P
PoLLe BV
Gast
Beste lezers,
Mijn laptop (windows 2000 service pack 4) is geinfecteerd met een backdoor spabot. Deze trojan.backdoor.spabot probeert constant (spam) e-mails te verzenden via mijn computer.
Ik heb outbound email geblockt via spysweeper, daarnaast mijn computer gescand (in normale start up en in veilige modus) met spysweeper en deze vindt de backdoor spabot.
Als ik deze in quarantaine zet en verwijder, blijven de waarschuwingen dat een application emails probeert te verzenden doorgaan / terugkomen.
De locatie van de spabot:
HKLM\software\microsoft\nvchost\||test
Daarnaast heb ik gezocht via 'search' (startmenu) op "Trojan.Spabot" en hier wordt de volgende file gevonden:
C:\documents and settings\administrator\local settings\application data\
mozilla\firefox\profiles\691mxuhc.default\cache
Nu is mijn vraag:
hoe kan ik deze spabot verwijderen uit het register?
en hoe maak ik een kopie van het register als ik dit ga doen?
bij voorbaat hartelijk dank!
hieronder mijn logfile:
------------------------------------------------------------------------------
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:54 PM, on 9/30/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Boot mode: Normal
Running processes:
c:\winnt\system32\smss.exe
c:\winnt\system32\winlogon.exe
c:\winnt\system32\services.exe
c:\winnt\system32\lsass.exe
c:\winnt\system32\s24evmon.exe
c:\winnt\system32\svchost.exe
c:\winnt\system32\svchost.exe
c:\winnt\system32\spoolsv.exe
c:\program files\lavasoft\ad-aware\aawservice.exe
c:\program files\network associates\virusscan\avsynmgr.exe
c:\winnt\system32\hidserv.exe
c:\winnt\system32\nalntsrv.exe
c:\winnt\system32\regsrvc.exe
c:\winnt\system32\roammgr.exe
c:\winnt\system32\mstask.exe
c:\program files\network associates\virusscan\vsstat.exe
c:\winnt\system32\slserv.exe
c:\program files\webroot\desktop firewall\wdfsvc.exe
c:\program files\webroot\spy sweeper\spysweeper.exe
c:\program files\network associates\virusscan\avconsol.exe
c:\winnt\system32\wbem\winmgmt.exe
c:\program files\network associates\virusscan\webscanx.exe
c:\winnt\system32\svchost.exe
c:\program files\webroot\washer\washersvc.exe
c:\winnt\system32\wm.exe
c:\winnt\system32\zcfgsvc.exe
c:\winnt\explorer.exe
c:\winnt\system32\naldesk.exe
c:\winnt\system32\nwtray.exe
c:\winnt\system32\sistray.exe
c:\winnt\system32\4mtcsb.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\winnt\system32\iprntlgn.exe
c:\program files\webroot\desktop firewall\wdf.exe
c:\winnt\system32\hkcmd.exe
c:\winnt\system32\igfxpers.exe
c:\program files\common files\pcsuite\services\servicelayer.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
f3 - reg:win.ini: load=naldesk.exe
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll (file missing)
o2 - bho: threeships iehelper - {17fdb9f8-dcc4-4f6a-ae07-b16018a48469} - c:\program files\common files\threeships shared\dll\threeshipsiehelper.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll (file missing)
o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll (file missing)
o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll (file missing)
o3 - toolbar: @msdxmlc.dll,-1@1033,&radio - {8e718888-423f-11d2-876e-00a0c9082467} - c:\winnt\system32\msdxm.ocx
o4 - hklm\..\run: [nwtray] nwtray.exe
o4 - hklm\..\run: [sis tray] c:\winnt\system32\sistray.exe
o4 - hklm\..\run: [sis khooker] c:\winnt\system32\khooker.exe
o4 - hklm\..\run: [4mtcsb] c:\winnt\system32\4mtcsb.exe
o4 - hklm\..\run: [esb] c:\winnt\system32\esb.exe
o4 - hklm\..\run: [pronomgr.exe] c:\program files\intel\ncs\proset\pronomgr.exe
