Vraag & Antwoord

Beveiliging & privacy

hulp gevraagd met laptop

Anoniem
None
9 antwoorden
  • sinds een tijdje start mijn laptop zeer traag op (is een acer, de besturingssoftware komt er pas na een goed kwartier laden), hapert constant. Ook waren er constant popups, maar denk dat ik dit gisteren al heb kunnen verhelpen met adaware en spyware doctor. Beveiliging gebeurde tot voor kort met norton, maar die heb ik verwijderd omdat die toch meer doorliet dan tegenhield. In de plaats heb ik bitdefender 9 professional plus geïnstalleerd.

    bitdefender log:

    //—————————————————————–
    //
    // Product: BitDefender 9 Professional Plus
    // Version: 9.5
    //
    // Gemaakt op: 28/06/2007 10:18:13
    //
    //—————————————————————–


    Statistieken

    Pad scannen : C:\
    D:\
    Mappen : 5102
    Bestanden : 297553
    Archieven : 7385
    Ingepakte bestanden : 18962
    Geïdentificeerde virussen : 12
    Geïnfecteerde bestanden : 48
    Waarschuwingen : 0
    Verdachte bestanden : 0
    Gedesinfecteerde bestanden : 0
    Verwijderde bestanden : 0
    Gekopieerde bestanden : 0
    Verplaatste bestanden : 35
    Hernoemde bestanden : 0
    I/O-fouten : 32
    Scantijd : 00:35:41
    Scansnelheid (bestanden/sec) : 138

    Spyware-statistieken

    Geheugenprocessen gescand : 67
    Geheugenprocessen geïnfecteerd : 1
    Registersleutels gescand : 1857
    Registersleutels geïnfecteerd : 3
    Cookies gescand : 28
    Cookies geïnfecteerd : 0
    Spyware-bestanden geïnfecteerd : 2
    Spyware-bedreigingen gedetecteerd : 1


    Virusdefinities : 646938
    Plug-ins voor scannen : 16
    Plug-ins voor archieven : 41
    Plug-ins uitpakken : 6
    Plug-ins verzenden : 6
    Systeemplug-ins : 5

    Scanopties

    Detectie
    [X] Opstartsectoren scannen
    [X] Archieven scannen
    [X] Ingepakte bestanden scannen
    [X] E-mail scannen

    Bestandsmasker
    [ ] Programma's
    [X] Alle bestanden
    [ ] Door de gebruiker gedefinieerde extensies:
    [ ] Extensies uitsluiten: ;

    Actie

    Geïnfecteerde objecten
    [ ] Negeren
    [X] Desinfecteren
    [ ] Verwijderen
    [ ] Kopiëren naar quarantaine
    [ ] Verplaatsen naar quarantaine
    [ ] Naam wijzigen
    [ ] Gebruiker vragen

    Tweede actie
    [ ] Negeren
    [ ] Verwijderen
    [ ] Kopiëren naar quarantaine
    [X] Verplaatsen naar quarantaine
    [ ] Naam wijzigen
    [ ] Gebruiker vragen

    Scanopties
    [X] Waarschuwingen inschakelen
    [X] Heuristiek inschakelen
    [ ] Alle bestanden in het logboek weergeven
    [X] Rapportbestand: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1183018692.log

    Spyware-scanopties

    [X] Geheugenprocessen
    [X] Registersleutels
    [X] Cookies


    Samenvatting:

    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Gevonden Trojan.Fotomoto.A
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Desinfecteren mislukt
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Verplaatsen mislukt
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Gevonden Trojan.Fotomoto.A
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Desinfecteren mislukt
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Verplaatsen mislukt
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Gevonden Trojan.Fotomoto.A
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Desinfecteren mislukt
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\VRPPNVWQ.EXE Verplaatsen mislukt
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (memory dump) Gevonden Trojan.Fotomoto.A
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (memory dump) Desinfecteren mislukt
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (memory dump) Verplaatsen mislukt
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (disk) Geïnfecteerd Trojan.Fotomoto.A
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (disk) Desinfecteren mislukt
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (disk) Verplaatsen mislukt
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (full dump) Geïnfecteerd Trojan.Fotomoto.A
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (full dump) Desinfecteren mislukt
    <System>=>C:\WINDOWS\system32\vrppnvwq.exe (full dump) Verplaatsen mislukt
    C:\WINDOWS\system32\vrppnvwq.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\WINDOWS\system32\vrppnvwq.exe Desinfecteren mislukt
    C:\WINDOWS\system32\vrppnvwq.exe Verplaatst
    C:\WINDOWS\system32\xompintv.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\WINDOWS\system32\xompintv.exe Desinfecteren mislukt
    C:\WINDOWS\system32\xompintv.exe Verplaatst
    C:\WINDOWS\system32\ynyqfpoi.exe Geïnfecteerd Trojan.LowZones.SA
    C:\WINDOWS\system32\ynyqfpoi.exe Desinfecteren mislukt
    C:\WINDOWS\system32\ynyqfpoi.exe Verplaatst
    C:\WINDOWS\system32\yhuqmxlb.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\WINDOWS\system32\yhuqmxlb.exe Desinfecteren mislukt
    C:\WINDOWS\system32\yhuqmxlb.exe Verplaatst
    C:\WINDOWS\system32\tcvldnel.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\WINDOWS\system32\tcvldnel.exe Desinfecteren mislukt
    C:\WINDOWS\system32\tcvldnel.exe Verplaatst
    C:\WINDOWS\system32\vxwbsofq.exe Geïnfecteerd Trojan.LowZones.SA
    C:\WINDOWS\system32\vxwbsofq.exe Desinfecteren mislukt
    C:\WINDOWS\system32\vxwbsofq.exe Verplaatst
    C:\WINDOWS\system32\nkxoannm.exe Geïnfecteerd Trojan.Clicker.Agent.NP
    C:\WINDOWS\system32\nkxoannm.exe Desinfecteren mislukt
    C:\WINDOWS\system32\nkxoannm.exe Verplaatst
    C:\WINDOWS\system32\pdjhvlor.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\WINDOWS\system32\pdjhvlor.exe Desinfecteren mislukt
    C:\WINDOWS\system32\pdjhvlor.exe Verplaatst
    C:\WINDOWS\system32\aafpmjvg.exe Geïnfecteerd Trojan.LowZones.SA
    C:\WINDOWS\system32\aafpmjvg.exe Desinfecteren mislukt
    C:\WINDOWS\system32\aafpmjvg.exe Verplaatst
    C:\WINDOWS\Temp\PK7EA.tmp Geïnfecteerd Trojan.Downloader.AQG
    C:\WINDOWS\Temp\PK7EA.tmp Desinfecteren mislukt
    C:\WINDOWS\Temp\PK7EA.tmp Verplaatst
    C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002 Geïnfecteerd Trojan.Popwin.BK
    C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002 Desinfecteren mislukt
    C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002 Verplaatsen mislukt
    C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0004 Gevonden Adware.Softomate.BG
    C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0004 Desinfecteren mislukt
    C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0004 Verplaatsen mislukt
    C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002 Geïnfecteerd Rootkit.Agent.EV
    C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002 Desinfecteren mislukt
    C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002 Verplaatsen mislukt
    C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0004 Gevonden Adware.Softomate.BG
    C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0004 Desinfecteren mislukt
    C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0004 Verplaatsen mislukt
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\adfcook[1] Geïnfecteerd Trojan.Clicker.Agent.NP
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\adfcook[1] Desinfecteren mislukt
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\adfcook[1] Verplaatst
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\tob_snd_20070616[1] Geïnfecteerd Trojan.Fotomoto.A
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\tob_snd_20070616[1] Desinfecteren mislukt
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\tob_snd_20070616[1] Verplaatst
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\WinAntiVirusPro2006FreeInstall_nl[1].cab=>UWA6PM_0001_N91M2107NetInstaller.exe Geïnfecteerd Trojan.Downloader.AQG
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\WinAntiVirusPro2006FreeInstall_nl[1].cab=>UWA6PM_0001_N91M2107NetInstaller.exe Desinfecteren mislukt
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\45UVKLAB\WinAntiVirusPro2006FreeInstall_nl[1].cab=>UWA6PM_0001_N91M2107NetInstaller.exe Verplaatsen mislukt
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\RFDR2LVV\koocwolla_20070601[1] Geïnfecteerd Trojan.LowZones.SA
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\RFDR2LVV\koocwolla_20070601[1] Desinfecteren mislukt
    C:\Documents and Settings\Hans\Local Settings\Temporary Internet Files\Content.IE5\RFDR2LVV\koocwolla_20070601[1] Verplaatst
    C:\Documents and Settings\Admin\Local Settings\Temp\second.exe Geïnfecteerd Trojan.Downloader.JISG
    C:\Documents and Settings\Admin\Local Settings\Temp\second.exe Desinfecteren mislukt
    C:\Documents and Settings\Admin\Local Settings\Temp\second.exe Verplaatst
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RMYWH1XE\adfcook[1] Geïnfecteerd Trojan.Clicker.Agent.NP
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RMYWH1XE\adfcook[1] Desinfecteren mislukt
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RMYWH1XE\adfcook[1] Verplaatst
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PPM8RCA\koocwolla_20070601[1] Geïnfecteerd Trojan.LowZones.SA
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PPM8RCA\koocwolla_20070601[1] Desinfecteren mislukt
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0PPM8RCA\koocwolla_20070601[1] Verplaatst
    C:\Program Files\WinPop\winpop.exe Geïnfecteerd Trojan.Popwin.BK
    C:\Program Files\WinPop\winpop.exe Desinfecteren mislukt
    C:\Program Files\WinPop\winpop.exe Verplaatst
    C:\Program Files\WinPop\UnInstall.exe Geïnfecteerd Trojan.Popwin.BK
    C:\Program Files\WinPop\UnInstall.exe Desinfecteren mislukt
    C:\Program Files\WinPop\UnInstall.exe Verplaatst
    C:\Program Files\Softwin\BitDefender9\Quarantine\vrppnvwq.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\Program Files\Softwin\BitDefender9\Quarantine\vrppnvwq.exe Desinfecteren mislukt
    C:\Program Files\Softwin\BitDefender9\Quarantine\vrppnvwq.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024035.dll Gevonden Adware.Virtumonde.GFA
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024035.dll Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024035.dll Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024304.exe Geïnfecteerd Trojan.Downloader.Agent.YFI
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024304.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP41\A0024304.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024355.exe Geïnfecteerd Trojan.Downloader.Agent.YFI
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024355.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024355.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024419.dll Gevonden Adware.Virtumonde.GFA
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024419.dll Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP43\A0024419.dll Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027920.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027920.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027920.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027921.exe Geïnfecteerd Trojan.LowZones.SA
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027921.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027921.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027922.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027922.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027922.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027923.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027923.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027923.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027924.exe Geïnfecteerd Trojan.LowZones.SA
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027924.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027924.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027925.exe Geïnfecteerd Trojan.Clicker.Agent.NP
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027925.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027925.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027926.exe Geïnfecteerd Trojan.Fotomoto.A
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027926.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027926.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027927.exe Geïnfecteerd Trojan.LowZones.SA
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027927.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027927.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027928.exe Geïnfecteerd Trojan.Popwin.BK
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027928.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027928.exe Verplaatst
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027929.exe Geïnfecteerd Trojan.Popwin.BK
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027929.exe Desinfecteren mislukt
    C:\System Volume Information\_restore{BAEA6DD1-0B1F-44B9-832F-337574AB4B60}\RP46\A0027929.exe Verplaatst
    C:\FOUND.004\FILE0005.CHK Geïnfecteerd Trojan.Downloader.Agent.YFI
    C:\FOUND.004\FILE0005.CHK Desinfecteren mislukt
    C:\FOUND.004\FILE0005.CHK Verplaatst
    C:\FOUND.004\FILE0016.CHK Geïnfecteerd Trojan.Downloader.JISG
    C:\FOUND.004\FILE0016.CHK Desinfecteren mislukt
    C:\FOUND.004\FILE0016.CHK Verplaatst
    C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0001 Geïnfecteerd Trojan.Agent.AAJJ
    C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0001 Desinfecteren mislukt
    C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0001 Verplaatsen mislukt
    C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0002 Geïnfecteerd Trojan.Downloader.JISG
    C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0002 Desinfecteren mislukt
    C:\FOUND.004\FILE0017.CHK=>(NSIS o)=>zlib_nsis0002 Verplaatsen mislukt
    C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0001 Geïnfecteerd Trojan.Agent.AAJJ
    C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0001 Desinfecteren mislukt
    C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0001 Verplaatsen mislukt
    C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0002 Geïnfecteerd Trojan.Downloader.JISG
    C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0002 Desinfecteren mislukt
    C:\FOUND.004\FILE0018.CHK=>(NSIS o)=>zlib_nsis0002 Verplaatsen mislukt
    C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0001 Geïnfecteerd Trojan.Agent.AAJJ
    C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0001 Desinfecteren mislukt
    C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0001 Verplaatsen mislukt
    C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0002 Geïnfecteerd Trojan.Downloader.JISG
    C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0002 Desinfecteren mislukt
    C:\Recycled\Dc1.exe=>(NSIS o)=>zlib_nsis0002 Verplaatsen mislukt


    hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:40:15, on 28/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\vrppnvwq.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\DOCUME~1\Hans\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\progra~1\softwin\bitdef~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Documents and Settings\Hans\Bureaublad\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\rtfdkgeo.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\qomjjgf.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\cwkbenuo.dll",forkonce
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: jkkjk - C:\WINDOWS\system32\jkkjk.dll (file missing)
    O20 - Winlogon Notify: qomjjgf - C:\WINDOWS\SYSTEM32\qomjjgf.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vrppnvwq.exe (file missing)
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    End of file - 11284 bytes



    In ieder geval dank bij voorbaat!
  • Download [b:06b80a944c]VirtumundoBegone[/b:06b80a944c], sla dit op op je bureaublad.

    Dubbelklik op [b:06b80a944c]VirtumundoBeGone.exe[/b:06b80a944c] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand [b:06b80a944c]VBG.TXT[/b:06b80a944c], dat nu op je bureaublad staat, hier in je volgende bericht.

    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

    Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
    [b:06b80a944c]Mogelijk[/b:06b80a944c] start er ook een uninstaller van een rogue scanner op, [b:06b80a944c]sluit deze niet af[/b:06b80a944c] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna de [b:06b80a944c]PC herstarten[/b:06b80a944c] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Zoek daarna even het volgende bestand op C:\[b:06b80a944c]RVAXO-results.log[/b:06b80a944c]
    Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis.
  • VBG:

    [06/28/2007, 13:18:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Hans\Mijn documenten\VirtumundoBeGone.exe" )
    [06/28/2007, 13:18:40] - Detected System Information:
    [06/28/2007, 13:18:40] - Windows Version: 5.1.2600, Service Pack 2
    [06/28/2007, 13:18:40] - Current Username: Hans (Admin)
    [06/28/2007, 13:18:40] - Windows is in NORMAL mode.
    [06/28/2007, 13:18:40] - Searching for Browser Helper Objects:
    [06/28/2007, 13:18:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/28/2007, 13:18:40] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
    [06/28/2007, 13:18:40] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
    [06/28/2007, 13:18:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 13:18:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - No filename found. Continuing.
    [06/28/2007, 13:18:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 13:18:40] - BHO 6: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\vtsqo
    [06/28/2007, 13:18:40] - Found: HKLM\…\Winlogon\Notify\vtsqo - This is probably Virtumundo.
    [06/28/2007, 13:18:40] - Assigning {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} MSEvents Object
    [06/28/2007, 13:18:40] - BHO list has been changed! Starting over…
    [06/28/2007, 13:18:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/28/2007, 13:18:40] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
    [06/28/2007, 13:18:40] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
    [06/28/2007, 13:18:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 13:18:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - No filename found. Continuing.
    [06/28/2007, 13:18:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 13:18:40] - BHO 6: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} (MSEvents Object)
    [06/28/2007, 13:18:40] - ALERT: Found MSEvents Object!
    [06/28/2007, 13:18:40] - BHO 7: {DC192567-65F9-4AB6-ADB7-E13575F81726} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\qomjjgf
    [06/28/2007, 13:18:40] - Found: HKLM\…\Winlogon\Notify\qomjjgf - This is probably Virtumundo.
    [06/28/2007, 13:18:40] - Assigning {DC192567-65F9-4AB6-ADB7-E13575F81726} MSEvents Object
    [06/28/2007, 13:18:40] - BHO list has been changed! Starting over…
    [06/28/2007, 13:18:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/28/2007, 13:18:40] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
    [06/28/2007, 13:18:40] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
    [06/28/2007, 13:18:40] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 13:18:40] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/28/2007, 13:18:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:40] - No filename found. Continuing.
    [06/28/2007, 13:18:40] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 13:18:40] - BHO 6: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF} (MSEvents Object)
    [06/28/2007, 13:18:40] - ALERT: Found MSEvents Object!
    [06/28/2007, 13:18:40] - BHO 7: {DC192567-65F9-4AB6-ADB7-E13575F81726} (MSEvents Object)
    [06/28/2007, 13:18:40] - ALERT: Found MSEvents Object!
    [06/28/2007, 13:18:40] - Finished Searching Browser Helper Objects
    [06/28/2007, 13:18:40] - *** Detected MSEvents Object
    [06/28/2007, 13:18:41] - Trying to remove MSEvents Object…
    [06/28/2007, 13:18:42] - Terminating Process: IEXPLORE.EXE
    [06/28/2007, 13:18:43] - Terminating Process: RUNDLL32.EXE
    [06/28/2007, 13:18:43] - Disabling Automatic Shell Restart
    [06/28/2007, 13:18:43] - Terminating Process: EXPLORER.EXE
    [06/28/2007, 13:18:43] - Suspending the NT Session Manager System Service
    [06/28/2007, 13:18:44] - Terminating Windows NT Logon/Logoff Manager
    [06/28/2007, 13:18:45] - Re-enabling Automatic Shell Restart
    [06/28/2007, 13:18:45] - File to disable: C:\WINDOWS\system32\vtsqo.dll
    [06/28/2007, 13:18:45] - Renaming C:\WINDOWS\system32\vtsqo.dll -> C:\WINDOWS\system32\vtsqo.dll.vir
    [06/28/2007, 13:18:45] - File successfully renamed!
    [06/28/2007, 13:18:45] - Removing HKLM\…\Browser Helper Objects\{BAA6F127-3CF3-43B9-B7F8-7C59D99070BF}
    [06/28/2007, 13:18:45] - Removing HKCR\CLSID\{BAA6F127-3CF3-43B9-B7F8-7C59D99070BF}
    [06/28/2007, 13:18:46] - Adding Kill Bit for ActiveX for GUID: {BAA6F127-3CF3-43B9-B7F8-7C59D99070BF}
    [06/28/2007, 13:18:46] - Deleting ATLEvents/MSEvents Registry entries
    [06/28/2007, 13:18:46] - Removing HKLM\…\Winlogon\Notify\vtsqo
    [06/28/2007, 13:18:46] - Searching for Browser Helper Objects:
    [06/28/2007, 13:18:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/28/2007, 13:18:46] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 13:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:46] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
    [06/28/2007, 13:18:46] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
    [06/28/2007, 13:18:46] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 13:18:46] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/28/2007, 13:18:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:46] - No filename found. Continuing.
    [06/28/2007, 13:18:46] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 13:18:46] - BHO 6: {DC192567-65F9-4AB6-ADB7-E13575F81726} (MSEvents Object)
    [06/28/2007, 13:18:46] - ALERT: Found MSEvents Object!
    [06/28/2007, 13:18:46] - Finished Searching Browser Helper Objects
    [06/28/2007, 13:18:46] - *** Detected MSEvents Object
    [06/28/2007, 13:18:46] - Trying to remove MSEvents Object…
    [06/28/2007, 13:18:47] - Terminating Process: IEXPLORE.EXE
    [06/28/2007, 13:18:47] - Terminating Process: RUNDLL32.EXE
    [06/28/2007, 13:18:47] - Disabling Automatic Shell Restart
    [06/28/2007, 13:18:47] - Terminating Process: EXPLORER.EXE
    [06/28/2007, 13:18:47] - Suspending the NT Session Manager System Service
    [06/28/2007, 13:18:47] - Terminating Windows NT Logon/Logoff Manager
    [06/28/2007, 13:18:47] - Re-enabling Automatic Shell Restart
    [06/28/2007, 13:18:47] - File to disable: C:\WINDOWS\system32\qomjjgf.dll
    [06/28/2007, 13:18:47] - Renaming C:\WINDOWS\system32\qomjjgf.dll -> C:\WINDOWS\system32\qomjjgf.dll.vir
    [06/28/2007, 13:18:48] - File successfully renamed!
    [06/28/2007, 13:18:48] - Removing HKLM\…\Browser Helper Objects\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    [06/28/2007, 13:18:48] - Removing HKCR\CLSID\{DC192567-65F9-4AB6-ADB7-E13575F81726}
    [06/28/2007, 13:18:49] - Adding Kill Bit for ActiveX for GUID: {DC192567-65F9-4AB6-ADB7-E13575F81726}
    [06/28/2007, 13:18:49] - Deleting ATLEvents/MSEvents Registry entries
    [06/28/2007, 13:18:49] - Removing HKLM\…\Winlogon\Notify\qomjjgf
    [06/28/2007, 13:18:49] - Searching for Browser Helper Objects:
    [06/28/2007, 13:18:49] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [06/28/2007, 13:18:49] - BHO 2: {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} ()
    [06/28/2007, 13:18:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:49] - Checking for HKLM\…\Winlogon\Notify\rtfdkgeo
    [06/28/2007, 13:18:49] - Key not found: HKLM\…\Winlogon\Notify\rtfdkgeo, continuing.
    [06/28/2007, 13:18:49] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/28/2007, 13:18:49] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/28/2007, 13:18:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/28/2007, 13:18:49] - No filename found. Continuing.
    [06/28/2007, 13:18:49] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [06/28/2007, 13:18:49] - Finished Searching Browser Helper Objects
    [06/28/2007, 13:18:49] - Finishing up…
    [06/28/2007, 13:18:49] - A restart is needed.
    [06/28/2007, 13:19:00] - Attempting to Restart via STOP error (Blue Screen!)


    RVAXO:
    —————-RemoveVideoActiveXObject.exe first run————-

    Files found:

    C:\WINDOWS\system32\vtsqo.dll.vir
    C:\WINDOWS\system32\qomjjgf.dll.vir
    C:\Program Files\MSN Messenger\msnmgr.exe
    C:\WINDOWS\system32\kjkkj.ini2
    C:\WINDOWS\system32\oqstv.bak1

    Uninstallers Rogue scanners:


    Folders Found:

    C:\Program Files\WinPop

    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:
  • Download [b:6144c42f50]Combofix[/b:6144c42f50] naar je Bureaublad.
    Dubbelklik op [b:6144c42f50]Combofix.exe[/b:6144c42f50]
    Volg de instructies, aanvaard de disclaimer door [b:6144c42f50]1[/b:6144c42f50] (continue) te typen.
    Tijdens het runnen van de fix, [b:6144c42f50]NIET[/b:6144c42f50] in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log [b:6144c42f50]combofix.txt[/b:6144c42f50] openen.
    [i:6144c42f50]Plaats deze log in je volgende post.[/i:6144c42f50]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • In ieder geval bedankt voor het snelle antwoord! Ik zou zelf niet weten wat er gedaan wordt met al die programma's, ben in die dingen een echte leek.



    "Hans" - 2007-06-29 11:29:19 - ComboFix 07-06-27.7 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\qommkhg.dll
    C:\WINDOWS\system32\qptvkbns.dll
    C:\WINDOWS\system32\nnnolli.dll
    C:\WINDOWS\system32\jkkigec.dll
    C:\WINDOWS\system32\fcccyay.dll
    C:\WINDOWS\system32\xxyvvvu.dll
    C:\WINDOWS\system32\awtttuu.dll
    C:\WINDOWS\system32\pmnnoml.dll
    C:\WINDOWS\system32\mljihgg.dll
    C:\WINDOWS\system32\rqrqonn.dll
    C:\WINDOWS\system32\efcdecb.dll
    C:\WINDOWS\system32\cbxvspp.dll
    C:\WINDOWS\system32\byxyvvw.dll
    C:\WINDOWS\system32\nnnlklk.dll
    C:\WINDOWS\system32\qomnonm.dll
    C:\WINDOWS\system32\rqrqpmk.dll
    C:\WINDOWS\system32\ddccaab.dll
    C:\WINDOWS\system32\qommlkl.dll
    C:\WINDOWS\system32\khfffdb.dll
    C:\WINDOWS\system32\fcccaya.dll
    C:\WINDOWS\system32\byxvwuu.dll
    C:\WINDOWS\system32\yaywtts.dll
    C:\WINDOWS\system32\gebbayv.dll
    C:\WINDOWS\system32\urqnkjk.dll
    C:\WINDOWS\system32\cbxvwwu.dll
    C:\WINDOWS\system32\tuvsttt.dll
    C:\WINDOWS\system32\urqnkig.dll
    C:\WINDOWS\system32\nnnnnno.dll
    C:\WINDOWS\system32\gebbyvs.dll
    C:\WINDOWS\system32\khfcbxv.dll
    C:\WINDOWS\system32\iiffdbx.dll
    C:\WINDOWS\system32\xxyyyvt.dll
    C:\WINDOWS\system32\xxywusq.dll
    C:\WINDOWS\system32\xxyxwuv.dll
    C:\WINDOWS\system32\fccbbca.dll
    C:\WINDOWS\system32\pmnmmlk.dll
    C:\WINDOWS\system32\ssqqqnm.dll
    C:\WINDOWS\system32\xxyxyvv.dll
    C:\WINDOWS\system32\awtrrrs.dll
    C:\WINDOWS\system32\rqrqrrp.dll
    C:\WINDOWS\system32\pmnkjij.dll
    C:\WINDOWS\system32\awtrsqo.dll
    C:\WINDOWS\system32\rqrrrqq.dll
    C:\WINDOWS\system32\wvuvwtq.dll
    C:\WINDOWS\system32\rqrqoll.dll
    C:\WINDOWS\system32\awtuuur.dll
    C:\WINDOWS\system32\yayyvwx.dll
    C:\WINDOWS\system32\vtutrom.dll
    C:\WINDOWS\system32\awtspno.dll
    C:\WINDOWS\system32\jkkifcc.dll
    C:\WINDOWS\system32\cbxuvvw.dll
    C:\WINDOWS\system32\fccyaww.dll
    C:\WINDOWS\system32\hgghhhf.dll
    C:\WINDOWS\system32\byxyxvs.dll
    C:\WINDOWS\system32\nnnnkjg.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\b122.exe
    C:\WINDOWS\b136.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


    2007-06-29 11:28 49,152 –a—— C:\WINDOWS\nircmd.exe
    2007-06-28 18:41 36,122 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-28 18:41 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-27 22:40 81,984 –a—— C:\WINDOWS\system32\bdod.bin
    2007-06-27 22:25 786,432 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-06-27 22:25 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-06-27 22:25 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-06-27 22:25 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-06-27 22:25 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
    2007-06-27 22:25 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-06-27 22:25 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-06-27 22:25 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-06-27 22:25 <DIR> d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
    2007-06-27 22:24 <DIR> d–hs—- C:\FOUND.005
    2007-06-27 21:33 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-06-27 21:33 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-06-27 21:33 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-06-27 21:33 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-06-27 21:33 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-06-27 21:33 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-06-27 21:33 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-06-27 21:33 <DIR> d——– C:\DOCUME~1\Hans\APPLIC~1\PC Tools
    2007-06-27 21:32 <DIR> d——– C:\Program Files\Google
    2007-06-27 21:32 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2007-06-27 17:48 29 –a—— C:\WINDOWS\system32\getfile.dat
    2007-06-27 15:00 <DIR> d——– C:\Program Files\Lavasoft
    2007-06-27 15:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-27 14:59 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-27 14:50 <DIR> d——– C:\Program Files\InterMute
    2007-06-27 10:56 128,576 –a—— C:\WINDOWS\system32\cwkbenuo.dll
    2007-06-27 10:53 66,112 –a—— C:\WINDOWS\system32\rtfdkgeo.dll
    2007-06-24 08:28 <DIR> d——– C:\DOCUME~1\Admin\APPLIC~1\AdobeUM
    2007-06-23 19:19 <DIR> d–hs—- C:\FOUND.004
    2007-06-16 17:46 <DIR> d–hs—- C:\FOUND.003
    2007-06-12 19:02 <DIR> d–hs—- C:\WINDOWS\ftpcache
    2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-03 17:02 <DIR> d——– C:\DOCUME~1\Admin\Contacts
    2007-06-02 09:24 <DIR> d–hs—- C:\FOUND.002
    2007-06-01 18:12 <DIR> d——– C:\DOCUME~1\Hans\APPLIC~1\AdobeUM
    2007-06-01 11:41 82,380 –a—— C:\WINDOWS\system32\drivers\AFS2K.SYS
    2007-06-01 11:38 94,208 -ra—— C:\WINDOWS\system32\HPZipt12.dll
    2007-06-01 11:38 65,795 -ra—— C:\WINDOWS\system32\HPZipm12.exe
    2007-06-01 11:38 61,699 -ra—— C:\WINDOWS\system32\HPZinw12.exe
    2007-06-01 11:38 57,344 -ra—— C:\WINDOWS\system32\HPZisn12.dll
    2007-06-01 11:38 51,024 -ra—— C:\WINDOWS\system32\drivers\hpzid412.sys
    2007-06-01 11:38 233,528 -ra—— C:\WINDOWS\system32\HPZidr12.dll
    2007-06-01 11:38 167,936 -ra—— C:\WINDOWS\system32\HPZipr12.dll
    2007-06-01 11:38 16,080 -ra—— C:\WINDOWS\system32\drivers\HPZipr12.sys
    2007-06-01 11:36 <DIR> d——– C:\Program Files\Common Files\Hewlett-Packard
    2007-06-01 11:34 20,458 ——— C:\WINDOWS\hpoins01.dat
    2007-06-01 11:34 16,622 ——— C:\WINDOWS\hpomdl01.dat
    2007-06-01 11:34 <DIR> d——– C:\Program Files\Hewlett-Packard


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-29 09:52:22 12 —-a-w C:\WINDOWS\bthservsdp.dat
    2007-06-27 15:48:42 73,728 —-a-w C:\WINDOWS\system32\sockspy.dll
    2007-06-27 15:48:30 77,824 —-a-w C:\WINDOWS\system32\xcomm.dll
    2007-05-16 15:19:44 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-06-27 21:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDMCon"="C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe" [2007-06-27 17:48]
    "BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 18:53]
    "BDNewsAgent"="C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe" [2005-06-09 11:28]
    "BDSwitchAgent"="C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe" [2005-04-06 14:09]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 13:19]
    "LaunchApp"="" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-08-16 11:21 C:\WINDOWS\SkyTel.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-08-09 22:29]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
    "@"="" []
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40]
    "eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" []
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34]
    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjk]
    C:\WINDOWS\system32\jkkjk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-29 11:55:01
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


    Completion time: 2007-06-29 12:20:03 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-29 12:02

    — E O F —
    :-? 8) 8)
  • Sorry voor de late reactie, ik had de notificatie gemist.

    Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster: [list:cba7709b4c][b:cba7709b4c]
  • Bij combofix is de log een batch file, die het aanmaken van een echte logfile opstart… dit lukt echter niet. Er is wel een andere log file, nl. combofix quarantined files. Die bevat volgende:
    [code:1:855762f81b]
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrrrs.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtrsqo.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtspno.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtttuu.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtuuur.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byxvwuu.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byxyvvw.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\byxyxvs.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxuvvw.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxvspp.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\cbxvwwu.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddccaab.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\efcdecb.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fccbbca.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fcccaya.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fcccyay.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\fccyaww.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gebbayv.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\gebbyvs.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\hgghhhf.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\iiffdbx.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkifcc.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkigec.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\khfcbxv.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\khfffdb.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\mljihgg.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnlklk.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnnkjg.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnnnno.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnolli.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnkjij.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmmlk.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnnoml.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qommkhg.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qommlkl.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qomnonm.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\qptvkbns.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqoll.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqonn.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqpmk.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrqrrp.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqrrrqq.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqqqnm.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvsttt.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqnkig.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\urqnkjk.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtutrom.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wvuvwtq.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyvvvu.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxywusq.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxwuv.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyxyvv.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyyyvt.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yaywtts.dll.vir
    C:\Qoobox\Quarantine\C\WINDOWS\system32\yayyvwx.dll.vir
    2007-06-27 10:53 66112 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\rtfdkgeo.dll.vir
    2007-06-27 10:56 128576 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\cwkbenuo.dll.vir
    2007-06-28 18:41 36122 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\RemoveVideoActiveXObject.reg.vir
    2007-06-29 11:32 846 –a—— C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf


    Map PATH-lijst voor volume ACER
    Het volumenummer is 13D8-E09C
    C:\QOOBOX
    \—Quarantine
    +—Registry_backups
    | LEGACY_DOMAINSERVICE.reg.cf
    |
    \—C
    \—WINDOWS
    \—system32
    qommkhg.dll.vir
    qptvkbns.dll.vir
    nnnolli.dll.vir
    jkkigec.dll.vir
    fcccyay.dll.vir
    xxyvvvu.dll.vir
    awtttuu.dll.vir
    pmnnoml.dll.vir
    mljihgg.dll.vir
    rqrqonn.dll.vir
    efcdecb.dll.vir
    cbxvspp.dll.vir
    byxyvvw.dll.vir
    nnnlklk.dll.vir
    qomnonm.dll.vir
    rqrqpmk.dll.vir
    ddccaab.dll.vir
    qommlkl.dll.vir
    khfffdb.dll.vir
    fcccaya.dll.vir
    byxvwuu.dll.vir
    yaywtts.dll.vir
    gebbayv.dll.vir
    urqnkjk.dll.vir
    cbxvwwu.dll.vir
    tuvsttt.dll.vir
    urqnkig.dll.vir
    nnnnnno.dll.vir
    gebbyvs.dll.vir
    khfcbxv.dll.vir
    iiffdbx.dll.vir
    xxyyyvt.dll.vir
    xxywusq.dll.vir
    xxyxwuv.dll.vir
    fccbbca.dll.vir
    pmnmmlk.dll.vir
    ssqqqnm.dll.vir
    xxyxyvv.dll.vir
    awtrrrs.dll.vir
    rqrqrrp.dll.vir
    pmnkjij.dll.vir
    awtrsqo.dll.vir
    rqrrrqq.dll.vir
    wvuvwtq.dll.vir
    rqrqoll.dll.vir
    awtuuur.dll.vir
    yayyvwx.dll.vir
    vtutrom.dll.vir
    awtspno.dll.vir
    jkkifcc.dll.vir
    cbxuvvw.dll.vir
    fccyaww.dll.vir
    hgghhhf.dll.vir
    byxyxvs.dll.vir
    nnnnkjg.dll.vir
    RemoveVideoActiveXObject.reg.vir
    cwkbenuo.dll.vir
    rtfdkgeo.dll.vir

    [/code:1:855762f81b]


    De hijackthis zegt volgende:
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:14, on 2007-07-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe
    C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\DOCUME~1\Hans\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\ComboFix\catchme.cfexe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Hans\Mijn documenten\HiJackThis_v2.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    End of file - 9751 bytes
  • Logje ziet er wel goed uit, zijn er nog problemen?
  • [quote:2ac259b1e7="smeenk"]Logje ziet er wel goed uit, zijn er nog problemen?[/quote:2ac259b1e7]
    opstarten en afsluiten gaat nog altijd zeer traag (bij afsluiten moet ik meestal meerdere keren de opdracht geven, anders blijft ie gewoon aan). Eenmaal hij opgestart is, geen enkel probleem buiten af en toe eens wat getreuzel. Heb van een vriend van mij gehoord dat hij er mogelijk het msn-virus mee heeft opgelopen toen hij bezig was, ga eens rondkijken hier om dat eventueel te verwijderen en dan zien we wel…

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.