Mededeling

Collapse
No announcement yet.

Virtumonde

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Virtumonde

    Goedendag,

    Tijdens het internetten verschijnen er reclame vensters. Als ik met spybot/Ad aware een scan doe en de problemen wil fixen lukt dit niet.

    Hierbij de hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:56:39, on 21-1-2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\DWRCS.EXE
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\System32\TpShocks.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\localadmin\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
    O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
    O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe" /IMGSTART
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
    O4 - HKLM\..\Run: [ec9ae888] rundll32.exe "C:\WINDOWS\System32\xlhkuean.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D26D246-A562-4C97-AD41-45EBB9E12382}: NameServer = 194.134.5.5,194.134.0.97
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    --
    End of file - 6987 bytes


    Bvd voor de oplossing.

    Greetzz
    Peter

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix (mirror) naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      VBG.TXT


      [01/21/2008, 20:03:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\localadmin\Desktop\VirtumundoBeGone.exe" )
      [01/21/2008, 20:03:44] - Detected System Information:
      [01/21/2008, 20:03:44] - Windows Version: 5.1.2600, Service Pack 1
      [01/21/2008, 20:03:44] - Current Username: localadmin (Admin)
      [01/21/2008, 20:03:44] - Windows is in NORMAL mode.
      [01/21/2008, 20:03:44] - Searching for Browser Helper Objects:
      [01/21/2008, 20:03:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [01/21/2008, 20:03:44] - BHO 2: {3F4EBF3D-41E6-4D5A-AEA0-A534C3C284CE} ()
      [01/21/2008, 20:03:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/21/2008, 20:03:44] - Checking for HKLM\...\Winlogon\Notify\wvwtr
      [01/21/2008, 20:03:44] - Key not found: HKLM\...\Winlogon\Notify\wvwtr, continuing.
      [01/21/2008, 20:03:44] - BHO 3: {492d74d7-bca9-4f11-b4ae-9c936dd3c4ec} ()
      [01/21/2008, 20:03:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/21/2008, 20:03:44] - Checking for HKLM\...\Winlogon\Notify\hsaiebhp
      [01/21/2008, 20:03:44] - Key not found: HKLM\...\Winlogon\Notify\hsaiebhp, continuing.
      [01/21/2008, 20:03:44] - BHO 4: {6CA0CE02-8E32-418B-ADE0-8922428050B2} ()
      [01/21/2008, 20:03:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [01/21/2008, 20:03:44] - Checking for HKLM\...\Winlogon\Notify\vtuss
      [01/21/2008, 20:03:44] - Key not found: HKLM\...\Winlogon\Notify\vtuss, continuing.
      [01/21/2008, 20:03:44] - Finished Searching Browser Helper Objects
      [01/21/2008, 20:03:44] - Finishing up...
      [01/21/2008, 20:03:44] - Nothing found! Exiting...


      RVAXO-results.log

      ---RVAXO.exe Updated: 2008-01-21---first run---
      Files found:
      C:\WINDOWS\system32\vtusqpo.dll.vir
      C:\WINDOWS\system32\rtwvw.bak1
      C:\WINDOWS\system32\ssutv.bak1
      C:\WINDOWS\system32\ssutv.bak2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\actskn45.ocx

      Uninstallers Rogue scanners:


      Folders Found:


      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      combofix.txt

      ComboFix 08-01-20.1 - localadmin 2008-01-21 20:08:51.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.232 [GMT 1:00]
      Running from: C:\Documents and Settings\localadmin\Desktop\ComboFix.exe
      * Created a new restore point

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\rtwvw.ini
      C:\WINDOWS\System32\wvwtr.dll

      ----- Unknown downloads made by BITS: ----
      http://ygsondheks.info
      http://sz3d03
      .
      ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
      .

      2008-01-21 20:10 . 2008-01-21 20:12 <DIR> d-------- C:\TEMP
      2008-01-21 20:05 . 2008-01-21 20:06 <DIR> d-------- C:\RVAXO
      2008-01-21 20:04 . 2008-01-21 14:57 618,191 --a------ C:\WINDOWS\system32\RVAXO.bat
      2008-01-21 20:04 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
      2008-01-21 15:55 . 2008-01-21 16:38 247 --a------ C:\WINDOWS\wininit.ini
      2008-01-21 11:43 . 2008-01-21 12:12 <DIR> d-------- C:\Program Files\Spyware Doctor
      2008-01-21 11:43 . 2008-01-21 11:43 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\PC Tools
      2008-01-21 11:43 . 2008-01-21 14:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-01-21 11:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
      2008-01-21 11:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
      2008-01-21 11:43 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
      2008-01-21 11:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
      2008-01-21 11:37 . 2008-01-21 11:37 164 --a------ C:\install.dat
      2008-01-21 07:59 . 2008-01-21 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
      2008-01-20 22:41 . 2008-01-21 08:30 1,073,421 --ahs---- C:\WINDOWS\system32\naeukhlx.ini
      2008-01-20 09:48 . 2008-01-21 08:40 105,663 --ahs---- C:\WINDOWS\system32\ssutv.ini
      2008-01-07 08:33 . 2008-01-07 08:33 <DIR> d-------- C:\Program Files\Microsoft.NET
      2007-12-24 14:27 . 2007-12-24 14:27 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\Talkback