o4 - hklm\..\run: [pcsuitetrayapplication] c:\progra~1\nokia\nokiap~1\launch~1.exe -startup
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
o4 - hklm\..\run: [iprint tray] c:\winnt\system32\iprntctl.exe tray_icon
o4 - hklm\..\run: [iprint event monitor] c:\winnt\system32\iprntlgn.exe
o4 - hklm\..\run: [webroot desktop firewall] c:\program files\webroot\desktop firewall\wdf.exe
o4 - hklm\..\run: [babylon client] c:\program files\babylon\babylon-pro\babylon.exe -autostart
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [igfxtray] c:\winnt\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\winnt\system32\igfxpers.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hkcu\..\run: [daemon tools lite] c:\program files\daemon tools lite\daemon.exe -autorun
o4 - hkus\.default\..\run: [internat.exe] internat.exe (user 'default user')
o4 - hkus\.default\..\runonce: [^setupicwdesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop (user 'default user')
o4 - global startup: intervideo wincinema manager.lnk = c:\program files\intervideo\common\bin\wincinemamgr.exe
o6 - hkcu\software\policies\microsoft\internet explorer\restrictions present
o8 - extra context menu item: translate with &babylon - res://c:\program files\babylon\babylon-pro\utils\babyloniepi.dll/translate.htm
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o9 - extra button: related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\winnt\web\related.htm
o9 - extra 'tools' menuitem: show &related links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\winnt\web\related.htm
o10 - unknown file in winsock lsp: c:\winnt\system32\nwprovau.dll
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - [noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse]
o16 - dpf: {5c051655-fcd5-4969-9182-770ea5aa5565} (solitaire showdown class) - [noparse]http://messenger.zone.msn.com/binary/solitaireshowdown.cab56986.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1178008080146[/noparse]
o16 - dpf: {6e5e167b-1566-4316-b27f-0ddab3484cf7} (image uploader control) - [noparse]http://cache.hyvz.com/statics/aurigma/imageuploader4.cab[/noparse]
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (msn games - installer) - [noparse]http://messenger.zone.msn.com/binary/zintro.cab56649.cab[/noparse]
o16 - dpf: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared scanner) - [noparse]http://ax.emsisoft.com/asquared.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {cebc955e-58af-11d2-a30a-00a0c903492b} -
o16 - dpf: {e6187999-9fec-46a1-a20f-f4ca977d5643} (zonechess object) - [noparse]http://messenger.zone.msn.com/binary/chess.cab57176.cab[/noparse]
o17 - hklm\system\ccs\services\tcpip\..\{b03f2007-0dd4-4eea-ac86-cfcb596699e8}: nameserver = 194.171.191.210
o17 - hklm\system\ccs\services\tcpip\..\{de7ab691-2651-451e-9a1f-a1e6c891f066}: nameserver = 194.171.191.210
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg8\avgpp.dll (file missing)
o23 - service: lavasoft ad-aware service (aawservice) - lavasoft - c:\program files\lavasoft\ad-aware\aawservice.exe
o23 - service: avsync manager (avsynmgr) - unknown owner - c:\program files\network associates\virusscan\avsynmgr.exe
o23 - service: logical disk manager administrative service (dmadmin) - veritas software corp. - c:\winnt\system32\dmadmin.exe
o23 - service: google updater service (gusvc) - unknown owner - c:\program files\google\common\google updater\googleupdaterservice.exe (file missing)
o23 - service: mcshield - unknown owner - c:\program files\common files\network associates\mcshield\mcshield.exe
o23 - service: novell application launcher (nalntservice) - novell, inc. - c:\winnt\system32\nalntsrv.exe
