Volledige versie bekijken : pc erg traag.
Goede middag,
Wil iemand mijn logje nakijken aub daar de pc erg traag is.
Ik plaats 2 logjes een van v1.99 en een van v2beta
De v2 beta geeft de volgend posten wel,maar v1.99 niet.
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {199A9160-6921-4EF3-9420-1183394CA92F} - C:\WINDOWS\system32\wvurqqp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {C59E6D89-2645-46A6-B0DE-CAA94DE1247B} - C:\WINDOWS\system32\ddcyx.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\ykmyihbs.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: wvurqqp - C:\WINDOWS\SYSTEM32\wvurqqp.dll
************************************************** *******
Logfile of HijackThis v1.99.1
Scan saved at 16:17:11, on 20-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
D:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
************************************************** ******
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:12:39, on 20-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ams\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {199A9160-6921-4EF3-9420-1183394CA92F} - C:\WINDOWS\system32\wvurqqp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {C59E6D89-2645-46A6-B0DE-CAA94DE1247B} - C:\WINDOWS\system32\ddcyx.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\ykmyihbs.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll
O20 - Winlogon Notify: wvurqqp - C:\WINDOWS\SYSTEM32\wvurqqp.dll
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
--
End of file - 5249 bytes
bvd voor moeite
ams
jurgenv 20 March 2007, 18:20 Download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) naar je bureaublad.
Dubbelklik VundoFix.exe om het te starten.
Klik de Scan for Vundo knop.
Eenmaal gedaan met scannen, klik de Remove Vundo knop.
Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES
Nadat je Yes hebt geklikt, zullen de icoontjes op je bureaublad verdwijnen tijdens het verwijderen van Vundo.
Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.
Start je pc terug opnieuw op.
Post de inhoud van C:\vundofix.txt en een nieuwe hijackthislog in je volgende post.
Note: Het is mogelijk dat vundofix een bestand gevonden heeft dat niet kon verwijderd worden.
In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Click the Scan for Vundo."
Hallo Jurgenv,
Bedankt voor de snelle reactie.
Hier de gevraagde logs.
*****************
VundoFix V6.3.17
Checking Java version...
Scan started at 17:43:08 20-3-2007
Listing files found while scanning....
C:\WINDOWS\system32\cbxuvvt.dll
C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\wvurqqp.dll
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\ykmyihbs.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbxuvvt.dll
C:\WINDOWS\system32\cbxuvvt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ddcyx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvurqqp.dll
C:\WINDOWS\system32\wvurqqp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ykmyihbs.dll
C:\WINDOWS\system32\ykmyihbs.dll Has been deleted!
Performing Repairs to the registry.
Done!
*******************
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:59:18, on 20-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ams\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {199A9160-6921-4EF3-9420-1183394CA92F} - C:\WINDOWS\system32\wvurqqp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {C59E6D89-2645-46A6-B0DE-CAA94DE1247B} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
--
End of file - 5166 bytes
Groet
ams.
jurgenv 20 March 2007, 19:04 * Open hijackthis en vink volgende regels aan:
O2 - BHO: (no name) - {199A9160-6921-4EF3-9420-1183394CA92F} - C:\WINDOWS\system32\wvurqqp.dll (file missing)
O2 - BHO: (no name) - {C59E6D89-2645-46A6-B0DE-CAA94DE1247B} - C:\WINDOWS\system32\ddcyx.dll (file missing)
* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
Hier de logjes,
"ams" - 07-03-20 18:21:30 Service Pack 2
ComboFix 07-03-20.2 - Running from: "C:\Documents and Settings\ams\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2007-02-20 to 2007-03-20 ))))))))))))))))))))))))))))))))))
2007-03-20 17:43 <DIR> d-------- C:\VundoFix Backups
2007-03-20 09:51 123,412 --a------ C:\WINDOWS\system32\bnbgdpbg.dll
2007-03-18 20:43 <DIR> dr-h----- C:\DOCUME~1\ams\Onlangs geopend
2007-03-14 20:19 <DIR> d-------- C:\Program Files\Everest Poker
2007-03-09 21:02 <DIR> d-------- C:\DOCUME~1\ams\APPLIC~1\Apple Computer
2007-03-02 09:03 183 --a------ C:\WINDOWS\system32\FOLESVR.DLL
2007-03-01 10:27 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-01 10:27 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-01 10:27 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-01 10:27 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-01 10:27 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-01 10:27 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-01 10:27 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-01 10:27 <DIR> d-------- C:\Program Files\Alwil Software
2007-02-25 15:25 <DIR> d-------- C:\Bdienst
2007-02-25 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-02-25 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-02-23 11:15 8,912,896 --a------ C:\DOCUME~1\ams\ntuser.dat
2007-02-23 10:00 897,024 --a------ C:\WINDOWS\system32\VchReg.dll
2007-02-22 11:06 <DIR> d-------- C:\Program Files\Java
2007-02-22 11:06 <DIR> d-------- C:\Program Files\Common Files\Java
