Volledige versie bekijken : Traag en Veel popups
ajaxloverr 27 October 2007, 16:39 Traag en Veel popups ja daar heb ik last van:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:35, on 27-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F3 - REG:win.ini: run=
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: MS&N Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5247 bytes
BendeBoy 27 October 2007, 16:48 Hi,
Start HijackThis en kies voor 'Do a system scan only'.
Als de scan compleet is vink dan alleen de onderstaande regels in HijackThis aan:
F3 - REG:win.ini: run=
Sluit nu alle vensters behalve HijackThis zelf en klik op 'Fix checked'.
1. * Clean de Cache and Cookies in IE: Sluit Internet Explorer.
Ga naar Configuratiescherm > Internet Opties > tab Algemeen
Klik de Cookies verwijderen knop
Klik op de Bestanden verwijderen knop ernaast
Vink aan: Ook alle off line items verwijderen, klik OK* Clean de Cache and Cookies in Firefox (In geval Firefox geïnstalleerd is): Go to Extra > Opties.
Klik Privacy in het menu.
Klik op de knop wissen (Geschiedenis, Cookies, Cache).
Klik OK om het venster opnieuw te sluiten. * Clean andere Temporary files + Prullenbak Ga naar Start > Uitvoeren en typ: cleanmgr en klik ok.
Laat het je systeem scannen op bestanden die moeten verwijderd worden
Zorg er wel voor dat je daar enkel maar 'tijdelijke bestanden', 'tijdelijke internetbestanden' en 'prullenbak' staan aangevinkt.
Klik daarna op OK.
2. Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) naar je Bureaublad: Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Indien een popup verschijnt met het voorstel tot kopen/50% korting,
mag je deze sluiten met het kruisje.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9 en kies daarna voor Acties en stel daar het volgende in onder Malware :Adware: Verplaats
Dialers: Verplaats
Jokes: Rapportage
Riskware: Rapportage
Hacktools: Verplaats
Haal dan het vinkje weg bij "Prompt bij actie".Druk dan op OK.
Druk op F9 en kies daarna voor Scan en verwijder het vinkje bij Heuristische analyse en klik op OK.
Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
Selecteer hier alle stations. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is.
Nadat de scan gedaan is, in het menu bovenaan, klik Bestand en kies Rapportage lijst opslaan. Bewaar het op je Bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.
3. Download Combofix (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe) naar je Bureaublad.
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer door "1" (continue) te typen, gevolgd door Enter.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post, samen met het logje van Dr. Web.
- Daniël :cool:
ajaxloverr 27 October 2007, 19:25 ComboFix 07-10-27.4 - Gilardino 2007-10-27 19:03:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.308 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
(((((((((((((((((((( Bestanden Gemaakt van 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))
.
2007-10-27 19:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 17:32 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\DoctorWeb
2007-10-27 16:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-10-27 14:23 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-10-27 14:23 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-10-27 14:23 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-10-27 14:23 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-10-27 14:23 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-27 14:07 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-27 13:28 <DIR> d-------- C:\Fraps
2007-10-27 01:05 <DIR> d-------- C:\Program Files\AdVantage
2007-10-27 01:04 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-26 18:51 <DIR> d-------- C:\Program Files\MSECache
2007-10-26 00:17 <DIR> d-------- C:\Program Files\Datapol
2007-10-22 20:37 <DIR> d-------- C:\Program Files\tnhteam
2007-10-22 20:37 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2007-10-22 18:20 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Verzendmap van Share-to-Web
2007-10-22 17:36 1,581,056 -ra------ C:\WINDOWS\mixer.exe
2007-10-22 17:36 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-10-22 17:36 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-10-22 17:36 379,726 -ra------ C:\WINDOWS\system32\drivers\cmaudio.sys
2007-10-22 17:36 139,264 -ra------ C:\WINDOWS\cmuninst.exe
2007-10-22 17:36 135,168 -ra------ C:\WINDOWS\cmuninst.dat
2007-10-22 17:36 36,924 -ra------ C:\WINDOWS\cmijack.dat
2007-10-22 17:36 32,768 -ra------ C:\WINDOWS\system32\cmnprop.dll
2007-10-22 17:36 20,333 -ra------ C:\WINDOWS\cmaudio.dat
2007-10-22 16:56 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\DOS32
2007-10-21 17:49 <DIR> d-------- C:\Program Files\TVUPlayer
2007-10-21 17:49 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\TVU Networks
2007-10-21 14:11 <DIR> d-------- C:\Program Files\Stardock
2007-10-21 12:17 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-10-21 11:59 <DIR> d-------- C:\Program Files\InterMute
2007-10-20 14:36 <DIR> d-------- C:\Program Files\hmmmm
