PDA

Volledige versie bekijken : Spyware ontdekt



cool_boy_ke
9 april 2007, 16:23
Hey,
Na scan met AdAware en Spybot kwam ik een paar dingen tegen. Is alles nu weer ok ?

Logfile of HijackThis v1.99.1
Scan saved at 15:41:56, on 9/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Launchy\Launchy.exe
E:\Program Files\ATI Tray Tools\atitray.exe
E:\Program Files\internet explorer\iexplore.exe
E:\WINDOWS\system32\wuauclt.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
9 april 2007, 17:18
* Download en bewaar SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe)
op je bureaublad.

Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad. Herstart dan je pc in Veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm)


In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
Typ Y om het clean proces te starten.
het verwijderd alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.
Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw hijackthis logje.

cool_boy_ke
9 april 2007, 18:26
In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
Probleem : "The command prompt has been disabled by your administrator"
Opgelost met : http://windowsxp.mvps.org/disablecmd.htm
Probleem komt terug na reboot.
Probleem : In veilige modus komt er een venster maar het is direct weer weg. Het werkt wel in normale modus.
Typ Y om het clean proces te starten.
Er is geen Y als keuze voor het proces te starten ...

Jurgenv1
9 april 2007, 19:23
Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een Y in om het cleaningsprocess te starten.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt) Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

cool_boy_ke
9 april 2007, 20:48
"Unsupported operating system"
Ik draai Windows 2003

Jurgenv1
9 april 2007, 21:19
* Download en installeer AVG Anti-Spyware (http://www.ewido.net/en/download/).
Na de installatie, open AVG Anti-Spyware:
* onder "Status", klik op Change state naast "Resident shield". (wijzig van active naar inactive!)
* onder "Update", klik op de Start update knop.
* onder "Scanner", tab "Settings":- onder "How to act?", klik op "Recommended actions" en selecteer Quarantine. (ZEER BELANGRIJK!)
* onder "Reports", selecteer Automatically generate report after every scan en verwijder het vinkje bij Only if threats were found
Sluit AVG Anti-Spyware. Laat het nog niet scannen.

* Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
die je kan vinden op: http://users.pandora.be/marcvn/spyware/1414188.htm
Download link van Ad-aware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php

* Start je computer op in VEILIGE MODUS (http://users.pandora.be/marcvn/spyware/1378056.htm)


* Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

* Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

* Start AVG Anti-Spyware.* Klik op Scan en kies Complete System Scan.
Na de scan; volg onderstaande instructies :
BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt !
* Draag er zorg voor dat Set all elements to: op Quarantine staat (1),
zoniet klik op de link en kies Quarantine in de popup menu. (2)
(Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !)
* Onderaan het venster klik op de Apply all Actions knop. (3)
http://home.scarlet.be/~topalex/ewidoscan.jpg
* Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop Save Report.

* Herstart je computer in normale modus.

* Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (by Atribune)

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Gebruik je ook Firefox als browser:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit verwijdert het vinkje bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Gebruik je ook Opera als browser:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

* Post dan een nieuw hijackthis logje hier met het rapport van AVG antispyware en het rapport van smitrem: C:\smitfiles.txt.

cool_boy_ke
11 april 2007, 14:38
Sorry voor de late reply, ben een tijdje niet op PC geweest


Plaats hier de items die gefixt moeten worden in HJT, en verwijder al de bestanden die niet bij
smitfraud horen.
Ik denk dat je dit hiet nog moet invullen ?

Jurgenv1
11 april 2007, 16:01
Sorry voor de late reply, ben een tijdje niet op PC geweest


Ik denk dat je dit hiet nog moet invullen ?

Copy/paste fout, gewoon negeren, het mijn post al aangepast. :)

Jurgenv1
11 april 2007, 17:03
Download smitRem.exe (http://www.downloads.subratam.org/smitRem.exe) en sla dit op op het Bureaublad.
Dubbelklik op het bestand en pak het uit naar zijn eigen map op het Bureaublad.

Nu kan je wel verder.

cool_boy_ke
12 april 2007, 12:09
Hijack This Logje

Logfile of HijackThis v1.99.1
Scan saved at 12:08:56, on 12/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Launchy\Launchy.exe
E:\Program Files\ATI Tray Tools\atitray.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\sessmgr.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\svchost.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Smitfiles logje


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows [Version 5.2.3790]
"IE"="6.0000"
The current date is: do 12/04/2007
The current time is: 9:02:39,53

Running from
E:\Documents and Settings\Server2003\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"DesktopHeapLogging"=dword:00000001

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 884 'explorer.exe'
Killing PID 884 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C 2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461E F-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN! :)


AVG logje

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:01:56 12/04/2007

+ Scan result:



