Vraag & Antwoord

Beveiliging & privacy

Hijack This log, help svp

6 antwoorden
  • Goedenavond, ik heb constant last van reclame venster en al heel veel geprobeerd de rotzooi die dit waarschijnlijk veroorzaakt te verwijderen d.m.v. o.a. PCTools Spyware Doctor, Malware Bytes enz. Waarschijnlijk is trojan.lop_com de oorzaak want die komt elke keer terug ondanks dat PC Tools die verwijderd heeft. Onderstaand de Hijack Log. Kan iemand hier naar kijken en mij mee helpen? Mijn dank! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:09:40, on 17-01-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\XS4ALL-webdisk\wdfsctl.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATITool\ATITool.exe C:\Program Files\G6 FTP Server\G6FTPSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe C:\Program Files\Process Explorer\procexp.exe C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\SplashData\SplashID\SplashID Desktop.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files\HiJack This\HiJackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fok.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe O4 - Startup: G6 FTP Server.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe O4 - Startup: ObjectDock.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe O4 - Startup: wfxload.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU) O9 - Extra 'Tools' menuitem: SavePicNoAsk Light - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU) O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228941123812 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228941054843 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 17889 bytes
  • Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:d8bd62a5c3]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe[/b:d8bd62a5c3] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Open een kladblokbestand. Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand. [b:d8bd62a5c3]@ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe ) DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt[/b:d8bd62a5c3] Download [url=http://www.besttechie.net/tools/mbam-setup.exe][b:d8bd62a5c3][color=red:d8bd62a5c3]MalwareBytes' Anti-Malware[/color:d8bd62a5c3][/b:d8bd62a5c3][/url] en sla het op je bureaublad op. Dubbelklik op [b:d8bd62a5c3]mbam-setup.exe[/b:d8bd62a5c3] om het programma te installeren. Zorg dat er na de installatie een vinkje is geplaatst bij:[list:d8bd62a5c3] [*:d8bd62a5c3]Update MalwareBytes' Anti-Malware [*:d8bd62a5c3]Start MalwareBytes' Anti-Malware [/list:u:d8bd62a5c3]Klik daarna op "[b:d8bd62a5c3]Voltooien[/b:d8bd62a5c3]". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:d8bd62a5c3] [*:d8bd62a5c3]Zodra het programma gestart is, ga dan naar het tabblad "[b:d8bd62a5c3]Instellingen[/b:d8bd62a5c3]". [*:d8bd62a5c3]Vink hier aan: "[b:d8bd62a5c3]Sluit Internet Explorer tijdens verwijdering van malware[/b:d8bd62a5c3]". [*:d8bd62a5c3]Ga daarna naar het tabblad "[b:d8bd62a5c3]Scanner[/b:d8bd62a5c3]", kies hier voor "[b:d8bd62a5c3]Snelle Scan[/b:d8bd62a5c3]". [*:d8bd62a5c3]Druk vervolgens op "[b:d8bd62a5c3]Scannen[/b:d8bd62a5c3]" om de scan te starten. [*:d8bd62a5c3]Het scannen kan een tijdje duren, dus wees geduldig. [*:d8bd62a5c3]Wanneer de scan voltooid is, klik op [b:d8bd62a5c3]OK[/b:d8bd62a5c3], daarna "[b:d8bd62a5c3]Bekijk Resultaten[/b:d8bd62a5c3]" om de resultaten te zien. [*:d8bd62a5c3]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:d8bd62a5c3]Verwijder geselecteerde[/b:d8bd62a5c3]". [*:d8bd62a5c3]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [/list:u:d8bd62a5c3]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:d8bd62a5c3]Logs[/b:d8bd62a5c3]" tab te klikken in het programma. Plaats dit logje samen met een nieuw logje van HijackThis
  • Malware Bytes log: Malwarebytes' Anti-Malware 1.33 Database versie: 1665 Windows 5.1.2600 Service Pack 2 18-01-2009 14:06:45 mbam-log-2009-01-18 (14-06-45).txt Scan type: Snelle Scan Objecten gescand: 68578 Verstreken tijd: 3 minute(s), 55 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: (Geen kwaadaardige items gevonden) Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: (Geen kwaadaardige items gevonden) Bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Hijack This LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:40:51, on 18-01-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Norton Ghost\Agent\VProTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\XS4ALL-webdisk\wdfsctl.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\ATITool\ATITool.exe C:\Program Files\G6 FTP Server\G6FTPSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe C:\Program Files\Process Explorer\procexp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\totalcmd\TOTALCMD.EXE C:\Program Files\Avant Browser\avant.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HiJack This\HiJackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fok.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe O4 - Startup: G6 FTP Server.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe O4 - Startup: ObjectDock.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe O4 - Startup: wfxload.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU) O9 - Extra 'Tools' menuitem: SavePicNoAsk Light - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU) O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228941123812 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228941054843 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 17614 bytes Het reclame venster dat ik trouwens elke keer krijg is van adserver5.com.
