Vraag & Antwoord
Hijack This log, help svp
6 antwoorden
- Goedenavond,
ik heb constant last van reclame venster en al heel veel geprobeerd de rotzooi die dit waarschijnlijk veroorzaakt te verwijderen d.m.v. o.a. PCTools Spyware Doctor, Malware Bytes enz.
Waarschijnlijk is trojan.lop_com de oorzaak want die komt elke keer terug ondanks dat PC Tools die verwijderd heeft.
Onderstaand de Hijack Log.
Kan iemand hier naar kijken en mij mee helpen?
Mijn dank!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:40, on 17-01-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\G6 FTP Server\G6FTPSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\SplashData\SplashID\SplashID Desktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\HiJack This\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fok.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O4 - Startup: G6 FTP Server.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe
O4 - Startup: ObjectDock.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Startup: wfxload.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
O9 - Extra 'Tools' menuitem: SavePicNoAsk Light - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228941123812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228941054843
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
–
End of file - 17889 bytes - Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:d8bd62a5c3]O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe[/b:d8bd62a5c3]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
[b:d8bd62a5c3]@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\Face Support.exe ) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt[/b:d8bd62a5c3]
Download [b:d8bd62a5c3] en sla het op je bureaublad op.
Dubbelklik op [b:d8bd62a5c3]mbam-setup.exe[/b:d8bd62a5c3] om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:[list:d8bd62a5c3]
[*:d8bd62a5c3]Update MalwareBytes' Anti-Malware
[*:d8bd62a5c3]Start MalwareBytes' Anti-Malware
[/list:u:d8bd62a5c3]Klik daarna op "[b:d8bd62a5c3]Voltooien[/b:d8bd62a5c3]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:d8bd62a5c3]
[*:d8bd62a5c3]Zodra het programma gestart is, ga dan naar het tabblad "[b:d8bd62a5c3]Instellingen[/b:d8bd62a5c3]".
[*:d8bd62a5c3]Vink hier aan: "[b:d8bd62a5c3]Sluit Internet Explorer tijdens verwijdering van malware[/b:d8bd62a5c3]".
[*:d8bd62a5c3]Ga daarna naar het tabblad "[b:d8bd62a5c3]Scanner[/b:d8bd62a5c3]", kies hier voor "[b:d8bd62a5c3]Snelle Scan[/b:d8bd62a5c3]".
[*:d8bd62a5c3]Druk vervolgens op "[b:d8bd62a5c3]Scannen[/b:d8bd62a5c3]" om de scan te starten.
[*:d8bd62a5c3]Het scannen kan een tijdje duren, dus wees geduldig.
[*:d8bd62a5c3]Wanneer de scan voltooid is, klik op [b:d8bd62a5c3]OK[/b:d8bd62a5c3], daarna "[b:d8bd62a5c3]Bekijk Resultaten[/b:d8bd62a5c3]" om de resultaten te zien.
[*:d8bd62a5c3]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:d8bd62a5c3]Verwijder geselecteerde[/b:d8bd62a5c3]".
[*:d8bd62a5c3]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:d8bd62a5c3]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:d8bd62a5c3]Logs[/b:d8bd62a5c3]" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis - Malware Bytes log:
Malwarebytes' Anti-Malware 1.33
Database versie: 1665
Windows 5.1.2600 Service Pack 2
18-01-2009 14:06:45
mbam-log-2009-01-18 (14-06-45).txt
Scan type: Snelle Scan
Objecten gescand: 68578
Verstreken tijd: 3 minute(s), 55 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Hijack This LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:51, on 18-01-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\XS4ALL-webdisk\wdfsctl.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\G6 FTP Server\G6FTPSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJack This\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fok.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrayServer] C:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [TerraTec Scheduler] C:\PROGRA~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [X4ALLNL] "C:\Program Files\XS4ALL-webdisk\wdfsctl.exe" /min /sleep=20
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O4 - Startup: G6 FTP Server.lnk = C:\Program Files\G6 FTP Server\G6FTPSrv.exe
O4 - Startup: ObjectDock.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Startup: wfxload.exe.lnk = C:\Program Files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Picture - res://C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
O9 - Extra 'Tools' menuitem: SavePicNoAsk Light - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\UnH Solutions\SavePicNoAsk Light\spnal.exe (HKCU)
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228941123812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228941054843
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
–
End of file - 17614 bytes
Het reclame venster dat ik trouwens elke keer krijg is van adserver5.com. - Download Lop uninstaller en sla het op op jouw bureablad
Klik 2 keer op uninstall.exe
Klik vervolgens 2 x op ok.