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-21 15:41 --------- d-----w C:\Program Files\Hitman Pro
      2008-01-21 15:40 --------- d-----w C:\Documents and Settings\localadmin\Application Data\Lavasoft
      2008-01-21 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-01-21 06:07 1,286 ----a-w C:\sccfg.sys
      2008-01-14 20:55 56,808 ----a-w C:\Documents and Settings\localadmin\Application Data\GDIPFONTCACHEV1.DAT
      2007-12-02 15:35 --------- d-----w C:\Documents and Settings\localadmin\Application Data\Active Disk
      2007-11-22 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{492d74d7-bca9-4f11-b4ae-9c936dd3c4ec}]
      C:\WINDOWS\System32\hsaiebhp.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CA0CE02-8E32-418B-ADE0-8922428050B2}]
      C:\WINDOWS\System32\vtuss.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
      "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 13:00 13312]
      "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 09:52 1368064]
      "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 20:00 344064]
      "TpShocks"="TpShocks.exe" [2005-04-05 14:14 106496 C:\WINDOWS\system32\TpShocks.exe]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-08 10:17 110592]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-08 10:17 512000]
      "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39 147456]
      "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30 86016]
      "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55 32768]
      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 06:10 81990]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-04-07 02:12 135224]
      "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14 155648]
      "PDF3 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" [2005-04-29 01:58 106496]
      "ec9ae888"="C:\WINDOWS\System32\xlhkuean.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 13:00 13312]

      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
      Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoToolbarCustomize"= 0 (0x0)
      "NoBandCustomize"= 0 (0x0)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoToolbarCustomize"= 0 (0x0)
      "NoBandCustomize"= 0 (0x0)

      R0 ppa;Iomega Parallel Port Filter Driver;C:\WINDOWS\System32\DRIVERS\ppa.sys [2001-08-17 12:53]
      R0 Shockprf;Shockprf;C:\WINDOWS\System32\drivers\Shockprf.sys [2005-01-14 11:20]
      R1 ShockMgr;ShockMgr;C:\WINDOWS\System32\drivers\ShockMgr.sys [2004-05-14 11:59]
      S3 AT280x;Allied Telesyn AT-280x Ethernet;C:\WINDOWS\System32\DRIVERS\A28m5.SYS [2004-03-15 07:54]
      S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 12:02]

      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-21 20:13:18
      Windows 5.1.2600 Service Pack 1 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2008-01-21 20:14:13 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-01-21 19:14:03


      Hijack log

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:18:51, on 21-1-2008
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\ibmpmsvc.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SYSTEM32\DWRCS.EXE
      C:\PROGRA~1\Iomega\System32\AppServices.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\System32\TPHDEXLG.EXE
      C:\Program Files\Iomega\AutoDisk\ADService.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\WINDOWS\System32\TpShocks.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
      C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Documents and Settings\localadmin\Desktop\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: {ce4c3dd6-39c9-ea4b-11f4-9acb7d47d294} - {492d74d7-bca9-4f11-b4ae-9c936dd3c4ec} - C:\WINDOWS\System32\hsaiebhp.dll (file missing)
      O2 - BHO: (no name) - {6CA0CE02-8E32-418B-ADE0-8922428050B2} - C:\WINDOWS\System32\vtuss.dll (file missing)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
      O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
      O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
      O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
      O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
      O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe" /IMGSTART
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
      O4 - HKLM\..\Run: [ec9ae888] rundll32.exe "C:\WINDOWS\System32\xlhkuean.dll",b
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
      O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9D26D246-A562-4C97-AD41-45EBB9E12382}: NameServer = 194.134.5.5,194.134.0.97
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
      O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
      O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
      O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

      --
      End of file - 7371 bytes


      Ik weet niet of navolgende melding met hetzelfde probleem te maken heeft maar kon op het internet er al niks over vinden. Na het rebooten krijg ik devolgende melding:

      Error loading C:\Windows\System32\xlhkuean.dll
      The specified module could not be found.

