Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

msn virus

None
25 antwoorden
  • hoi wij hebben sinds kort een msn virus die berichten stuurt via onze msn,ik heb een hijack log gemaakt misschien kan iemand ons helpen alvast bedankt. En krijg ook meldingen van vundo virus trojaanhorse!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:02:36, on 26-1-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\fxstaller.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXRKCVm.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EA51F52-4B25-6572-C89F-092A170FDC8A} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AtHome033; SV1; SIMBAR Enabled; SIMBAR={F45BBE1D-351B-41cf-B7C7-FCF98D5B2F3C}; InfoPath.1)" -"http://www.freeonlinegames.com/nohotlinking/day_drive/day_drive.html"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?addc6c750e0644d88aaf8d7b2dbc53fe
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?addc6c750e0644d88aaf8d7b2dbc53fe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maria-1949.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197441583931
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O18 - Protocol: bw+0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: cbXRKCVm - C:\WINDOWS\SYSTEM32\cbXRKCVm.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)


    End of file - 24857 bytes



  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:089d15a071]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXRKCVm.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EA51F52-4B25-6572-C89F-092A170FDC8A} - (no file)
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O20 - Winlogon Notify: cbXRKCVm - C:\WINDOWS\SYSTEM32\cbXRKCVm.dll[/b:089d15a071]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:089d15a071]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkill /f /im fxinstaller.exe
    FOR %%g in (
    C:\WINDOWS\SYSTEM32\cbXRKCVm.dll
    C:\WINDOWS\fxstaller.exe) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:089d15a071]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.



    Download VundoFix[b:089d15a071] en sla het op je bureaublad op.
    Dubbelklik op [b:089d15a071]mbam-setup.exe[/b:089d15a071] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:089d15a071]
    [*:089d15a071]Update MalwareBytes' Anti-Malware
    [*:089d15a071]Start MalwareBytes' Anti-Malware
    [/list:u:089d15a071]Klik daarna op "[b:089d15a071]Voltooien[/b:089d15a071]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:089d15a071]
    [*:089d15a071]Zodra het programma gestart is, ga dan naar het tabblad "[b:089d15a071]Instellingen[/b:089d15a071]".
    [*:089d15a071]Vink hier aan: "[b:089d15a071]Sluit Internet Explorer tijdens verwijdering van malware[/b:089d15a071]".
    [*:089d15a071]Ga daarna naar het tabblad "[b:089d15a071]Scanner[/b:089d15a071]", kies hier voor "[b:089d15a071]Snelle Scan[/b:089d15a071]".
    [*:089d15a071]Druk vervolgens op "[b:089d15a071]Scannen[/b:089d15a071]" om de scan te starten.
    [*:089d15a071]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:089d15a071]Wanneer de scan voltooid is, klik op [b:089d15a071]OK[/b:089d15a071], daarna "[b:089d15a071]Bekijk Resultaten[/b:089d15a071]" om de resultaten te zien.
    [*:089d15a071]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:089d15a071]Verwijder geselecteerde[/b:089d15a071]".
    [*:089d15a071]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:089d15a071]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:089d15a071]Logs[/b:089d15a071]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis"> en plaats het op je bureaublad.
    Dubbelklik op VundoFix.exe om het programma te starten.
    Klik op de knop Scan for Vundo.
    Als de scan klaar is, klik je op de knop "Remove Vundo".
    Er wordt gevraagd of je de bestanden wil verwijderen. Klik op "YES".
    Nadat je dit gedaan hebt, zullen de icoontjes op je bureaublad verdwijnen.
    Je krijgt een melding dat de computer zal afsluiten. Klik op "OK".
    De computer wordt opnieuw gestart.
    Een overzicht van wat VundoFix heeft gevonden en verwijderd, kan je vinden in het bestand C:\vundofix.txt.
    Plaats de inhoud van dat bestand.