o23 - service: intel ncs netservice (netsvc) - intel(r) corporation - c:\program files\intel\ncs\sync\netsvc.exe
o23 - service: regsrvc - intel corporation - c:\winnt\system32\regsrvc.exe
o23 - service: roammgr - intel corporation - c:\winnt\system32\roammgr.exe
o23 - service: spectrum24 event monitor (s24eventmonitor) - intel corporation - c:\winnt\system32\s24evmon.exe
o23 - service: servicelayer - nokia. - c:\program files\common files\pcsuite\services\servicelayer.exe
o23 - service: smartlinkservice (slservice) - - c:\winnt\system32\slserv.exe
o23 - service: webroot desktop firewall network service (wdfnet) - webroot software, inc. - c:\program files\webroot\desktop firewall\wdfsvc.exe
o23 - service: webroot spy sweeper engine (webrootspysweeperservice) - webroot software, inc. - c:\program files\webroot\spy sweeper\spysweeper.exe
o23 - service: novell workstation manager (wm) - novell, inc. - c:\winnt\system32\wm.exe
o23 - service: windows tracks washer registry service (wtwservice) - unknown owner - c:\program files\internet tracks washer\washservice.exe (file missing)
o23 - service: wusb54gcsvc - gemteks - c:\program files\compact wireless-g usb adapter wireless network monitor\wlservice.exe
o23 - service: window washer engine (wwenginesvc) - webroot software, inc. - c:\program files\webroot\washer\washersvc.exe
--
end of file - 8833 bytes
[/hjt]
-------------------------------------------------------------------------------------
en uninstall .log:
Ad-Aware
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Alcatech BPM Studio Professional v4.9.1
AnalogX Virtual Piano
Azureus Vuze
Babylon
Borland Database Engine
CCleaner (remove only)
Compact Wireless-G USB Adapter
Easy Start Button
foobar2000 v0.9.4.3
Full Tilt Poker
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HSP56 MR Drivers
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LimeWire 4.16.6
Macromedia Shockwave Player
McAfee VirusScan
Microsoft Office 97, Professional Edition
Microsoft Office Live Meeting 2005
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSN Messenger 7.0
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Novell iPrint Client v04.26.00
PianoFX STUDIO 4.0
PokerStars
QuickTime
SiS 650
Smart Link 56K Modem
Spy Sweeper
Spybot - Search & Destroy
Three Ships Browser Plugin
TVAnts 1.0
Update Rollup 1 for Windows 2000 SP4
Webroot Desktop Firewall
Winamp
Window Washer
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer 3.1 (KB893803)
Windows Media Player system update (9 Series)
WinRAR
WinZip 11.1
------------------------------------------------------------------------------------------
Mijn laptop (windows 2000 service pack 4) is geinfecteerd met een backdoor spabot. Deze trojan.backdoor.spabot probeert constant (spam) e-mails te verzenden via mijn computer.
Ik heb outbound email geblockt via spysweeper, daarnaast mijn computer gescand (in normale start up en in veilige modus) met spysweeper en deze vindt de backdoor spabot.
Als ik deze in quarantaine zet en verwijder, blijven de waarschuwingen dat een application emails probeert te verzenden doorgaan / terugkomen.
De locatie van de spabot:
HKLM\software\microsoft\nvchost\||test
Daarnaast heb ik gezocht via 'search' (startmenu) op "Trojan.Spabot" en hier wordt de volgende file gevonden:
C:\documents and settings\administrator\local settings\application data\
mozilla\firefox\profiles\691mxuhc.default\cache
Nu is mijn vraag:
hoe kan ik deze spabot verwijderen uit het register?
en hoe maak ik een kopie van het register als ik dit ga doen?
bij voorbaat hartelijk dank!
