Volledige versie bekijken : Problemen met internet
eventure 18 August 2007, 13:01 Het internet werkt bij sommige pagina's wel en bij andere niet. Ik heb het programma supermegaspoof reeds verwijderd, dit heeft resultaat en de pagina's werken nu wel. Maar er zit volgens mij nog steeds wat op. Kunnen jullie eens nakijken? Ik kan waarschijnlijk pas zondag of maandag reageren. Alvast bedankt voor de hulp!
Volgens mij zit het probleem hier:
C:\WINDOWS\system32\spoolw.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\spoolw.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:50, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolw.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zebravink.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4055 bytes
DJ Inpossible 18 August 2007, 15:21 Ik ga even voor je kijken!
DJ Inpossible 18 August 2007, 16:40 Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.
Download OTmoveit (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad
* Dubbelklik op OTMoveIt.exe om de tool te starten.
* Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte, blauwe tekst :
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\spoolw.exe
* Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster
* Klik op de rode MoveIt! knop
* Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.
* Sluit OTMoveIt.
Indien een bestand of map niet onmiddellijk kan verplaatst worden,
kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
Klik dan op Ja/Yes.
Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je bureaublad
Dubbelklik op combofix.exe
Volg de instructies, aanvaard de disclaimer door y of Y te typen.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. Bewaar dit logje.
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
Plaats het resultaat van Otmoveit, combofix en een vers Hijackthis logje in je volgende antwoord.
Pim
eventure 18 August 2007, 17:23 Maandag zal ik het resultaat posten, bedankt voor je snelle reactie!
eventure 20 August 2007, 11:56 lOG COMBOFIX:
ComboFix 07-08-17.2 - "Marc en Nancy" 2007-08-20 11:44:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.702 [GMT 2:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\MARCEN~1\BUREAU~1\internet.lnk
C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\U.exe
C:\WINDOWS\10175953.exe
C:\WINDOWS\10176562.exe
C:\WINDOWS\10178328.exe
C:\WINDOWS\10179343.exe
C:\WINDOWS\10474750.exe
C:\WINDOWS\10474968.exe
C:\WINDOWS\10557828.exe
C:\WINDOWS\10558906.exe
C:\WINDOWS\10559953.exe
C:\WINDOWS\10572875.exe
C:\WINDOWS\10633937.exe
C:\WINDOWS\10634750.exe
C:\WINDOWS\10740437.exe
C:\WINDOWS\10833968.exe
C:\WINDOWS\10835187.exe
C:\WINDOWS\10859578.exe
C:\WINDOWS\10900062.exe
C:\WINDOWS\10953421.exe
C:\WINDOWS\10953468.exe
C:\WINDOWS\11214968.exe
C:\WINDOWS\11525218.exe
C:\WINDOWS\11525828.exe
C:\WINDOWS\11643703.exe
C:\WINDOWS\11643906.exe
C:\WINDOWS\11653125.exe
C:\WINDOWS\11672640.exe
C:\WINDOWS\11851046.exe
C:\WINDOWS\11852093.exe
C:\WINDOWS\11997343.exe
C:\WINDOWS\11998343.exe
C:\WINDOWS\1232125.exe
C:\WINDOWS\1232171.exe