2007-10-19 18:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Verzendmap van Share-to-Web
2007-10-19 18:46 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
2007-10-19 18:46 8,576 --a--c--- C:\WINDOWS\system32\dllcache\hidgame.sys
2007-10-19 18:34 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-19 18:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
2007-10-19 18:26 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2007-10-19 18:26 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
2007-10-19 18:26 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
2007-10-19 18:26 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-19 18:26 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
2007-10-19 18:26 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
2007-10-19 17:17 379,726 --a------ C:\WINDOWS\CMAUDIO.SYS
2007-10-19 10:25 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Readme
2007-10-19 10:25 2,260,824 -ra------ C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\FuzzyLogic4.exe
2007-10-19 10:07 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\plugins
2007-10-19 10:07 286,720 --------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\wcpuid.exe
2007-10-19 10:07 143,360 --------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\nrkctl32.dll
2007-10-19 10:07 45,056 --------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\wcpuclk.exe
2007-10-19 10:07 3,968 --------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\nrkctl32.sys
2007-10-18 15:28 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\VoipBuster
2007-10-18 15:00 <DIR> d-------- C:\Program Files\Intel Corporation
2007-10-17 17:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2007-10-17 14:43 <DIR> d-------- C:\Program Files\MSN Password Recovery
2007-10-17 14:11 240,640 --a------ C:\WINDOWS\system32\NMOCOD.DLL
2007-10-17 14:11 66,560 --a------ C:\WINDOWS\system32\NMORENU.DLL
2007-10-17 14:11 48,128 --a------ C:\WINDOWS\system32\NMSCKN.DLL
2007-10-17 14:11 35,328 --a------ C:\WINDOWS\system32\INETWH32.DLL
2007-10-17 14:10 <DIR> d-------- C:\Program Files\Davilex
2007-10-16 17:18 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-16 16:53 <DIR> d-------- C:\Program Files\Sierra
2007-10-16 10:04 16,096 --a------ C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\jqckhhuy.exe
2007-10-15 13:40 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\CoreFTP
2007-10-15 13:39 <DIR> d-------- C:\Program Files\CoreFTP
2007-10-15 08:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-10-14 22:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-12 16:56 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Sports Interactive
2007-10-12 16:19 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-10-12 16:19 <DIR> d--h----- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\InstallAnywhere
2007-10-11 20:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-11 19:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-11 17:22 148,992 --a------ C:\UNWISE.EXE
2007-10-10 20:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2007-10-10 16:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-10 16:02 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\.housecall6.6
2007-10-10 15:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-09 20:13 <DIR> d-------- C:\Documents and Settings\offline game\Application Data\AVG7
2007-10-09 20:10 <DIR> d--h----- C:\Documents and Settings\offline game\Sjablonen
2007-10-09 20:10 <DIR> dr-h----- C:\Documents and Settings\offline game\Onlangs geopend
2007-10-09 20:10 <DIR> d--h----- C:\Documents and Settings\offline game\Netwerkprinteromgeving
2007-10-09 20:10 <DIR> dr------- C:\Documents and Settings\offline game\Mijn documenten
2007-10-09 20:10 <DIR> dr------- C:\Documents and Settings\offline game\Menu Start
2007-10-09 20:10 <DIR> dr------- C:\Documents and Settings\offline game\Favorieten
2007-10-09 20:10 <DIR> d-------- C:\Documents and Settings\offline game\Bureaublad
2007-10-08 20:04 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-08 19:59 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-10-08 19:38 476,638 --a------ C:\navigram_register.exe
2007-10-08 19:29 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2007-10-08 19:29 <DIR> d-------- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\AVG7
2007-10-08 19:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-10-07 16:04 <DIR> d--h----- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\m
2007-10-07 16:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2007-10-07 16:03 <DIR> dr-h----- C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Onlangs geopend
2007-10-07 15:53 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-07 15:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-07 15:49 <DIR> d-------- C:\CPM
2007-10-07 15:48 <DIR> d-------- C:\Program Files\RegCleaner
2007-10-07 10:26 <DIR> d-------- C:\Program Files\EssNetTools
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-27 14:54 --------- d-----w C:\Program Files\QuickTime
