Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Probleem met System32:lpr.exe

Anoniem
TimvdM
10 antwoorden
  • Een zeer welgestelde goedemiddag,

    Ik heb een "klein" probleempje met mijn laptop.
    3 weken terug heb ik last gehad van een MSN virus wat al eerder beschreven is op dit forum.
    Een niet zo snugger maatje van mij was bezig op mijn laptop met MSN en kreeg een berichtje van een contact met de melding :jij staat op deze foto, klik op deze link.

    Nu heeft hij daar dus op geklikt met alle gevolgen van dien. Gelukkig was ik er redelijk op tijd bij en heb verdere nog redelijk kunnen voorkomen.
    Na wat antivirusprogramma's (symantec en Hitman pro) laten lopen, defragmenteren, HD controleren, HD opschonen is de laptop weer redelijk tot leven gekomen.
    Maar nu kreeg ik afgelopen weekend een melding over een Trojan Virus. Het gaat om [b:cd2d26c725]system32:lpr.exe[/b:cd2d26c725]
    Ik ben op het internet aan het zoeken gegaan naar deze melding en kwam iets soortgelijks hier tegen op dit forum. In dit topic staat een oplossing voor het probleem met msn
    Nu is het zo dat mijn laptop niet dezelfde systeemspecs heeft als die gebruiker.

    Zelf heb ik al een aantal stappen proberen te volgen.
    Maar ik kan er niet veel wijs uit worden dus vraag ik om jullie hulp.
    [i:cd2d26c725]Hier een log van Virtomundobegone :[/i:cd2d26c725]

    [07/09/2007, 13:42:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Timmeyh\Bureaublad\VirtumundoBeGone.exe" )
    [07/09/2007, 13:42:44] - Detected System Information:
    [07/09/2007, 13:42:44] - Windows Version: 5.1.2600, Service Pack 2
    [07/09/2007, 13:42:44] - Current Username: Timmeyh (Admin)
    [07/09/2007, 13:42:44] - Windows is in NORMAL mode.
    [07/09/2007, 13:42:44] - Searching for Browser Helper Objects:
    [07/09/2007, 13:42:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [07/09/2007, 13:42:44] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [07/09/2007, 13:42:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/09/2007, 13:42:45] - Checking for HKLM\…\Winlogon\Notify\SDHelper
    [07/09/2007, 13:42:45] - Key not found: HKLM\…\Winlogon\Notify\SDHelper, continuing.
    [07/09/2007, 13:42:45] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [07/09/2007, 13:42:45] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [07/09/2007, 13:42:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [07/09/2007, 13:42:45] - No filename found. Continuing.
    [07/09/2007, 13:42:45] - Finished Searching Browser Helper Objects
    [07/09/2007, 13:42:45] - Finishing up…
    [07/09/2007, 13:42:45] - Nothing found! Exiting…


    [i:cd2d26c725]En hier de log van Hijackthis :[/i:cd2d26c725]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:11:50, on 9-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\Symantec AntiVirus\DoScan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Documents and Settings\Timmeyh\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WayFord] C:\DOCUME~1\Timmeyh\APPLIC~1\ABOUTO~1\Long Option List.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://calabash.dnsdojo.net/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 10007 bytes


    Alvast bedankt voor jullie medewerking

  • Installeer hijackthis.exe bijv. in C:\Program Files\[b:98120e5748]Hijackthis[/b:98120e5748]
    Dit in verband met de backups die dit programma maakt.

    Mogelijk een infectie met lop.com




    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:98120e5748]
    O4 - HKCU\..\Run: [WayFord] C:\DOCUME~1\Timmeyh\APPLIC~1\ABOUTO~1\Long Option List.exe
    [/b:98120e5748]
    Klik op 'Fix checked' om de items te verwijderen.

    Open de verkenner ("Mijn Computer";) en kies [b:98120e5748]Extra[/b:98120e5748] -> [b:98120e5748]Mapopties…[/b:98120e5748]
    Controleer onder [b:98120e5748]Weergave[/b:98120e5748] de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories:
    C:\DOCUME~1\Timmeyh\APPLIC~1\[b:98120e5748]ABOUTO~1[/b:98120e5748]\

    Download dit bestand:
    [b:98120e5748]Deljob.exe[/b:98120e5748]
    Plaats het op je bureaublad.
    Indien je virusscanner de download van deljob.exe blokkeert,
    schakel dan tijdelijk je virusscanner uit of download de zip-versie
    [b:98120e5748]deljob.zip[/b:98120e5748]
    en pak deze uit naar je Bureaublad.
    Dubbelklik [b:98120e5748]Deljob.exe[/b:98120e5748].
    Een logje(logit.txt) zal openen, het bestandje kan je ook terugvinden op je bureaublad.
    Post de inhoud van [b:98120e5748]logit.txt[/b:98120e5748] in je volgende bericht.
  • Oke, alvast bedankt voor de hulp.
    ik heb gedaan wat je zei.

