Mededeling

Collapse
No announcement yet.

Pc is traag + Hijack log

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Pc is traag + Hijack log

    Hoi

    Ik ben hier terechtgekomen dankzij een doorverwijzing op een muziek forum, waar ik een pc problemen topic geopend had.
    Ze zeiden me van mij Hijack log hier te plaatsen, dus dan doe ik dat ook even.
    Ik ken ERG weinig van PC's, dus ehm.. :P

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:31:34, on 15/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Netscape\Navigator 9\navigator.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [acdb8550] "RUNDLL32.EXE" w100c72b.dll,n 002b854e0000000a100c72b
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
    O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Gebruiker\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://ath6.looknmeet.com/agent/LNMAgentInstaller.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: asvdnmo - {3DA7CD56-24A0-4A94-92B7-9614D409FB5F} - C:\WINDOWS\asvdnmo.dll (file missing)
    O21 - SSODL: bgntlvo - {F3D4A0B5-3239-4C8C-BE61-96E7E9EB840A} - C:\WINDOWS\bgntlvo.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 9173 bytes


    Een hele boterham, ja. IK werk nu in safe modus, wat prima gaat.
    Nog een ander vraagje: is die SmitfraudFix ook een boosdoener?

  • #2
    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      Ok. IK zit nog steeds in safe modus. Schakel ik over op gewone modus? Of gaat het zo ook?

      Comment


      • #4
        Werkt volgens mij ook in safe mode, al is er volgens mij geen noodzaak om dit in safe mode te doen

        Comment


        • #5
          ComboFix 08-01-09.2 - Erszebet Bathory 2008-01-15 16:07:53.3 - NTFSx86
          Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.135 [GMT 1:00]
          Gestart vanuit: D:\Documents and Settings\Erszebet Bathory\Bureaublad\ComboFix.exe
          .

          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))
          .

          2008-01-15 15:53 . 2008-01-15 15:53 <DIR> d-------- C:\RVAXO
          2008-01-15 15:49 . 2008-01-15 01:24 607,707 --a------ C:\WINDOWS\system32\RVAXO.bat
          2008-01-15 15:49 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
          2008-01-15 15:49 . 2007-12-13 16:46 7,048 --a------ C:\WINDOWS\system32\fixp.bat
          2008-01-14 11:47 . 2008-01-14 11:50 <DIR> d-------- C:\Program Files\Network Associates
          2008-01-13 12:02 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
          2008-01-13 12:02 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
          2008-01-13 12:02 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
          2008-01-13 12:02 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
          2008-01-13 12:01 . 2008-01-13 12:01 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\Webroot
          2008-01-13 12:01 . 2008-01-13 12:01 <DIR> d----c--- D:\Documents and Settings\Erszebet Bathory\Application Data\PC Tools
          2008-01-13 12:01 . 2008-01-13 12:01 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Webroot
          2008-01-13 12:01 . 2008-01-13 12:01 <DIR> d-------- C:\Program Files\Webroot
          2008-01-13 12:01 . 2008-01-13 12:12 <DIR> d-------- C:\Program Files\Spyware Doctor
          2008-01-13 12:01 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
