0 Files: 19
          Bytes: 4,298,829 Blocks: 8,405
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 0 2008-04-10 21:42:41 C:\WINDOWS\System32\drivers\lvuvc.hs

          Entries: 1 (1)
          Directories: 0 Files: 1
          Bytes: 0 Blocks: 0
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          --sha-w 1,073,074,176 2008-04-10 21:40:34 C:\hiberfil.sys
          --sha-w 1,610,612,736 2008-04-10 21:40:33 C:\pagefile.sys

          Entries: 2 (0)
          Directories: 0 Files: 2
          Bytes: 2,683,686,912 Blocks: 5,241,576
          ======C:\Documents and Settings\jolanda diaz\Application Data======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Temp======
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          ======C:\Documents and Settings\jolanda diaz======
          ---ha-w 8,912,896 2008-04-11 19:26:36 C:\Documents and Settings\jolanda diaz\NTUSER.DAT
          ---ha-w 32,768 2008-04-12 19:39:23 C:\Documents and Settings\jolanda diaz\ntuser.dat.LOG
          --sh--w 188 2008-04-10 21:38:54 C:\Documents and Settings\jolanda diaz\ntuser.ini

          Entries: 3 (0)
          Directories: 0 Files: 3
          Bytes: 8,945,852 Blocks: 17,473
          ======C:\WINDOWS\Downloaded Program Files====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\BM2b3728a5.txt
            C:\WINDOWS\pskt.ini
            C:\WINDOWS\System32\clkcnt.txt
            C:\WINDOWS\System32\ddcYoPGX.dll
            C:\WINDOWS\System32\fccbYrop.dll
            C:\WINDOWS\System32\geBqpNeB.dll
            C:\WINDOWS\System32\jkkICsqO.dll
            C:\WINDOWS\System32\rrfbvxeq.dll
            C:\WINDOWS\System32\wvUkJyYS.dll) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Deleting files
              C:\WINDOWS\BM2b3728a5.txt deleted
              C:\WINDOWS\pskt.ini deleted
              C:\WINDOWS\System32\clkcnt.txt deleted
              C:\WINDOWS\System32\ddcYoPGX.dll deleted
              C:\WINDOWS\System32\fccbYrop.dll deleted
              C:\WINDOWS\System32\geBqpNeB.dll deleted
              C:\WINDOWS\System32\jkkICsqO.dll deleted
              renamed to C:\WINDOWS\System32\rrfbvxeq.dllNUCIA
              C:\WINDOWS\System32\rrfbvxeq.dll deleted
              C:\WINDOWS\System32\wvUkJyYS.dll deleted


              ik zie allemaal deleted ik weet niet wat het inhoud

              Comment


              • #8
                hoi ik heb ook nog een probleem mijn startpagina word steeds vervangen door
                www.symantec.com/norton/security_response/fixhomepage.jsp ik heb vanalles geprobeerd om mijn startpagina terug te krijgen maar helaas ook via configuratiescherm internetoptie lukt mij niet misschien weet u hoe ik het wegkrijg of komt het ook door dat virus

                ik hoop niet dat ik te lastig bent

                groetjes yoli

                Comment


                • #9
                  Verwijder het volgende bestand:
                  C:\WINDOWS\System32\rrfbvxeq.dllNUCIA
                  hoi ik heb ook nog een probleem mijn startpagina word steeds vervangen door
                  http://www.symantec.com/norton/secur...ixhomepage.jsp ik heb vanalles geprobeerd om mijn startpagina terug te krijgen maar helaas ook via configuratiescherm internetoptie lukt mij niet misschien weet u hoe ik het wegkrijg
                  Misschien de startpaginabeveiliging van Norton:

                  Om de instellingen van startpagina te wijzigen ga je naar:
                  Norton Protection Center --> Browsen op het web --> Spyware Beveiliging --> Opties voor spyware configureren --> Beveiliging van startpagina (linkerkolom) --> Beveiliging van startpagina inschakelen (kun je aan- of uitvinken).

                  Post even een logje van Hijackthis ter controle
                  Groeten smeenk

                  Comment


                  • #10
                    hoe verwijderd ik dat bestand
                    C:\WINDOWS\System32\rrfbvxeq.dllNUCIA

                    groetjes yoli

                    Comment


                    • #11
                      startpagina heb ik eindelijk opgelost

                      bedankt daarvoor

                      Comment


                      • #12
                        Mooi dat het gelukt is

                        Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                        Post even een logje van Hijackthis ter controle

