Volledige versie bekijken : weer spysweeper alarm: blokkering van internetschild.
atlantis 9 March 2008, 00:09 Zopas een scan gedaan met spybot, en bij het immuniseren heb ik spysweeper afgezet omdat de immunisatie blokkeerde bij 'domains'. De scan ermee was negatief, en dus net zoals altijd spybot ook even laten draaien, ook negatief. Bij het terug opstarten van Spysweeper krijg ik net zoals de vorige plots weer veelvuldige waarschuwingen van het internetschild dat tal van communicatiepogingen blokkeert: keratomirz.bis, loosmeda.mitor.net, matcash.com, linkautomatici.com,kithosting.com enz.....Er komen zo om de 5 sec waarschuwingen.
hieronder Hijacklogje:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:31, on 8/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\programmas\Ad-Aware SE Professional\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
d:\programmas\a-squared free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\programmas\Nod32\ekrn.exe
D:\programmas\EsetNod32\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SLEE81.exe
D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
D:\programmas\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\programmas\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\programmas\EsetNod32\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\programmas\Spy Sweeper\SpySweeperUI.exe
D:\programmas\Maxthon\Maxthon.exe
D:\programmas\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hoehel.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\programmas\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\programmas\EsetNod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] "D:\programmas\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Skype] "D:\programmas\SkypePhone\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\programmas\Officexp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\programmas\Officexp\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programmas\Ad-Aware SE Professional\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\programmas\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - D:\programmas\Nero\InCD\InCDsrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\programmas\EsetNod32\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\programmas\Spy Sweeper\SpySweeper.exe
--
End of file - 7080 bytes
atlantis 9 March 2008, 13:39 Daar de verschijnselen erg lijken op die van de vorige keer, heb ik het aangedurfd van de richtlijnen van de vorige keer te volgen en heb ik dus Combofix laten werken. Blijkbaar is het niet voldoende want de popus van Spysweeper komen nog, maar wel in mindere mate.
hieronder een nieuw logje van Hijack en het logje van Combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:21, on 9/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\programmas\Ad-Aware SE Professional\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
d:\programmas\a-squared free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\programmas\Nod32\ekrn.exe
D:\programmas\EsetNod32\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SLEE81.exe
D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
D:\programmas\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\programmas\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\programmas\EsetNod32\nod32kui.exe
D:\programmas\Spy Sweeper\SpySweeperUI.exe
D:\programmas\SkypePhone\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmas\SkypePhone\Plugin Manager\skypePM.exe
D:\programmas\Spy Sweeper\SSU.EXE
D:\programmas\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hoehel.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\programmas\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\programmas\EsetNod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpySweeper] D:\programmas\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Skype] "D:\programmas\SkypePhone\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\programmas\Officexp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\programmas\Officexp\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programmas\Ad-Aware SE Professional\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\programmas\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - D:\programmas\Nero\InCD\InCDsrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\programmas\EsetNod32\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\programmas\Spy Sweeper\SpySweeper.exe
--
End of file - 7233 bytes
Combofixlog:
ComboFix 08-03-08.2 - guido 2008-03-09 12:27:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1042 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\guido\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))
.