  • Download [url=http://lop.com/new_uninstall.exe]Lop uninstaller[/url] en sla het op op jouw bureablad Klik 2 keer op uninstall.exe Klik vervolgens 2 x op ok. Typ het nummer wat je ziet over en klik op uninstall Er wordt gevraagd "Please close all browser windows and Explorer folders...". doe dat ook en klik op ok. Start jouw computer opnieuw op als het klaar is. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je Bureaublad. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op Combofix.exe om het te starten. Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate. Klik op OK in het "NirCmd" venstertje. Klik na afloop terug op Ja om het scannen op malware te starten. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen plaats die in je volgende post.
  • Hoi, onderstaand de log van Combofix. ComboFix 09-01-17.04 - Chris 2009-01-18 17:13:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1319 [GMT 1:00] Running from: e:\bestanden\Download Internet\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mxfilerelatedcache.mxc2 c:\recycler\mxfilerelatedcache.mxc2 c:\windows\Downloaded Program Files\setup.inf c:\windows\IE4 Error Log.txt e:\recycler\mxfilerelatedcache.mxc2 . ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d-------- c:\documents and settings\Chris\DoctorWeb 2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes 2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-17 11:59 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 11:59 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-08 18:51 . 2009-01-08 18:51 <DIR> d-------- C:\deljob 2009-01-06 20:30 . 2009-01-06 20:30 <DIR> d-------- c:\documents and settings\Martha\Application Data\anteuserbib 2008-12-25 13:56 . 2008-12-25 14:15 <DIR> d-------- c:\windows\calib_da 2008-12-25 13:56 . 2008-12-25 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Tablet 2008-12-25 13:56 . 2007-08-10 13:30 52,896 --a------ c:\windows\system32\InstallService.exe 2008-12-24 12:41 . 2008-12-24 12:41 <DIR> d-------- c:\windows\system32\XMedia 2008-12-24 12:41 . 2008-12-24 12:41 <DIR> d-------- c:\documents and settings\Chris\Application Data\X-Downloader 2008-12-22 15:11 . 2008-12-22 18:57 <DIR> d-------- c:\documents and settings\Martha\Application Data\gtk-2.0 2008-12-22 15:11 . 2008-12-22 15:11 <DIR> d-------- c:\documents and settings\Martha\.thumbnails 2008-12-22 15:01 . 2008-12-22 18:39 <DIR> d-------- c:\documents and settings\Martha\.gimp-2.6 2008-12-22 15:01 . 2008-12-22 15:01 <DIR> d-------- c:\documents and settings\Martha\.gegl-0.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 16:14 --------- d-----w c:\documents and settings\Chris\Application Data\uTorrent 2009-01-18 16:08 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-18 15:27 --------- d-----w c:\program files\G6 FTP Server 2009-01-18 13:40 --------- d-----w c:\program files\HiJack This 2009-01-18 12:46 --------- d-----w c:\documents and settings\Chris\Application Data\MailWasherPro 2009-01-17 20:10 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-17 19:40 --------- d-----w c:\program files\Zylom Games 2009-01-16 19:11 --------- d-----w c:\program files\Spyware Doctor 2009-01-16 18:33 --------- d-----w c:\program files\Metin2_NL 2009-01-14 20:09 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore 2009-01-11 16:19 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-10 17:53 --------- d-----w c:\documents and settings\Chris\Application Data\DVD Profiler 2009-01-10 17:50 --------- d-----w c:\program files\DVD Profiler 2008-12-29 20:34 --------- d-----w c:\program files\Avant Browser 2008-12-25 15:58 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2008-12-25 12:56 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 20:49 --------- d-----w c:\documents and settings\Chris\Application Data\LimeWirePlus 2008-12-14 13:55 --------- d-----w c:\documents and settings\Chris\Application Data\dvdcss 2008-12-13 19:21 --------- d-----w c:\program files\Pocket Divx Encoder 2008-12-12 17:39 --------- d-----w c:\documents and settings\Cindy\Application Data\Zylom 2008-12-12 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse 2008-12-12 17:15 --------- d-----w c:\documents and settings\Cindy\Application Data\PlayFirst 2008-12-12 