                        Comment


                        • #13
                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 10:50:27, on 14-4-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                          C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                          C:\Program Files\Norton AntiVirus\navapsvc.exe
                          C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
                          C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          C:\WINDOWS\system32\PSIService.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                          C:\Program Files\DAEMON Tools\daemon.exe
                          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                          C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
                          C:\WINDOWS\SOUNDMAN.EXE
                          C:\Program Files\QuickTime\qttask.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe
                          C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
                          C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
                          C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
                          C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
                          C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
                          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
                          C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
                          C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                          C:\Program Files\WinZip\WZQKPICK.EXE
                          C:\Program Files\Logitech\QuickCam10\COCIManager.exe
                          C:\WINDOWS\system32\wbem\wmiapsrv.exe
                          C:\Program Files\Azureus\Azureus.exe
                          C:\Program Files\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
                          R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
                          O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
                          O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
                          O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
                          O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
                          O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                          O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                          O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
                          O2 - BHO: {57fd6eba-742f-07ba-52b4-738d73e6c3dd} - {dd3c6e37-d837-4b25-ab70-f247abe6df75} - C:\WINDOWS\system32\rrfbvxeq.dll (file missing)
                          O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
                          O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
                          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                          O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
                          O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                          O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                          O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
                          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                          O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
                          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                          O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
                          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                          O4 - HKLM\..\Run: [CtrlMod20] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe -m 71 -p"E:"
                          O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
                          O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
                          O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
                          O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
                          O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
                          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                          O4 - HKLM\..\Run: [28041b39] rundll32.exe "C:\WINDOWS\system32\yubhcncn.dll",b
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
                          O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                          O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
                          O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
                          O4 - HKCU\..\Run: [busdriver_setup.exe] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\Rar$EX00.703\BUSDRI~1.EXE /r
                          O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
                          O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                          O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
                          O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
                          O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                          O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                          O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
                          O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
                          O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
                          O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://realmadrid77.spaces.live.com//PhotoUpload/MsnPUpld.cab
                          O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149365884321
                          O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                          O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
                          O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                          O20 - Winlogon Notify: wvUljIaB - wvUljIaB.dll (file missing)
                          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                          O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                          O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
                          O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                          O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
                          O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                          O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
                          O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                          O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                          O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                          --
                          End of file - 13153 bytes

                          Comment


                          • #14
                            Start Hijackthis en vink alleen de volgende regels aan:
                            O2 - BHO: {57fd6eba-742f-07ba-52b4-738d73e6c3dd} - {dd3c6e37-d837-4b25-ab70-f247abe6df75} - C:\WINDOWS\system32\rrfbvxeq.dll (file missing)
                            O4 - HKLM\..\Run: [CtrlMod20] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\ctrlAT20.exe -m 71 -p"E:"
                            O4 - HKLM\..\Run: [28041b39] rundll32.exe "C:\WINDOWS\system32\yubhcncn.dll",b
                            O4 - HKCU\..\Run: [busdriver_setup.exe] C:\DOCUME~1\JOLAND~1\LOCALS~1\Temp\Rar$EX00.703\BUSDRI~1.EXE /r
                            O20 - Winlogon Notify: wvUljIaB - wvUljIaB.dll (file missing)

                            Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                            Download ATF cleaner (mirror)(gemaakt door Atribune)

                            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                            Dubbelklik op ATF cleaner om het programma te starten.
                            Op het tabblad "Main", plaats je een vinkje bij Select All.
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook FireFox als browser hebt:
                            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook Opera als browser hebt:
                            Klik op tabblad "Opera", plaats een vinkje bij Select All.
                            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            Klik op de knop Empty Selected.
                            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                            Kijk hier hoe je je systeemherstel moet uitschakelen.
                            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                            Post dan nog maar even een logje van Hijackthis ter controle

                            Comment


                            • #15
                              Logfile of Trend Micro HijackThis v2.0.2
                              Scan saved at 13:05:06, on 14-4-2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                              Boot mode: Normal

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                              C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                              C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                              C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                              C:\Program Files\Norton AntiVirus\navapsvc.exe
                              C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
                              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                              C:\WINDOWS\system32\PSIService.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                              C:\Program Files\DAEMON Tools\daemon.exe
                              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                              C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
                              C:\WINDOWS\SOUNDMAN.EXE
                              C:\Program Files\QuickTime\qttask.exe
                              C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
                              C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
                              C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
                              C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
                              C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
                              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
                              C:\WINDOWS\system32\wuauclt.exe
                              C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
                              C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              C:\Program Files\WinZip\WZQKPICK.EXE
                              C:\WINDOWS\system32\wuauclt.exe
                              C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                              C:\Program Files\Logitech\QuickCam10\COCIManager.exe
                              C:\Program Files\Internet Explorer\IEXPLORE.EXE
                              C:\WINDOWS\system32\wbem\wmiapsrv.exe
                              C:\Program Files\Messenger\msmsgs.exe
                              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
                              R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
                              O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
                              O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
                              O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
                              O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
                              O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
                              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                              O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
                              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
                              O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
                              O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
                              O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
                              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
                              O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
                              O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
                              O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                              O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
                              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                              O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
                              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                              O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
                              O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
                              O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe
                              O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
                              O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
                              O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
                              O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
                              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
                              O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                              O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                              O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
                              O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
                              O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
                              O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
                              O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
                              O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
                              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                              O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                              O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                              O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
                              O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
                              O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
                              O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                              O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://realmadrid77.spaces.live.com//PhotoUpload/MsnPUpld.cab
                              O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149365884321
                              O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
                              O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - http://ak.imgag.com/imgag/cp/install/crusher-kiwen.cab
                              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                              O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                              O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                              O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                              O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
                              O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
                              O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
                              O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
                              O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
                              O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                              O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                              O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
                              O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
                              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                              O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                              O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                              --
                              End of file - 12624 bytes


                              zo ik was wel even zoet mee

                              hier mijn nieuwe logsfile

                              groetjes yoli

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X