Typ het nummer wat je ziet over en klik op uninstall
Er wordt gevraagd "Please close all browser windows and Explorer folders…". doe dat ook en klik op ok.
Start jouw computer opnieuw op als het klaar is.
Download Combofix naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen plaats die in je volgende post. - Hoi,
onderstaand de log van Combofix.
ComboFix 09-01-17.04 - Chris 2009-01-18 17:13:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1319 [GMT 1:00]
Running from: e:\bestanden\Download Internet\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Chris\Local Settings\Temporary Internet Files\mxfilerelatedcache.mxc2
c:\recycler\mxfilerelatedcache.mxc2
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
e:\recycler\mxfilerelatedcache.mxc2
.
((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.
2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\documents and settings\Chris\DoctorWeb
2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d——– c:\documents and settings\Chris\Application Data\Malwarebytes
2009-01-17 11:59 . 2009-01-17 11:59 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-17 11:59 . 2009-01-14 16:11 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 11:59 . 2009-01-14 16:11 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-01-08 18:51 . 2009-01-08 18:51 <DIR> d——– C:\deljob
2009-01-06 20:30 . 2009-01-06 20:30 <DIR> d——– c:\documents and settings\Martha\Application Data\anteuserbib
2008-12-25 13:56 . 2008-12-25 14:15 <DIR> d——– c:\windows\calib_da
2008-12-25 13:56 . 2008-12-25 14:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Tablet
2008-12-25 13:56 . 2007-08-10 13:30 52,896 –a—— c:\windows\system32\InstallService.exe
2008-12-24 12:41 . 2008-12-24 12:41 <DIR> d——– c:\windows\system32\XMedia
2008-12-24 12:41 . 2008-12-24 12:41 <DIR> d——– c:\documents and settings\Chris\Application Data\X-Downloader
2008-12-22 15:11 . 2008-12-22 18:57 <DIR> d——– c:\documents and settings\Martha\Application Data\gtk-2.0
2008-12-22 15:11 . 2008-12-22 15:11 <DIR> d——– c:\documents and settings\Martha\.thumbnails
2008-12-22 15:01 . 2008-12-22 18:39 <DIR> d——– c:\documents and settings\Martha\.gimp-2.6
2008-12-22 15:01 . 2008-12-22 15:01 <DIR> d——– c:\documents and settings\Martha\.gegl-0.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 16:14 ——— d—–w c:\documents and settings\Chris\Application Data\uTorrent
2009-01-18 16:08 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-18 15:27 ——— d—–w c:\program files\G6 FTP Server
2009-01-18 13:40 ——— d—–w c:\program files\HiJack This
2009-01-18 12:46 ——— d—–w c:\documents and settings\Chris\Application Data\MailWasherPro
2009-01-17 20:10 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-17 19:40 ——— d—–w c:\program files\Zylom Games
2009-01-16 19:11 ——— d—–w c:\program files\Spyware Doctor
2009-01-16 18:33 ——— d—–w c:\program files\Metin2_NL
2009-01-14 20:09 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
2009-01-11 16:19 ——— d—–w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-10 17:53 ——— d—–w c:\documents and settings\Chris\Application Data\DVD Profiler
2009-01-10 17:50 ——— d—–w c:\program files\DVD Profiler
2008-12-29 20:34 ——— d—–w c:\program files\Avant Browser
2008-12-25 15:58 ——— d—–w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-25 12:56 ——— d–h–w c:\program files\InstallShield Installation Information
2008-12-22 20:49 ——— d—–w c:\documents and settings\Chris\Application Data\LimeWirePlus
2008-12-14 13:55 ——— d—–w c:\documents and settings\Chris\Application Data\dvdcss
2008-12-13 19:21 ——— d—–w c:\program files\Pocket Divx Encoder
2008-12-12 17:39 ——— d—–w c:\documents and settings\Cindy\Application Data\Zylom
2008-12-12 17:17 ——— d—–w c:\documents and settings\All Users\Application Data\GameHouse
2008-12-12 17:15 ——— d—–w c:\documents and settings\Cindy\Application Data\PlayFirst
2008-12-12 17:15 ——— d—–w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-12 17:11 ——— d—–w c:\documents and settings\All Users\Application Data\Zylom
2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
2008-12-07 18:46 ——— d—–w c:\program files\pqDVD
2008-12-07 17:29 ——— d—–w c:\program files\DVD Catalyst
2008-12-07 12:12 ——— d—–w c:\program files\MagicISO
2008-12-05 17:44 ——— d—–w c:\program files\PC Wizard 2008
2008-12-01 21:22 ——— d—–w c:\program files\SpeedFan
2008-11-30 18:27 ——— d—–w c:\program files\Secunia
2008-11-30 18:17 ——— d—–w c:\program files\Monkey's Audio
2008-11-18 13:36 7,808 —-a-w c:\windows\system32\drivers\psi_mf.sys
2008-10-08 18:15 16 —ha-w c:\program files\mxfilerelatedcache.mxc2
2006-06-23 22:48 32,768 —-a-r c:\windows\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-29 5724184]
"X4ALLNL"="c:\program files\XS4ALL-webdisk\wdfsctl.exe" [2007-02-28 585804]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-07 2075584]