2008-03-09 10:20 . 2008-03-09 12:10 <DIR> dr-h----- C:\Documents and Settings\guido\Onlangs geopend
2008-03-05 19:24 . 2008-03-05 19:22 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-05 19:24 . 2008-03-05 19:22 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-05 19:24 . 2008-03-05 19:22 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-05 19:24 . 2008-03-05 19:24 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-03-03 18:33 . 2008-03-03 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-02-24 17:08 . 2008-02-24 17:08 <DIR> d-------- C:\Documents and Settings\guido\Application Data\FastStone
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-09 09:38 --------- d-----w C:\Documents and Settings\guido\Application Data\Skype
2008-03-09 08:06 805,306,368 --sha-w C:\Documents and Settings\Administrator\pagefile.sys
2008-03-09 08:06 1,610,141,696 --sha-w C:\Documents and Settings\Administrator\hiberfil.sys
2008-03-05 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-02-17 17:34 --------- d-----w C:\Documents and Settings\guido\Application Data\Steganos Security Suite 7
2008-02-15 19:36 13,465,105 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-15 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 12:32 2,720,768 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-11 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-10 08:46 4,807,680 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-07 20:06 --------- d-----w C:\Program Files\NCH Swift Sound
2008-02-07 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-07 20:02 --------- d-----w C:\Documents and Settings\guido\Application Data\NCH Swift Sound
2008-01-24 20:31 --------- d-----w C:\Documents and Settings\guido\Application Data\AdobeUM
2008-01-17 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-17 17:35 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2006-12-12 20:20 47,564 --sha-r C:\Documents and Settings\Administrator\NTDETECT.COM
2006-01-05 07:41 95,994 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_01_04_12_47_24_small.dmp.zip
2005-12-30 08:13 91,855 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_29_23_03_41_small.dmp.zip
2005-12-01 16:40 48,200 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_01_16_20_43_small.dmp.zi p
2005-12-01 16:40 43,571 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_12_01_16_21_01_small.dmp.zi p
2005-11-29 09:58 106,680 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_11_28_21_13_53_small.dmp.zip
2005-06-28 15:04 12,873,836 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_06_28_16_57_45.dmp.zip
2005-06-28 11:45 9,802,148 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_06_28_13_34_43.dmp.zip
2005-06-28 11:44 12,722,811 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_06_28_13_34_35.dmp.zip
2005-06-20 05:00 12,058,299 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_06_18_20_42_06.dmp.zip
2005-04-16 12:50 51,328 ----a-w C:\Documents and Settings\guido\Application Data\GDIPFONTCACHEV1.DAT
2004-12-20 15:53 11,753,371 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2004_12_20_13_23_30.dmp.zip
2004-09-23 13:04 0 --sha-r C:\Documents and Settings\Administrator\MSDOS.SYS
2004-09-23 13:04 0 --sha-r C:\Documents and Settings\Administrator\IO.SYS
2004-09-23 13:04 0 ----a-w C:\Documents and Settings\Administrator\CONFIG.SYS
2004-09-23 13:04 0 ----a-w C:\Documents and Settings\Administrator\AUTOEXEC.BAT
2001-09-07 12:00 4,952 --sha-r C:\Documents and Settings\Administrator\Bootfont.bin
2006-10-18 15:37 88 --sh--r C:\WINDOWS\system32\C138F94F4A.sys
2007-10-21 14:54 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="D:\programmas\SkypePhone\Phone\Skype.exe" [2007-09-13 12:31 22880040]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064]
"ZoneAlarm Client"="D:\programmas\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe" [2004-03-04 15:46 172032]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"nod32kui"="D:\programmas\EsetNod32\nod32kui.exe" [2008-03-05 19:22 949376]
"SpySweeper"="D:\programmas\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 01:03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system3
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^e-Backup 1.42 Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\e-Backup 1.42 Scheduler.lnk
backup=C:\WINDOWS\pss\e-Backup 1.42 Scheduler.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PC Alert 4.lnk]
backup=C:\WINDOWS\pss\PC Alert 4.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Scanner Finder.lnk]
backup=C:\WINDOWS\pss\Scanner Finder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^SOKO.lnk]
backup=C:\WINDOWS\pss\SOKO.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Telenet EasyCare.lnk]
backup=C:\WINDOWS\pss\Telenet EasyCare.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^guido^Menu Start^Programma's^Opstarten^Freecom Personal Media Suite.lnk]
backup=C:\WINDOWS\pss\Freecom Personal Media Suite.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Community Agent]
--a------ 2001-09-21 02:39 253952 D:\programmas\finereader5.0\CAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\programmas\Clonecd\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GCS]
D:\programmas\grabclipsave\GrabClipSave.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2005-01-04 14:17 1937408 D:\programmas\Nero\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-08-23 12:41 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
D:\programmas\skypefoon\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service]
C:\Program Files\Common Files\Teknum Systems\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"D:\\programmas\\SkypePhone\\Phone\\Skype.exe"=
R1 FSLX;FSLX;C:\WINDOWS\system32\drivers\fslx.sys [2006-05-17 18:19]
R2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];C:\WINDOWS\System32\drivers\SLEE81.sys [2004-07-19 17:32]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S3 CoolerXPDriver;CoolerXPDriver;D:\programmas\Pc Alert 4\NTCooler.sys []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\35C7.tmp []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9473817e-acc4-11dc-8730-0050babde466}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Inhoud van de 'Gedeelde Taken' map
"2008-03-03 16:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-02 21:13:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-05-17 20:13:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 12:31:24
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\M EMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\35C7.tmp"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\programmas\EsetNod32\pr_imon.dll
.