      Thankzz

      Comment


      • #4
        Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
        Dit zal alles van RVAXO doen verwijderen.

        Download OTMoveIt.exe en plaats het op je bureaublad: OTMoveIt.exe
        Open OTMoveIt.exe.
        In het linkerpaneel, waar staat: "Paste List of Files/Folders to be Moved" ,kopieer en plak je onderstaand vetgedrukt tekst:

        C:\WINDOWS\system32\naeukhlx.ini
        C:\WINDOWS\system32\ssutv.ini


        Daarna klik je op de MoveIt knop onderaan.
        Wanneer het programma voltooid is zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in volgende map: C:\_OTMoveIt\MovedFiles\
        Kopieer en plak de inhoud van die log in je volgende post.

        Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
        O2 - BHO: {ce4c3dd6-39c9-ea4b-11f4-9acb7d47d294} - {492d74d7-bca9-4f11-b4ae-9c936dd3c4ec} - C:\WINDOWS\System32\hsaiebhp.dll (file missing)
        O2 - BHO: (no name) - {6CA0CE02-8E32-418B-ADE0-8922428050B2} - C:\WINDOWS\System32\vtuss.dll (file missing)
        O4 - HKLM\..\Run: [ec9ae888] rundll32.exe "C:\WINDOWS\System32\xlhkuean.dll",b
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

        Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

        Download ATF cleaner (mirror)(gemaakt door Atribune)

        Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

        Dubbelklik op ATF cleaner om het programma te starten.
        Op het tabblad "Main", plaats je een vinkje bij Select All.
        Klik op de knop Empty Selected.

        Het volgende doen als je ook FireFox als browser hebt:
        Klik op tabblad "Firefox", plaats een vinkje bij Select All.
        Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        (dit haalt het vinkje weer weg bij "Firefox saved passwords")
        Klik op de knop Empty Selected.

        Het volgende doen als je ook Opera als browser hebt:
        Klik op tabblad "Opera", plaats een vinkje bij Select All.
        Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
        Klik op de knop Empty Selected.
        Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

        Ga naar Start - Uitvoeren en geef hier het volgende in:
        Combofix /U
        Druk daarna op OK.
        Let op: Er moet een spatie tussen Combofix en /U zitten.

        Dit zal Combofix deïnstalleren.

        Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
        Kijk hier hoe je je systeemherstel moet uitschakelen.
        Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

        Post als laatste nog een nieuw logje van Hijackthis ter controle

        Comment


        • #5
          move it log:


          C:\WINDOWS\system32\naeukhlx.ini moved successfully.
          C:\WINDOWS\system32\ssutv.ini moved successfully.

          Created on 01-22-2008 07:18:03


          Hijack this log:

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 7:25:56, on 22-1-2008
          Platform: Windows XP SP1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\ibmpmsvc.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\SYSTEM32\DWRCS.EXE
          C:\PROGRA~1\Iomega\System32\AppServices.exe
          C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Network Associates\VirusScan\Mcshield.exe
          C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          C:\WINDOWS\System32\TPHDEXLG.EXE
          C:\Program Files\Iomega\AutoDisk\ADService.exe
          C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
          C:\WINDOWS\System32\TpShocks.exe
          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
          C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
          C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
          C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Documents and Settings\localadmin\Desktop\HiJackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
          O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
          O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
          O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
          O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
          O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
          O4 - HKLM\..\Run: [ADUserMon] "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe"
          O4 - HKLM\..\Run: [Iomega Drive Icons] "C:\Program Files\Iomega\DriveIcons\ImgIcon.exe"
          O4 - HKLM\..\Run: [Deskup] "C:\Program Files\Iomega\DriveIcons\deskup.exe" /IMGSTART
          O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
          O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
          O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
          O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
          O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
          O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{9D26D246-A562-4C97-AD41-45EBB9E12382}: NameServer = 194.134.5.5,194.134.0.97
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
          O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
          O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
          O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
          O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
          O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
          O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
          O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

          --
          End of file - 6957 bytes


          Thankzz

          Comment


          • #6
            Graag gedaan hoor, je logje ziet er ook weer prima uit

            Verwijder deze map:
            C:\_OTMoveIt\MovedFiles

            Dan denk ik dat we klaar zijn

            Comment


            • #7
              dank je voor de snelle reacties


              Greetzz
              Peter

              Comment


              • #8
                Graag gedaan hoor

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X