    Download [b:089d15a071] en sla het op je bureaublad op.
    Dubbelklik op [b:089d15a071]mbam-setup.exe[/b:089d15a071] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:089d15a071]
    [*:089d15a071]Update MalwareBytes' Anti-Malware
    [*:089d15a071]Start MalwareBytes' Anti-Malware
    [/list:u:089d15a071]Klik daarna op "[b:089d15a071]Voltooien[/b:089d15a071]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:089d15a071]
    [*:089d15a071]Zodra het programma gestart is, ga dan naar het tabblad "[b:089d15a071]Instellingen[/b:089d15a071]".
    [*:089d15a071]Vink hier aan: "[b:089d15a071]Sluit Internet Explorer tijdens verwijdering van malware[/b:089d15a071]".
    [*:089d15a071]Ga daarna naar het tabblad "[b:089d15a071]Scanner[/b:089d15a071]", kies hier voor "[b:089d15a071]Snelle Scan[/b:089d15a071]".
    [*:089d15a071]Druk vervolgens op "[b:089d15a071]Scannen[/b:089d15a071]" om de scan te starten.
    [*:089d15a071]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:089d15a071]Wanneer de scan voltooid is, klik op [b:089d15a071]OK[/b:089d15a071], daarna "[b:089d15a071]Bekijk Resultaten[/b:089d15a071]" om de resultaten te zien.
    [*:089d15a071]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:089d15a071]Verwijder geselecteerde[/b:089d15a071]".
    [*:089d15a071]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:089d15a071]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:089d15a071]Logs[/b:089d15a071]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:2625ca3274]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXRKCVm.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EA51F52-4B25-6572-C89F-092A170FDC8A} - (no file)
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
    O20 - Winlogon Notify: cbXRKCVm - C:\WINDOWS\SYSTEM32\cbXRKCVm.dll[/b:2625ca3274]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:2625ca3274]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    taskkill /f /im fxinstaller.exe
    FOR %%g in (
    C:\WINDOWS\SYSTEM32\cbXRKCVm.dll
    C:\WINDOWS\fxstaller.exe) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:2625ca3274]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.



    Download VundoFix en plaats het op je bureaublad.
    Dubbelklik op VundoFix.exe om het programma te starten.
    Klik op de knop Scan for Vundo.
    Als de scan klaar is, klik je op de knop "Remove Vundo".
    Er wordt gevraagd of je de bestanden wil verwijderen. Klik op "YES".
    Nadat je dit gedaan hebt, zullen de icoontjes op je bureaublad verdwijnen.
    Je krijgt een melding dat de computer zal afsluiten. Klik op "OK".
    De computer wordt opnieuw gestart.
    Een overzicht van wat VundoFix heeft gevonden en verwijderd, kan je vinden in het bestand C:\vundofix.txt.
    Plaats de inhoud van dat bestand.


    Download [b:2625ca3274] en sla het op je bureaublad op.
    Dubbelklik op [b:2625ca3274]mbam-setup.exe[/b:2625ca3274] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:2625ca3274]
    [*:2625ca3274]Update MalwareBytes' Anti-Malware
    [*:2625ca3274]Start MalwareBytes' Anti-Malware
    [/list:u:2625ca3274]Klik daarna op "[b:2625ca3274]Voltooien[/b:2625ca3274]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:2625ca3274]
    [*:2625ca3274]Zodra het programma gestart is, ga dan naar het tabblad "[b:2625ca3274]Instellingen[/b:2625ca3274]".
    [*:2625ca3274]Vink hier aan: "[b:2625ca3274]Sluit Internet Explorer tijdens verwijdering van malware[/b:2625ca3274]".
    [*:2625ca3274]Ga daarna naar het tabblad "[b:2625ca3274]Scanner[/b:2625ca3274]", kies hier voor "[b:2625ca3274]Snelle Scan[/b:2625ca3274]".
    [*:2625ca3274]Druk vervolgens op "[b:2625ca3274]Scannen[/b:2625ca3274]" om de scan te starten.
    [*:2625ca3274]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:2625ca3274]Wanneer de scan voltooid is, klik op [b:2625ca3274]OK[/b:2625ca3274], daarna "[b:2625ca3274]Bekijk Resultaten[/b:2625ca3274]" om de resultaten te zien.
    [*:2625ca3274]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:2625ca3274]Verwijder geselecteerde[/b:2625ca3274]".
    [*:2625ca3274]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:2625ca3274]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:2625ca3274]Logs[/b:2625ca3274]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • hier de logfiles van de programmas

    Deleting files
    C:\WINDOWS\SYSTEM32\cbXRKCVm.dll not deleted
    C:\WINDOWS\fxstaller.exe deleted


    VundoFix V7.0.6

    Scan started at 14:12:58 27-1-2009

    Listing files found while scanning….

    No infected files were found.


    Malwarebytes' Anti-Malware 1.33
    Database versie: 1698
    Windows 5.1.2600 Service Pack 2

    27-1-2009 14:50:04
    mbam-log-2009-01-27 (14-50-04).txt

    Scan type: Snelle Scan
    Objecten gescand: 53676
    Verstreken tijd: 9 minute(s), 42 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 3
    Registersleutels geïnfecteerd: 17
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 2
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 23

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\awttsQgh.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\cmmirloo.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\cbXRKCVm.dll (Trojan.Vundo) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxrkcvm (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dabfc9d2-2a2c-4ebb-831d-fb312a9e9754} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{dabfc9d2-2a2c-4ebb-831d-fb312a9e9754} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dabfc9d2-2a2c-4ebb-831d-fb312a9e9754} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{486e48b5-abf2-42bb-a327-2679df3fb822} (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT
    avihelper.navihelperobject.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT
    avipromo.egnaviscoring (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT
    avipromo.egnaviscoring.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\44b3e65d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awttsqgh -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awttsqgh -> Delete on reboot.

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\cbXRKCVm.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\awttsQgh.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\hgQsttwa.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\hgQsttwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cmmirloo.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\oolrimmc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtuuVPf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXRiifC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcYoMCS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBqRhEx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGayxVM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifgEuVl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJApOHX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvWnmkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUkKabb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyyvSIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yayxxxUL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Kuipers\Local Settings\Temp\IXP000.TMP\burz.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\pips.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\lnk_dados_2.dll (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mseggrpid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.





    bij hijackthis do a system scan only kon hij sommige bestanden niet vinden de 02 bestanden kon deze dus ook niet verwijderen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:59:03, on 27-1-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EA51F52-4B25-6572-C89F-092A170FDC8A} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A5187B17-4BF4-4D4A-9F63-359477E59AE2} - C:\WINDOWS\system32\awttsQgh.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; AtHome033; SV1; SIMBAR Enabled; SIMBAR={F45BBE1D-351B-41cf-B7C7-FCF98D5B2F3C}; InfoPath.1)" -"http://www.freeonlinegames.com/nohotlinking/day_drive/day_drive.html"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?addc6c750e0644d88aaf8d7b2dbc53fe
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?addc6c750e0644d88aaf8d7b2dbc53fe
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://maria-1949.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197441583931
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O18 - Protocol: bw+0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {171C5FA2-A112-4940-B2E8-630A97DFC836} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)


    End of file - 24282 bytes






  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:7f2e2986dd]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7EA51F52-4B25-6572-C89F-092A170FDC8A} - (no file)
    O2 - BHO: (no name) - {A5187B17-4BF4-4D4A-9F63-359477E59AE2} - C:\WINDOWS\system32\awttsQgh.dll (file missing)[/b:7f2e2986dd]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.


    [b:7f2e2986dd]C:\WINDOWS\system32\awttsQgh.dll[/b:7f2e2986dd]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.


    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    [b:7f2e2986dd]
  • Hallo allemaal,
    ik ben gisteren met een pc van de buurtjes bezig geweest helaas zelfde probleem leuke foto's haha, msn werkte niet meer en er werd een fake explorer geopend, internet werkte totaal niet meer.(indruk dat het wel werkte)

    mijn oplossing een bootcd met hulpprogramma's incl virus prg, daarvan op laten starten alle virussen en spywares verwijderd( totaal 130 stuks ) maar het systeem werkt nu weer prima en geen enge linken meer doorgestuurd, 1 probleem de mensen in haar msn sturen nu ontwetend haar die link elke 5 min staat er weer 1

    eventuele vragen kunnen ook via private message gesteld worden
  • Deze hulp lijkt mij onnodig.
    Deze mensen worden al geholpen en niet alles wat bij jou helpt helpt ook bij anderen.
    Er zijn héél veel verschillende virussen die via msn worden verspreid.
  • [quote:c826bf82b0="Othuroyo"]Deze hulp lijkt mij onnodig.
    Deze mensen worden al geholpen en niet alles wat bij jou helpt helpt ook bij anderen.
    Er zijn héél veel verschillende virussen die via msn worden verspreid.[/quote:c826bf82b0]

    HaHA probeer jij deze bovenstaande manier even uit te leggen aan pure gebruikers!
    werkt niet he! die mensen zien alleen maar letters en cijfers. en hebben het verhaal computer gehad.
    Dus vandaar mijn tip!!!!!
    zelfs een kind kan dat volgen
  • Beste Ilona,

    Dat jij van die "Letters en Cijfers" niks snapt getuigt al van jouw onkunde.
    Ze "zien" letters en cijfers maar die hoeven ze zelf niet te snappen.
    Ik typ de instructies duidelijk waardoor iedereen het kan volgen en iedereen op dit forum word van zijn probleem verholpen.

    Lees maar wat oude topics, je zult zien dat de mensen het juist fijn vinden dat ze zelf niet alles zelfstandig moeten doen(op jouw manier) maar dat ze slechts de instructies hier hoeven te lezen.

    Het zou erg fijn zijn als jij ophoepelt van dit forum.
  • Nee ophoepelen doe ik niet, probeer het juist makkelijker te maken voor de mensen, maar ach als jj ze in het register laat klooien mij best.
    de groeten gun ik je niet
  • Geef een voorbeeld waar ik ze in het register laat "klooien".
  • Ik probeer juist op een simpele manier mensen een tip te geven, en jij doet niet meer als mij afblaffen, zie ik het nut niet zo van in.
    Is toch simpel start je pc van een utilitie bootble disk en draai een spy en virus prg verwijder alles wat ie vind, en weg probleem hi5 that's all :oops:
    dat is toch een veel simpeler manier voor de mensen zonder kennis? en ach ben al een jaartje of 20 met die dingen bezig dus mag wel zeggen dat ik geen beginneling ben! :D
  • Misschien ben je al 20 jaar met computer gerelateerde dingen bezig maar zeker weten niet in het malware gedeelte.
    Anders zou je echt niet zo praten.
    Er staat al een heel stappenplan op dit forum, en de mensen moeten die eerst volgen voor ze een log plaatsen.
    De manier die jij opnoemt heeft toevallig bij jou gewerkt maar het is niet "De" oplossing.

    Nu even de moeilijkheidsgraad vergelijken.
    Je moet zo'n disk downloaden.
    Daarna branden op de [b:8695163922]goede[/b:8695163922] manier.
    Vervolgens moet je instellen in je bios dat die vanaf een cd boot.
    Daarna kan je vanaf een cd booten en dan komen de beginnelingen in een compleet nieuw menu, dan is het maar uitzoeken wat te doen.
    Zelf denk ik echter dat een beginneling al veel eerder vast loopt.

    Zelfs [b:8695163922]als[/b:8695163922], er al heel toevallig zo'n cd ligt en áls de pc al bootable is en áls er toevallig een instructieboekje naast ligt dan is het nog steeds "even" makkelijk als de kant en klare instructies die hier worden gegeven.


    In 99.99% van de gevallen zijn al die alsen en echter niet, waardoor de manier van logjes laten beoordelen veel makkelijker is.
  • @ ilona: leuk voor jou dat het gewerkt heeft bij de buurtjes, maar er zijn, zoals Othuroyo ook al zegt, erg veel verschillende virussen die, op het oog, het zelfde lijken te zijn, maar dat technisch dus zeer zeker niet zijn.
    deze hebben allemaal een andere manier van verwijderen, de een is hardnekkiger dan de andere, waarbij een bootcd ook niet altijd wil helpen.
    Sowieso of een bootcd makkelijker is betwijfel ik. Hoe update je die virusscanner van de bootcd over een draadloos netwerk ?

    Ik vind het niet netjes zoals jij Othuroyo afblaft. Hij heeft kennis van zaken en begeleid mensen zeer netjes door het proces heen om virussen en spyware van hen PC te verwijderen. Als ik het zo mag zeggen: Hij is een aanwinst voor ons forum !
  • Erg bedankt voor jouw steun en complimenten The game Men :)
  • hier de logjes even weer


    Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 28-1-2009 13:58:27 log van Kuipers , Beheerder van deze computer
    Platform: Windows XP Prof SP2 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\WINDOWS\tasks\A6F8894592973A29.job
    C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    WgaLogon WgaLogon.dll
    Settings
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    C:\WINDOWS\system32\awttsQgh.dll
    EINDE Inhoud van Input.txt———————————————————–

    53 C:\WINDOWS\system32\awttsQgh.dll
    EINDE Inhoud van Input.txt———————————————————–


    ;2755679-648-5489711-23320=VNVD06G4D07SXL58

    ;EINDE GV_Killer ———————————————————————



    ComboFix 09-01-21.04 - Kuipers 2009-01-28 14:05:18.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.511.235 [GMT 1:00]
    Running from: c:\documents and settings\Kuipers\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Kuipers\Cookies\hpothb07.dat
    c:\documents and settings\Kuipers\Cookies\hpothb07.tif
    c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
    c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
    c:\windows\IE4 Error Log.txt

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
    .

    2009-01-28 13:57 . 2009-01-28 13:58 <DIR> d——– c:\program files\GV_Killer
    2009-01-28 13:57 . 2001-09-07 11:00 59,904 –a—— c:\windows\system32\wbemdisp.tlb
    2009-01-28 13:55 . 2009-01-28 13:56 <DIR> d——– c:\program files\gv killer
    2009-01-27 14:38 . 2009-01-27 14:38 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-27 14:38 . 2009-01-27 14:38 <DIR> d——– c:\documents and settings\Kuipers\Application Data\Malwarebytes
    2009-01-27 14:38 . 2009-01-27 14:38 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-27 14:38 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-27 14:38 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-27 14:12 . 2009-01-27 14:12 <DIR> d——– C:\VundoFix Backups
    2009-01-26 10:02 . 2009-01-26 10:02 <DIR> d——– c:\program files\Trend Micro
    2009-01-26 07:14 . 2009-01-28 13:38 <DIR> dr-h—– c:\documents and settings\Kuipers\Onlangs geopend
    2009-01-26 06:51 . 2009-01-26 09:28 22,066 –a—— C:\pps.exe
    2009-01-25 21:42 . 2009-01-25 21:42 33,365 –a—— C:\ddi.exe
    2009-01-25 20:56 . 2009-01-25 20:56 33,365 –a—— C:\roshs.exe
    2009-01-25 16:57 . 2009-01-25 16:57 289 –a—— C:
    ana.exe
    2009-01-23 23:18 . 2009-01-28 14:05 <DIR> dr-hs—- C:\RESTORE
    2009-01-15 19:25 . 2009-01-15 19:25 <DIR> d——– c:\program files\SweetIM
    2009-01-15 19:25 . 2009-01-15 19:26 <DIR> d——– c:\documents and settings\All Users\Application Data\SweetIM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-25 06:44 ——— d—–w c:\program files\Spybot - Search & Destroy
    2008-12-24 12:10 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-24 10:56 ——— d—–w c:\program files\WarnCorn
    2008-12-24 10:56 ——— d—–w c:\program files\vgadalesoft
    2008-12-24 10:56 ——— d—–w c:\program files\Messenger Plus! Live
    2008-12-24 10:56 ——— d—–w c:\documents and settings\Kuipers\Application Data\vgadalesoft
    2008-12-23 20:23 ——— d—–w c:\program files\MSN Messenger
    2008-12-23 06:20 ——— d—–w c:\program files\MSECache
    2008-12-07 15:23 ——— d—–w c:\program files\TNT Post Fotoservice
    2008-12-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\TNT Post Fotoservice
    2008-12-01 12:54 97,928 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2008-12-01 12:54 ——— d—–w c:\program files\AVG
    2008-12-01 12:54 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
    2008-10-23 10:13 2,416,301 —-a-w c:\program files\SetupFTD3.8.4.zip
    2008-10-12 16:48 2,459,395 —-a-w c:\program files\SetupFTD3.8.4.exe
    2008-09-17 18:39 0 -c-h–w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
    2008-07-23 07:36 20 —h–w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
    2007-12-23 07:20 1,472 —-a-w c:\documents and settings\Kuipers\Emails.dat
    2007-12-13 06:25 10 —-a-w c:\documents and settings\Kuipers\user.dat
    2006-04-26 10:50 774,144 —-a-w c:\program files\RngInterstitial.dll
    2004-04-07 19:41 0 -c-ha-w c:\documents and settings\NetworkService\hpothb07.dat
    2004-04-07 19:41 0 -c-ha-w c:\documents and settings\LocalService\hpothb07.dat
    2004-04-07 19:41 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat
    2004-03-12 20:30 175 -c-ha-w c:\documents and settings\Kuipers\Application Data\hpothb07.dat
    2004-02-09 20:44 0 -c-ha-w c:\documents and settings\All Users\Application Data\hpothb07.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-10-08 12:22 1172792 –a—— c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-10-23 36864]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" [2008-08-06 447928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-09-09 263824]
    "Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-05-03 78848]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-10-23 196608]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-01 97928]
    R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 231704]
    S3 Ntfadnu;Ntfadnu; [x]
    S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2003-05-07 27519]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-28 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-msnmsgr - ~c:\program files\MSN Messenger\msnmsgr.exe
    MSConfigStartUp-Admilli Service - c:\program files\Admilli Service\AdmilliServ.exe
    MSConfigStartUp-SAHBundle - c:\docume~1\Kuipers\LOCALS~1\Temp\bundle.exe
    MSConfigStartUp-salm - c:\temp\salm.exe
    MSConfigStartUp-Snelkiezer - c:\windows\Snelkiezer.exe
    MSConfigStartUp-Instant Access - EGDHTML_1027.dll
    MSConfigStartUp-MC - EGDHTML_1027.dll


    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxy:8080
    uInternet Settings,ProxyOverride = ;*.local;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Openen in een nieuwe achtergrondtab - c:\program files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?addc6c750e0644d88aaf8d7b2dbc53fe
    IE: Openen in een nieuwe voorgrondtab - c:\program files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?addc6c750e0644d88aaf8d7b2dbc53fe
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-28 14:12:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ———————— Other Running Processes ————————
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
    c:\windows\system32
    vsvc32.exe
    c:\program files\AVG\AVG8\avgtray.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-28 14:19:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-28 13:19:00

    Pre-Run: 25.364.619.264 bytes beschikbaar
    Post-Run: 25,312,911,360 bytes beschikbaar

    193




  • Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:e9d8e9483a]C:\didi.exe[/b:e9d8e9483a]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie


    Doe dit ook met dit bestand: [b:e9d8e9483a]C:
    ana.exe[/b:e9d8e9483a]


    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.


  • [quote:b17185eddc]en ach ben al een jaartje of 20 met die dingen bezig dus mag wel zeggen dat ik geen beginneling ben[/quote:b17185eddc] Ben toch benieuwd wat dat dan voor een pc geweest is. Voorloper van de commodore ?
  • hoi ben ik weer hier weer de uitslagen,

    C:\didi.exe 0 bytes size received / Se ha recibido un archivo vacio
    C:
    ana.exe 0 bytes size received / Se ha recibido un archivo vacio




    ComboFix 09-01-21.04 - Kuipers 2009-01-29 18:31:58.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.511.265 [GMT 1:00]
    Running from: c:\documents and settings\Kuipers\Bureaublad\ComboFix.exe
    Command switches used :: c:\documents and settings\Kuipers\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    c:\documents and settings\All Users\Application Data\hpothb07.dat
    c:\documents and settings\Default User\hpothb07.dat
    c:\documents and settings\Kuipers\Application Data\hpothb07.dat
    c:\documents and settings\LocalService\hpothb07.dat
    c:\documents and settings\NetworkService\hpothb07.dat
    C:\pps.exe
    C:\roshs.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\hpothb07.dat
    c:\documents and settings\Default User\hpothb07.dat
    c:\documents and settings\Kuipers\Application Data\hpothb07.dat
    c:\documents and settings\LocalService\hpothb07.dat
    c:\documents and settings\NetworkService\hpothb07.dat
    C:\pps.exe
    c:\program files\SweetIM
    c:\program files\SweetIM\Messenger\default.xml
    c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
    c:\program files\SweetIM\Messenger\mgAIMAuto.dll
    c:\program files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
    c:\program files\SweetIM\Messenger\mgArchive.dll
    c:\program files\SweetIM\Messenger\mgcommon.dll
    c:\program files\SweetIM\Messenger\mgcommunication.dll
    c:\program files\SweetIM\Messenger\mgconfig.dll
    c:\program files\SweetIM\Messenger\mgFlashPlayer.dll
    c:\program files\SweetIM\Messenger\mghooking.dll
    c:\program files\SweetIM\Messenger\mgICQAuto.dll
    c:\program files\SweetIM\Messenger\mgICQMessengerAdapter.dll
    c:\program files\SweetIM\Messenger\mgIEPlayer.dll
    c:\program files\SweetIM\Messenger\mglogger.dll
    c:\program files\SweetIM\Messenger\mgMediaPlayer.dll
    c:\program files\SweetIM\Messenger\mgMsnAuto.dll
    c:\program files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
    c:\program files\SweetIM\Messenger\mgsimcommon.dll
    c:\program files\SweetIM\Messenger\mgSweetIM.dll
    c:\program files\SweetIM\Messenger\mgUpdateSupport.dll
    c:\program files\SweetIM\Messenger\mgxml_wrapper.dll
    c:\program files\SweetIM\Messenger\mgYahooAuto.dll
    c:\program files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
    c:\program files\SweetIM\Messenger\msvcp71.dll
    c:\program files\SweetIM\Messenger\msvcr71.dll
    c:\program files\SweetIM\Messenger\resources\images\AudibleButton.png
    c:\program files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
    c:\program files\SweetIM\Messenger\resources\images\EmoticonButton.png
    c:\program files\SweetIM\Messenger\resources\images\NudgeButton.png
    c:\program files\SweetIM\Messenger\resources\images\SoundFxButton.png
    c:\program files\SweetIM\Messenger\resources\images\WinksButton.png
    c:\program files\SweetIM\Messenger\SweetIM.exe
    c:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
    c:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
    c:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Bookmarks_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Email_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Games_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Greetingcards_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Logo.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Mobile_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Music_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\News_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\Shoping_23x18.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetimicons.bmp
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
    c:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
    C:\roshs.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
    .

    2009-01-29 18:29 . 2009-01-29 18:30 <DIR> d——– C:\32788R22FWJFW
    2009-01-28 13:57 . 2009-01-28 13:58 <DIR> d——– c:\program files\GV_Killer
    2009-01-28 13:57 . 2001-09-07 11:00 59,904 –a—— c:\windows\system32\wbemdisp.tlb
    2009-01-28 13:55 . 2009-01-28 13:56 <DIR> d——– c:\program files\gv killer
    2009-01-27 14:38 . 2009-01-27 14:38 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-27 14:38 . 2009-01-27 14:38 <DIR> d——– c:\documents and settings\Kuipers\Application Data\Malwarebytes
    2009-01-27 14:38 . 2009-01-27 14:38 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-27 14:38 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-27 14:38 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-27 14:12 . 2009-01-27 14:12 <DIR> d——– C:\VundoFix Backups
    2009-01-26 10:02 . 2009-01-26 10:02 <DIR> d——– c:\program files\Trend Micro
    2009-01-26 07:14 . 2009-01-29 18:29 <DIR> dr-h—– c:\documents and settings\Kuipers\Onlangs geopend
    2009-01-25 21:42 . 2009-01-25 21:42 33,365 –a—— C:\ddi.exe
    2009-01-25 16:57 . 2009-01-25 16:57 289 –a—— C:
    ana.exe
    2009-01-23 23:18 . 2009-01-28 14:05 <DIR> dr-hs—- C:\RESTORE
    2009-01-15 19:25 . 2009-01-15 19:26 <DIR> d——– c:\documents and settings\All Users\Application Data\SweetIM

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-25 06:44 ——— d—–w c:\program files\Spybot - Search & Destroy
    2008-12-24 12:10 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-24 10:56 ——— d—–w c:\program files\WarnCorn
    2008-12-24 10:56 ——— d—–w c:\program files\vgadalesoft
    2008-12-24 10:56 ——— d—–w c:\program files\Messenger Plus! Live
    2008-12-24 10:56 ——— d—–w c:\documents and settings\Kuipers\Application Data\vgadalesoft
    2008-12-23 20:23 ——— d—–w c:\program files\MSN Messenger
    2008-12-23 06:20 ——— d—–w c:\program files\MSECache
    2008-12-07 15:23 ——— d—–w c:\program files\TNT Post Fotoservice
    2008-12-07 15:22 ——— d—–w c:\documents and settings\All Users\Application Data\TNT Post Fotoservice
    2008-12-01 12:54 97,928 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2008-12-01 12:54 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2008-12-01 12:54 ——— d—–w c:\program files\AVG
    2008-12-01 12:54 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
    2008-10-23 10:13 2,416,301 —-a-w c:\program files\SetupFTD3.8.4.zip
    2008-10-12 16:48 2,459,395 —-a-w c:\program files\SetupFTD3.8.4.exe
    2008-09-17 18:39 0 -c-h–w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
    2008-07-23 07:36 20 —h–w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
    2007-12-23 07:20 1,472 —-a-w c:\documents and settings\Kuipers\Emails.dat
    2007-12-13 06:25 10 —-a-w c:\documents and settings\Kuipers\user.dat
    2006-04-26 10:50 774,144 —-a-w c:\program files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-28_14.17.19.21 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-27 13:57:41 40,972 —-a-w c:\windows\system32\perfc009.dat
    + 2009-01-28 13:38:45 40,972 —-a-w c:\windows\system32\perfc009.dat
    - 2009-01-27 13:57:41 54,698 —-a-w c:\windows\system32\perfc013.dat
    + 2009-01-28 13:38:45 54,698 —-a-w c:\windows\system32\perfc013.dat
    - 2009-01-27 13:57:41 314,644 —-a-w c:\windows\system32\perfh009.dat
    + 2009-01-28 13:38:45 314,644 —-a-w c:\windows\system32\perfh009.dat
    - 2009-01-27 13:57:41 367,600 —-a-w c:\windows\system32\perfh013.dat
    + 2009-01-28 13:38:45 367,600 —-a-w c:\windows\system32\perfh013.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-10-23 36864]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
    "msnmsgr"="~c:\program files\MSN Messenger\msnmsgr.exe" [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" [2008-08-06 447928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2005-09-09 263824]
    "Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SRUUninstall"="c:\windows\System32\msiexec.exe" [2005-05-03 78848]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-10-23 196608]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-01 97928]
    R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-01 231704]
    S3 Ntfadnu;Ntfadnu; [x]
    S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [2003-05-07 27519]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-29 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe


    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mSearch Bar =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = proxy:8080
    uInternet Settings,ProxyOverride = ;*.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Openen in een nieuwe achtergrondtab - c:\program files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/229?addc6c750e0644d88aaf8d7b2dbc53fe
    IE: Openen in een nieuwe voorgrondtab - c:\program files\Windows Live Toolbar\Components
    l-nl\msntabres.dll.mui/230?addc6c750e0644d88aaf8d7b2dbc53fe
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-29 18:36:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = ~"c:\program files\MSN Messenger\msnmsgr.exe" /background?

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-01-29 18:39:27
    ComboFix-quarantined-files.txt 2009-01-29 17:38:53
    ComboFix2.txt 2009-01-28 13:19:26

    Pre-Run: 25.067.360.256 bytes beschikbaar
    Post-Run: 25,050,230,784 bytes beschikbaar

    235



  • Zou je dat met VirusTotal nog eens willen proberen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.