Voltooingstijd: 2008-03-09 12:32:04
.
2008-02-13 19:07:24 --- E O F ---
op voorhand bedankt!!
Juisterr 10 March 2008, 23:41 Download Java Runtime Environment (JRE) 6u5 (http://java.sun.com/javase/downloads/index.jsp).
Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update 5".
Klik op de "Download" knop aan de rechterkant.
Vink aan: "Accept License Agreement", en klik op Continue.
De pagina zal herladen.
Klik op de Windows Offline Installation, Multi-language link ONDER Windows Platform - Java SE Runtime Environment 6 Update 5 en bewaar het op je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.
Om Update Service van teknum uit te schakelen download je updatEnabler.exe: http://www.handybits.com/download.asp?product=updenabler
Start updEnabler.exe en kies daarna "Disable Update Service". Klik op "ok".
Start de computer opnieuw.
Start hijackthis en fix de O4 - HKCU\..\Run: [Update Service] update.exe
Download: RVAXO.exe (http://home.hetnet.nl/~stefsmeenk/RVAXO.exe)
Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
Je kunt het programma laten uitpakken naar je bureaublad.
Open nu de map RVAXO op je bureaublad en dubbelklik RVAXO.cmd
Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent.
Deze is eventueel ook hier te vinden: C:\RVAXO-results.log
Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.
Herstart je PC niet?
Laat RVAXO nog een keer lopen en post dan het nieuwe logje: C:\rvaxo-results.log
atlantis 11 March 2008, 15:41 goeie middag
this are the results for Atlantis :)
1.kon voorgestelde fix van 04....update niet uitvoeren: deze komt niet voor in de lijst. de enige die er staat is deze van adobe
heb er voor alle zekerheid maar het logje erbij gezet:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:35, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\programmas\Ad-Aware SE Professional\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
d:\programmas\a-squared free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\programmas\Nod32\ekrn.exe
D:\programmas\EsetNod32\nod32krn.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\SLEE81.exe
D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
D:\programmas\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\programmas\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\programmas\EsetNod32\nod32kui.exe
D:\programmas\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmas\hijackthis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hoehel.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\programmas\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\programmas\EsetNod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\programmas\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Skype] "D:\programmas\SkypePhone\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "D:\programmas\steganos seccurity suite\sss7.exe" -firstboot (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\programmas\Officexp\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\programmas\SkypePhone\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\programmas\Officexp\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - d:\programmas\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\programmas\Ad-Aware SE Professional\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\programmas\Nod32\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - D:\programmas\Nero\InCD\InCDsrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\programmas\EsetNod32\nod32krn.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE81.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\programmas\alcoholer120\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\programmas\Spy Sweeper\SpySweeper.exe
--
End of file - 7188 bytes
2. log van RVAXO:
---RVAXO.exe Updated: 2008-03-11---first run---
Uninstallers:
Files found:
Folders Found:
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Not deleted items:
--------------RVAXO.exe finished----------------
3. vraagje: de bestanden jre..., updater en rvaxo die op het bureaublad staan: mogen die gewoon in de vuilbak gedumpt worden?
tja, wat rest er me meer om nu al een welgemeende 'dankjewel' te roepen? Vraag me af hoe ik jullie eens goed kan bedanken......
tot hoors
Juisterr 11 March 2008, 20:43 Dankjewel is goed genoeg, je kan de tool terug verwijderen hoor.
Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.
atlantis 11 March 2008, 21:08 thanks
maak er nog een fijne avond van verder!!
|
|