          2008-01-13 12:01 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
          2008-01-13 12:01 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
          2008-01-13 12:01 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
          2008-01-13 12:00 . 2008-01-13 12:00 <DIR> d----c--- D:\Documents and Settings\Erszebet Bathory\Application Data\Webroot
          2008-01-13 12:00 . 2008-01-13 12:00 <DIR> d-------- C:\Program Files\SpywareBlaster
          2008-01-13 12:00 . 2008-01-13 12:00 164 --a------ C:\install.dat
          2008-01-13 11:58 . 2008-01-13 11:58 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
          2008-01-13 11:58 . 2008-01-13 11:58 298,104 --a------ C:\WINDOWS\system32\imon.dll
          2008-01-13 11:58 . 2008-01-13 11:58 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
          2008-01-12 11:48 . 2008-01-12 11:48 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Prevx
          2008-01-12 11:36 . 2008-01-12 11:36 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
          2008-01-12 11:36 . 2008-01-15 15:55 <DIR> d-------- C:\Program Files\Hitman Pro
          2008-01-11 20:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-11 19:10 . 2008-01-11 19:10 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
          2008-01-11 19:09 . 2008-01-11 19:09 <DIR> d----c--- D:\Documents and Settings\Erszebet Bathory\Application Data\SUPERAntiSpyware.com
          2008-01-11 19:09 . 2008-01-14 13:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
          2008-01-11 19:03 . 2008-01-11 19:03 <DIR> d-------- C:\Program Files\Trend Micro
          2008-01-11 16:20 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
          2008-01-11 16:20 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
          2008-01-11 16:20 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
          2008-01-11 16:20 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
          2008-01-11 16:20 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
          2008-01-11 16:20 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
          2008-01-11 16:20 . 2008-01-11 16:20 3,630 --a------ C:\WINDOWS\system32\tmp.reg
          2007-12-22 13:41 . 2007-12-22 13:41 <DIR> d-------- D:\Documents and Settings\Gast\Application Data\Nero
          2007-12-21 23:25 . 2007-12-21 23:25 <DIR> d----c--- D:\Documents and Settings\Erszebet Bathory\Application Data\Nero
          2007-12-21 23:19 . 2007-12-21 23:19 <DIR> d----c--- D:\Documents and Settings\All Users\Application Data\Nero
          2007-12-21 23:19 . 2007-12-21 23:19 <DIR> d-------- C:\Program Files\Nero
          2007-12-21 23:19 . 2007-12-21 23:23 <DIR> d-------- C:\Program Files\Common Files\Nero
          2007-12-21 19:21 . 2007-12-21 19:24 <DIR> d----c--- D:\Documents and Settings\Erszebet Bathory\Application Data\DeepBurner Pro
          2007-12-20 14:53 . 2007-12-20 14:53 4,096 --a------ C:\WINDOWS\d3dx.dat
          2007-12-20 14:41 . 2007-12-20 14:41 <DIR> d-------- C:\Program Files\Project 3 Interactive
          2007-12-18 18:19 . 2008-01-15 00:08 <DIR> dr-h-c--- D:\Documents and Settings\Erszebet Bathory\Onlangs geopend
          2007-12-16 13:12 . 2007-12-16 13:12 <DIR> d----c--- D:\Documents and Settings\Erszebet Bathory\Application Data\Sonic