    hier is de log van deljob.exe

    ——————————————————–
    No LOP jobs found
    ——————————————————–
    Files remaining after cleaning

    ——————————————————–
    App data folders

    Het volume in station C heeft geen naam.
    Het volumenummer is F0E1-CCEE

    Map van C:\Documents and Settings\Timmeyh\Application Data

    09-07-2007 20:15 <DIR> .
    09-07-2007 20:15 <DIR> ..
    01-04-2007 18:12 <DIR> Adobe
    05-03-2007 18:29 <DIR> AdobeUM
    07-03-2007 21:17 <DIR> APPLEC~1 Apple Computer
    22-02-2007 19:36 <DIR> ATI
    25-02-2007 20:52 <DIR> Autodesk
    08-07-2007 22:59 <DIR> Azureus
    11-03-2007 14:28 <DIR> CYBERL~1 CyberLink
    19-05-2007 16:35 <DIR> DATALA~1 Datalayer
    24-03-2007 15:01 <DIR> Google
    22-02-2007 21:50 <DIR> Help
    22-02-2007 19:06 <DIR> IDENTI~1 Identities
    22-02-2007 19:33 <DIR> Intel
    04-06-2007 20:18 <DIR> Lavasoft
    09-07-2007 20:14 <DIR> LimeWire
    19-05-2007 20:22 <DIR> M3
    22-02-2007 22:01 <DIR> MACROM~1 Macromedia
    04-06-2007 18:31 <DIR> MEDIAP~1 Media Player Classic
    15-03-2007 14:58 <DIR> MICROS~1 Microsoft
    22-02-2007 20:10 <DIR> Mozilla
    25-02-2007 14:42 <DIR> MYPHON~1 MyPhoneExplorer
    24-05-2007 18:11 <DIR> Nokia
    02-06-2007 13:22 <DIR> NOKIAM~1 Nokia Multimedia Player
    24-05-2007 18:19 <DIR> PCSUIT~1 PC Suite
    04-06-2007 20:12 <DIR> PCTOOL~1 PC Tools
    22-02-2007 22:11 <DIR> Real
    06-04-2007 12:29 <DIR> SCREEN~1 Screenshot Sender
    23-05-2007 19:53 <DIR> SecuROM
    22-02-2007 22:22 <DIR> Sun
    22-02-2007 19:23 <DIR> Symantec
    27-02-2007 20:43 <DIR> TIJD
    09-04-2007 17:50 <DIR> U3
    04-06-2007 20:11 <DIR> Webroot
    0 bestand(en) 0 bytes
    34 map(pen) 9.763.664.896 bytes beschikbaar
    Het volume in station C heeft geen naam.
    Het volumenummer is F0E1-CCEE

    Map van C:\Documents and Settings\All Users\Application Data

    07-07-2007 12:17 <DIR> .
    07-07-2007 12:17 <DIR> ..
    04-03-2007 04:04 <DIR> Adobe
    25-02-2007 15:07 <DIR> ADOBES~1 Adobe Systems
    22-02-2007 20:14 <DIR> Ahead
    07-07-2007 12:17 <DIR> Apple
    25-02-2007 15:31 <DIR> APPLEC~1 Apple Computer
    25-02-2007 20:37 <DIR> Autodesk
    18-05-2007 17:43 <DIR> DOWNLO~1 Downloaded Installations
    22-02-2007 22:36 <DIR> Google
    07-07-2007 12:32 <DIR> INFOTH~1 InfoThisDash64
    22-02-2007 19:33 <DIR> Intel
    02-03-2007 21:42 <DIR> MESSEN~1 Messenger Plus!
    04-06-2007 20:10 <DIR> MICROS~1 Microsoft
    18-05-2007 17:58 <DIR> Nokia
    18-05-2007 17:44 <DIR> PCSUIT~1 PC Suite
    22-02-2007 19:11 <DIR> SBSI
    20-06-2007 00:04 <DIR> SPYBOT~1 Spybot - Search & Destroy
    22-02-2007 20:36 <DIR> Symantec
    13-04-2007 19:42 <DIR> TEMP
    04-06-2007 20:11 <DIR> Webroot
    28-02-2007 18:48 <DIR> WINDOW~1 Windows Genuine Advantage
    0 bestand(en) 0 bytes
    22 map(pen) 9.763.663.872 bytes beschikbaar

    kun je er wat mee?
  • Mag ik ook een nieuw HJT logje aub.
  • sorry vergeten :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:28:39, on 9-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Timmeyh\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://calabash.dnsdojo.net/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    End of file - 9912 bytes

  • 1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:23cf773009]Select All[/b:23cf773009].
    Klik op de knop [b:23cf773009]Empty Selected[/b:23cf773009].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:23cf773009]Select All[/b:23cf773009].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:23cf773009]Empty Selected[/b:23cf773009].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:23cf773009]Select All[/b:23cf773009].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:23cf773009]Empty Selected[/b:23cf773009].
    Ga naar het tabblad "Main" en klik op de knop [b:23cf773009]Exit[/b:23cf773009] om het programma af te sluiten.