"CursorFX"="c:\program files\Stardock Impulse\Stardock\Object Desktop\CursorFX Plus\CursorFX.exe" [2008-07-08 654336]
"Google Update"="c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-12-05 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-10-05 2037088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NetLimiter"="c:\program files\NetLimiter\NetLimiter.exe" [2004-03-31 823296]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2007-07-04 90112]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2003-11-27 499712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
c:\documents and settings\Chris\Start Menu\Programs\Startup\
ATITool.lnk - c:\program files\ATITool\ATITool.exe [2007-11-28 3182544]
G6 FTP Server.lnk - c:\program files\G6 FTP Server\G6FTPSrv.exe [2007-12-09 463360]
ObjectDock.exe.lnk - c:\program files\Stardock Impulse\Stardock\Object Desktop\ObjectDock\ObjectDock.exe [2008-10-12 3581680]
Process Explorer.lnk - c:\program files\Process Explorer\procexp.exe [2008-07-26 3522600]
Stardock ObjectBar.lnk - c:\program files\Stardock\Object Desktop\ObjectBar\ObjectBar.exe [2007-10-16 1860888]
wfxload.exe.lnk - c:\program files\Stardock Impulse\Stardock\Object Desktop\WindowFX\wfxload.exe [2008-08-23 581632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 2756608]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-08-02 28672]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-28 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2008-03-28 09:23 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 22:59 174328 c:\progra~1\STARDO~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u:6148238bdf]0[/u:6148238bdf]OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
"c:\\Program Files\\G6 FTP Server\\G6FTPSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\SJLabs\\SJphone\\SJphone.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-12 97928]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-12-07 38656]
R4 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
R4 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-12 231704]
R4 BT848;TerraTV WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2001-05-30 76800]
R4 BTTUNER;TerraTV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [2002-03-25 12288]
R4 BTXBAR;TerraTV WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [2001-05-16 11264]
R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2007-12-09 7040]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-02 203280]
R4 webdavfs;WebDAV File System;c:\windows\system32\drivers\webdavfs.sys [2008-03-01 81536]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys –> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys –> c:\windows\system32\drivers\Btcomm.sys [?]
S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys –> c:\windows\system32\DRIVERS\btkrnbdg.sys [?]
S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys –> c:\windows\system32\Drivers\csrbc01.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-14 1527900]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2007-12-11 6808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-11-18 7808]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-03-03 747912]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-06-14 544768]
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys –> c:\windows\system32\drivers\vadmulti.sys [?]
— Other Services/Drivers In Memory —
*Deregistered* - PROCEXP111
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03964cbf-4506-11dd-bbbd-001d60662151}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{160c64b8-3f00-11dd-90af-0015830a0746}]
\Shell\AutoRun\command - F:\start.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-08 c:\windows\Tasks\AdwareBot Scheduled Scan.job
- c:\program files\AdwareBot\AdwareBot.exe []
2009-01-08 c:\windows\Tasks\AdwareBot Scheduled Scan.job
- c:\program files\AdwareBot []
2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1677128483-839522115-1003.job
- c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 20:51]
2008-08-17 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
.
——- Supplementary Scan ——-
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.fok.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save Picture - c:\program files\UnH Solutions\SavePicNoAsk Light\spnal.exe/130
LSP: c:\program files\NetLimiter\nl_lsp.dll
Trusted Zone: asia.msi.com.tw
Trusted Zone: global.msi.com.tw
Trusted Zone: www.msi.com.tw
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
O16 -: {D00E9550-440D-4EF8-BFCE-174300890C05} - hxxp://www.gomusic.ru/cabs/xdownloader.cab
c:\windows\Downloaded Program Files\XDownloader.inf
c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
c:\windows\Downloaded Program Files\GoPetsWeb.inf
.
.