C:\Program Files\Amazing CD & DVD Burner\Partner\NPSSoftware_WhenUSaveNow_InstallerI nst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
E:\WINDOWS\system32\cjpg.dll -> Backdoor.Cia.121 : Cleaned with backup (quarantined).
E:\WINDOWS\system32\Cpass.dll -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
E:\WINDOWS\system32\wsock32.sys -> Backdoor.Ciadoor.13 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{C6B55DC5-B027-4852-A1AE-59D9C9812945}\RP18\A0006650.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
E:\WINDOWS\system32\dial32.com -> Not-A-Virus.PSWTool.Win32.Dialupass.a : Cleaned with backup (quarantined).
E:\WINDOWS\system32\c0mmand.com -> Not-A-Virus.PSWTool.Win32.PassView.160 : Cleaned with backup (quarantined).
:mozilla.64:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.61:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
E:\Documents and Settings\Server2003\Cookies\server2003@ad1.clickhy pe[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.192:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.194:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.195:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.196:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.197:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.118:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.121:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.627:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.628:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.283:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.284:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.285:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.659:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.548:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.549:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.671:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.672:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.108:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.109:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.110:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.326:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.329:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.126:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.167:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.169:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.170:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
E:\Documents and Settings\Server2003\Cookies\server2003@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.158:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.104:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.30:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
E:\Documents and Settings\Server2003\Cookies\server2003@ads.planeta ctive[1].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.62:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.63:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.106:C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.249:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.920:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.921:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.39:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.34:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.36:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.38:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.846:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.51:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.882:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.883:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.884:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.885:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.886:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.78:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.970:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
E:\Documents and Settings\Server2003\Cookies\server2003@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.152:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.902:E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.70:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
HKU\S-1-5-21-714750180-1574125472-2438903715-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Cleaned with backup (quarantined).


::Report end

Jurgenv1
12 april 2007, 14:18
* Download en bewaar SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe)
op je bureaublad.

Dubbelklik op SDFix.exe en kies voor Install om het tooltje uit te pakken in een eigen map op je bureaubad. Herstart dan je pc in Veilige modus (http://users.pandora.be/marcvn/spyware/1378056.htm)


In veilige modus, open de SDFix map op je bureaublad en dubbelklik op RunThis.bat om het tooltje te starten.
Typ Y om het clean proces te starten.
het verwijderd alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding Finished tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam Report.txt.
Kopieer en plak nu de inhoud van dat rapportje hier met een nieuw hijackthis logje.

Kan je deze stap nog eens opnieuw proberen uit te voeren?

cool_boy_ke
13 april 2007, 11:54
Ik run RunThis.bat :
"The command prompt has been disabled by your administrator"
Ik fix dat (REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f)
Ik run RunThis.bat :
Ik zie een zwart DOS vensterke dat direct ook weer verdwijnt.

:(

Jurgenv1
13 april 2007, 16:56
* Download Dr.Web CureIt naar je bureaublad:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Dubbelklik drweb-cureit.exe en sta het toe om de express scan te starten.
Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
Eenmaal de korte scan is beeïndigd, Klik Options > Change Settings
Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
Klik daarna de groene pijl rechts om de scan te starten.
Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: Move incurable zoals je zal zien in volgende afbeelding:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik file en kies save report list. Bewaar de log op je bureaublad.
Sluit daarna Dr.Web Cureit.
Herstart je computer!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post met een nieuw hijackthis logje.

cool_boy_ke
13 april 2007, 23:07
Bij de korte scan was mIRC.exe het enigste resultaat. Ik heb mIRC uit gedaan en in Dr.Web het geMoved. Dan kan ik het later nog altijd terug zetten.

Tijdens full scan :
VNCHooks.dll en WinVNC.exe => Beide dienen voor TightVNC
Process.exe => Uit folder kan ik afleiden dat het van SDFix en SmitRem komt
pv.exe => Komt van XAMPP

Hier volgen de logjes :

mirc.exe;f:\mirc;Program.mIRC.617;Incurable.Moved. ;
VNCHooks.dll;C:\Program Files\TightVNC;Program.RemoteAdmin;Incurable.Moved .;
WinVNC.exe;C:\Program Files\TightVNC;Program.RemoteAdmin;Incurable.Moved .;
Process.exe;E:\Documents and Settings\Server2003\Desktop\SDFix\apps;Tool.Procki ll;Incurable.Moved.;
Process.exe;E:\Documents and Settings\Server2003\Desktop\smitRem;Tool.Prockill; Incurable.Moved.;
VNCHooks.dll;E:\Program Files\TightVNC;Program.RemoteAdmin;Incurable.Moved .;
WinVNC.exe;E:\Program Files\TightVNC;Program.RemoteAdmin;Incurable.Moved .;
pv.exe;E:\Program Files\XAMPP\xampp\apache\bin;Program.PrcView.3725; Incurable.Moved.;
pskill.exe;E:\WINDOWS\system32;Tool.Prockill;Incur able.Moved.;
wsock32.sys;E:\WINDOWS\system32;Trojan.KeyLogger.8 9;Deleted.;