    2. Download [b:23cf773009]Dr.Web CureIt[/b:23cf773009] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:23cf773009]drweb-cureit.exe[/b:23cf773009] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:23cf773009]Options[/b:23cf773009] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:23cf773009]groene pijl[/b:23cf773009] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:23cf773009]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:23cf773009]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:23cf773009]Move incurable[/b:23cf773009] zoals je zal zien in volgende afbeelding:
    [img:23cf773009]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:23cf773009]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:23cf773009]file[/b:23cf773009] en kies [b:23cf773009]save report list[/b:23cf773009]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:23cf773009]Herstart[/b:23cf773009] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis
  • Zo na een nachtje scannen is DR.Web eindelijk klaar.
    Hier is de logfile :
    [img:891cc5d8d3]http://img63.imageshack.us/img63/4940/logfiledrwebql4.th.jpg[/img:891cc5d8d3]

    Het lukte mij niet om de kolommen van het CSV te behouden, daarom heb ik er een screenschot van gemaakt

    Wil je er nog een hijack log bij?
  • Download [b:007d5846a1]Combofix[/b:007d5846a1] naar je Bureaublad.[list:007d5846a1]
    Dubbelklik op [b:007d5846a1]Combofix.exe[/b:007d5846a1]
    Volg de instructies, aanvaard de disclaimer door [b:007d5846a1]1[/b:007d5846a1] (continue) te typen.
    Tijdens het runnen van de fix, [b:007d5846a1]NIET[/b:007d5846a1] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:007d5846a1]
    Wanneer de fix voltooid is en na herstart, zal de log [b:007d5846a1]combofix.txt[/b:007d5846a1] openen.
    [i:007d5846a1]Plaats dit log in je volgende post tesamen met een nieuw HijackThis log.[/i:007d5846a1]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Ik moet er bij zeggen dat hij bij het opstarten niet meer de trojan virus aangeeft.
    En ik heb ook hitman pro verwijderd van mijn HD, dus kan zijn
    dat er enige verschillen zijn tussen de vorige logs.

    [i:82540c46a1]Log van hijackthis :[/i:82540c46a1]

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:14:37, on 10-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset
    od32krn.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Timmeyh\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://calabash.dnsdojo.net/activex/AMC.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    End of file - 9202 bytes

    [i:82540c46a1]log van combofix[/i:82540c46a1]

    "Timmeyh" - 2007-07-10 17:17:26 - ComboFix 07-07-09.3 - Service Pack 2


    ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))


    2007-07-10 13:23 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-07-09 21:28 <DIR> d——– C:\DOCUME~1\Timmeyh\DoctorWeb
    2007-07-09 16:35 <DIR> d——– C:\VundoFix Backups
    2007-07-09 13:43 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-07-09 13:39 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-07-07 20:40 <DIR> dr-h—– C:\DOCUME~1\Timmeyh\Onlangs geopend
    2007-07-07 12:17 <DIR> d——– C:\Program Files\Common Files\Apple
    2007-07-07 12:17 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-07-04 18:05 5,632 –a—— C:\WINDOWS\system32\ptpusb.dll
    2007-07-04 18:05 159,232 –a—— C:\WINDOWS\system32\ptpusd.dll
    2007-07-04 18:05 15,104 –a—— C:\WINDOWS\system32\drivers\usbscan.sys
    2007-07-02 22:22 <DIR> d——– C:\Program Files\aboutonline
    2007-07-02 22:21 <DIR> d——– C:\Program Files\3wPlayer
    2007-06-26 20:28 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\InfoThisDash64
    2007-06-24 17:39 <DIR> d——– C:\keygen
    2007-06-20 19:20 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-06-17 21:51 <DIR> d–h—– C:\WINDOWS\PIF
    2007-06-10 15:28 <DIR> d——– C:\Program Files\Windows Live


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-10 14:23:51 ——– d—–w C:\Program Files\Symantec AntiVirus
    2007-07-10 14:21:24 ——– d—–w C:\Program Files\Hitman Pro
    2007-07-10 14:20:06 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\Lavasoft
    2007-07-09 18:14:54 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\LimeWire
    2007-07-08 20:59:02 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\Azureus
    2007-07-07 14:22:40 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-07-07 12:27:58 ——– d—–w C:\Program Files\iPod
    2007-07-07 12:26:59 ——– d—–w C:\Program Files\Apple Software Update
    2007-07-04 16:55:17 ——– d—–w C:\Program Files\FlashFXP
    2007-07-04 15:57:34 ——– d—–w C:\Program Files\Common Files\Nokia
    2007-07-04 15:57:33 ——– d—–w C:\Program Files\Nokia
    2007-06-30 19:47:39 ——– d—–w C:\Program Files\MyPhoneExplorer
    2007-06-20 16:00:46 ——– d—–w C:\Program Files\MSN Messenger
    2007-06-20 06:18:20 ——– d—–w C:\Program Files\WinZix
    2007-06-10 13:28:12 ——– d—–w C:\Program Files\Messenger Plus! Live
    2007-06-04 18:11:39 164 —-a-w C:\install.dat
    2007-06-04 16:31:41 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\Media Player Classic
    2007-06-03 17:00:49 ——– d—–w C:\Program Files\K-Lite Codec Pack
    2007-06-02 11:22:47 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\Nokia Multimedia Player
    2007-05-27 18:27:35 ——– d—–w C:\Program Files\ASUS
    2007-05-26 17:34:49 ——– d—–w C:\Program Files\Deskshare
    2007-05-26 17:24:37 ——– d—–w C:\Program Files\TurboDemo 7.5 Trial
    2007-05-26 17:18:29 39 —-a-w C:\WINDOWS\TDEVXCW60.DLL
    2007-05-26 17:18:29 39 —-a-w C:\WINDOWS\system32\TEVPXCW60.DLL
    2007-05-25 16:53:14 ——– d—–w C:\Program Files\Common Files\Teleca Shared
    2007-05-24 18:23:59 ——– d—–w C:\Program Files\TomTom DesktopSuite
    2007-05-24 16:19:36 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\PC Suite
    2007-05-24 16:11:54 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\Nokia
    2007-05-23 17:53:41 ——– d–h–r C:\DOCUME~1\Timmeyh\APPLIC~1\SecuROM
    2007-05-23 17:53:40 108,144 —-a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-05-19 18:22:42 ——– d—–w C:\Program Files\AviSynth 2.5
    2007-05-19 18:22:10 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\M3
    2007-05-19 17:48:50 ——– d—–w C:\Program Files\Lonely Cat Games
    2007-05-19 14:35:52 ——– d—–w C:\DOCUME~1\Timmeyh\APPLIC~1\Datalayer
    2007-05-19 12:02:07 ——– d—–w C:\Program Files\eRightSoft
    2007-05-18 15:44:32 ——– d—–w C:\Program Files\DIFX
    2007-05-18 15:44:10 ——– d—–w C:\Program Files\Common Files\PCSuite
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-12 11:40:23 ——– d—–w C:\Program Files\QuickTime
    2007-05-11 08:06:23 ——– d—–w C:\Program Files\Alfa & Ariss
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-11 18:44:59 298,104 —-a-w C:\WINDOWS\system32\imon.dll
    2006-05-03 09:06:54 163,328 –sh–r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47:16 31,232 –sh–r C:\WINDOWS\system32\msfDX.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 05:16 59032 –a—— C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 –a—— C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 06:39 C:\WINDOWS\RTHDCPL.EXE]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 00:26]
    "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 18:09]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56]
    "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 16:20]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 11:21]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 13:42]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 14:28]
    "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 21:24]
    "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
    "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ASUS ChkMail.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ASUS ChkMail.lnk
    backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^AutoCAD Startup Accelerator.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\AutoCAD Startup Accelerator.lnk
    backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyvesKwekker]
    C:\Program Files\Hyves Kwekker\HyvesDesktop_2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
    "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7F67F8DD-D049-BFA7-4E4F-8F317C66F7EE}
    C:\WINDOWS\system32:lpr.exe

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-10 17:19:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-10 17:19:55
    C:\ComboFix2.txt … 2007-07-10 13:27

    — E O F —



  • Installeer hijackthis.exe bijv. in C:\Program Files\[b:0e137662c1]Hijackthis[/b:0e137662c1]
    Dit in verband met de backups die dit programma maakt.

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:0e137662c1]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    [/b:0e137662c1]
    Klik op 'Fix checked' om de items te verwijderen.

    ziet er verder schoon uit, alleen zie ik nog steeds 2 antivirusscanners actief. De NOD32 is zeker van HMP? zet die even uit dan.

    HMP had je verwijderd toch?

    Dan kan je dit ook verwijderen.
    C:\Program Files\[b:0e137662c1]Hitman Pro [/b:0e137662c1]

    hoe gaat het nu?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.