hieronder mijn logfile:
------------------------------------------------------------------------------
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:54 PM, on 9/30/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Boot mode: Normal
Running processes:
c:\winnt\system32\smss.exe
c:\winnt\system32\winlogon.exe
c:\winnt\system32\services.exe
c:\winnt\system32\lsass.exe
c:\winnt\system32\s24evmon.exe
c:\winnt\system32\svchost.exe
c:\winnt\system32\svchost.exe
c:\winnt\system32\spoolsv.exe
c:\program files\lavasoft\ad-aware\aawservice.exe
c:\program files\network associates\virusscan\avsynmgr.exe
c:\winnt\system32\hidserv.exe
c:\winnt\system32\nalntsrv.exe
c:\winnt\system32\regsrvc.exe
c:\winnt\system32\roammgr.exe
c:\winnt\system32\mstask.exe
c:\program files\network associates\virusscan\vsstat.exe
c:\winnt\system32\slserv.exe
c:\program files\webroot\desktop firewall\wdfsvc.exe
c:\program files\webroot\spy sweeper\spysweeper.exe
c:\program files\network associates\virusscan\avconsol.exe
c:\winnt\system32\wbem\winmgmt.exe
c:\program files\network associates\virusscan\webscanx.exe
c:\winnt\system32\svchost.exe
c:\program files\webroot\washer\washersvc.exe
c:\winnt\system32\wm.exe
c:\winnt\system32\zcfgsvc.exe
c:\winnt\explorer.exe
c:\winnt\system32\naldesk.exe
c:\winnt\system32\nwtray.exe
c:\winnt\system32\sistray.exe
c:\winnt\system32\4mtcsb.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\winnt\system32\iprntlgn.exe
c:\program files\webroot\desktop firewall\wdf.exe
c:\winnt\system32\hkcmd.exe
c:\winnt\system32\igfxpers.exe
c:\program files\common files\pcsuite\services\servicelayer.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
f3 - reg:win.ini: load=naldesk.exe
o2 - bho: adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll (file missing)
o2 - bho: threeships iehelper - {17fdb9f8-dcc4-4f6a-ae07-b16018a48469} - c:\program files\common files\threeships shared\dll\threeshipsiehelper.dll
o2 - bho: wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll (file missing)
o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll (file missing)
o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll (file missing)
o3 - toolbar: @msdxmlc.dll,-1@1033,&radio - {8e718888-423f-11d2-876e-00a0c9082467} - c:\winnt\system32\msdxm.ocx
o4 - hklm\..\run: [nwtray] nwtray.exe
o4 - hklm\..\run: [sis tray] c:\winnt\system32\sistray.exe
o4 - hklm\..\run: [sis khooker] c:\winnt\system32\khooker.exe
o4 - hklm\..\run: [4mtcsb] c:\winnt\system32\4mtcsb.exe
o4 - hklm\..\run: [esb] c:\winnt\system32\esb.exe
o4 - hklm\..\run: [pronomgr.exe] c:\program files\intel\ncs\proset\pronomgr.exe
o4 - hklm\..\run: [pcsuitetrayapplication] c:\progra~1\nokia\nokiap~1\launch~1.exe -startup
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
o4 - hklm\..\run: [iprint tray] c:\winnt\system32\iprntctl.exe tray_icon
o4 - hklm\..\run: [iprint event monitor] c:\winnt\system32\iprntlgn.exe
o4 - hklm\..\run: [webroot desktop firewall] c:\program files\webroot\desktop firewall\wdf.exe
o4 - hklm\..\run: [babylon client] c:\program files\babylon\babylon-pro\babylon.exe -autostart
o4 - hklm\..\run: [adobe reader speed launcher] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - hklm\..\run: [igfxtray] c:\winnt\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\winnt\system32\igfxpers.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
o4 - hkcu\..\run: [daemon tools lite] c:\program files\daemon tools lite\daemon.exe -autorun
o4 - hkus\.default\..\run: [internat.exe] internat.exe (user 'default user')
o4 - hkus\.default\..\runonce: [^setupicwdesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop (user 'default user')
o4 - global startup: intervideo wincinema manager.lnk = c:\program files\intervideo\common\bin\wincinemamgr.exe
o6 - hkcu\software\policies\microsoft\internet explorer\restrictions present
o8 - extra context menu item: translate with &babylon - res://c:\program files\babylon\babylon-pro\utils\babyloniepi.dll/translate.htm
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o9 - extra button: related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\winnt\web\related.htm
o9 - extra 'tools' menuitem: show &related links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\winnt\web\related.htm
o10 - unknown file in winsock lsp: c:\winnt\system32\nwprovau.dll
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - [noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse]