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-14 23:44 --------- d-----w C:\Program Files\Soulseek-Test
          2008-01-13 14:56 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
          2008-01-13 11:35 --------- dc--a-w D:\Documents and Settings\All Users\Application Data\TEMP
          2008-01-11 18:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
          2007-12-25 20:45 --------- d-----w C:\Program Files\DivX
          2007-12-20 14:49 --------- d-----w C:\Program Files\Diablo II
          2007-12-16 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
          2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
          2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
          2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
          2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
          2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
          2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
          2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
          2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
          2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
          2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
          2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
          2007-11-29 15:44 --------- d-----w D:\Documents and Settings\Gast\Application Data\Netscape
          2007-11-29 13:13 --------- dc----w D:\Documents and Settings\Erszebet Bathory\Application Data\Netscape
          2007-11-29 13:12 --------- d-----w C:\Program Files\Netscape
          2007-11-21 16:31 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
          2007-11-21 16:31 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
          2007-11-07 22:14 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
          2007-10-31 12:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
          .

          ((((((((((((((((((((((((((((( [email protected]_21.07.32.65 )))))))))))))))))))))))))))))))))))))))))
          .
          - 2007-11-02 10:43:03 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
          + 2008-01-13 11:03:20 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat
          - 2007-11-02 10:43:03 78,854 ----a-w C:\WINDOWS\system32\perfc013.dat
          + 2008-01-13 11:03:20 78,854 ----a-w C:\WINDOWS\system32\perfc013.dat
          - 2007-11-02 10:43:03 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
          + 2008-01-13 11:03:20 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat
          - 2007-11-02 10:43:03 467,028 ----a-w C:\WINDOWS\system32\perfh013.dat
          + 2008-01-13 11:03:20 467,028 ----a-w C:\WINDOWS\system32\perfh013.dat
          + 2007-03-01 19:23:34 10,240 ----a-w C:\WINDOWS\system32\ssiefr.EXE
          - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
          + 2008-01-03 18:47:58 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
          + 2007-03-01 19:24:12 233,024 ----a-w C:\WINDOWS\system32\WRLogonNtf.dll
          + 2007-03-01 19:24:10 26,688 ----a-w C:\WINDOWS\system32\wrlzma.dll
          + 2008-01-15 14:50:51 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4cc.dat
          + 2007-03-01 19:24:08 271,936 ----a-w C:\WINDOWS\WRUninstall.dll
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
          "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
          "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
          "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-19 15:03 190024]
          "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
          "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
          "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19 5728112]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
          "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168]
          "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 14:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
          "SoundMan"="SOUNDMAN.EXE" [2004-09-10 17:29 77824 C:\WINDOWS\SoundMan.exe]
          "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 10:20 2557952 C:\WINDOWS\ALCWZRD.EXE]
          "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
          "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43 90112]
          "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48 127118]
          "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952]
          "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
          "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-08 10:47 180269]
          "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-04-19 15:03 190024]
          "acdb8550"="RUNDLL32.exe" [2004-08-04 13:00 33792 C:\WINDOWS\system32\rundll32.exe]
          "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
          "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 13:17 188416]
          "MMTray"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe" [ ]
          "Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 08:34 192512]
          "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
          "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-08-29 13:20 77824]
          "LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-08-29 13:17 188416]
          "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
          "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
          "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
          "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

          D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
          Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 03:29:26]
          Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-08 00:51:59]
          Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
          "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

          R2 OTCPMS;OTCPMS;C:\WINDOWS\system32\drivers\OTCPMS.sys [1998-07-10 07:52]
          S2 OTCPMSC;OTCPMSC;C:\WINDOWS\system32\drivers\OTCPMSC.sys [1998-07-10 07:54]
          S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-16 04:41]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-08 15:19:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
          - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-15 16:10:17
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-15 16:11:38
          ComboFix-quarantined-files.txt 2008-01-15 15:11:33
          ComboFix2.txt 2008-01-11 20:07:51
          .
          2007-07-15 21:02:14 --- E O F ---

          Comment


          • #6
            Dit logje kon je niet vinden?: C:\RVAXO-results.log

            Comment


            • #7
              ---RVAXO.exe Updated: 2008-01-15---first run---
              Files found:
              C:\WINDOWS\smdat32m.sys
              C:\WINDOWS\fqwmwdn.exe
              C:\WINDOWS\system32\actskn45.ocx

              Uninstallers Rogue scanners:


              Folders Found:


              Hosts-file was reset, If you use a custom hosts file please replace it...

              --------------RVAXO.exe last run---------------

              Files found:

              D:\Documents and Settings\Erszebet Bathory\Mijn documenten\Mijn ontvangen bestanden\ff7_102.zip
              Folders Found:

              --------------RVAXO.exe finished----------------

              Comment


              • #8
                Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                Dit zal alles van RVAXO doen verwijderen.


                Je Java software is verouderd. oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
                Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:
                • Download Java Runtime Environment (JRE) 6u4.
                • Scroll omlaag naar : "Java Runtime Environment (JRE) 6u4".
                • Klik op de "Download" knop aan de rechterkant.
                • In het uitklapmenu rechts naast Platform, selecteer Windows
                • Vink aan: "I agree to the Java SE Runtime Environment 6 License Agreement", en klik op Continue.
                • De pagina zal herladen.
                • Klik op de jre-6u4-windows-i586-p.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
                • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
                • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
                • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
                • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
                • Herhaal dit tot alle oudere versies verdwenen zijn.
                • Na het verwijderen van alle oudere versies, herstart je pc.
                • Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Post als laatste nog een nieuw logje van Hijackthis ter controle