Logfile of HijackThis v1.99.1
Scan saved at 23:08:05, on 13/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Launchy\Launchy.exe
E:\Program Files\ATI Tray Tools\atitray.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\svchost.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
14 april 2007, 00:36
E:\WINDOWS\system32\scvhost.exe

Ga naar http://www.virustotal.com/en/indexf.html en upload het volgend bestandje:

E:\WINDOWS\system32\scvhost.exe (Let op voor de spelling, het is niet svchost.exe maar wel scvhost.exe)

Post het rapport ervan hier met een nieuw hijackthis logje.

cool_boy_ke
14 april 2007, 10:00
Antivirus Version Update Result
AhnLab-V3 2007.4.14.0 04.13.2007 no virus found
AntiVir 7.3.1.50 04.13.2007 BDS/Ciadoor.13
Authentium 4.93.8 04.14.2007 no virus found
Avast 4.7.936.0 04.13.2007 Win32:Ciadoor-024
AVG 7.5.0.447 04.13.2007 BackDoor.Generic5.XWA
BitDefender 7.2 04.14.2007 MemScan:Backdoor.Ciadoor.13
CAT-QuickHeal 9.00 04.13.2007 no virus found
ClamAV devel-20070312 04.13.2007 no virus found
DrWeb 4.33 04.14.2007 no virus found
eSafe 7.0.15.0 04.12.2007 no virus found
eTrust-Vet 30.7.3567 04.14.2007 no virus found
Ewido 4.0 04.14.2007 no virus found
FileAdvisor 1 04.14.2007 no virus found
Fortinet 2.85.0.0 04.14.2007 suspicious
F-Prot 4.3.2.48 04.13.2007 no virus found
F-Secure 6.70.13030.0 04.13.2007 W32/Smalldoor.AKVT
Ikarus T3.1.1.5 04.14.2007 Backdoor.Win32.Ciadoor.13
Kaspersky 4.0.2.24 04.14.2007 no virus found
McAfee 5009 04.13.2007 BackDoor-ASB
Microsoft 1.2405 04.14.2007 no virus found
NOD32v2 2187 04.13.2007 no virus found
Norman 5.80.02 04.12.2007 W32/Smalldoor.AKVT
Panda 9.0.0.4 04.14.2007 no virus found
Prevx1 V2 04.14.2007 no virus found
Sophos 4.16.0 04.12.2007 no virus found
Sunbelt 2.2.907.0 04.14.2007 Backdoor.Ciadoor
Symantec 10 04.14.2007 no virus found
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.3 04.13.2007 no virus found
VirusBuster 4.3.7:9 04.13.2007 no virus found
Webwasher-Gateway 6.0.1 04.13.2007 Trojan.Ciadoor.13 (http://img80.imageshack.us/img80/7015/untitledik1.png)

Aditional Information
File size: 1275068 bytes
MD5: 4421dd69add99cb8cb8c2bf26f9ef6d1
SHA1: 0ab6a1ebc541d733152220714582d3f55c1fa1fb
packers: Themida

Logfile of HijackThis v1.99.1
Scan saved at 10:01:34, on 14/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Launchy\Launchy.exe
E:\Program Files\ATI Tray Tools\atitray.exe
E:\WINDOWS\System32\svchost.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
14 april 2007, 14:15
Download OTMoveIt.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) en plaats het op je bureaublad:

Start OTMoveIt door dubbel te klikken op OTMoveIt.exe
In het linkerpaneel, waar het zegt: Paste List of Files/Folders to be Moved ,kopieer en plak je onderstaand gedeelte:

E:\WINDOWS\system32\scvhost.exe

Klik daarna op de knop MoveIt onderaan.
Wanneer voltooid zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in de volgende map: C:\_OTMoveIt\MovedFiles.
Post de inhoud daarvan in je volgende bericht met een nieuw hijackthis log.

cool_boy_ke
14 april 2007, 14:51
E:\WINDOWS\system32\scvhost.exe moved successfully.