2007-02-21 14:57 <DIR> d-------- C:\DOCUME~1\ams\APPLIC~1\Acronis
2007-02-21 14:29 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-02-21 14:29 <DIR> d-------- C:\Program Files\Acronis
2007-02-21 09:21 24 --a------ C:\WINDOWS\system.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2007-03-20 10:16 -------- d-------- C:\Program Files\mozilla thunderbird
2007-03-20 09:51 123412 --a------ C:\WINDOWS\system32\bnbgdpbg.dll
2007-03-18 20:44 -------- d-------- C:\Program Files\spywareblaster
2007-03-18 20:37 -------- d-------- C:\Program Files\peerguardian2
2007-03-18 20:36 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\utorrent
2007-03-18 17:46 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\dvdcss
2007-03-18 16:53 -------- d-------- C:\Program Files\everest poker
2007-03-18 13:57 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\openoffice.org2
2007-03-17 17:00 -------- d-------- C:\Program Files\emule
2007-03-16 11:23 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-16 11:23 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\vso
2007-03-15 11:00 -------- d-------- C:\Program Files\vso
2007-03-10 08:41 71220 --a------ C:\WINDOWS\system32\perfc013.dat
2007-03-10 08:41 447260 --a------ C:\WINDOWS\system32\perfh013.dat
2007-03-02 09:03 183 --a------ C:\WINDOWS\system32\folesvr.dll
2007-03-01 10:27 -------- d-------- C:\Program Files\alwil software
2007-02-22 11:06 -------- d-------- C:\Program Files\java
2007-02-22 11:06 -------- d-------- C:\Program Files\Common Files\java
2007-02-21 14:31 392320 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-02-21 14:31 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-02-21 14:30 114048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-02-21 14:17 -------- d-------- C:\Program Files\ashampoo
2007-02-21 09:21 24 --a------ C:\WINDOWS\system.sys
2007-02-19 20:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-18 16:09 -------- d-------- C:\Program Files\sld codec pack
2007-02-18 10:18 -------- d-------- C:\Program Files\your uninstaller 2006
2007-02-18 00:15 232816 --a------ C:\WINDOWS\system32\drivers\VMM.sys
2007-02-15 20:28 530 --ah----- C:\hpothb07.dat
2007-02-15 20:01 356352 --a------ C:\WINDOWS\esellerateengine.dll
2007-02-15 20:00 -------- d-------- C:\Program Files\qo labs
2007-02-15 12:52 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\dvd shrink
2007-02-12 21:17 -------- d-------- C:\Program Files\siteadvisor
2007-02-10 19:06 -------- d-------- C:\Program Files\allmymovies
2007-02-09 20:39 14368 --a------ C:\WINDOWS\system32\relog_ap.dll
2007-02-09 19:06 17440 --a------ C:\WINDOWS\system32\acrotls.dll
2007-02-09 18:49 206368 --a------ C:\WINDOWS\system32\snapapi.dll
2007-02-03 13:49 -------- d-------- C:\Program Files\Common Files\agnitum shared
2007-02-03 13:49 -------- d-------- C:\Program Files\agnitum
2007-02-02 20:17 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\siteadvisor
2007-02-02 19:25 -------- d-------- C:\Program Files\copernic desktop search 2
2007-02-01 09:24 36793 --a------ C:\WINDOWS\krx-642.dat
2007-01-30 15:01 -------- d-------- C:\Program Files\raxco
2007-01-30 15:01 -------- d-------- C:\Program Files\Common Files\raxco
2007-01-30 14:30 -------- d-------- C:\DOCUME~1\ams\APPLIC~1\comodo
2007-01-30 13:55 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-01-28 18:54 -------- d-------- C:\Program Files\lavasoft
2007-01-27 16:15 -------- d-------- C:\Program Files\tuneup utilities 2007
2007-01-27 16:08 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-27 09:02 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-01-27 08:43 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-01-22 16:18 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 18:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-09 21:09 20458 --a------ C:\WINDOWS\hpoins01.dat
2007-01-08 14:29 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2006-12-29 13:58 4328 --a------ C:\WINDOWS\mozver.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"Outpost Firewall"="C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe /waitservice"
"OutpostFeedBack"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6028\\SiteAdv.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"UIWatcher"="C:\\Program Files\\Ashampoo\\Ashampoo UnInstaller Platinum 2\\UIWatcher.exe"
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AWMON"="\"C:\\PROGRA~1\\Lavasoft\\AD-AWA~1\\Ad-Watch.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.ex e"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.ex e"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{199A9160-6921-4EF3-9420-1183394CA92F}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Onderhoud.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1168373981.job
************************************************** ******************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
************************************************** ******************
Completion time: 07-03-20 18:24:30
-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:28:18, on 20-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ams\Bureaublad\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
--
End of file - 4991 bytes
jurgenv 20 March 2007, 19:55 * Ga naar http://www.virustotal.com/en/indexf.html en upload volgende bestanden:
C:\WINDOWS\system32\bnbgdpbg.dll
C:\WINDOWS\system32\FOLESVR.DLL
C:\WINDOWS\system.sys
* Post de resultaten hier.