——- File Associations ——-
.
inffile="c:\program files\Stardock Impulse\Stardock\Object Desktop\Object Edit\oe.exe" "%1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 17:17:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
——————— LOCKED REGISTRY KEYS ———————
[HKEY_USERS\S-1-5-21-1078081533-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,64,42,42,2b,9f,
8f,e0,1e,c8,28,51,af,b0,29,a3,98,37,8f,da,43,65,5d,f9,cb,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,0a,5c,2f,50,91,
5f,c1,6f,71,3b,04,66,8b,46,0d,96,5b,8b,f0,34,06,ba,eb,4e,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,36,6f,34,e6,f5,
9b,36,6e,25,da,ec,7e,55,20,c9,26,3e,4e,89,f2,69,33,ae,a1,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,9b,f4,10,1d,e1,
bc,bd,fc,3e,1e,9e,e0,57,5a,93,61,37,54,e1,4a,43,67,a8,37,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,69,d7,30,1c,d4,
1f,75,a5,cd,44,cd,b9,a6,33,6c,cd,fa,20,3f,8a,24,80,c7,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,e8,0b,3d,38,0e,
ab,1d,a4,b0,18,ed,a7,3f,8d,37,a4,50,7c,88,4d,03,c6,9a,5d,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,20,8a,b1,24,e0,
cf,cb,8b,31,77,e1,ba,b1,f8,68,02,58,5b,76,b1,68,ae,d9,86,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,43,7b,db,2d,af,
40,1a,41,83,6c,56,8b,a0,85,96,ab,4d,ce,e5,06,56,75,17,90,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,63,29,43,ff,06,
e3,cd,54,51,fa,6e,91,28,9e,14,cc,84,0d,b9,bd,a0,6a,1a,53,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,de,3b,d0,d8,a8,
df,5a,ee,b1,cd,45,5a,a8,c4,f8,b9,75,55,a9,9f,2b,c5,56,5c,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4d,de,3b,48,90,
fe,28,de,e3,0e,66,d5,eb,bc,2f,6b,4c,f6,26,2b,34,33,2f,bd,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f2,28,a5,be,4d,
f2,b3,6f,fa,ea,66,7f,d4,3b,6b,70,c3,9b,4d,d4,e5,19,4d,10,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="AD5E82A7B258AC599FC60CC982E602BC062BA301DE4816996D225C28083B9E67250445ADD8BA73C857AF3A2E6D229E4C2E10B8EC441C070D8C7A500D0AEC9A13CF5B98225F0215132BB53D993ADAD1F18DEA1B5FD5BB2E1D145AE2E62D31FAB8154C5F778EE68012B4AD344F37C812E88C20BF90807AAA8C5E548506211B293E61332232F95AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67945D575E7D6A3B9808A6171C11EC38DE3D3A1097BFC3DB317E72815BA0CF2338EEC8E36916CCD4E11EFA3A168E35B919FE989BC9CB51488D47399BC515AF38FE853A83FBAF2D5F22031659F2AE1262877BC63BC08D3B38221DB3848D9D5579CDE3B8C82BC229FDF4B4B81B3D7D7053B8DC3A286ECA4774B54CA19AB44FA2E34CB0EFD72D52D8060458140AFB0C435377654F7049C1625854522810C4B2990966496BA8B8D37ADBBC46BE80385C22BDD18945744D219BD5CB62CFEBC745E40DCCBC9D070C3270F85009B4AFFE65C50319F2C0EB788DA76F30610388CEF7D12BF2CC5B92E6CA40ECB3E3531EE1138EA4E38047DFCC1F5D3ED76B15166CAF502F91725E3F0F7094D92049DCA3F74380BA0E42C52E5261BAEE60CFB716B8C5F4FA255943D34C67B9F51263776CD9C9BFF0327D0A8813D55D40250E85605007FA83ECE08CEC6BEBA28ACB0D2F79A5ED1A8636AD49751C6D0A88CB5FF89D51343D52EC9B1F7A3D2BE5F652D770207CE97C4E3D7E1ACC031429AEBB2D74CEDE033C04ED5244409547BBAEED090E8885ECF92FB3D1F7BD5CA2452F1E17BAC6A29B1ECAFC802A55CE558335AB18BE30E71B4A25C63EC14AC3EA909A646E752BC79B2C6B6854E0A6435FBDA55D311E67520A483FE70BBAC757AE5C95C0B930F5FD94D1BFC5B25FF2D5649130193528D277C472A04EB80B5F3AA9A257A9345B78F60A21B4EB337D4E6A56C79436B9C1EB8CCAEB80F3F5BE901205FDAC5A4B4BD26DF54ECAF79FF9A0691C50AB5385AEFE4A8FFA2B17AAC42B8AE12FF6D2A2397D1B453219CA79F425BE8D3BDD51161CAC6FF98B7E39EE6F5651D398A8D69140433F594A470774F4ECDCF9BEA8549C96693C652B6E2210768B9A63444A6BA0E1429F86371395F5635A36233521C57B10FEF79E0E82D811F5179C8CDCF95D8F03ED0117BDCD221B8B2646BF1CEB534EE0896C6C8BD52FA6ED9D903EB2653CCF6A0C32C5C75C1DB222DB87799542EEDEC2F965829C96B4BA409236DD39D2588945B700C560B9BAC13A5A7A6D6774CB2F5395358DE08AC0E834C0D0C2891ACC95A4DFC0BB39F073FD4ED725ADFAE3E47316F3B32C1D86EC0577C526395D27F1837B48C93FA82482533BD810426007F594EF82B6F035F6179497938002167AE716A386"
