Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack This log, help svp

Anoniem
Othuroyo
6 antwoorden
  • Goedenavond,

    ik heb constant last van reclame venster en al heel veel geprobeerd de rotzooi die dit waarschijnlijk veroorzaakt te verwijderen d.m.v. o.a. PCTools Spyware Doctor, Malware Bytes enz.

    Waarschijnlijk is trojan.lop_com de oorzaak want die komt elke keer terug ondanks dat PC Tools die verwijderd heeft.

    Onderstaand de Hijack Log.

    Kan iemand hier naar kijken en mij mee helpen?

    Mijn dank!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:09:40, on 17-01-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATITool\ATITool.exe
    C:\Program Files\G6 FTP Server\G6FTPSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
    C:\Program Files\Process Explorer\procexp.exe
    C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Spyware Doctor\pctsGui.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\SplashData\SplashID\SplashID Desktop.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\Program Files\HiJack This\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fok.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
    O4 - Startup: G6 FTP Server.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe
    O4 - Startup: ObjectDock.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
    O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
    O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
    O4 - Startup: wfxload.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
    pjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
    pjpi150_03.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
    O9 - Extra 'Tools' menuitem: SavePicNoAsk Light - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228941123812
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228941054843
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 17889 bytes


  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:d8bd62a5c3]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe[/b:d8bd62a5c3]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.

    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:d8bd62a5c3]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe ) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:d8bd62a5c3]


    Download [b:d8bd62a5c3] en sla het op je bureaublad op.
    Dubbelklik op [b:d8bd62a5c3]mbam-setup.exe[/b:d8bd62a5c3] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:d8bd62a5c3]
    [*:d8bd62a5c3]Update MalwareBytes' Anti-Malware
    [*:d8bd62a5c3]Start MalwareBytes' Anti-Malware
    [/list:u:d8bd62a5c3]Klik daarna op "[b:d8bd62a5c3]Voltooien[/b:d8bd62a5c3]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:d8bd62a5c3]
    [*:d8bd62a5c3]Zodra het programma gestart is, ga dan naar het tabblad "[b:d8bd62a5c3]Instellingen[/b:d8bd62a5c3]".
    [*:d8bd62a5c3]Vink hier aan: "[b:d8bd62a5c3]Sluit Internet Explorer tijdens verwijdering van malware[/b:d8bd62a5c3]".
    [*:d8bd62a5c3]Ga daarna naar het tabblad "[b:d8bd62a5c3]Scanner[/b:d8bd62a5c3]", kies hier voor "[b:d8bd62a5c3]Snelle Scan[/b:d8bd62a5c3]".
    [*:d8bd62a5c3]Druk vervolgens op "[b:d8bd62a5c3]Scannen[/b:d8bd62a5c3]" om de scan te starten.
    [*:d8bd62a5c3]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:d8bd62a5c3]Wanneer de scan voltooid is, klik op [b:d8bd62a5c3]OK[/b:d8bd62a5c3], daarna "[b:d8bd62a5c3]Bekijk Resultaten[/b:d8bd62a5c3]" om de resultaten te zien.
    [*:d8bd62a5c3]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:d8bd62a5c3]Verwijder geselecteerde[/b:d8bd62a5c3]".
    [*:d8bd62a5c3]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:d8bd62a5c3]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:d8bd62a5c3]Logs[/b:d8bd62a5c3]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Malware Bytes log:

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1665
    Windows 5.1.2600 Service Pack 2

    18-01-2009 14:06:45
    mbam-log-2009-01-18 (14-06-45).txt

    Scan type: Snelle Scan
    Objecten gescand: 68578
    Verstreken tijd: 3 minute(s), 55 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)


    Hijack This LOG:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:40:51, on 18-01-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ATITool\ATITool.exe
    C:\Program Files\G6 FTP Server\G6FTPSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
    C:\Program Files\Process Explorer\procexp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
    C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\totalcmd\TOTALCMD.EXE
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HiJack This\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fok.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
    O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe
    unkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
    O4 - Startup: G6 FTP Server.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe
    O4 - Startup: ObjectDock.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
    O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
    O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
    O4 - Startup: wfxload.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
    pjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin
    pjpi150_03.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
    O9 - Extra 'Tools' menuitem: SavePicNoAsk Light - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228941123812
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228941054843
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 17614 bytes

    Het reclame venster dat ik trouwens elke keer krijg is van adserver5.com.