2007-10-27 13:14 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-27 13:13 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-10-27 12:44 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\LimeWirePlus
2007-10-27 12:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-25 13:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-10-25 11:21 --------- d-----w C:\Program Files\Angel Writer
2007-10-23 15:28 --------- d-----w C:\Program Files\EA SPORTS
2007-10-21 13:10 --------- d-----w C:\Program Files\Double Driver
2007-10-21 12:11 --------- d-----w C:\Program Files\Common Files\Stardock
2007-10-20 16:55 --------- d-----w C:\Program Files\Championship Manager 5
2007-10-20 15:06 --------- d-----w C:\Program Files\Command And Conquer Red Alert 2 Yuri's Revenge
2007-10-20 09:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-19 11:13 --------- d-----w C:\Program Files\EA GAMES
2007-10-19 08:27 --------- d-----w C:\Program Files\MSI
2007-10-18 07:50 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\IGN_DLM
2007-10-15 06:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-14 16:38 72,748 ----a-w C:\WINDOWS\unins000.exe
2007-10-14 15:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2007-10-12 13:46 --------- d-----w C:\Program Files\Gpotato
2007-10-11 17:44 578,560 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-11 17:41 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-10-11 12:46 --------- d-----w C:\Program Files\WhatPulse
2007-10-10 16:58 --------- d-----w C:\Program Files\CamStudio
2007-10-10 16:58 --------- d-----w C:\Program Files\AllWebMenus4
2007-10-10 15:04 --------- d-s---w C:\Program Files\Common Files\Teknum Systems
2007-10-10 15:04 --------- d-----w C:\Program Files\3B Software
2007-10-10 13:54 --------- d-----w C:\Program Files\Java
2007-10-08 17:38 --------- d-----w C:\Program Files\Download Manager
2007-10-08 17:38 --------- d-----w C:\Program Files\BitLord
2007-10-08 17:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-08 16:57 --------- d-----w C:\Program Files\LimeWire Plus
2007-10-06 16:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-06 10:44 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-03 17:29 --------- d-----w C:\Program Files\Alcohol Soft
2007-10-02 21:16 --------- d-----w C:\Program Files\WinPcap
2007-10-02 15:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2007-10-02 15:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2007-09-29 11:45 --------- d-----w C:\Program Files\Windows Live
2007-09-29 11:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2007-09-25 17:09 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Xfire
2007-09-25 15:17 --------- d-----w C:\Program Files\Deskshare
2007-09-25 15:17 --------- d-----w C:\Program Files\Common Files\DeskShare Shared
2007-09-24 20:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee.com
2007-09-23 22:16 --------- d-----w C:\Program Files\Network Associates
2007-09-23 20:23 --------- d-s---w C:\Program Files\Xfire
2007-09-23 20:22 --------- d-----w C:\Program Files\GameSpy Arcade
2007-09-23 20:14 --------- d-----w C:\Program Files\Microprose
2007-09-23 17:34 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Grisoft
2007-09-23 16:40 --------- d-----w C:\Program Files\Trend Micro
2007-09-22 22:38 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Likno
2007-09-22 12:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2007-09-22 11:14 --------- d-----w C:\Program Files\PicoZipRT
2007-09-22 11:12 --------- d-----w C:\Program Files\Visual Zip Password Recovery Processor
2007-09-22 08:03 --------- d-----w C:\Program Files\Accolade
2007-09-21 14:57 --------- d-----w C:\Program Files\FDRLab
2007-09-21 14:53 --------- d-----w C:\Program Files\Passware
2007-09-20 18:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2007-09-20 17:26 --------- d-----w C:\Program Files\MegaSpoof
2007-09-20 17:09 --------- d-----w C:\Program Files\Visual IP Trace 2007
2007-09-07 12:29 --------- d-----w C:\Program Files\VstPlugins
2007-09-07 12:28 --------- d-----w C:\Program Files\Google
2007-09-07 12:27 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Skype
2007-09-06 15:16 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\CyberLink
2007-09-04 15:52 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-04 15:46 --------- d-----w C:\Program Files\HP Photosmart 11
2007-09-04 15:37 --------- d-----w C:\Program Files\CyberLink
2007-09-04 15:37 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2007-09-02 18:27 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-02 18:27 --------- d-----w C:\Program Files\Common Files\Real
2007-09-02 18:26 --------- d-----w C:\Program Files\Real
2007-09-01 14:37 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2007-09-01 12:58 --------- d-----w C:\Program Files\Magic NetTrace
2007-08-31 17:25 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Microsoft Web Folders
2007-08-31 11:32 --------- d-----w C:\Program Files\SpeedOptimizer
2007-08-31 11:32 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2007-08-31 11:32 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\SpeedBit
2007-08-31 11:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedBit
2007-08-31 11:31 --------- d-----w C:\Program Files\AskPBar