"OODEFRAG10.00.00.01WORKSTATION"="1F15E6E68687F201C6C733BE9FE350615B98FBE9F2C21B65C76652208E617521EEB2B9DD010142F1A539CA62DD6D98A737E07285484FC67DFC74BDD012526463073530F6EC16F5144EAE310F24F71C017EEA06296F26DB874BEADCAACE00E9FAD373E3037CCE92FD212CF8A96449A929A487E1EE3CE810035205141C190BC2CDC63894652569FD98FDA8DBA9D65CEF2D9A7CD703C6707EC4B7F67026FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808C038D530D6EB34527B715A67A268180C4A94F65D4998D7A13D8681C201490CC64D918931A9D4B4C62BE23982B0FEEDB10EA7150BE66BF439146AD42069F1C7E3ADCBBF7115B44C0D1D061F310D128DB48640C80DD55C03210C33A7F875E7EDCE001E6441AF68C12E1F0F9578459F213B60ED013053536455D5EB737E3421B9F517311D567794483045610735E718F3FC92F41493A0B11E62E5571735370A885D8962713B71503929651A45148760F8C7534BBBA980C55C6B76E8D47513015F1D3041CACDA1A78E461D870498BDD2427D9F1F14BC3C586925834A536CE158E25EAA97FABF151BE849C82A5C1A24BA8B93374D9F662122B9DC4F551C9A41D86062595B3495D89E0C040D3B49C3DC59AF139FEAC3978051636EDE1E1FD5533CC3FBE3BB0D2B7F9A616151232D920AE431971FBE4A142D881ECC7A662D463DB12391339A032C20E972DB3F82CBDA5385B3D44244DE72015D4A7E2F287DE7A8DB341FF68BF39B565E7104C72ACCC2E458008FDAAB149FD759E71E4F8FAA0D44D2D034A05AA34F3F3AB0FC1EA03D456DEE841F7B58DF5C937B9E596F7C32D8BF22F873E50339EFFE362802B7220DB0A1CC51737B619A3A983537F1E8847745D2C64F94C1B7407D3A7F74DCCF9A1129B96D1B8C791382A14E6C9E3FD86FBF9E35B41B62715DA8479D3455EEE62F81A36F3BBA7F53EBB84FA2FAE82B213A3705A653463C770F45745669AE2CBFB47A6C03192D75AF2041520530CA34E4956AED66FC60161A184D7E1826071D6136FC20B8DA94AC7397080FEB4E9E6C8E64CCA33C021CF6E3FBDD3299688C5E1772EDB4D84AB3F54DECD8BCCD88E1F84B4235C070A3D0F9A1EEF334949E0E9EEEDA936E2DA474B52DEFE5E6298BB6968C78DCB6521BF94DE65A73F648AD8023BD181CE9879AE4E6C5A3C3EC7DF36291860AE2C9319034370A5D2646F6EC79C49A031894395033159041EB0550D3CFCCB3A9C914E325448B2448B33FE7A8B66F5F2A7A319BE036E2C9333CB32AB28D3ECFC1F601456C91B793A02F54E42017A32C519D568A576785F01976579689CA71DC6CB552B0EAA5B97AA00AC9BD092074E26DBCF06435E24449C6BE1E28C65F82A07D349C"
.
——————— DLLs Loaded Under Running Processes ———————
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\progra~1\STARDO~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
c:\windows\system32\webdavnp.dll
- - - - - - - > 'lsass.exe'(1236)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll
.
———————— Other Running Processes ————————
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\progra~1\COMMON~1\Stardock\sdmcp.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\oodag.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-01-18 17:25:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-18 16:25:35
Pre-Run: 35.718.074.368 bytes free
Post-Run: 38,402,306,048 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
387 — E O F — 2008-10-15 17:45:10 - Zoals het er nu uit ziet ben ik van de ellende verlost!
Hartelijk dank voor je hulp!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.