  • Download Lop uninstaller en sla het op op jouw bureablad
    Klik 2 keer op uninstall.exe
    Klik vervolgens 2 x op ok.
    Typ het nummer wat je ziet over en klik op uninstall
    Er wordt gevraagd "Please close all browser windows and Explorer folders…". doe dat ook en klik op ok.
    Start jouw computer opnieuw op als het klaar is.


    Download Combofix naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Klik op OK in het "NirCmd" venstertje.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen plaats die in je volgende post.
  • Hoi,

    onderstaand de log van Combofix.

    ComboFix 09-01-17.04 - Chris 2009-01-18 17:13:14.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1319 [GMT 1:00]
    Running from: e:\bestanden\Download Internet\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mxfilerelatedcache.mxc2
    c:\recycler\mxfilerelatedcache.mxc2
    c:\windows\Downloaded Program Files\setup.inf
    c:\windows\IE4 Error Log.txt
    e:\recycler\mxfilerelatedcache.mxc2

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
    .

    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\documents and settings\Chris\DoctorWeb
    2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d——– c:\documents and settings\Chris\Application Data\Malwarebytes
    2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-17 11:59 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-17 11:59 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-01-08 18:51 . 2009-01-08 18:51 <DIR> d——– C:\deljob
    2009-01-06 20:30 . 2009-01-06 20:30 <DIR> d——– c:\documents and settings\Martha\Application Data\anteuserbib
    2008-12-25 13:56 . 2008-12-25 14:15 <DIR> d——– c:\windows\calib_da
    2008-12-25 13:56 . 2008-12-25 14:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Tablet
    2008-12-25 13:56 . 2007-08-10 13:30 52,896 –a—— c:\windows\system32\InstallService.exe
    2008-12-24 12:41 . 2008-12-24 12:41 <DIR> d——– c:\windows\system32\XMedia
    2008-12-24 12:41 . 2008-12-24 12:41 <DIR> d——– c:\documents and settings\Chris\Application Data\X-Downloader
    2008-12-22 15:11 . 2008-12-22 18:57 <DIR> d——– c:\documents and settings\Martha\Application Data\gtk-2.0
    2008-12-22 15:11 . 2008-12-22 15:11 <DIR> d——– c:\documents and settings\Martha\.thumbnails
    2008-12-22 15:01 . 2008-12-22 18:39 <DIR> d——– c:\documents and settings\Martha\.gimp-2.6
    2008-12-22 15:01 . 2008-12-22 15:01 <DIR> d——– c:\documents and settings\Martha\.gegl-0.0

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-18 16:14 ——— d—–w c:\documents and settings\Chris\Application Data\uTorrent
    2009-01-18 16:08 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-18 15:27 ——— d—–w c:\program files\G6 FTP Server
    2009-01-18 13:40 ——— d—–w c:\program files\HiJack This
    2009-01-18 12:46 ——— d—–w c:\documents and settings\Chris\Application Data\MailWasherPro
    2009-01-17 20:10 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-01-17 19:40 ——— d—–w c:\program files\Zylom Games
    2009-01-16 19:11 ——— d—–w c:\program files\Spyware Doctor
    2009-01-16 18:33 ——— d—–w c:\program files\Metin2_NL
    2009-01-14 20:09 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
    2009-01-11 16:19 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-10 17:53 ——— d—–w c:\documents and settings\Chris\Application Data\DVD Profiler
    2009-01-10 17:50 ——— d—–w c:\program files\DVD Profiler
    2008-12-29 20:34 ——— d—–w c:\program files\Avant Browser
    2008-12-25 15:58 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
    2008-12-25 12:56 ——— d–h–w c:\program files\InstallShield Installation Information
    2008-12-22 20:49 ——— d—–w c:\documents and settings\Chris\Application Data\LimeWirePlus
    2008-12-14 13:55 ——— d—–w c:\documents and settings\Chris\Application Data\dvdcss
    2008-12-13 19:21 ——— d—–w c:\program files\Pocket Divx Encoder
    2008-12-12 17:39 ——— d—–w c:\documents and settings\Cindy\Application Data\Zylom
    2008-12-12 17:17 ——— d—–w c:\documents and settings\All Users\Application Data\GameHouse
    2008-12-12 17:15 ——— d—–w c:\documents and settings\Cindy\Application Data\PlayFirst
    2008-12-12 17:15 ——— d—–w c:\documents and settings\All Users\Application Data\PlayFirst
    2008-12-12 17:11 ——— d—–w c:\documents and settings\All Users\Application Data\Zylom
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-07 18:46 ——— d—–w c:\program files\pqDVD
    2008-12-07 17:29 ——— d—–w c:\program files\DVD Catalyst
    2008-12-07 12:12 ——— d—–w c:\program files\MagicISO
    2008-12-05 17:44 ——— d—–w c:\program files\PC Wizard 2008
    2008-12-01 21:22 ——— d—–w c:\program files\SpeedFan
    2008-11-30 18:27 ——— d—–w c:\program files\Secunia
    2008-11-30 18:17 ——— d—–w c:\program files\Monkey's Audio
    2008-11-18 13:36 7,808 —-a-w c:\windows\system32\drivers\psi_mf.sys
    2008-10-08 18:15 16 —ha-w c:\program files\mxfilerelatedcache.mxc2
    2006-06-23 22:48 32,768 —-a-r c:\windows\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-29 5724184]
    "X4ALLNL"="c:\program files\XS4ALL-webdisk\wdfsctl.exe" [2007-02-28 585804]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-07 2075584]
    "CursorFX"="c:\program files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe" [2008-07-08 654336]
    "Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-12-05 270128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-10-05 2037088]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
    "LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
    "CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
    "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
    "NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2004-03-31 823296]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2007-07-04 90112]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
    "TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2003-11-27 499712]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

    c:\documents and settings\Chris\Start Menu\Programs\Startup\
    ATITool.lnk - c:\program files\ATITool\ATITool.exe [2007-11-28 3182544]
    G6 FTP Server.lnk - c:\program files\G6 FTP Server\G6FTPSrv.exe [2007-12-09 463360]
    ObjectDock.exe.lnk - c:\program files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2008-10-12 3581680]
    Process Explorer.lnk - c:\program files\Process Explorer\procexp.exe [2008-07-26 3522600]
    Stardock ObjectBar.lnk - c:\program files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe [2007-10-16 1860888]
    wfxload.exe.lnk - c:\program files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe [2008-08-23 581632]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 2756608]
    DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-08-02 28672]
    HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-28 67128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\system32\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\MCPClient]
    2008-03-28 09:23 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\WBSrv]
    2008-09-22 22:59 174328 c:\progra~1\STARDO~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll
    "VIDC.I420"= vdrcodec.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\[u:6148238bdf]0[/u:6148238bdf]OODBS

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
    "c:\\Program Files\\G6 FTP Server\\G6FTPSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-12 97928]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-12-07 38656]
    R4 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
    R4 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
    R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 231704]
    R4 BT848;TerraTV WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2001-05-30 76800]
    R4 BTTUNER;TerraTV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [2002-03-25 12288]
    R4 BTXBAR;TerraTV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [2001-05-16 11264]
    R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2007-12-09 7040]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-02 203280]
    R4 webdavfs;WebDAV File System;c:\windows\system32\drivers\webdavfs.sys [2008-03-01 81536]
    S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys –> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
    S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
    S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys –> c:\windows\system32\drivers\Btcomm.sys [?]
    S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys –> c:\windows\system32\DRIVERS\btkrnbdg.sys [?]
    S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys –> c:\windows\system32\Drivers\csrbc01.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-14 1527900]
    S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2007-12-11 6808]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-03 747912]
    S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-06-14 544768]
    S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys –> c:\windows\system32\drivers\vadmulti.sys [?]

    — Other Services/Drivers In Memory —

    *Deregistered* - PROCEXP111

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03964cbf-4506-11dd-bbbd-001d60662151}]
    \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{160c64b8-3f00-11dd-90af-0015830a0746}]
    \Shell\AutoRun\command - F:\start.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2009-01-08 c:\windows\Tasks\AdwareBot Scheduled Scan.job
    - c:\program files\AdwareBot\AdwareBot.exe []

    2009-01-08 c:\windows\Tasks\AdwareBot Scheduled Scan.job
    - c:\program files\AdwareBot []

    2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1677128483-839522115-1003.job
    - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:51]

    2008-08-17 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe


    .
    ——- Supplementary Scan ——-
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://www.fok.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Save Picture - c:\program files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130
    LSP: c:\program files\NetLimiter
    l_lsp.dll
    Trusted Zone: asia.msi.com.tw
    Trusted Zone: global.msi.com.tw
    Trusted Zone: www.msi.com.tw
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
    hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
    c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf

    O16 -: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab
    c:\windows\Downloaded Program Files\XDownloader.inf