C:\WINDOWS\1233421.exe
C:\WINDOWS\1233578.exe
C:\WINDOWS\12340890.exe
C:\WINDOWS\12341703.exe
C:\WINDOWS\1235265.exe
C:\WINDOWS\1235468.exe
C:\WINDOWS\1236031.exe
C:\WINDOWS\1236625.exe
C:\WINDOWS\1236656.exe
C:\WINDOWS\1236718.exe
C:\WINDOWS\1237328.exe
C:\WINDOWS\1237531.exe
C:\WINDOWS\1237750.exe
C:\WINDOWS\1237765.exe
C:\WINDOWS\1237859.exe
C:\WINDOWS\1238421.exe
C:\WINDOWS\1238453.exe
C:\WINDOWS\1238609.exe
C:\WINDOWS\1239281.exe
C:\WINDOWS\1239421.exe
C:\WINDOWS\1239734.exe
C:\WINDOWS\1239875.exe
C:\WINDOWS\1239937.exe
C:\WINDOWS\1239953.exe
C:\WINDOWS\1240062.exe
C:\WINDOWS\1240312.exe
C:\WINDOWS\12403156.exe
C:\WINDOWS\1240328.exe
C:\WINDOWS\1240390.exe
C:\WINDOWS\12403921.exe
C:\WINDOWS\1240921.exe
C:\WINDOWS\1240937.exe
C:\WINDOWS\1241031.exe
C:\WINDOWS\1241062.exe
C:\WINDOWS\1241281.exe
C:\WINDOWS\1241296.exe
C:\WINDOWS\1241343.exe
C:\WINDOWS\1241500.exe
C:\WINDOWS\1241593.exe
C:\WINDOWS\1241812.exe
C:\WINDOWS\1241843.exe
C:\WINDOWS\1242281.exe
C:\WINDOWS\1242437.exe
C:\WINDOWS\1242812.exe
C:\WINDOWS\1242828.exe
C:\WINDOWS\1242843.exe
C:\WINDOWS\1243078.exe
C:\WINDOWS\1243250.exe
C:\WINDOWS\1243296.exe
C:\WINDOWS\1243453.exe
C:\WINDOWS\1243500.exe
C:\WINDOWS\1243906.exe
C:\WINDOWS\1244062.exe
C:\WINDOWS\1244671.exe
C:\WINDOWS\1245500.exe
C:\WINDOWS\1246078.exe
C:\WINDOWS\1246296.exe
C:\WINDOWS\1246312.exe
C:\WINDOWS\1246578.exe
C:\WINDOWS\1246781.exe
C:\WINDOWS\1247343.exe
C:\WINDOWS\1247375.exe
C:\WINDOWS\1247406.exe
C:\WINDOWS\1247578.exe
C:\WINDOWS\1247593.exe
C:\WINDOWS\12476984.exe
C:\WINDOWS\1247734.exe
C:\WINDOWS\1247859.exe
C:\WINDOWS\12478625.exe
C:\WINDOWS\1247875.exe
C:\WINDOWS\1247937.exe
C:\WINDOWS\1247984.exe
C:\WINDOWS\1248140.exe
C:\WINDOWS\1248359.exe
C:\WINDOWS\1248453.exe
C:\WINDOWS\1249125.exe
C:\WINDOWS\1249187.exe
C:\WINDOWS\1249375.exe
C:\WINDOWS\1249531.exe
C:\WINDOWS\1249578.exe
C:\WINDOWS\1249781.exe
C:\WINDOWS\1249828.exe
C:\WINDOWS\1249953.exe
C:\WINDOWS\1250187.exe
C:\WINDOWS\1250656.exe
C:\WINDOWS\1251312.exe
C:\WINDOWS\1251718.exe
C:\WINDOWS\1251921.exe
C:\WINDOWS\12522953.exe
C:\WINDOWS\1252546.exe
C:\WINDOWS\1253343.exe
C:\WINDOWS\1253375.exe
C:\WINDOWS\1254890.exe
C:\WINDOWS\1255812.exe
C:\WINDOWS\1257109.exe
C:\WINDOWS\1262187.exe
C:\WINDOWS\1263078.exe
C:\WINDOWS\1263453.exe
C:\WINDOWS\1264062.exe
C:\WINDOWS\1264421.exe
C:\WINDOWS\1264625.exe
C:\WINDOWS\1264921.exe
C:\WINDOWS\1265406.exe
C:\WINDOWS\1266437.exe
C:\WINDOWS\12697250.exe
C:\WINDOWS\1274265.exe
C:\WINDOWS\1274453.exe
C:\WINDOWS\12744531.exe
C:\WINDOWS\1274640.exe
C:\WINDOWS\1274843.exe
C:\WINDOWS\12772984.exe
C:\WINDOWS\12773843.exe
C:\WINDOWS\1279578.exe
C:\WINDOWS\1279687.exe
C:\WINDOWS\1280656.exe
C:\WINDOWS\12908218.exe
C:\WINDOWS\1296812.exe
C:\WINDOWS\1297406.exe
C:\WINDOWS\1299343.exe
C:\WINDOWS\1299562.exe
C:\WINDOWS\13056734.exe
C:\WINDOWS\1310781.exe
C:\WINDOWS\13186953.exe
C:\WINDOWS\13187359.exe
C:\WINDOWS\13292937.exe
C:\WINDOWS\13312390.exe
C:\WINDOWS\13313265.exe
C:\WINDOWS\1340421.exe
C:\WINDOWS\1341437.exe
C:\WINDOWS\13418359.exe
C:\WINDOWS\13419484.exe
C:\WINDOWS\13425234.exe
C:\WINDOWS\13426718.exe
C:\WINDOWS\13430796.exe
C:\WINDOWS\13430906.exe
C:\WINDOWS\13432062.exe
C:\WINDOWS\13432093.exe
C:\WINDOWS\13434703.exe
C:\WINDOWS\13435109.exe
C:\WINDOWS\13439187.exe
C:\WINDOWS\13440421.exe
C:\WINDOWS\13511437.exe
C:\WINDOWS\13527468.exe
C:\WINDOWS\13529296.exe
C:\WINDOWS\13649812.exe
C:\WINDOWS\13650109.exe
C:\WINDOWS\13665640.exe
C:\WINDOWS\13666296.exe
C:\WINDOWS\1366796.exe
C:\WINDOWS\1367156.exe
C:\WINDOWS\13809250.exe
C:\WINDOWS\14076546.exe
C:\WINDOWS\14077156.exe
C:\WINDOWS\1409421.exe
C:\WINDOWS\1410078.exe
C:\WINDOWS\14237265.exe
C:\WINDOWS\14237906.exe
C:\WINDOWS\14300734.exe
C:\WINDOWS\14316375.exe
C:\WINDOWS\1433890.exe
C:\WINDOWS\1438390.exe
C:\WINDOWS\14474578.exe
C:\WINDOWS\14474984.exe
C:\WINDOWS\14634890.exe
C:\WINDOWS\14796421.exe
C:\WINDOWS\14796625.exe
C:\WINDOWS\14803265.exe
C:\WINDOWS\14893312.exe
C:\WINDOWS\14894406.exe
C:\WINDOWS\15008562.exe
C:\WINDOWS\15008984.exe
C:\WINDOWS\15106046.exe
C:\WINDOWS\15276265.exe
C:\WINDOWS\15423781.exe
C:\WINDOWS\15424187.exe
C:\WINDOWS\15710765.exe
C:\WINDOWS\15830218.exe
C:\WINDOWS\15830781.exe
C:\WINDOWS\15900937.exe
C:\WINDOWS\15901828.exe
C:\WINDOWS\15971312.exe
C:\WINDOWS\16054546.exe
C:\WINDOWS\16054953.exe
C:\WINDOWS\16080625.exe
C:\WINDOWS\16080828.exe
C:\WINDOWS\16172328.exe
C:\WINDOWS\16172953.exe
C:\WINDOWS\16420093.exe
C:\WINDOWS\16466031.exe
C:\WINDOWS\16466843.exe
C:\WINDOWS\16653093.exe
C:\WINDOWS\16751656.exe
C:\WINDOWS\16798984.exe
C:\WINDOWS\16906281.exe
C:\WINDOWS\16907109.exe
C:\WINDOWS\17118359.exe
C:\WINDOWS\17120203.exe
C:\WINDOWS\17318093.exe
C:\WINDOWS\17318921.exe
C:\WINDOWS\17347093.exe
C:\WINDOWS\1743015.exe
C:\WINDOWS\1743468.exe
C:\WINDOWS\17479531.exe
C:\WINDOWS\17480062.exe
C:\WINDOWS\17482843.exe
C:\WINDOWS\17483562.exe
C:\WINDOWS\17488484.exe
C:\WINDOWS\17489953.exe
C:\WINDOWS\17497781.exe
C:\WINDOWS\17498218.exe
C:\WINDOWS\17741171.exe
C:\WINDOWS\17741265.exe
C:\WINDOWS\1779718.exe
C:\WINDOWS\1780312.exe
C:\WINDOWS\18052718.exe
C:\WINDOWS\18053812.exe
C:\WINDOWS\18212718.exe
C:\WINDOWS\18215187.exe
C:\WINDOWS\18305859.exe
C:\WINDOWS\18321390.exe
C:\WINDOWS\18677187.exe
C:\WINDOWS\18677390.exe
C:\WINDOWS\18690796.exe
C:\WINDOWS\18866125.exe
C:\WINDOWS\18956328.exe
C:\WINDOWS\18957375.exe
C:\WINDOWS\18977046.exe
C:\WINDOWS\18977484.exe
C:\WINDOWS\19063375.exe
C:\WINDOWS\19064203.exe
C:\WINDOWS\19340437.exe
C:\WINDOWS\19680593.exe
C:\WINDOWS\19681000.exe
C:\WINDOWS\19757656.exe
C:\WINDOWS\19757687.exe
C:\WINDOWS\1975843.exe
C:\WINDOWS\1976250.exe
C:\WINDOWS\19777093.exe
C:\WINDOWS\19849453.exe
C:\WINDOWS\19851140.exe
C:\WINDOWS\19891609.exe
C:\WINDOWS\19891812.exe
C:\WINDOWS\19963265.exe
C:\WINDOWS\19963984.exe
C:\WINDOWS\20075687.exe
C:\WINDOWS\20144140.exe
C:\WINDOWS\20144578.exe
C:\WINDOWS\20236656.exe
C:\WINDOWS\20237906.exe
C:\WINDOWS\20316250.exe
C:\WINDOWS\20346968.exe
C:\WINDOWS\2052171.exe
C:\WINDOWS\20528937.exe
C:\WINDOWS\20529734.exe
C:\WINDOWS\2053187.exe
C:\WINDOWS\20814968.exe
C:\WINDOWS\20861937.exe
C:\WINDOWS\21119421.exe
C:\WINDOWS\21184406.exe
C:\WINDOWS\21269750.exe
C:\WINDOWS\21293125.exe
C:\WINDOWS\21293562.exe
C:\WINDOWS\21412843.exe
C:\WINDOWS\21417218.exe
C:\WINDOWS\21417625.exe
C:\WINDOWS\21422953.exe
C:\WINDOWS\21542765.exe
C:\WINDOWS\21543328.exe
C:\WINDOWS\21546640.exe
C:\WINDOWS\21547531.exe
C:\WINDOWS\21562453.exe
C:\WINDOWS\21563515.exe
C:\WINDOWS\21966671.exe
C:\WINDOWS\22072218.exe
C:\WINDOWS\22072421.exe
C:\WINDOWS\22073562.exe
C:\WINDOWS\22229390.exe
C:\WINDOWS\22230218.exe
C:\WINDOWS\22361921.exe
C:\WINDOWS\22378734.exe
C:\WINDOWS\22487406.exe
C:\WINDOWS\22591421.exe
C:\WINDOWS\22728843.exe
C:\WINDOWS\22731343.exe
C:\WINDOWS\22731953.exe
C:\WINDOWS\22928968.exe
C:\WINDOWS\23063515.exe
C:\WINDOWS\23064531.exe
C:\WINDOWS\23108796.exe
C:\WINDOWS\23110453.exe
C:\WINDOWS\23207671.exe
C:\WINDOWS\23208343.exe
C:\WINDOWS\23839390.exe
C:\WINDOWS\23892781.exe
C:\WINDOWS\23893515.exe
C:\WINDOWS\24012375.exe
C:\WINDOWS\24012718.exe
C:\WINDOWS\24019500.exe
C:\WINDOWS\24020125.exe
C:\WINDOWS\24188625.exe
C:\WINDOWS\24189859.exe
C:\WINDOWS\2455796.exe
C:\WINDOWS\24612156.exe
C:\WINDOWS\2462625.exe
C:\WINDOWS\2464343.exe
C:\WINDOWS\24722328.exe
C:\WINDOWS\24722718.exe
C:\WINDOWS\24857875.exe
C:\WINDOWS\24859093.exe
C:\WINDOWS\24988421.exe
C:\WINDOWS\25023078.exe
C:\WINDOWS\2503328.exe
C:\WINDOWS\25166625.exe
C:\WINDOWS\25299453.exe
C:\WINDOWS\25299671.exe
C:\WINDOWS\25357593.exe
C:\WINDOWS\25358500.exe
C:\WINDOWS\25475625.exe
C:\WINDOWS\25609812.exe
C:\WINDOWS\25610687.exe
C:\WINDOWS\25615031.exe
C:\WINDOWS\25616281.exe
C:\WINDOWS\25716734.exe
C:\WINDOWS\25887328.exe
C:\WINDOWS\2612031.exe
C:\WINDOWS\26137406.exe
C:\WINDOWS\26137843.exe
C:\WINDOWS\26138734.exe
C:\WINDOWS\26511234.exe
C:\WINDOWS\26511671.exe
C:\WINDOWS\26713265.exe
C:\WINDOWS\26793468.exe
C:\WINDOWS\26793859.exe
C:\WINDOWS\26960953.exe
C:\WINDOWS\26993750.exe
C:\WINDOWS\27099390.exe
C:\WINDOWS\27100171.exe
C:\WINDOWS\2710656.exe
C:\WINDOWS\2711765.exe
C:\WINDOWS\27154593.exe
C:\WINDOWS\27157562.exe
C:\WINDOWS\2745796.exe
C:\WINDOWS\2746375.exe
C:\WINDOWS\27603062.exe
C:\WINDOWS\27620843.exe
C:\WINDOWS\27889843.exe
C:\WINDOWS\28075687.exe
C:\WINDOWS\28241078.exe
C:\WINDOWS\28241171.exe
C:\WINDOWS\28708875.exe
C:\WINDOWS\28774140.exe
C:\WINDOWS\28786140.exe
C:\WINDOWS\28787000.exe
C:\WINDOWS\28916968.exe
C:\WINDOWS\28918359.exe
C:\WINDOWS\29140828.exe
C:\WINDOWS\29141406.exe
C:\WINDOWS\29142984.exe
C:\WINDOWS\29180656.exe
C:\WINDOWS\29236359.exe
C:\WINDOWS\29544171.exe
C:\WINDOWS\29640890.exe
C:\WINDOWS\29642359.exe
C:\WINDOWS\29672953.exe
C:\WINDOWS\29673812.exe
C:\WINDOWS\30234000.exe
C:\WINDOWS\30374046.exe
C:\WINDOWS\30374281.exe
C:\WINDOWS\30568843.exe
C:\WINDOWS\30569140.exe
C:\WINDOWS\30862531.exe
C:\WINDOWS\30863562.exe
C:\WINDOWS\3087671.exe
C:\WINDOWS\30894796.exe
C:\WINDOWS\30895578.exe
C:\WINDOWS\31113625.exe
C:\WINDOWS\31114031.exe
C:\WINDOWS\31186546.exe
C:\WINDOWS\31190609.exe
C:\WINDOWS\31451437.exe
C:\WINDOWS\31452468.exe
C:\WINDOWS\31502156.exe
C:\WINDOWS\31532656.exe
C:\WINDOWS\31617750.exe
C:\WINDOWS\31625265.exe
C:\WINDOWS\3164125.exe
C:\WINDOWS\31680343.exe
C:\WINDOWS\31681203.exe
C:\WINDOWS\32009859.exe
C:\WINDOWS\32132968.exe
C:\WINDOWS\32134031.exe
C:\WINDOWS\32138250.exe
C:\WINDOWS\32138703.exe
C:\WINDOWS\3237859.exe
C:\WINDOWS\3239328.exe
C:\WINDOWS\32464765.exe
C:\WINDOWS\32466828.exe
C:\WINDOWS\32835718.exe
C:\WINDOWS\32836562.exe
C:\WINDOWS\32919562.exe
C:\WINDOWS\32921218.exe
C:\WINDOWS\33211937.exe
C:\WINDOWS\33271218.exe
C:\WINDOWS\34435796.exe
C:\WINDOWS\34436250.exe
C:\WINDOWS\34822562.exe
C:\WINDOWS\34822953.exe
C:\WINDOWS\34927796.exe
C:\WINDOWS\34928562.exe
C:\WINDOWS\3501968.exe
C:\WINDOWS\3502171.exe
C:\WINDOWS\35148062.exe
C:\WINDOWS\35148500.exe
C:\WINDOWS\35562203.exe
C:\WINDOWS\35592312.exe
C:\WINDOWS\35739125.exe
C:\WINDOWS\35740218.exe
C:\WINDOWS\36013578.exe
C:\WINDOWS\36023765.exe
C:\WINDOWS\36201203.exe
C:\WINDOWS\36201609.exe
C:\WINDOWS\36343968.exe
C:\WINDOWS\36344812.exe
C:\WINDOWS\36503265.exe
C:\WINDOWS\36504453.exe
C:\WINDOWS\36510718.exe
C:\WINDOWS\36512578.exe
C:\WINDOWS\36850234.exe
C:\WINDOWS\36851109.exe
C:\WINDOWS\36874671.exe
C:\WINDOWS\36875390.exe
C:\WINDOWS\37001078.exe
C:\WINDOWS\37354125.exe
C:\WINDOWS\3763750.exe
C:\WINDOWS\3847921.exe
C:\WINDOWS\3849375.exe
C:\WINDOWS\38499890.exe
C:\WINDOWS\38500218.exe
C:\WINDOWS\38526703.exe
C:\WINDOWS\38527515.exe
C:\WINDOWS\38915140.exe
C:\WINDOWS\38944703.exe
C:\WINDOWS\38976796.exe
C:\WINDOWS\38977437.exe
C:\WINDOWS\39791078.exe
C:\WINDOWS\39791937.exe
C:\WINDOWS\39829500.exe
C:\WINDOWS\39965312.exe
C:\WINDOWS\40035203.exe
C:\WINDOWS\40202546.exe
C:\WINDOWS\40561328.exe
C:\WINDOWS\40562406.exe
C:\WINDOWS\40613218.exe
C:\WINDOWS\4061765.exe
C:\WINDOWS\4062046.exe
C:\WINDOWS\40643078.exe
C:\WINDOWS\40922671.exe
C:\WINDOWS\40922875.exe
C:\WINDOWS\41014828.exe
C:\WINDOWS\41186890.exe
C:\WINDOWS\41187546.exe
C:\WINDOWS\41718265.exe
C:\WINDOWS\41718468.exe
C:\WINDOWS\42972953.exe
C:\WINDOWS\43002515.exe
C:\WINDOWS\43426046.exe
C:\WINDOWS\43456234.exe
C:\WINDOWS\4362453.exe
C:\WINDOWS\4363093.exe
C:\WINDOWS\43894609.exe
C:\WINDOWS\44243328.exe
C:\WINDOWS\4443000.exe
C:\WINDOWS\4443421.exe
C:\WINDOWS\44955281.exe
C:\WINDOWS\44955671.exe
C:\WINDOWS\45387250.exe
C:\WINDOWS\45387937.exe
C:\WINDOWS\45785781.exe
C:\WINDOWS\45786265.exe
C:\WINDOWS\4600281.exe
C:\WINDOWS\4606515.exe
C:\WINDOWS\4606703.exe
C:\WINDOWS\46789140.exe
C:\WINDOWS\46819640.exe
C:\WINDOWS\47489031.exe
C:\WINDOWS\47519718.exe
C:\WINDOWS\48248640.exe
C:\WINDOWS\4849906.exe
C:\WINDOWS\4850687.exe
C:\WINDOWS\4851109.exe
C:\WINDOWS\4893187.exe
C:\WINDOWS\48960843.exe
C:\WINDOWS\4910843.exe
C:\WINDOWS\4956046.exe
C:\WINDOWS\49843625.exe
C:\WINDOWS\49843828.exe
C:\WINDOWS\5042375.exe
C:\WINDOWS\5043750.exe
C:\WINDOWS\5271890.exe
C:\WINDOWS\5273140.exe
C:\WINDOWS\5275375.exe
C:\WINDOWS\5277453.exe
C:\WINDOWS\5278734.exe
C:\WINDOWS\5279984.exe
C:\WINDOWS\5292890.exe
C:\WINDOWS\5294484.exe
C:\WINDOWS\5294859.exe
C:\WINDOWS\5295765.exe
C:\WINDOWS\5300343.exe
C:\WINDOWS\5300546.exe
C:\WINDOWS\5300734.exe
C:\WINDOWS\5300937.exe
C:\WINDOWS\5301359.exe
C:\WINDOWS\5301656.exe
C:\WINDOWS\53020984.exe
C:\WINDOWS\5303125.exe
C:\WINDOWS\5303468.exe
C:\WINDOWS\5304796.exe
C:\WINDOWS\5304859.exe
C:\WINDOWS\5307906.exe
C:\WINDOWS\5308765.exe
C:\WINDOWS\53097390.exe
C:\WINDOWS\5311406.exe
C:\WINDOWS\5313953.exe
C:\WINDOWS\5314093.exe
C:\WINDOWS\5338578.exe
C:\WINDOWS\5338781.exe
C:\WINDOWS\5363265.exe
C:\WINDOWS\5363328.exe
C:\WINDOWS\5370500.exe
C:\WINDOWS\5404000.exe
C:\WINDOWS\5404203.exe
C:\WINDOWS\5698203.exe
C:\WINDOWS\5700812.exe
C:\WINDOWS\5806703.exe
C:\WINDOWS\5807312.exe
C:\WINDOWS\6115500.exe
C:\WINDOWS\6116515.exe
C:\WINDOWS\6223562.exe
C:\WINDOWS\6223765.exe
C:\WINDOWS\6509171.exe
C:\WINDOWS\6534562.exe
C:\WINDOWS\6534984.exe
C:\WINDOWS\6535812.exe
C:\WINDOWS\6676921.exe
C:\WINDOWS\6775218.exe
C:\WINDOWS\6776703.exe
C:\WINDOWS\6823140.exe
C:\WINDOWS\6823781.exe
C:\WINDOWS\6844953.exe
C:\WINDOWS\6967906.exe
C:\WINDOWS\7107796.exe
C:\WINDOWS\7151421.exe
C:\WINDOWS\7275031.exe
C:\WINDOWS\7276078.exe
C:\WINDOWS\7476078.exe
C:\WINDOWS\7476578.exe
C:\WINDOWS\7535125.exe
C:\WINDOWS\7535546.exe
C:\WINDOWS\7558359.exe
C:\WINDOWS\7558390.exe
C:\WINDOWS\7786718.exe
C:\WINDOWS\7787546.exe
C:\WINDOWS\7822484.exe
C:\WINDOWS\7823328.exe
C:\WINDOWS\8062750.exe
C:\WINDOWS\8239484.exe
C:\WINDOWS\8339859.exe
C:\WINDOWS\8340609.exe
C:\WINDOWS\8386234.exe
C:\WINDOWS\8387109.exe
C:\WINDOWS\8424687.exe
C:\WINDOWS\8425296.exe
C:\WINDOWS\8452593.exe
C:\WINDOWS\8453500.exe
C:\WINDOWS\8653906.exe
C:\WINDOWS\8668406.exe
C:\WINDOWS\8706000.exe
C:\WINDOWS\8706406.exe
C:\WINDOWS\8904234.exe
C:\WINDOWS\8997359.exe
C:\WINDOWS\9005921.exe
C:\WINDOWS\9074734.exe
C:\WINDOWS\9161375.exe
C:\WINDOWS\9229265.exe
C:\WINDOWS\9294187.exe
C:\WINDOWS\9295234.exe
C:\WINDOWS\9312500.exe
C:\WINDOWS\9314390.exe
C:\WINDOWS\9359359.exe
C:\WINDOWS\9360375.exe
C:\WINDOWS\9365062.exe
C:\WINDOWS\9366062.exe
C:\WINDOWS\9366328.exe
C:\WINDOWS\9368156.exe
C:\WINDOWS\9368453.exe
C:\WINDOWS\9368484.exe
C:\WINDOWS\9368921.exe
C:\WINDOWS\9374484.exe
C:\WINDOWS\9374687.exe
C:\WINDOWS\9379453.exe
C:\WINDOWS\9384406.exe
C:\WINDOWS\9415687.exe
C:\WINDOWS\9415906.exe
C:\WINDOWS\9430750.exe
C:\WINDOWS\9468218.exe
C:\WINDOWS\9470265.exe
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jp g
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.g if
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.g if
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.g if
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\remove_spyware_button. gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gi f
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\temp\salm.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NTMLSVC
-------\NtmlSvc
((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))
2007-08-20 11:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 12:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-18 12:24 <DIR> d-------- C:\WINDOWS\pss
2007-08-18 09:02 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-08-15 11:31 24,618 --a------ C:\svcipa.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-08-18 12:39 --------- d-------- C:\Program Files\MegaSpoof
2007-08-18 12:32 2770 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 14:05 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 14:04 --------- d-------- C:\Program Files\LEGO Media
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 01:32]
"nwiz"="nwiz.exe" [2005-02-24 01:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 01:32]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-10-03 20:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"spoolw"="C:\WINDOWS\system32\spoolw.exe" [2004-08-04 02:03]
"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" [2004-08-04 02:03]
C:\Documents and Settings\Marc en Nancy\Menu Start\Programma's\Opstarten\
imfe.exe [2007-06-11 14:16:10]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]
Debugger=C:\WINDOWS\w32dbg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
Debugger=C:\WINDOWS\iexplore_32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
Contents of the 'Scheduled Tasks' folder
2007-08-19 10:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 11:53:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
spoolw = C:\WINDOWS\system32\spoolw.exe???????????????????? ?????????????????????????????????????????????????? ??????????????????????????
igfxsvc = C:\WINDOWS\system32\igfxsvc.exe??????????????????? ?????????????????????????????????????????????????? ??????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-08-20 11:54:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 11:54
--- E O F ---
Log OTmoveit:
C:\WINDOWS\system32\igfxsvc.exe moved successfully.
C:\WINDOWS\system32\spoolw.exe moved successfully.
Created on 08/20/2007 11:43:38
Log hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:03, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolw.exe
C:\WINDOWS\system32\igfxsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [spoolw] C:\WINDOWS\system32\spoolw.exe
O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe
O4 - Startup: imfe.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4124 bytes
eventure 20 August 2007, 12:28 Hier nog een rapport van de kapersky online scanner, ik ben nu een testversie van kapersky aan het downloaden en hopelijk kan ik het daarmee verwijderen:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, August 20, 2007 12:29:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/08/2007
Kaspersky Anti-Virus database records: 385377
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\WINDOWS\system32\
Scan Statistics:
Total number of scanned objects: 6714
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:02:50
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\igfxsvc.exe Infected: Trojan-Downloader.Win32.Tiny.hi skipped
C:\WINDOWS\system32\spoolw.exe Infected: Trojan-Downloader.Win32.Tiny.hi skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
Scan process completed.
eventure 20 August 2007, 12:42 Volgens mij is de pc clean nu:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:37, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4126 bytes
mvg
Robbe
eventure 21 August 2007, 11:48 Is het logje clean?
