Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Rare popups..

None
11 antwoorden
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:41:20 PM, on 6/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\WinSys.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {444FC7D1-8F08-4377-B39B-4D75AE0E9F70} - C:\WINDOWS\system32\geBRKccy.dll
    O2 - BHO: {cebe17ed-bbe8-b168-db34-a6663a0293f5} - {5f3920a3-666a-43bd-861b-8ebbde71ebec} - C:\WINDOWS\system32\uvlaqark.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: (no name) - {7EA61CF4-1F41-44FC-AC0E-5A9A4E52D87C} - C:\WINDOWS\system32\mlJDtrOg.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Remon\Desktop\muBlinder\muBlinder.exe -startup
    O4 - HKLM\..\Run: [BM97b6dd57] Rundll32.exe "C:\WINDOWS\system32\huyasqkr.dll",s
    O4 - HKLM\..\Run: [9485eecb] rundll32.exe "C:\WINDOWS\system32\krarnjro.dll",b
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: hemtwpug.dll
    O20 - Winlogon Notify: geBRKccy - C:\WINDOWS\SYSTEM32\geBRKccy.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe


    End of file - 8028 bytes

    ik krijg elke keer rare popup als ik IE opstart…
    Kan iemadn logje checken?

    Bedankt
  • Maar 1 ?

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:3faac6491a]
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {444FC7D1-8F08-4377-B39B-4D75AE0E9F70} - C:\WINDOWS\system32\geBRKccy.dll
    O2 - BHO: {cebe17ed-bbe8-b168-db34-a6663a0293f5} - {5f3920a3-666a-43bd-861b-8ebbde71ebec} - C:\WINDOWS\system32\uvlaqark.dll
    O2 - BHO: (no name) - {7EA61CF4-1F41-44FC-AC0E-5A9A4E52D87C} - C:\WINDOWS\system32\mlJDtrOg.dll
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Remon\Desktop\muBlinder\muBlinder.exe -startup
    O4 - HKLM\..\Run: [BM97b6dd57] Rundll32.exe "C:\WINDOWS\system32\huyasqkr.dll",s
    O4 - HKLM\..\Run: [9485eecb] rundll32.exe "C:\WINDOWS\system32\krarnjro.dll",b
    O20 - AppInit_DLLs: hemtwpug.dll
    O20 - Winlogon Notify: geBRKccy - C:\WINDOWS\SYSTEM32\geBRKccy.dll
    [/b:3faac6491a]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Download Malwarebytes' Anti-Malware via [b:3faac6491a]hier[/b:3faac6491a] of [b:3faac6491a]hier[/b:3faac6491a].

    Dubbelklik mbam-setup.exe om het programma te installeren.[list:3faac6491a]
    [*:3faac6491a]Zorg ervoor dat er een vinkje geplaatst is voor [b:3faac6491a]Update Malwarebytes' Anti-Malware[/b:3faac6491a] en [b:3faac6491a]Launch Malwarebytes' Anti-Malware[/b:3faac6491a], Klik daarna op "finish".
    [*:3faac6491a]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    [*:3faac6491a]Wanneer het programma volledig up to date is, selecteer "[b:3faac6491a]Perform Quick Scan[/b:3faac6491a]", daarna klik [b:3faac6491a]Scan[/b:3faac6491a].
    [*:3faac6491a]Het scannen kan een tijdje duren, dus wees geduldig.
    [*:3faac6491a]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    [*:3faac6491a]Zorg ervoor dat daar [b:3faac6491a]alles aangevinkt is[/b:3faac6491a], daarna klik: [b:3faac6491a]Remove Selected[/b:3faac6491a].
    [*:3faac6491a]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    [*:3faac6491a]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    [*:3faac6491a]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
    [/list:u:3faac6491a]
    Extra opmerking:
    [b:3faac6491a]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:3faac6491a]
    Herstart de computer en plaats ook een nieuw HJT logje
  • Mublinder heb ik er zelf op gezet.
    op tip van iemand.
    problemen mee dat ik die entry moet verwijderen?

    en wat is er precies aan de hand?
    ik bezit namenlijk ESET Smart Security.
    ik snap niet hoe k dan nog een virus kan oplopen :S
  • als muBlinder eigen keus is laat het dan maar staan.

    U heeft een dikke vundo infectie, geen enkele scanner is 100% :?

    ESET Smart Security. is prima maar U bent toch besmet.

    Voer de fix uit als U er van af wil, doet U het niet blijft U gewoon besmet ondanks ESET Smart Security.

    Zelfs met een goede scanner blijft het oppassen.
  • ik keek ff in mijn logs en vond deze info:

    6/26/2008 4:49:04 PM Real-time file system protection file C:\DOCUME~1\Remon\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\explorer.exe.
    6/25/2008 7:15:32 PM Real-time file system protection file C:\DOCUME~1\Remon\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\Remon\LOCALS~1\Temp\IXP000.TMP\is154233.exe.
    6/25/2008 7:12:01 PM Real-time file system protection file F:\cool stuff\John\john.exe Win32/HackTool.John trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
    6/22/2008 9:35:54 AM Real-time file system protection file C:\DOCUME~1\Remon\LOCALS~1\Temp\removalfile.bat Win32/Adware.Virtumonde application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\Remon\LOCALS~1\Temp\IXP000.TMP\is154233.exe.
    6/1/2008 5:17:57 AM Real-time file system protection file C:\Documents and Settings\Remon\My Documents\Downloads\3.WGA-Patcher Permanent Edition!\Windows XP Keygen.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\BitTorrent\bittorrent.exe.
    6/1/2008 1:28:46 AM Real-time file system protection file C:\Documents and Settings\Remon\My Documents\Downloads\Hackers Pack\Keyloggers\server.exe Win32/Spy.Fearless.20 trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\BitTorrent\bittorrent.exe.
    6/1/2008 1:28:33 AM Real-time file system protection file C:\Documents and Settings\Remon\My Documents\Downloads\Hackers Pack\Activation & Keys & Keygens\XP SP1 Keychanger SP2 Keygen and Product Key Viewer\MS Windows XP SP 2 And Office KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\BitTorrent\bittorrent.exe.
    6/1/2008 1:27:15 AM Real-time file system protection file C:\Documents and Settings\Remon\My Documents\Downloads\Hackers Pack\Activation & Keys & Keygens\MSKey4in1.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\BitTorrent\bittorrent.exe.
    6/1/2008 1:26:33 AM Real-time file system protection file C:\Documents and Settings\Remon\My Documents\Downloads\Hackers Pack\Activation & Keys & Keygens\SP2KEYGEN\KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\BitTorrent\bittorrent.exe.
    6/1/2008 1:25:04 AM Real-time file system protection file C:\Documents and Settings\Remon\My Documents\Downloads\Hackers Pack\Activation & Keys & Keygens\Windows Xp Sp2 Keygen with auto key changer\1) Windows XP SP2 Keygen\KeyGen.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Program Files\BitTorrent\bittorrent.exe.

    Ik had een Keygen binnengehaald voor Photoshop CS3…
    daar gaf ie een Trojan/Virtumonde.application aan…
    heb hem nu meteen verwijderd en Malwarebyte's Anti- Malware gedraaid.
    en in de eerste 4 seconden van de scan vond ie al 14 geinfecteerde objecten.

    en hier de MBAM log:

    Malwarebytes' Anti-Malware 1.18
    Database versie: 897

    12:28:00 PM 6/28/2008
    mbam-log-6-28-2008 (12-28-00).txt

    Scan type: Snelle Scan
    Objecten gescand: 44491
    Verstreken tijd: 6 minute(s), 51 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 3
    Registersleutels geïnfecteerd: 10
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 2
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 18

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\cnqqkxct.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\mlJDtrOg.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\geBRKccy.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69d2b112-b0bf-4d5e-8480-30d0b2cdf222} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{69d2b112-b0bf-4d5e-8480-30d0b2cdf222} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{444fc7d1-8f08-4377-b39b-4d75ae0e9f70} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{444fc7d1-8f08-4377-b39b-4d75ae0e9f70} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebrkccy (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM97b6dd57 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{444fc7d1-8f08-4377-b39b-4d75ae0e9f70} (Trojan.Vundo) -> Delete on reboot.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdtrog -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdtrog -> Delete on reboot.

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\cnqqkxct.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tcxkqqnc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\krarnjro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\orjnrark.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJDtrOg.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\gOrtDJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gOrtDJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\uypcnobh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hboncpyu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xtrrwobf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fbowrrtx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Remon\Local Settings\Temporary Internet Files\Content.IE5\N9SGEOTT\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Remon\Local Settings\Temporary Internet Files\Content.IE5\ZVWA0VFN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pyqsmggx.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\geBRKccy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccDWMFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  • Ja dat had ik al verwacht inderdaad, laat het nogmaals scannen en plaats de uitslag samen met een nieuw HJT logje.
  • [size=18:2ec0366742][b:2ec0366742]MBAM LOG[/b:2ec0366742][/size:2ec0366742]

    Malwarebytes' Anti-Malware 1.18
    Database versie: 897

    3:16:15 PM 6/28/2008
    mbam-log-6-28-2008 (15-16-15).txt

    Scan type: Snelle Scan
    Objecten gescand: 44532
    Verstreken tijd: 6 minute(s), 25 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 1
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\mlJDtrOg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gOrtDJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBRKccy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


    [size=18:2ec0366742][b:2ec0366742]HJT LOG[/b:2ec0366742][/size:2ec0366742]


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:18:30 PM, on 6/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\WinSys.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DNA\btdna.exe
    C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: {77b43c41-dad6-df38-00e4-2e097eae09b5} - {5b90eae7-90e2-4e00-83fd-6dad14c34b77} - C:\WINDOWS\system32\oyxsxs.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D22F130D-0CD5-497E-9E34-94148D9F9F59}: NameServer = 192.168.1.253
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F42CDCA9-6332-48CF-BD3D-C1379AFC639A}: NameServer = 192.168.1.254
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe


    End of file - 7562 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:1150711dd2]
    O2 - BHO: {77b43c41-dad6-df38-00e4-2e097eae09b5} - {5b90eae7-90e2-4e00-83fd-6dad14c34b77} - C:\WINDOWS\system32\oyxsxs.dll
    [/b:1150711dd2]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    plaats na opstarten een nieuw HJT logje aub.
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:29 AM, on 6/29/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\WinSys.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D22F130D-0CD5-497E-9E34-94148D9F9F59}: NameServer = 192.168.1.253
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F42CDCA9-6332-48CF-BD3D-C1379AFC639A}: NameServer = 192.168.1.254
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe


    End of file - 7197 bytes


    Alstu!
  • Masja dankie,

    Je logje is schoon, nog problemen ?
  • nee geen problemen meer!

    maar wel 1 ding: ik blijk zelf het virus toegang verschaft te hebben dmv het uit quarantaine te halen XD
    beetje dom….

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.