2007-08-30 17:01 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Thunderbird
2007-08-30 08:04 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-08-28 18:16 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-08-28 08:20 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\Vista Start Menu
2007-08-27 16:27 --------- d-----w C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Application Data\ATI
2007-08-27 16:18 --------- d-----w C:\Program Files\ATI Technologies
2007-08-27 16:13 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-08-27 08:48 --------- d-----w C:\Program Files\Fish Tycoon
2007-08-11 12:39 1,408,983 ----a-w C:\Wolfenstein.zip
2007-08-05 08:37 490 ---ha-w C:\os357577.bin
2005-02-09 10:09 4,733 ----a-r C:\Program Files\????_??.txt
2004-09-10 14:56 6,356 ----a-r C:\Program Files\Readme_EN.txt
2003-06-05 12:21 75 ----a-r C:\Program Files\??????????.url
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C-Media Mixer"="Mixer.exe" [2006-06-29 16:45 C:\WINDOWS\mixer.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-11 18:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-31 14:39]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-10-11 19:40]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2007-06-21 12:26]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-10-11 14:45]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" []
C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-10-21 14:11:13]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.s ys
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R3 ZD1211BU(WLAN);802.11g USB 2.0 Wireless LAN Driver (USB)(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211Bu.s ys
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S3 PCAlertDriver;PCAlertDriver;\??\C:\Program Files\MSI\FuzzyLogic4\NTGLM7X.sys
S3 RushTopDevice;RushTopDevice;\??\C:\Program Files\MSI\FuzzyLogic4\RushTop.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ce49369d-816e-11dc-9018-0011f680542d}]
AutoRun\command - E:\Autorun.exe
.
Inhoud van de 'Gedeelde Taken' map
"2007-08-23 10:13:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-25 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-21 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-21 08:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-10-21 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-21 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 16:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-26 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-25 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-25 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-25 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-25 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-23 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-23 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-23 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-23 03:00:00 C:\WINDOWS\Tasks\At6.job"
"2007-10-23 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-23 05:00:00 C:\WINDOWS\Tasks\At8.job"
"2007-10-19 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\XqUXpA6L.exe
"2007-10-27 17:18:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-10-06 16:46:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1191667557.job"
"2007-10-19 13:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
************************************************** ************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 19:15:32
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
************************************************** ************************
.
Voltooingstijd: 2007-10-27 19:19:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-24 18:40
C:\ComboFix2.txt ... 2007-06-24 18:41
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:35, on 27-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WLAN Technology Corporation\WLAN_802.11g_Utility\ZDWlan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmc.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gilardino.AJAXLOVE-20DC77\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: MS&N Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5213 bytes
BendeBoy 27 October 2007, 19:41 Geen logje van Dr.Web??
Download de SafeBoot Reparatietool (http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair-CF.exe) en sla het op je buraublad op.
Dubbelklik SafeBootKeyRepair.exe om de tool te starten.
Er wordt een log opgeslagen in C:\SafeBoot_Repair.txt.
Bewaar dit logje eventjes.
Open vervolgens een nieuw kladblok bestand.
Kopieer en plak daarin de onderstaande dik gedrukte blauwe tekst.
Ga naar 'Bestand' -> 'Opslaan als..' en sla het vervolgens op je bureaublad op als CFScript.txt.
File::
C:\WINDOWS\system32\XqUXpA6L.exe
C:\Program Files\????_??.txt
C:\Program Files\??????????.url
C:\WINDOWS\WLXPGSS.SCR
C:\WINDOWS\iun6002.exe
Driver::
NPF
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post na herstart de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw logje van HijackThis en het logje van C:\SafeBoot_Repair.txt
- Daniël :cool:
|
|