DJ Inpossible 21 August 2007, 22:44 Hoi Eventure,
Zou ik een nieuw Combofix logje mogen zien?
Pim
eventure 23 August 2007, 13:30 ComboFix 07-08-17.2 - "Marc en Nancy" 2007-08-23 13:28:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.647 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))
2007-08-21 16:46 3,354,624 --a------ C:\DOCUME~1\Lynn\ntuser.dat
2007-08-20 12:59 <DIR> dr-h----- C:\DOCUME~1\MARCEN~1\Onlangs geopend
2007-08-20 12:55 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-20 12:55 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-20 12:32 <DIR> d-------- C:\kav
2007-08-20 12:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-20 12:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-20 12:17 185,824 --a------ C:\WINDOWS\system32\9a65DF.sys
2007-08-20 12:00 <DIR> d-------- C:\VundoFix Backups
2007-08-20 11:44 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 12:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-18 12:24 <DIR> d-------- C:\WINDOWS\pss
2007-08-18 09:02 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-08-15 11:31 24,618 --a------ C:\svcipa.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-08-20 12:55 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-18 12:39 --------- d-------- C:\Program Files\MegaSpoof
2007-08-18 12:32 2770 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-23 14:05 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 14:04 --------- d-------- C:\Program Files\LEGO Media
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-02-24 01:32]
"nwiz"="nwiz.exe" [2005-02-24 01:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-02-24 01:32]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-20 12:55]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
S3 9a65DF;9a65DF;\??\C:\WINDOWS\system32\9a65DF.sys
Contents of the 'Scheduled Tasks' folder
2007-08-22 18:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 13:28:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-08-23 13:29:00
C:\ComboFix-quarantined-files.txt ... 2007-08-23 13:28
C:\ComboFix2.txt ... 2007-08-23 13:26
C:\ComboFix3.txt ... 2007-08-20 11:54
--- E O F ---
DJ Inpossible 25 August 2007, 00:43 Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
Folder::
C:\VundoFix Backups
C:\Program Files\MegaSpoof
File::
C:\WINDOWS\system32\stfv.bin
C:\svcipa.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\9a65DF.sys
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
eventure 28 August 2007, 15:19 Combofix is blijkbaar niet meer beschikbaar (http://www.bleepingcomputer.com/forums/index.php?showtopic=105999&hl=combofix)op het internet en ik heb het reeds verwiijderd. Wat nu?
mvg
Robbe
DJ Inpossible 31 August 2007, 23:54 Download OTmoveit (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad
* Dubbelklik op OTMoveIt.exe om de tool te starten.
* Kopiëer (selecteren en druk Ctrl-C) alle onderstaande, vetgedrukte, blauwe tekst :
C:\VundoFix Backups
C:\Program Files\MegaSpoof
C:\WINDOWS\system32\stfv.bin
C:\svcipa.exe
C:\WINDOWS\system32\9a65DF.sys
* Plak de gekopiëerde tekst (druk Ctrl-V) in het "Paste List of Files/Folders to be moved" venster
* Klik op de rode MoveIt! knop
* Kopiëer en plak de inhoud van het rechter resultaat-venster in je volgende antwoord.
* Sluit OTMoveIt.
Indien een bestand of map niet onmiddellijk kan verplaatst worden,
kun je gevraagd worden om de PC te herstarten teneinde het verplaatsen te beeïndigen.
Klik dan op Ja/Yes.
Plaats het resultaat van Otmoveit in je volgende antwoord.
Pim
eventure 16 October 2007, 19:22 Sorry voor het zeer late antwoord... Volgens mij zijn er geen problemen meer ...
C:\VundoFix Backups moved successfully.
C:\Program Files\MegaSpoof moved successfully.
C:\WINDOWS\system32\stfv.bin moved successfully.
C:\svcipa.exe moved successfully.
C:\WINDOWS\system32\9a65DF.sys moved successfully.
Created on 10/16/2007 19:21:42
en nog een hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:20, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 3944 bytes
DJ Inpossible 16 October 2007, 20:54 Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.
Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.
Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.
Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen. (http://users.pandora.be/marcvn/spyware/1852808.htm)
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Pim
|
|