                Comment


                • #9
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 19:36:39, on 15/01/2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                  C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                  C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                  c:\APPS\HIDSERVICE\HIDSERVICE.exe
                  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\WINDOWS\ALCWZRD.EXE
                  C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
                  C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                  C:\Apps\Powercinema\PCMService.exe
                  C:\apps\ABoard\ABoard.exe
                  C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                  C:\Program Files\MessengerPlus! 3\MsgPlus.exe
                  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  C:\Program Files\Eset\nod32krn.exe
                  C:\Program Files\Belgacom\bin\sprtcmd.exe
                  C:\Program Files\Logitech\Video\LogiTray.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\apps\ABoard\AOSD.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  C:\WINDOWS\system32\SearchIndexer.exe
                  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                  C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                  c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\WINDOWS\system32\SearchProtocolHost.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
                  C:\Program Files\Netscape\Navigator 9\navigator.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll (file missing)
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
                  O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
                  O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                  O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                  O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
                  O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
                  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
                  O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
                  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
                  O4 - HKLM\..\Run: [acdb8550] "RUNDLL32.EXE" w100c72b.dll,n 002b854e0000000a100c72b
                  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                  O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
                  O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
                  O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                  O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
                  O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
                  O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
                  O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
                  O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                  O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                  O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Gebruiker\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
                  O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
                  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                  O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://ath6.looknmeet.com/agent/LNMAgentInstaller.cab
                  O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
                  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                  O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                  O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                  O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                  O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                  O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                  O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                  O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                  O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
                  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                  O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                  O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                  O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

                  --
                  End of file - 11657 bytes

                  Comment


                  • #10
                    Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
                    O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll (file missing)
                    O4 - HKLM\..\Run: [acdb8550] "RUNDLL32.EXE" w100c72b.dll,n 002b854e0000000a100c72b
                    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
                    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Gebruiker\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)

                    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

                    Voor de rest ziet het er weer prima uit

                    Comment


                    • #11
                      Okidoki

                      Ik krijg alleen nog zo een raar scherm als ik mijn NEtscape open(wat ingestelt is om te openen op Google, maar dat werkt niet meer). Maar ik zie eerst of het weggaat na die Hijack

                      tot zo!

                      Comment


                      • #12
                        De log na het verwijderen van wat je me gezegd hebt...

                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 22:08:07, on 15/01/2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.5730.0011)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\Ati2evxx.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\system32\Ati2evxx.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                        c:\APPS\HIDSERVICE\HIDSERVICE.exe
                        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\WINDOWS\ALCWZRD.EXE
                        C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
                        C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
                        C:\Apps\Powercinema\PCMService.exe
                        C:\apps\ABoard\ABoard.exe
                        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                        C:\Program Files\MessengerPlus! 3\MsgPlus.exe
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\Program Files\Eset\nod32krn.exe
                        C:\Program Files\Belgacom\bin\sprtcmd.exe
                        C:\Program Files\Logitech\Video\LogiTray.exe
                        C:\Program Files\iTunes\iTunesHelper.exe
                        C:\apps\ABoard\AOSD.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                        C:\Program Files\Messenger\msmsgs.exe
                        C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                        C:\WINDOWS\system32\SearchIndexer.exe
                        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\Program Files\iPod\bin\iPodService.exe
                        C:\Program Files\Windows Live\Messenger\usnsvc.exe
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
                        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                        O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
                        O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
                        O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAudPropShortcut.exe
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                        O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
                        O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
                        O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
                        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
                        O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
                        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
                        O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
                        O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                        O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
                        O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
                        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                        O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
                        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
                        O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
                        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
                        O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
                        O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                        O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
                        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
                        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
                        O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\benl.htm
                        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                        O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
                        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
                        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                        O16 - DPF: {C9A703E2-3145-11D8-813C-005022E14DE2} (Installer Class) - http://ath6.looknmeet.com/agent/LNMAgentInstaller.cab
                        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
                        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                        O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                        O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
                        O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
                        O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
                        O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
                        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                        O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                        O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

                        --
                        End of file - 11062 bytes

                        Comment


                        • #13
                          Logje ziet er weer prima uit

                          Comment


                          • #14
                            Dus dit kan als 'Opgelost' gemarkeert worden???
                            Dan moet ik eens in m'n bankrekening duiken, wil zeker doneren voor de hulp(een kleinigheidje, want ik ben werkzoekende)(zal voor begin volgende maand zijn dan!).

                            DANK U

                            Comment


                            • #15
                              Graag gedaan hoor

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X