* Ga naar http://www.virustotal.com/en/indexf.html en upload volgende bestanden:
C:\WINDOWS\system32\bnbgdpbg.dll
C:\WINDOWS\system32\FOLESVR.DLL
C:\WINDOWS\system.sys
* Post de resultaten hier.
Helaas hier houdt mijn kennis op.
Geef even wat meer uitleg aub,weet niet meer wat ik moet doen
groet
ams.
Hallo Jurenv,
Gevonden de twee volgende bestanden: C:\WINDOWS\system32\bnbgdpbg.dll
C:\WINDOWS\system32\FOLESVR.DLL
************ ********************
Bestand:C:\WINDOWS\system.sys niet gevonden wel dit bestand: C:\WINDOWS\system.system
Is dit ook goed?
Hallo Jurenv,
Hier de gevraagde logjes.
------------------------
Complete scanning result of "bnbgdpbg.dll", received in VirusTotal at 03.20.2007, 19:43:24 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.3.21.0 03.20.2007 Win-Trojan/Virtumod.123412
AntiVir 7.3.1.44 03.20.2007 ADSPY/Virtumonde.HB.1
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.20.2007 no virus found
AVG 7.5.0.447 03.20.2007 Adware Generic.VSL
BitDefender 7.2 03.20.2007 MemScan:Trojan.Spy.Agent.NU
CAT-QuickHeal 9.00 03.20.2007 AdWare.Virtumonde.hb (Not a Virus)
ClamAV devel-20070312 03.20.2007 Trojan.Agent-2243
DrWeb 4.33 03.20.2007 Trojan.Virtumod
eSafe 7.0.14.0 03.20.2007 no virus found
eTrust-Vet 30.6.3496 03.20.2007 Win32/Vundo!generic
Ewido 4.0 03.20.2007 no virus found
FileAdvisor 1 03.20.2007 no virus found
Fortinet 2.85.0.0 03.20.2007 suspicious
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.20.2007 W32/Vundo.gen7
Ikarus T3.1.1.3 03.20.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
Kaspersky 4.0.2.24 03.20.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
McAfee 4988 03.20.2007 Vundo
Microsoft 1.2306 03.20.2007 no virus found
NOD32v2 2129 03.20.2007 Win32/Adware.Virtumonde.HB
Norman 5.80.02 03.20.2007 W32/Virtumonde.FGA
Panda 9.0.0.4 03.20.2007 Spyware/Virtumonde
Prevx1 V2 03.20.2007 no virus found
Sophos 4.15.0 03.13.2007 Virtumundo
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.20.2007 Trojan.Vundo
TheHacker 6.1.6.078 03.20.2007 Adware/Virtumonde.hb
UNA 1.83 03.16.2007 Adware.Virtumonde.BD1A
VBA32 3.11.2 03.19.2007 no virus found
VirusBuster 4.3.7:9 03.20.2007 Adware.Virtumonde.BM
Webwasher-Gateway 6.0.1 03.20.2007 Ad-Spyware.Virtumonde.HB.1
-------------------------------------------------------------------------
Complete scanning result of "FOLESVR.DLL", received in VirusTotal at 03.20.2007, 19:53:49 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.3.21.0 03.20.2007 no virus found
AntiVir 7.3.1.44 03.20.2007 no virus found
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.20.2007 no virus found
AVG 7.5.0.447 03.20.2007 no virus found
BitDefender 7.2 03.20.2007 no virus found
CAT-QuickHeal 9.00 03.20.2007 no virus found
ClamAV devel-20070312 03.20.2007 no virus found
DrWeb 4.33 03.20.2007 no virus found
eSafe 7.0.14.0 03.20.2007 no virus found
eTrust-Vet 30.6.3496 03.20.2007 no virus found
Ewido 4.0 03.20.2007 no virus found
FileAdvisor 1 03.20.2007 no virus found
Fortinet 2.85.0.0 03.20.2007 no virus found
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.20.2007 no virus found
Ikarus T3.1.1.3 03.20.2007 no virus found
Kaspersky 4.0.2.24 03.20.2007 no virus found
McAfee 4988 03.20.2007 no virus found
Microsoft 1.2306 03.20.2007 no virus found
NOD32v2 2129 03.20.2007 no virus found
Norman 5.80.02 03.20.2007 no virus found
Panda 9.0.0.4 03.20.2007 no virus found
Prevx1 V2 03.20.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.20.2007 no virus found
TheHacker 6.1.6.078 03.20.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.19.2007 no virus found
VirusBuster 4.3.7:9 03.20.2007 no virus found
Webwasher-Gateway 6.0.1 03.20.2007 no virus found
------------------------------------------------------------
Complete scanning result of "SYSTEM.DRV", received in VirusTotal at 03.20.2007, 20:07:00 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.3.21.0 03.20.2007 no virus found
AntiVir 7.3.1.44 03.20.2007 no virus found
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.20.2007 no virus found
AVG 7.5.0.447 03.20.2007 no virus found
BitDefender 7.2 03.20.2007 no virus found
CAT-QuickHeal 9.00 03.20.2007 no virus found
ClamAV devel-20070312 03.20.2007 no virus found
DrWeb 4.33 03.20.2007 no virus found
eSafe 7.0.14.0 03.20.2007 no virus found
eTrust-Vet 30.6.3496 03.20.2007 no virus found
Ewido 4.0 03.20.2007 no virus found
FileAdvisor 1 03.20.2007 No threat detected
Fortinet 2.85.0.0 03.20.2007 no virus found
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.20.2007 no virus found
Ikarus T3.1.1.3 03.20.2007 no virus found
Kaspersky 4.0.2.24 03.20.2007 no virus found
McAfee 4988 03.20.2007 no virus found
Microsoft 1.2306 03.20.2007 no virus found
NOD32v2 2129 03.20.2007 no virus found
Norman 5.80.02 03.20.2007 no virus found
Panda 9.0.0.4 03.20.2007 no virus found
Prevx1 V2 03.20.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.20.2007 no virus found
TheHacker 6.1.6.078 03.20.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.19.2007 no virus found
VirusBuster 4.3.7:9 03.20.2007 no virus found
Webwasher-Gateway 6.0.1 03.20.2007 no virus found
-----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:21:10, on 20-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ams\Bureaublad\Nieuwe map\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
--
End of file - 4969 bytes
------------------------
Alvast bedankt voor de moeite.
Groet
ams
jurgenv 20 March 2007, 21:56 Ga naar http://www.bleepingcomputer.com/submit-malware.php?channel=8
en vul bij het volgende in:
Link to topic where this file was requested: http://www.minatica.be/newreply.php?do=newreply&noquote=1&p=301224
Browse to the file you want to submit:
C:\WINDOWS\System32\bnbgdpbg.dll
Leave any comments, further information about this file, or contact information:
New Vundo, No CLSID available.
Complete scanning result of "bnbgdpbg.dll", received in VirusTotal at 03.20.2007, 19:43:24 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.3.21.0 03.20.2007 Win-Trojan/Virtumod.123412
AntiVir 7.3.1.44 03.20.2007 ADSPY/Virtumonde.HB.1
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.20.2007 no virus found
AVG 7.5.0.447 03.20.2007 Adware Generic.VSL
BitDefender 7.2 03.20.2007 MemScan:Trojan.Spy.Agent.NU
CAT-QuickHeal 9.00 03.20.2007 AdWare.Virtumonde.hb (Not a Virus)
ClamAV devel-20070312 03.20.2007 Trojan.Agent-2243
DrWeb 4.33 03.20.2007 Trojan.Virtumod
eSafe 7.0.14.0 03.20.2007 no virus found
eTrust-Vet 30.6.3496 03.20.2007 Win32/Vundo!generic
Ewido 4.0 03.20.2007 no virus found
FileAdvisor 1 03.20.2007 no virus found
Fortinet 2.85.0.0 03.20.2007 suspicious
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.20.2007 W32/Vundo.gen7
Ikarus T3.1.1.3 03.20.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
Kaspersky 4.0.2.24 03.20.2007 not-a-virus:AdWare.Win32.Virtumonde.hb
McAfee 4988 03.20.2007 Vundo
Microsoft 1.2306 03.20.2007 no virus found
NOD32v2 2129 03.20.2007 Win32/Adware.Virtumonde.HB
Norman 5.80.02 03.20.2007 W32/Virtumonde.FGA
Panda 9.0.0.4 03.20.2007 Spyware/Virtumonde
Prevx1 V2 03.20.2007 no virus found
Sophos 4.15.0 03.13.2007 Virtumundo
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.20.2007 Trojan.Vundo
TheHacker 6.1.6.078 03.20.2007 Adware/Virtumonde.hb
UNA 1.83 03.16.2007 Adware.Virtumonde.BD1A
VBA32 3.11.2 03.19.2007 no virus found
VirusBuster 4.3.7:9 03.20.2007 Adware.Virtumonde.BM
Webwasher-Gateway 6.0.1 03.20.2007 Ad-Spyware.Virtumonde.HB.1
Klik dan onderaan op 'Send file'
Ga naar http://www.bleepingcomputer.com/submit-malware.php?channel=8
en vul bij het volgende in:
Klik dan onderaan op 'Send file'
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
jurgenv 20 March 2007, 23:07 * Download en unzip Killbox (http://www.downloads.subratam.org/KillBox.exe) naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie "Delete on reboot".
In het veld "Full Path of File to Delete" kopieer en plak je het volgende:
C:\WINDOWS\System32\bnbgdpbg.dll
Klik op de knop: single file (!Belangrijk!)
Daarna, Klik op de rode cirkel met het wit kruisje erin.
Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.
Je pc moet nu rebooten.
* Kan je die C:\WINDOWS\system.system ook eens uploaden?
Hier het logje van bestand:C:\WINDOWS\system.system.
-------------------------------------------------------
Complete scanning result of "SYSTEM.DRV", received in VirusTotal at 03.21.2007, 08:33:35 (CET).
Antivirus Version Update Result
AhnLab-V3 2007.3.21.1 03.21.2007 no virus found
AntiVir 7.3.1.44 03.20.2007 no virus found
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.20.2007 no virus found
AVG 7.5.0.447 03.20.2007 no virus found
BitDefender 7.2 03.21.2007 no virus found
CAT-QuickHeal 9.00 03.20.2007 no virus found
ClamAV devel-20070312 03.21.2007 no virus found
DrWeb 4.33 03.20.2007 no virus found
eSafe 7.0.14.0 03.20.2007 no virus found
eTrust-Vet 30.6.3497 03.21.2007 no virus found
Ewido 4.0 03.20.2007 no virus found
FileAdvisor 1 03.21.2007 No threat detected
Fortinet 2.85.0.0 03.21.2007 no virus found
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.21.2007 no virus found
Ikarus T3.1.1.3 03.21.2007 no virus found
Kaspersky 4.0.2.24 03.21.2007 no virus found
McAfee 4988 03.20.2007 no virus found
Microsoft 1.2306 03.21.2007 no virus found
NOD32v2 2130 03.21.2007 no virus found
Norman 5.80.02 03.20.2007 no virus found
Panda 9.0.0.4 03.20.2007 no virus found
Prevx1 V2 03.21.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.21.2007 no virus found
TheHacker 6.1.6.078 03.20.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.19.2007 no virus found
VirusBuster 4.3.7:9 03.20.2007 no virus found
Webwasher-Gateway 6.0.1 03.21.2007 no virus found
Ps.moet ik nog wat doen met dit bestand?(C:\WINDOWS\System32\bnbgdpbg.dll)
groet
ams
jurgenv 21 March 2007, 14:10 Ps.moet ik nog wat doen met dit bestand?(C:\WINDOWS\System32\bnbgdpbg.dll)
groet
ams
Heb je die stap al gedaan met killbox?
Heb je die stap al gedaan met killbox?
ja heb ik gedaan ,bestand is verwijderd uit de system32 map.
jurgenv 21 March 2007, 15:11 Post dan een nieuw hijackthis logje hier en vertel hoe alles verder werkt.
Hier mijn logje.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:18:36, on 21-3-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ams\Bureaublad\Nieuwe map\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
--
End of file - 5002 bytes
Mag ik nog wat vragen? Met de Killbox is dit bestand C:\WINDOWS\System32\bnbgdpbg.dll) verwijderd uit het systeem is dat erg? Heb ik dat niet meer nodig.
Systeem loopt nu stukken beter.
groet
ams
Hallo Jurgenv kan mij de gevraagde info geven.
bvd voor de moeite
groet
ams
|
|