Created on 04/14/2007 14:51:48

Logfile of HijackThis v1.99.1
Scan saved at 14:52:29, on 14/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Launchy\Launchy.exe
E:\Program Files\ATI Tray Tools\atitray.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\ISP Monitor\isp.exe
E:\WINDOWS\system32\rundll32.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: load=E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
14 april 2007, 15:20
* Open hijackthis en vink volgende regels aan:

F3 - REG:win.ini: load=E:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=E:\WINDOWS\system32\scvhost.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] E:\WINDOWS\system32\scvhost.exe

* Sluit dan alle vensters behalve hijackthis en klik op 'fix checked'

* Doe een online scan via Panda's online virus scan (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) en bewaar het rapport dat je krijgt na het scannen en post die hier met een nieuw hijackthis logje.

cool_boy_ke
14 april 2007, 18:13
Incident Status Location

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[searchportal.information.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[.metriweb.be/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[.xiti.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[.go.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[.bravenet.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[.versiontracker.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\MiguelFP\Application Data\Mozilla\Firefox\Profiles\xu4b3v3g.default\coo kies.txt[.gostats.com/]
Hacktool:HackTool/NetCat.A Not disinfected C:\Documents and Settings\MiguelFP\Desktop\freesco-037.exe[date-w32.zip][netcat.exe]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\MiguelFP\Desktop\Server2003\Application Data\Mozilla\Firefox\Profiles\00gjwolf.default\coo kies.txt[.metriweb.be/]
Spyware:Cookie/MetriWeb Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.metriweb.be/]
Spyware:Cookie/Statcounter Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.statcounter.com/]
Spyware:Cookie/Hitbox Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.hitbox.com/]
Spyware:Cookie/Doubleclick Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.doubleclick.net/]
Spyware:Cookie/QkSrv Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.apmebf.com/]
Spyware:Cookie/Yadro Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.yadro.ru/]
Spyware:Cookie/2o7 Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.2o7.net/]
Spyware:Cookie/HotLog Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.hotlog.ru/]
Spyware:Cookie/Hitslink Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[counter.hitslink.com/]
Spyware:Cookie/Tribalfusion Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.tribalfusion.com/]
Spyware:Cookie/Atwola Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.atwola.com/]
Spyware:Cookie/Adtech Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.adtech.de/]
Spyware:Cookie/Mediaplex Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.advertising.com/]
Spyware:Cookie/Xiti Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.xiti.com/]
Spyware:Cookie/360i Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.ct.360i.com/]
Spyware:Cookie/Go Not disinfected E:\Documents and Settings\Server2003\Application Data\Mozilla\Firefox\Profiles\1ur34u5z.default\coo kies.txt[.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected E:\Documents and Settings\Server2003\Cookies\server2003@atdmt[2].txt
Potentially unwanted tool:Application/Processor Not disinfected E:\Documents and Settings\Server2003\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\Documents and Settings\Server2003\Desktop\smitRem(2).exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\Documents and Settings\Server2003\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected E:\Documents and Settings\Server2003\DoctorWeb\Quarantine\Process.e xe
Potentially unwanted tool:Application/Processor Not disinfected E:\Documents and Settings\Server2003\DoctorWeb\Quarantine\Process0. exe
Potentially unwanted tool:Application/Pskill.E Not disinfected E:\Documents and Settings\Server2003\DoctorWeb\Quarantine\pskill.ex e
Potentially unwanted tool:Application/Processor Not disinfected E:\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/HideWindow.S Not disinfected E:\WINDOWS\system32\cmdow.exe
Virus:Bck/Ciadoor.X Disinfected E:\WINDOWS\system32\wsock32.sys






Logfile of HijackThis v1.99.1
Scan saved at 18:14:37, on 14/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\Launchy\Launchy.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
14 april 2007, 18:16
Deze moet je nog fixen in hijackthis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

voor de rest ziet het er goe duit, hoe werkt alles verder?

cool_boy_ke
14 april 2007, 18:18
Ik denk dat het weg is, ik kan nu ook weer normaal cmd gebruiken. Bedankt voor de hulp !

Logfile of HijackThis v1.99.1
Scan saved at 18:19:05, on 14/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\Launchy\Launchy.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
14 april 2007, 18:21
Kan je deze regel nog eens fixen in hijackthis en een nieuw logje posten daarna?

F2 - REGystem.ini: Shell=Explorer.exe E:\WINDOWS\system32\scvhost.exe

cool_boy_ke
14 april 2007, 19:57
Mag ik
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)
ook weg doen ? Da's nog van vroeger :)

Logfile of HijackThis v1.99.1
Scan saved at 19:59:24, on 14/04/2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 SP1 (7.00.5730.0011)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\FolderSize\FolderSizeSvc.exe
E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.exe
E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
E:\Program Files\Launchy\Launchy.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\ATI Tray Tools\atitray.exe
E:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: ATI Tray Tools.lnk = E:\Program Files\ATI Tray Tools\atitray.exe
O4 - Global Startup: Launchy.lnk = E:\Program Files\Launchy\Launchy.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174582511546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - E:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - E:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISP Monitor (ISPMonitorSrv) - How2 Studios - E:\Program Files\ISP Monitor\ISPMonitorSrv.exe
O23 - Service: MySql - Unknown owner - E:/Program Files/XAMPP/xampp/xampp/mysql/bin/mysqld-nt.exe (file missing)

Jurgenv1
14 april 2007, 20:11
Ja dat mag. :)