    c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
    hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    c:\windows\Downloaded Program Files\GoPetsWeb.inf
    .
    .
    ——- File Associations ——-
    .
    inffile="c:\program files\Stardock Impulse\Stardock\Object Desktop\Object Edit\oe.exe" "%1"
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 17:17:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_USERS\S-1-5-21-1078081533-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,42,42,2b,9f,
    8f,e0,1e,c8,28,51,af,b0,29,a3,98,37,8f,da,43,65,5d,f9,cb,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,5c,2f,50,91,
    5f,c1,6f,71,3b,04,66,8b,46,0d,96,5b,8b,f0,34,06,ba,eb,4e,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,36,6f,34,e6,f5,
    9b,36,6e,25,da,ec,7e,55,20,c9,26,3e,4e,89,f2,69,33,ae,a1,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9b,f4,10,1d,e1,
    bc,bd,fc,3e,1e,9e,e0,57,5a,93,61,37,54,e1,4a,43,67,a8,37,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,69,d7,30,1c,d4,
    1f,75,a5,cd,44,cd,b9,a6,33,6c,cd,fa,20,3f,8a,24,80,c7,38,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e8,0b,3d,38,0e,
    ab,1d,a4,b0,18,ed,a7,3f,8d,37,a4,50,7c,88,4d,03,c6,9a,5d,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,20,8a,b1,24,e0,
    cf,cb,8b,31,77,e1,ba,b1,f8,68,02,58,5b,76,b1,68,ae,d9,86,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,43,7b,db,2d,af,
    40,1a,41,83,6c,56,8b,a0,85,96,ab,4d,ce,e5,06,56,75,17,90,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,63,29,43,ff,06,
    e3,cd,54,51,fa,6e,91,28,9e,14,cc,84,0d,b9,bd,a0,6a,1a,53,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,de,3b,d0,d8,a8,
    df,5a,ee,b1,cd,45,5a,a8,c4,f8,b9,75,55,a9,9f,2b,c5,56,5c,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4d,de,3b,48,90,
    fe,28,de,e3,0e,66,d5,eb,bc,2f,6b,4c,f6,26,2b,34,33,2f,bd,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f2,28,a5,be,4d,
    f2,b3,6f,fa,ea,66,7f,d4,3b,6b,70,c3,9b,4d,d4,e5,19,4d,10,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="AD5E82A7B258AC599FC60CC982E602BC062BA301DE4816996D225C28083B9E67250445ADD8BA73C857AF3A2E6D229E4C2E10B8EC441C070D8C7A500D0AEC9A13CF5B98225F0215132BB53D993ADAD1F18DEA1B5FD5BB2E1D145AE2E62D31FAB8154C5F778EE68012B4AD344F37C812E88C20BF90807AAA8C5E548506211B293E61332232F95AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A6171C11EC38DE3D3A1097BFC3DB317E72815BA0CF2338EEC8E36916CCD4E11EFA3A168E35B919FE989BC9CB51488D47399BC515AF38FE853A83FBAF2D5F22031659F2AE1262877BC63BC08D3B38221DB3848D9D5579CDE3B8C82BC229FDF4B4B81B3D7D7053B8DC3A286ECA4774B54CA19AB44FA2E34CB0EFD72D52D8060458140AFB0C435377654F7049C1625854522810C4B2990966496BA8B8D37ADBBC46BE80385C22BDD18945744D219BD5CB62CFEBC745E40DCCBC9D070C3270F85009B4AFFE65C50319F2C0EB788DA76F30610388CEF7D12BF2CC5B92E6CA40ECB3E3531EE1138EA4E38047DFCC1F5D3ED76B15166CAF502F91725E3F0F7094D92049DCA3F74380BA0E42C52E5261BAEE60CFB716B8C5F4FA255943D34C67B9F51263776CD9C9BFF0327D0A8813D55D40250E85605007FA83ECE08CEC6BEBA28ACB0D2F79A5ED1A8636AD49751C6D0A88CB5FF89D51343D52EC9B1F7A3D2BE5F652D770207CE97C4E3D7E1ACC031429AEBB2D74CEDE033C04ED5244409547BBAEED090E8885ECF92FB3D1F7BD5CA2452F1E17BAC6A29B1ECAFC802A55CE558335AB18BE30E71B4A25C63EC14AC3EA909A646E752BC79B2C6B6854E0A6435FBDA55D311E67520A483FE70BBAC757AE5C95C0B930F5FD94D1BFC5B25FF2D5649130193528D277C472A04EB80B5F3AA9A257A9345B78F60A21B4EB337D4E6A56C79436B9C1EB8CCAEB80F3F5BE901205FDAC5A4B4BD26DF54ECAF79FF9A0691C50AB5385AEFE4A8FFA2B17AAC42B8AE12FF6D2A2397D1B453219CA79F425BE8D3BDD51161CAC6FF98B7E39EE6F5651D398A8D69140433F594A470774F4ECDCF9BEA8549C96693C652B6E2210768B9A63444A6BA0E1429F86371395F5635A36233521C57B10FEF79E0E82D811F5179C8CDCF95D8F03ED0117BDCD221B8B2646BF1CEB534EE0896C6C8BD52FA6ED9D903EB2653CCF6A0C32C5C75C1DB222DB87799542EEDEC2F965829C96B4BA409236DD39D2588945B700C560B9BAC13A5A7A6D6774CB2F5395358DE08AC0E834C0D0C2891ACC95A4DFC0BB39F073FD4ED725ADFAE3E47316F3B32C1D86EC0577C526395D27F1837B48C93FA82482533BD810426007F594EF82B6F035F6179497938002167AE716A386"
    "OODEFRAG10.00.00.01WORKSTATION"="1F15E6E68687F201C6C733BE9FE350615B98FBE9F2C21B65C76652208E617521EEB2B9DD010142F1A539CA62DD6D98A737E07285484FC67DFC74BDD012526463073530F6EC16F5144EAE310F24F71C017EEA06296F26DB874BEADCAACE00E9FAD373E3037CCE92FD212CF8A96449A929A487E1EE3CE810035205141C190BC2CDC63894652569FD98FDA8DBA9D65CEF2D9A7CD703C6707EC4B7F67026FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808C038D530D6EB34527B715A67A268180C4A94F65D4998D7A13D8681C201490CC64D918931A9D4B4C62BE23982B0FEEDB10EA7150BE66BF439146AD42069F1C7E3ADCBBF7115B44C0D1D061F310D128DB48640C80DD55C03210C33A7F875E7EDCE001E6441AF68C12E1F0F9578459F213B60ED013053536455D5EB737E3421B9F517311D567794483045610735E718F3FC92F41493A0B11E62E5571735370A885D8962713B71503929651A45148760F8C7534BBBA980C55C6B76E8D47513015F1D3041CACDA1A78E461D870498BDD2427D9F1F14BC3C586925834A536CE158E25EAA97FABF151BE849C82A5C1A24BA8B93374D9F662122B9DC4F551C9A41D86062595B3495D89E0C040D3B49C3DC59AF139FEAC3978051636EDE1E1FD5533CC3FBE3BB0D2B7F9A616151232D920AE431971FBE4A142D881ECC7A662D463DB12391339A032C20E972DB3F82CBDA5385B3D44244DE72015D4A7E2F287DE7A8DB341FF68BF39B565E7104C72ACCC2E458008FDAAB149FD759E71E4F8FAA0D44D2D034A05AA34F3F3AB0FC1EA03D456DEE841F7B58DF5C937B9E596F7C32D8BF22F873E50339EFFE362802B7220DB0A1CC51737B619A3A983537F1E8847745D2C64F94C1B7407D3A7F74DCCF9A1129B96D1B8C791382A14E6C9E3FD86FBF9E35B41B62715DA8479D3455EEE62F81A36F3BBA7F53EBB84FA2FAE82B213A3705A653463C770F45745669AE2CBFB47A6C03192D75AF2041520530CA34E4956AED66FC60161A184D7E1826071D6136FC20B8DA94AC7397080FEB4E9E6C8E64CCA33C021CF6E3FBDD3299688C5E1772EDB4D84AB3F54DECD8BCCD88E1F84B4235C070A3D0F9A1EEF334949E0E9EEEDA936E2DA474B52DEFE5E6298BB6968C78DCB6521BF94DE65A73F648AD8023BD181CE9879AE4E6C5A3C3EC7DF36291860AE2C9319034370A5D2646F6EC79C49A031894395033159041EB0550D3CFCCB3A9C914E325448B2448B33FE7A8B66F5F2A7A319BE036E2C9333CB32AB28D3ECFC1F601456C91B793A02F54E42017A32C519D568A576785F01976579689CA71DC6CB552B0EAA5B97AA00AC9BD092074E26DBCF06435E24449C6BE1E28C65F82A07D349C"
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'winlogon.exe'(1180)
    c:\windows\system32\Ati2evxx.dll
    c:\progra~1\COMMON~1\Stardock\mcpstub.dll
    c:\progra~1\STARDO~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    c:\windows\system32\webdavnp.dll

    - - - - - - - > 'lsass.exe'(1236)
    c:\program files\NetLimiter
    l_lsp.dll
    c:\windows\system32
    l_msgc.dll
    .
    ———————— Other Running Processes ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\progra~1\COMMON~1\Stardock\sdmcp.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\program files\Norton Ghost\Agent\VProSvc.exe
    c:\windows\system32\oodag.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\progra~1\McAfee.com\Agent\mcagent.exe
    c:\windows\system32\rundll32.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\windows\system32\taskmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-18 17:25:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-18 16:25:35

    Pre-Run: 35.718.074.368 bytes free
    Post-Run: 38,402,306,048 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    387 — E O F — 2008-10-15 17:45:10




  • Zoals het er nu uit ziet ben ik van de ellende verlost!

    Hartelijk dank voor je hulp!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.