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2008-12-12 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 18:46 --------- d-----w c:\program files\pqDVD 2008-12-07 17:29 --------- d-----w c:\program files\DVD Catalyst 2008-12-07 12:12 --------- d-----w c:\program files\MagicISO 2008-12-05 17:44 --------- d-----w c:\program files\PC Wizard 2008 2008-12-01 21:22 --------- d-----w c:\program files\SpeedFan 2008-11-30 18:27 --------- d-----w c:\program files\Secunia 2008-11-30 18:17 --------- d-----w c:\program files\Monkey's Audio 2008-11-18 13:36 7,808 ----a-w c:\windows\system32\drivers\psi_mf.sys 2008-10-08 18:15 16 ---ha-w c:\program files\mxfilerelatedcache.mxc2 2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-29 5724184] "X4ALLNL"="c:\program files\XS4ALL-webdisk\wdfsctl.exe" [2007-02-28 585804] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-07 2075584] "CursorFX"="c:\program files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe" [2008-07-08 654336] "Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-12-05 270128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-10-05 2037088] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608] "CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176] "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2004-03-31 823296] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336] "TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2007-07-04 90112] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576] "TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2003-11-27 499712] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\documents and settings\Chris\Start Menu\Programs\Startup\ ATITool.lnk - c:\program files\ATITool\ATITool.exe [2007-11-28 3182544] G6 FTP Server.lnk - c:\program files\G6 FTP Server\G6FTPSrv.exe [2007-12-09 463360] ObjectDock.exe.lnk - c:\program files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2008-10-12 3581680] Process Explorer.lnk - c:\program files\Process Explorer\procexp.exe [2008-07-26 3522600] Stardock ObjectBar.lnk - c:\program files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe [2007-10-16 1860888] wfxload.exe.lnk - c:\program files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe [2008-08-23 581632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 2756608] DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-08-02 28672] HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-28 67128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2008-03-28 09:23 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-09-22 22:59 174328 c:\progra~1\STARDO~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.I420"= vdrcodec.dll "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u:6148238bdf]0[/u:6148238bdf]OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "c:\\Program Files\\G6 FTP Server\\G6FTPSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"= "c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-12 97928] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-12-07 38656] R4 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568] R4 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 231704] R4 BT848;TerraTV WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2001-05-30 76800] R4 BTTUNER;TerraTV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [2002-03-25 12288] R4 BTXBAR;TerraTV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [2001-05-16 11264] R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2007-12-09 7040] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-02 203280] R4 webdavfs;WebDAV File System;c:\windows\system32\drivers\webdavfs.sys [2008-03-01 81536] S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?] S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992] S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys --> c:\windows\system32\drivers\Btcomm.sys [?] S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys --> c:\windows\system32\DRIVERS\btkrnbdg.sys [?] S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys --> c:\windows\system32\Drivers\csrbc01.sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-14 1527900] S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2007-12-11 6808] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-03 747912] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-06-14 544768] S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys --> c:\windows\system32\drivers\vadmulti.sys [?] --- Other Services/Drivers In Memory --- *Deregistered* - PROCEXP111 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03964cbf-4506-11dd-bbbd-001d60662151}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{160c64b8-3f00-11dd-90af-0015830a0746}] \Shell\AutoRun\command - F:\start.exe . Contents of the 'Scheduled Tasks' folder 2009-01-08 c:\windows\Tasks\AdwareBot Scheduled Scan.job - c:\program files\AdwareBot\AdwareBot.exe [] 2009-01-08 c:\windows\Tasks\AdwareBot Scheduled Scan.job - c:\program files\AdwareBot [] 2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1677128483-839522115-1003.job - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:51] 2008-08-17 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] . - - - - ORPHANS REMOVED - - - - HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.fok.nl/ uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Save Picture - c:\program files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130 LSP: c:\program files\NetLimiter\nl_lsp.dll Trusted Zone: asia.msi.com.tw Trusted Zone: global.msi.com.tw Trusted Zone: www.msi.com.tw Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf O16 -: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab c:\windows\Downloaded Program Files\XDownloader.inf c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab c:\windows\Downloaded Program Files\GoPetsWeb.inf . . ------- File Associations ------- . inffile="c:\program files\Stardock Impulse\Stardock\Object Desktop\Object Edit\oe.exe" "%1" . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 17:17:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1078081533-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,42,42,2b,9f, 8f,e0,1e,c8,28,51,af,b0,29,a3,98,37,8f,da,43,65,5d,f9,cb,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,5c,2f,50,91, 5f,c1,6f,71,3b,04,66,8b,46,0d,96,5b,8b,f0,34,06,ba,eb,4e,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,36,6f,34,e6,f5, 9b,36,6e,25,da,ec,7e,55,20,c9,26,3e,4e,89,f2,69,33,ae,a1,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9b,f4,10,1d,e1, bc,bd,fc,3e,1e,9e,e0,57,5a,93,61,37,54,e1,4a,43,67,a8,37,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,69,d7,30,1c,d4, 1f,75,a5,cd,44,cd,b9,a6,33,6c,cd,fa,20,3f,8a,24,80,c7,38,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e8,0b,3d,38,0e, ab,1d,a4,b0,18,ed,a7,3f,8d,37,a4,50,7c,88,4d,03,c6,9a,5d,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,20,8a,b1,24,e0, cf,cb,8b,31,77,e1,ba,b1,f8,68,02,58,5b,76,b1,68,ae,d9,86,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,43,7b,db,2d,af, 40,1a,41,83,6c,56,8b,a0,85,96,ab,4d,ce,e5,06,56,75,17,90,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,63,29,43,ff,06, e3,cd,54,51,fa,6e,91,28,9e,14,cc,84,0d,b9,bd,a0,6a,1a,53,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,de,3b,d0,d8,a8, df,5a,ee,b1,cd,45,5a,a8,c4,f8,b9,75,55,a9,9f,2b,c5,56,5c,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4d,de,3b,48,90, fe,28,de,e3,0e,66,d5,eb,bc,2f,6b,4c,f6,26,2b,34,33,2f,bd,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f2,28,a5,be,4d, f2,b3,6f,fa,ea,66,7f,d4,3b,6b,70,c3,9b,4d,d4,e5,19,4d,10,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="AD5E82A7B258AC599FC60CC982E602BC062BA301DE4816996D225C28083B9E67250445ADD8BA73C857AF3A2E6D229E4C2E10B8EC441C070D8C7A500D0AEC9A13CF5B98225F0215132BB53D993ADAD1F18DEA1B5FD5BB2E1D145AE2E62D31FAB8154C5F778EE68012B4AD344F37C812E88C20BF90807AAA8C5E548506211B293E61332232F95AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A6171C11EC38DE3D3A1097BFC3DB317E72815BA0CF2338EEC8E36916CCD4E11EFA3A168E35B919FE989BC9CB51488D47399BC515AF38FE853A83FBAF2D5F22031659F2AE1262877BC63BC08D3B38221DB3848D9D5579CDE3B8C82BC229FDF4B4B81B3D7D7053B8DC3A286ECA4774B54CA19AB44FA2E34CB0EFD72D52D8060458140AFB0C435377654F7049C1625854522810C4B2990966496BA8B8D37ADBBC46BE80385C22BDD18945744D219BD5CB62CFEBC745E40DCCBC9D070C3270F85009B4AFFE65C50319F2C0EB788DA76F30610388CEF7D12BF2CC5B92E6CA40ECB3E3531EE1138EA4E38047DFCC1F5D3ED76B15166CAF502F91725E3F0F7094D92049DCA3F74380BA0E42C52E5261BAEE60CFB716B8C5F4FA255943D34C67B9F51263776CD9C9BFF0327D0A8813D55D40250E85605007FA83ECE08CEC6BEBA28ACB0D2F79A5ED1A8636AD49751C6D0A88CB5FF89D51343D52EC9B1F7A3D2BE5F652D770207CE97C4E3D7E1ACC031429AEBB2D74CEDE033C04ED5244409547BBAEED090E8885ECF92FB3D1F7BD5CA2452F1E17BAC6A29B1ECAFC802A55CE558335AB18BE30E71B4A25C63EC14AC3EA909A646E752BC79B2C6B6854E0A6435FBDA55D311E67520A483FE70BBAC757AE5C95C0B930F5FD94D1BFC5B25FF2D5649130193528D277C472A04EB80B5F3AA9A257A9345B78F60A21B4EB337D4E6A56C79436B9C1EB8CCAEB80F3F5BE901205FDAC5A4B4BD26DF54ECAF79FF9A0691C50AB5385AEFE4A8FFA2B17AAC42B8AE12FF6D2A2397D1B453219CA79F425BE8D3BDD51161CAC6FF98B7E39EE6F5651D398A8D69140433F594A470774F4ECDCF9BEA8549C96693C652B6E2210768B9A63444A6BA0E1429F86371395F5635A36233521C57B10FEF79E0E82D811F5179C8CDCF95D8F03ED0117BDCD221B8B2646BF1CEB534EE0896C6C8BD52FA6ED9D903EB2653CCF6A0C32C5C75C1DB222DB87799542EEDEC2F965829C96B4BA409236DD39D2588945B700C560B9BAC13A5A7A6D6774CB2F5395358DE08AC0E834C0D0C2891ACC95A4DFC0BB39F073FD4ED725ADFAE3E47316F3B32C1D86EC0577C526395D27F1837B48C93FA82482533BD810426007F594EF82B6F035F6179497938002167AE716A386" "OODEFRAG10.00.00.01WORKSTATION"="1F15E6E68687F201C6C733BE9FE350615B98FBE9F2C21B65C76652208E617521EEB2B9DD010142F1A539CA62DD6D98A737E07285484FC67DFC74BDD012526463073530F6EC16F5144EAE310F24F71C017EEA06296F26DB874BEADCAACE00E9FAD373E3037CCE92FD212CF8A96449A929A487E1EE3CE810035205141C190BC2CDC63894652569FD98FDA8DBA9D65CEF2D9A7CD703C6707EC4B7F67026FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808C038D530D6EB34527B715A67A268180C4A94F65D4998D7A13D8681C201490CC64D918931A9D4B4C62BE23982B0FEEDB10EA7150BE66BF439146AD42069F1C7E3ADCBBF7115B44C0D1D061F310D128DB48640C80DD55C03210C33A7F875E7EDCE001E6441AF68C12E1F0F9578459F213B60ED013053536455D5EB737E3421B9F517311D567794483045610735E718F3FC92F41493A0B11E62E5571735370A885D8962713B71503929651A45148760F8C7534BBBA980C55C6B76E8D47513015F1D3041CACDA1A78E461D870498BDD2427D9F1F14BC3C586925834A536CE158E25EAA97FABF151BE849C82A5C1A24BA8B93374D9F662122B9DC4F551C9A41D86062595B3495D89E0C040D3B49C3DC59AF139FEAC3978051636EDE1E1FD5533CC3FBE3BB0D2B7F9A616151232D920AE431971FBE4A142D881ECC7A662D463DB12391339A032C20E972DB3F82CBDA5385B3D44244DE72015D4A7E2F287DE7A8DB341FF68BF39B565E7104C72ACCC2E458008FDAAB149FD759E71E4F8FAA0D44D2D034A05AA34F3F3AB0FC1EA03D456DEE841F7B58DF5C937B9E596F7C32D8BF22F873E50339EFFE362802B7220DB0A1CC51737B619A3A983537F1E8847745D2C64F94C1B7407D3A7F74DCCF9A1129B96D1B8C791382A14E6C9E3FD86FBF9E35B41B62715DA8479D3455EEE62F81A36F3BBA7F53EBB84FA2FAE82B213A3705A653463C770F45745669AE2CBFB47A6C03192D75AF2041520530CA34E4956AED66FC60161A184D7E1826071D6136FC20B8DA94AC7397080FEB4E9E6C8E64CCA33C021CF6E3FBDD3299688C5E1772EDB4D84AB3F54DECD8BCCD88E1F84B4235C070A3D0F9A1EEF334949E0E9EEEDA936E2DA474B52DEFE5E6298BB6968C78DCB6521BF94DE65A73F648AD8023BD181CE9879AE4E6C5A3C3EC7DF36291860AE2C9319034370A5D2646F6EC79C49A031894395033159041EB0550D3CFCCB3A9C914E325448B2448B33FE7A8B66F5F2A7A319BE036E2C9333CB32AB28D3ECFC1F601456C91B793A02F54E42017A32C519D568A576785F01976579689CA71DC6CB552B0EAA5B97AA00AC9BD092074E26DBCF06435E24449C6BE1E28C65F82A07D349C" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1180) c:\windows\system32\Ati2evxx.dll c:\progra~1\COMMON~1\Stardock\mcpstub.dll c:\progra~1\STARDO~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll c:\windows\system32\webdavnp.dll - - - - - - - > 'lsass.exe'(1236) c:\program files\NetLimiter\nl_lsp.dll c:\windows\system32\nl_msgc.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\progra~1\COMMON~1\Stardock\sdmcp.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\system32\oodag.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\windows\system32\rundll32.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\McAfee\MSC\mcuimgr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\taskmgr.exe . ************************************************************************** . Completion time: 2009-01-18 17:25:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-18 16:25:35 Pre-Run: 35.718.074.368 bytes free Post-Run: 38,402,306,048 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 387 --- E O F --- 2008-10-15 17:45:10
  • Zoals het er nu uit ziet ben ik van de ellende verlost! Hartelijk dank voor je hulp!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.