o16 - dpf: {5c051655-fcd5-4969-9182-770ea5aa5565} (solitaire showdown class) - [noparse]http://messenger.zone.msn.com/binary/solitaireshowdown.cab56986.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1178008080146[/noparse]
o16 - dpf: {6e5e167b-1566-4316-b27f-0ddab3484cf7} (image uploader control) - [noparse]http://cache.hyvz.com/statics/aurigma/imageuploader4.cab[/noparse]
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (msn games - installer) - [noparse]http://messenger.zone.msn.com/binary/zintro.cab56649.cab[/noparse]
o16 - dpf: {bb21f850-63f4-4ec9-bf9d-565bd30c9ae9} (a-squared scanner) - [noparse]http://ax.emsisoft.com/asquared.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {cebc955e-58af-11d2-a30a-00a0c903492b} -
o16 - dpf: {e6187999-9fec-46a1-a20f-f4ca977d5643} (zonechess object) - [noparse]http://messenger.zone.msn.com/binary/chess.cab57176.cab[/noparse]
o17 - hklm\system\ccs\services\tcpip\..\{b03f2007-0dd4-4eea-ac86-cfcb596699e8}: nameserver = 194.171.191.210
o17 - hklm\system\ccs\services\tcpip\..\{de7ab691-2651-451e-9a1f-a1e6c891f066}: nameserver = 194.171.191.210
o18 - protocol: linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg8\avgpp.dll (file missing)
o23 - service: lavasoft ad-aware service (aawservice) - lavasoft - c:\program files\lavasoft\ad-aware\aawservice.exe
o23 - service: avsync manager (avsynmgr) - unknown owner - c:\program files\network associates\virusscan\avsynmgr.exe
o23 - service: logical disk manager administrative service (dmadmin) - veritas software corp. - c:\winnt\system32\dmadmin.exe
o23 - service: google updater service (gusvc) - unknown owner - c:\program files\google\common\google updater\googleupdaterservice.exe (file missing)
o23 - service: mcshield - unknown owner - c:\program files\common files\network associates\mcshield\mcshield.exe
o23 - service: novell application launcher (nalntservice) - novell, inc. - c:\winnt\system32\nalntsrv.exe
o23 - service: intel ncs netservice (netsvc) - intel(r) corporation - c:\program files\intel\ncs\sync\netsvc.exe
o23 - service: regsrvc - intel corporation - c:\winnt\system32\regsrvc.exe
o23 - service: roammgr - intel corporation - c:\winnt\system32\roammgr.exe
o23 - service: spectrum24 event monitor (s24eventmonitor) - intel corporation - c:\winnt\system32\s24evmon.exe
o23 - service: servicelayer - nokia. - c:\program files\common files\pcsuite\services\servicelayer.exe
o23 - service: smartlinkservice (slservice) - - c:\winnt\system32\slserv.exe
o23 - service: webroot desktop firewall network service (wdfnet) - webroot software, inc. - c:\program files\webroot\desktop firewall\wdfsvc.exe
o23 - service: webroot spy sweeper engine (webrootspysweeperservice) - webroot software, inc. - c:\program files\webroot\spy sweeper\spysweeper.exe
o23 - service: novell workstation manager (wm) - novell, inc. - c:\winnt\system32\wm.exe
o23 - service: windows tracks washer registry service (wtwservice) - unknown owner - c:\program files\internet tracks washer\washservice.exe (file missing)
o23 - service: wusb54gcsvc - gemteks - c:\program files\compact wireless-g usb adapter wireless network monitor\wlservice.exe
o23 - service: window washer engine (wwenginesvc) - webroot software, inc. - c:\program files\webroot\washer\washersvc.exe
--
end of file - 8833 bytes
[/hjt]
-------------------------------------------------------------------------------------
en uninstall .log:
Ad-Aware
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Alcatech BPM Studio Professional v4.9.1
AnalogX Virtual Piano
Azureus Vuze
Babylon
Borland Database Engine
CCleaner (remove only)
Compact Wireless-G USB Adapter
Easy Start Button
foobar2000 v0.9.4.3
Full Tilt Poker
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HSP56 MR Drivers
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSet
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LimeWire 4.16.6
Macromedia Shockwave Player
McAfee VirusScan
Microsoft Office 97, Professional Edition
Microsoft Office Live Meeting 2005
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSN Messenger 7.0
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Novell iPrint Client v04.26.00
PianoFX STUDIO 4.0
PokerStars
QuickTime
SiS 650
Smart Link 56K Modem
Spy Sweeper
Spybot - Search & Destroy
Three Ships Browser Plugin
TVAnts 1.0
Update Rollup 1 for Windows 2000 SP4
Webroot Desktop Firewall
Winamp
Window Washer
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer 3.1 (KB893803)
Windows Media Player system update (9 Series)
WinRAR
WinZip 11.1
------------------------------------------------------------------------------------------
Laatst bewerkt: