Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Vreemde verwijzing naar internetpagina.

smeenk
13 antwoorden
  • Beste mensen, sinds vandaag komt er als ik op internet (IE7) wil een vreemde pagina tevoorschijn. Er verschijnt de melding dat ik misschien een serwap virus heb en wordt daarna spontaan doorgezet naar: http://nl.winantivirus.com/. Een scan met adaware geeft geen bijzonderheden. Complete scan met Symantec AV geeft geen bijzonderheden. System restore even uitgezet binnen XP Mediacenter.

    [u:5e296a291c]Hyjack This geeft het volgende log:[/u:5e296a291c]

    Logfile of HijackThis v1.99.1
    Scan saved at 13:04:21, on 29-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\winsystems16.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\msncall.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Hyjakhthis\HijackThis1991.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2D1A6539-579C-4C0B-A73C-4DE8300E61B7} - C:\WINDOWS\system32\mllji.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {B528C6CC-AA98-4753-8980-A6B97A220A63} - C:\WINDOWS\system32\rqrppmn.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu…?1162213379953
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: pushow10.dll
    O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: rqrppmn - C:\WINDOWS\SYSTEM32\rqrppmn.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Iemand een oplossing?

  • Logje staat hier ook:
    http://nucia.nl/forum/showthread.php?t=22702

    Geef even aan waar je geholpen wilt worden :wink:
  • Klopt, daar staat mijn vraag ook. Ik zou graag worden geholpen, het maakt me niet uit waar. Ik zal me beperken tot dit forum. Bedankt voor de moeite alvast.
  • Download [b:2eb5dcb39e] naar je Bureaublad.
    Dubbelklik [b:2eb5dcb39e]Combofix.exe[/b:2eb5dcb39e]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:2eb5dcb39e]NIET[/b:2eb5dcb39e] in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log [b:2eb5dcb39e]combofix.txt[/b:2eb5dcb39e] openen.
    [i:2eb5dcb39e]Plaats deze log in je volgende post samen met een HijackThis log.[/i:2eb5dcb39e]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Log Combo fix
    "Leo" - 07-01-29 18:56:57 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


    2007-01-29 17:18 22,029 —hs—- C:\WINDOWS\system32\efcawut.dll
    2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
    2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
    2007-01-29 07:07 22,029 —hs—- C:\WINDOWS\system32\gebxurr.dll
    2007-01-28 22:14 438,401 —hs—- C:\WINDOWS\system32\ijllm.bak1
    2007-01-28 22:13 277,292 —hs—- C:\WINDOWS\system32\mllji.dll
    2007-01-28 22:08 22,029 —hs—- C:\WINDOWS\system32\rqrppmn.dll
    2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
    2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
    2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
    2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
    2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
    2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
    2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
    2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
    2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
    2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
    2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-10 22:19 87,608 –a—— C:\DOCUME~1\Leo\Application Data\ezpinst.exe
    2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-01-10 22:19 47,360 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.sys
    2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
    2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
    2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
    2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
    2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
    2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
    2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
    2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
    2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
    2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
    2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
    2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
    2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
    2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
    2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
    2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
    2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
    2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
    2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
    2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
    2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
    2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
    2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
    2006-12-31 17:04 <DIR> d——– C:\Temp
    2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
    2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
    2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-29 18:48 ——– d——– C:\DOCUME~1\Leo\Application Data\skype
    2007-01-29 17:18 ——– d——– C:\DOCUME~1\Leo\Application Data\mailwasherpro
    2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
    2007-01-27 15:13 ——– d——– C:\DOCUME~1\Leo\Application Data\limewire
    2007-01-27 08:27 ——– d—s—- C:\DOCUME~1\Leo\Application Data\microsoft
    2007-01-27 08:00 ——– d——– C:\Program Files\google
    2007-01-26 17:43 ——– d——– C:\DOCUME~1\Leo\Application Data\cyberlink
    2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
    2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
    2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
    2007-01-19 09:49 ——– d——– C:\Program Files\symantec
    2007-01-19 09:42 ——– d——– C:\Program Files
    orton antivirus
    2007-01-19 09:42 ——– d——– C:\DOCUME~1\Leo\Application Data\symantec
    2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-01-10 23:13 ——– d——– C:\DOCUME~1\Leo\Application Data\adobe
    2007-01-10 22:19 7824 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.cat
    2007-01-10 22:19 34 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.log
    2007-01-10 22:19 1144 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.inf
    2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
    2007-01-05 14:55 ——– d——– C:\DOCUME~1\Leo\Application Data\voipbuster
    2007-01-04 20:15 ——– d——– C:\Program Files\winamp
    2007-01-04 20:15 ——– d——– C:\Program Files\divx
    2006-12-31 00:27 ——– d——– C:\DOCUME~1\Leo\Application Data\ahead
    2006-12-30 17:16 2508 –a—— C:\DOCUME~1\Leo\Application Data\$_hpcst$.hpc
    2006-12-28 17:54 ——– d——– C:\DOCUME~1\Leo\Application Data
    erodctemplates
    2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
    2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
    2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
    2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2006-12-27 20:27 ——– d——– C:\DOCUME~1\Leo\Application Data\acd systems
    2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
    2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
    2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
    2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
    2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
    2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
    2006-12-26 22:20 ——– d——– C:\Program Files\limewire
    2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
    2006-12-26 22:15 ——– d——– C:\DOCUME~1\Leo\Application Data\google
    2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
    2006-12-26 21:28 ——– d——– C:\Program Files\acro software
    2006-12-26 21:28 ——– d——– C:\DOCUME~1\Leo\Application Data\help
    2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
    2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
    2006-12-26 21:16 ——– d——– C:\DOCUME~1\Leo\Application Data\leadertech
    2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
    2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
    2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
    2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
    2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
    2006-12-26 20:54 ——– d——– C:\Program Files\skype
    2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
    2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
    2006-12-26 20:46 ——– d——– C:\DOCUME~1\Leo\Application Data\flashfxp
    2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
    2006-12-26 20:45 ——– d——– C:\DOCUME~1\Leo\Application Data\lavasoft
    2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
    2006-12-26 19:35 ——– d——– C:\Program Files\linux
    2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
    2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
    2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
    2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
    2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
    "InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
    @=""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
    73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
    00
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bullguard"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DkIcon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GhostTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "inimapping"="0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="pushow10.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{B528C6CC-AA98-4753-8980-A6B97A220A63}"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\mllji
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\rqrppmn

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    Shell\AutoRun\command G:\setup.exe -q

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
    Shell\AutoRun\command J:\prime.bat

    Completion time: 07-01-29 18:59:26


    Log HyackThis
    Logfile of HijackThis v1.99.1
    Scan saved at 19:05:23, on 29-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\winsystems16.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msncall.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\rdpclip.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\logon.scr
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hyjakhthis\HijackThis1991.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {75144EAB-4BA0-4D03-B766-1FA365FE9C51} - C:\WINDOWS\system32\mllji.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {8C9708E1-41E9-4201-AA28-9D11301A161F} - C:\WINDOWS\system32\mllji.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {B528C6CC-AA98-4753-8980-A6B97A220A63} - C:\WINDOWS\system32\rqrppmn.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: pushow10.dll
    O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: rqrppmn - C:\WINDOWS\SYSTEM32\rqrppmn.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



    Ik hoop dat je met deze logs iets kan,

    groeten,

    Leo





  • Ga naar Start - Uitvoeren en geef daar met behulp van kopieeren en plakken het volgende commando in:
    [b:2458819603]"C:\Documents and Settings\Leo\Bureaublad\combofix.exe" /v efcawut gebxurr mllji rqrppmn[/b:2458819603]
    Bevestig dit met OK.

    Combofix zal starten, na het herstarten van je PC post je het nieuwe logje van Combofix tesamen met een nieuw logje van HijackThis ;)
  • [u:f33f82dccf]Log combo fix:[/u:f33f82dccf]
    "Leo" - 07-01-29 20:39:00 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
    Command switches used :: /v efcawut gebxurr mllji rqrppmn

    (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\efcawut.dll
    C:\WINDOWS\system32\gebxurr.dll
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\rqrppmn.dll
    C:\WINDOWS\system32\ijllm.bak1
    C:\WINDOWS\system32\ijllm.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


    2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
    2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
    2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
    2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
    2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
    2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
    2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
    2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
    2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
    2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
    2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
    2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
    2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-10 22:19 87,608 –a—— C:\DOCUME~1\Leo\Application Data\ezpinst.exe
    2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-01-10 22:19 47,360 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.sys
    2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
    2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
    2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
    2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
    2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
    2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
    2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
    2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
    2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
    2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
    2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
    2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
    2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
    2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
    2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
    2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
    2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
    2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
    2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
    2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
    2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
    2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
    2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
    2006-12-31 17:04 <DIR> d——– C:\Temp
    2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
    2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
    2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-29 20:18 ——– d——– C:\Documents and Settings\Leo\Application Data\skype
    2007-01-29 17:18 ——– d——– C:\Documents and Settings\Leo\Application Data\mailwasherpro
    2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
    2007-01-27 15:13 ——– d——– C:\Documents and Settings\Leo\Application Data\limewire
    2007-01-27 08:27 ——– d—s—- C:\Documents and Settings\Leo\Application Data\microsoft
    2007-01-27 08:00 ——– d——– C:\Program Files\google
    2007-01-26 17:43 ——– d——– C:\Documents and Settings\Leo\Application Data\cyberlink
    2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
    2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
    2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
    2007-01-19 09:49 ——– d——– C:\Program Files\symantec
    2007-01-19 09:42 ——– d——– C:\Program Files
    orton antivirus
    2007-01-19 09:42 ——– d——– C:\Documents and Settings\Leo\Application Data\symantec
    2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-01-19 09:22 ——– d——– C:\Documents and Settings\Leo\Application Data\vso
    2007-01-11 08:33 ——– d——– C:\Documents and Settings\Leo\Application Data\bookmarks
    2007-01-10 23:22 ——– d——– C:\Documents and Settings\Leo\Application Data\adobeum
    2007-01-10 23:13 ——– d——– C:\Documents and Settings\Leo\Application Data\adobe
    2007-01-10 22:19 87608 –a—— C:\Documents and Settings\Leo\Application Data\ezpinst.exe
    2007-01-10 22:19 7824 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.cat
    2007-01-10 22:19 47360 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.sys
    2007-01-10 22:19 34 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.log
    2007-01-10 22:19 1144 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.inf
    2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
    2007-01-05 14:55 ——– d——– C:\Documents and Settings\Leo\Application Data\voipbuster
    2007-01-04 20:15 ——– d——– C:\Program Files\winamp
    2007-01-04 20:15 ——– d——– C:\Program Files\divx
    2007-01-03 22:09 ——– d——– C:\Documents and Settings\Leo\Application Data\isolatedstorage
    2006-12-31 00:27 ——– d——– C:\Documents and Settings\Leo\Application Data\ahead
    2006-12-30 17:16 2508 –a—— C:\Documents and Settings\Leo\Application Data\$_hpcst$.hpc
    2006-12-30 16:44 ——– d——– C:\Documents and Settings\Leo\Application Data\franckey
    2006-12-28 17:54 ——– d——– C:\Documents and Settings\Leo\Application Data
    erodctemplates
    2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
    2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
    2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
    2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2006-12-27 20:27 ——– d——– C:\Documents and Settings\Leo\Application Data\acd systems
    2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
    2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
    2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
    2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
    2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
    2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
    2006-12-26 22:20 ——– d——– C:\Program Files\limewire
    2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
    2006-12-26 22:15 ——– d——– C:\Documents and Settings\Leo\Application Data\google
    2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
    2006-12-26 21:28 ——– d——– C:\Program Files\acro software
    2006-12-26 21:28 ——– d——– C:\Documents and Settings\Leo\Application Data\help
    2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
    2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
    2006-12-26 21:16 ——– d——– C:\Documents and Settings\Leo\Application Data\leadertech
    2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
    2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
    2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
    2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
    2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
    2006-12-26 20:54 ——– d——– C:\Program Files\skype
    2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
    2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
    2006-12-26 20:46 ——– d——– C:\Documents and Settings\Leo\Application Data\flashfxp
    2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
    2006-12-26 20:45 ——– d——– C:\Documents and Settings\Leo\Application Data\lavasoft
    2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
    2006-12-26 19:35 ——– d——– C:\Program Files\linux
    2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
    2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
    2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
    2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
    2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
    "InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
    @=""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
    73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
    00
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bullguard"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DkIcon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GhostTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "inimapping"="0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="pushow10.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    bthsv"Leo" - 07-01-29 20:39:00 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
    Command switches used :: /v efcawut gebxurr mllji rqrppmn

    (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\efcawut.dll
    C:\WINDOWS\system32\gebxurr.dll
    C:\WINDOWS\system32\mllji.dll
    C:\WINDOWS\system32\rqrppmn.dll
    C:\WINDOWS\system32\ijllm.bak1
    C:\WINDOWS\system32\ijllm.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


    2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
    2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
    2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
    2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
    2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
    2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
    2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
    2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
    2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
    2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
    2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
    2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
    2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-10 22:19 87,608 –a—— C:\DOCUME~1\Leo\Application Data\ezpinst.exe
    2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-01-10 22:19 47,360 –a—— C:\DOCUME~1\Leo\Application Data\pcouffin.sys
    2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
    2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
    2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
    2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
    2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
    2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
    2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
    2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
    2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
    2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
    2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
    2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
    2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
    2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
    2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
    2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
    2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
    2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
    2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
    2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
    2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
    2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
    2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
    2006-12-31 17:04 <DIR> d——– C:\Temp
    2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
    2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
    2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-29 20:18 ——– d——– C:\Documents and Settings\Leo\Application Data\skype
    2007-01-29 17:18 ——– d——– C:\Documents and Settings\Leo\Application Data\mailwasherpro
    2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
    2007-01-27 15:13 ——– d——– C:\Documents and Settings\Leo\Application Data\limewire
    2007-01-27 08:27 ——– d—s—- C:\Documents and Settings\Leo\Application Data\microsoft
    2007-01-27 08:00 ——– d——– C:\Program Files\google
    2007-01-26 17:43 ——– d——– C:\Documents and Settings\Leo\Application Data\cyberlink
    2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
    2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
    2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
    2007-01-19 09:49 ——– d——– C:\Program Files\symantec
    2007-01-19 09:42 ——– d——– C:\Program Files
    orton antivirus
    2007-01-19 09:42 ——– d——– C:\Documents and Settings\Leo\Application Data\symantec
    2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-01-19 09:22 ——– d——– C:\Documents and Settings\Leo\Application Data\vso
    2007-01-11 08:33 ——– d——– C:\Documents and Settings\Leo\Application Data\bookmarks
    2007-01-10 23:22 ——– d——– C:\Documents and Settings\Leo\Application Data\adobeum
    2007-01-10 23:13 ——– d——– C:\Documents and Settings\Leo\Application Data\adobe
    2007-01-10 22:19 87608 –a—— C:\Documents and Settings\Leo\Application Data\ezpinst.exe
    2007-01-10 22:19 7824 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.cat
    2007-01-10 22:19 47360 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.sys
    2007-01-10 22:19 34 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.log
    2007-01-10 22:19 1144 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.inf
    2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
    2007-01-05 14:55 ——– d——– C:\Documents and Settings\Leo\Application Data\voipbuster
    2007-01-04 20:15 ——– d——– C:\Program Files\winamp
    2007-01-04 20:15 ——– d——– C:\Program Files\divx
    2007-01-03 22:09 ——– d——– C:\Documents and Settings\Leo\Application Data\isolatedstorage
    2006-12-31 00:27 ——– d——– C:\Documents and Settings\Leo\Application Data\ahead
    2006-12-30 17:16 2508 –a—— C:\Documents and Settings\Leo\Application Data\$_hpcst$.hpc
    2006-12-30 16:44 ——– d——– C:\Documents and Settings\Leo\Application Data\franckey
    2006-12-28 17:54 ——– d——– C:\Documents and Settings\Leo\Application Data
    erodctemplates
    2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
    2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
    2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
    2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2006-12-27 20:27 ——– d——– C:\Documents and Settings\Leo\Application Data\acd systems
    2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
    2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
    2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
    2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
    2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
    2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
    2006-12-26 22:20 ——– d——– C:\Program Files\limewire
    2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
    2006-12-26 22:15 ——– d——– C:\Documents and Settings\Leo\Application Data\google
    2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
    2006-12-26 21:28 ——– d——– C:\Program Files\acro software
    2006-12-26 21:28 ——– d——– C:\Documents and Settings\Leo\Application Data\help
    2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
    2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
    2006-12-26 21:16 ——– d——– C:\Documents and Settings\Leo\Application Data\leadertech
    2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
    2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
    2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
    2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
    2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
    2006-12-26 20:54 ——– d——– C:\Program Files\skype
    2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
    2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
    2006-12-26 20:46 ——– d——– C:\Documents and Settings\Leo\Application Data\flashfxp
    2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
    2006-12-26 20:45 ——– d——– C:\Documents and Settings\Leo\Application Data\lavasoft
    2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
    2006-12-26 19:35 ——– d——– C:\Program Files\linux
    2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
    2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
    2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
    2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
    2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
    "InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
    @=""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
    73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
    00
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bullguard"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DkIcon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GhostTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "inimapping"="0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="pushow10.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    Shell\AutoRun\command G:\setup.exe -q

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
    Shell\AutoRun\command J:\prime.bat

    Completion time: 07-01-29 20:46:35
    C:\ComboFix2.txt … 07-01-29 18:59
    cs REG_MULTI_SZ BthServ\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    Shell\AutoRun\command G:\setup.exe -q

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
    Shell\AutoRun\command J:\prime.bat

    Completion time: 07-01-29 20:46:35
    C:\ComboFix2.txt … 07-01-29 18:59
    [u:f33f82dccf]
    Log HyjackThis:[/u:f33f82dccf]

    Logfile of HijackThis v1.99.1
    Scan saved at 20:54:22, on 29-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\winsystems16.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\msncall.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hyjakhthis\HijackThis1991.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\wvtlsrtw.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {FD158B35-8BAF-4EA7-96DC-67E3950D5622} - C:\WINDOWS\system32\pmnnn.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: pushow10.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll
    O20 - Winlogon Notify: pmnommm - C:\WINDOWS\SYSTEM32\pmnommm.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Erg knap als je uitdeze log´s iets kunt halen, mijn complimenten!




  • Het lijkt nog niet helemaal voorbij

    Download Killbox naar je bureaublad.
    Alternatieve download.
    Nog een alternatief.
    Klik op killbox.exe.
    Selecteer de optie "[b:13c1e9784c]Delete on reboot[/b:13c1e9784c]".
    In het veld "Full Path of File to Delete" kopieer en plak je het volgende:

    [b:13c1e9784c]C:\WINDOWS\system32\winsystems16.exe [/b:13c1e9784c]

    Klik op de knop: [b:13c1e9784c]single file[/b:13c1e9784c] (!Belangrijk!)

    Daarna, Klik op de rode cirkel met het wit kruisje erin.
    Killbox zal zeggen dat deze file zal verwijderd worden on reboot.. vraagt om nu te rebooten. Klik YES.

    Je pc moet nu rebooten.

    Ga naar Start - Uitvoeren en geef daar met behulp van kopieeren en plakken het volgende commando in:
    [b:13c1e9784c]"C:\Documents and Settings\Leo\Bureaublad\combofix.exe" /v pmnnn pmnommm wvtlsrtw[/b:13c1e9784c]
    Bevestig dit met OK.

    Combofix zal starten, na het herstarten van je PC post je het nieuwe logje van Combofix tesamen met een nieuw logje van HijackThis ;)
  • Volgende log:

    "Leo" - 07-01-29 23:56:43 Service Pack 2
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Leo\Bureaublad"
    Command switches used :: /v pmnnn pmnommm wvtlsrtw

    (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\pmnnn.dll
    C:\WINDOWS\system32\pmnommm.dll
    C:\WINDOWS\system32\wvtlsrtw.dll
    C:\WINDOWS\system32
    nnmp.bak1
    C:\WINDOWS\system32
    nnmp.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2006-12-29 to 2007-01-29 ))))))))))))))))))))))))))))))))))


    2007-01-29 23:25 <DIR> d——– C:\!KillBox
    2007-01-29 16:38 <DIR> d-a—— C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
    2007-01-29 13:02 <DIR> d——– C:\Hyjakhthis
    2007-01-28 17:07 <DIR> d——– C:\Program Files\Hema Album Software Advanced
    2007-01-28 14:33 1,117,491 –a—— C:\WINDOWS\system32\exec1.exe
    2007-01-28 14:33 <DIR> d——– C:\Program Files\DVD Shrink
    2007-01-28 14:33 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
    2007-01-25 12:40 <DIR> d——– C:\Program Files\Computerbrains
    2007-01-22 09:29 <DIR> d——– C:\DOCUME~1\Leo\WINDOWS
    2007-01-19 09:49 83,168 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-19 09:49 82,832 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-19 09:49 <DIR> d——– C:\Program Files\Symantec AntiVirus
    2007-01-18 21:36 10,344 –a—— C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-15 18:09 <DIR> d——– C:\Program Files\GPLGS
    2007-01-14 12:21 <DIR> d——– C:\Program Files\MSRT
    2007-01-11 08:24 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Bookmarks
    2007-01-10 23:25 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2007-01-10 22:19 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
    2007-01-10 22:19 <DIR> d——– C:\Program Files\vso
    2007-01-10 22:19 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Vso
    2007-01-10 22:13 <DIR> d——– C:\WINDOWS\ie7updates
    2007-01-09 21:07 19,728 –a—— C:\WINDOWS\system32\pgdfgsvc.exe
    2007-01-09 20:48 <DIR> d——– C:\Program Files\PDA
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\system32\cygz.dll
    2007-01-09 20:47 35,328 –a—— C:\WINDOWS\cygz.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\system32\cygwin1.dll
    2007-01-09 20:47 1,126,281 –a—— C:\WINDOWS\cygwin1.dll
    2007-01-09 08:25 <DIR> d——– C:\Program Files\Bootvis
    2007-01-04 17:40 <DIR> d——– C:\WINDOWS\Sun
    2007-01-04 14:57 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2007-01-04 11:16 38,016 –a—— C:\WINDOWS\system32\drivers\bthmodem.sys
    2007-01-04 11:10 100,992 –a—— C:\WINDOWS\system32\drivers\bthpan.sys
    2007-01-04 11:09 8,192 –a—— C:\WINDOWS\system32\wshirda.dll
    2007-01-04 11:09 59,648 –a—— C:\WINDOWS\system32\drivers\rfcomm.sys
    2007-01-04 11:09 28,160 –a—— C:\WINDOWS\system32\irmon.dll
    2007-01-04 11:09 274,816 –a—— C:\WINDOWS\system32\drivers\bthport.sys
    2007-01-04 11:09 18,944 –a—— C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2007-01-04 11:09 17,024 –a—— C:\WINDOWS\system32\drivers\BthEnum.sys
    2007-01-04 11:09 154,112 –a—— C:\WINDOWS\system32\irftp.exe
    2007-01-03 22:35 <DIR> d——– C:\WINDOWS\WinRescue
    2007-01-03 22:30 <DIR> d——– C:\Program Files\PowerQuest
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\pw32a.dll
    2007-01-03 22:16 205,312 -ra—— C:\WINDOWS\patchw32.dll
    2007-01-03 22:09 <DIR> d——– C:\DOCUME~1\Leo\Application Data\IsolatedStorage
    2007-01-02 23:43 <DIR> dr——- C:\DOCUME~1\LOCALS~1\Favorieten
    2007-01-02 23:39 90,112 –a—— C:\WINDOWS\system32\CNMCP5I.exe
    2007-01-02 13:26 <DIR> d——– C:\DOCUME~1\LOCALS~1\Mijn documenten
    2006-12-31 18:09 <DIR> d——– C:\Program Files\Orb Networks
    2006-12-31 18:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\OrbNetworks
    2006-12-31 18:03 266,360 –a—— C:\WINDOWS\system32\TweakUI.exe
    2006-12-31 17:52 8,704 –a—— C:\WINDOWS\system32\CNMVS5I.DLL
    2006-12-31 17:52 140,288 –a—— C:\WINDOWS\system32\CNMLM5I.DLL
    2006-12-31 17:07 25,856 –a—— C:\WINDOWS\system32\drivers\usbprint.sys
    2006-12-31 17:04 <DIR> d——– C:\Temp
    2006-12-31 11:04 2,297,552 –a—— C:\WINDOWS\system32\d3dx9_26.dll
    2006-12-30 18:06 <DIR> d——– C:\DOCUME~1\Leo\Application Data\AdobeUM
    2006-12-30 17:15 30,592 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2006-12-30 17:15 12,800 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2006-12-30 17:14 <DIR> d——– C:\Program Files\Microsoft ActiveSync
    2006-12-30 16:45 <DIR> d——– C:\Program Files\System Cleanup
    2006-12-30 16:44 <DIR> d——– C:\DOCUME~1\Leo\Application Data\Franckey


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-29 23:54 ——– d——– C:\Documents and Settings\Leo\Application Data\skype
    2007-01-29 23:53 ——– d——– C:\Documents and Settings\Leo\Application Data\mailwasherpro
    2007-01-28 21:27 ——– d——– C:\Program Files\Common Files\symantec shared
    2007-01-27 15:13 ——– d——– C:\Documents and Settings\Leo\Application Data\limewire
    2007-01-27 08:27 ——– d—s—- C:\Documents and Settings\Leo\Application Data\microsoft
    2007-01-27 08:00 ——– d——– C:\Program Files\google
    2007-01-26 17:43 ——– d——– C:\Documents and Settings\Leo\Application Data\cyberlink
    2007-01-24 13:05 ——– d–h—– C:\Program Files\installshield installation information
    2007-01-20 21:55 ——– d——– C:\Program Files\msn messenger
    2007-01-20 20:26 ——– d——– C:\Program Files\winrescuexp
    2007-01-19 09:49 ——– d——– C:\Program Files\symantec
    2007-01-19 09:42 ——– d——– C:\Program Files
    orton antivirus
    2007-01-19 09:42 ——– d——– C:\Documents and Settings\Leo\Application Data\symantec
    2007-01-19 09:26 3888 –a—— C:\WINDOWS\system32\drivers\NTHANDLE.SYS
    2007-01-19 09:22 ——– d——– C:\Documents and Settings\Leo\Application Data\vso
    2007-01-11 08:33 ——– d——– C:\Documents and Settings\Leo\Application Data\bookmarks
    2007-01-10 23:22 ——– d——– C:\Documents and Settings\Leo\Application Data\adobeum
    2007-01-10 23:13 ——– d——– C:\Documents and Settings\Leo\Application Data\adobe
    2007-01-10 22:19 87608 –a—— C:\Documents and Settings\Leo\Application Data\ezpinst.exe
    2007-01-10 22:19 7824 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.cat
    2007-01-10 22:19 47360 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.sys
    2007-01-10 22:19 34 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.log
    2007-01-10 22:19 1144 –a—— C:\Documents and Settings\Leo\Application Data\pcouffin.inf
    2007-01-10 06:59 ——– d——– C:\Program Files\divx subtitle displayer
    2007-01-05 14:55 ——– d——– C:\Documents and Settings\Leo\Application Data\voipbuster
    2007-01-04 20:15 ——– d——– C:\Program Files\winamp
    2007-01-04 20:15 ——– d——– C:\Program Files\divx
    2007-01-03 22:09 ——– d——– C:\Documents and Settings\Leo\Application Data\isolatedstorage
    2006-12-31 00:27 ——– d——– C:\Documents and Settings\Leo\Application Data\ahead
    2006-12-30 17:16 2508 –a—— C:\Documents and Settings\Leo\Application Data\$_hpcst$.hpc
    2006-12-30 16:44 ——– d——– C:\Documents and Settings\Leo\Application Data\franckey
    2006-12-28 17:54 ——– d——– C:\Documents and Settings\Leo\Application Data
    erodctemplates
    2006-12-28 10:59 ——– d——– C:\Program Files\who lock me
    2006-12-28 10:43 ——– d——– C:\Program Files\Common Files\adobe
    2006-12-28 00:19 96256 –a—— C:\WINDOWS\system32\drivers\sptd3965.sys
    2006-12-28 00:19 643072 –a—— C:\WINDOWS\system32\drivers\sptd.sys
    2006-12-27 20:27 ——– d——– C:\Documents and Settings\Leo\Application Data\acd systems
    2006-12-27 15:58 223128 –a—— C:\WINDOWS\system32\drivers\dtscsi.sys
    2006-12-27 15:45 ——– d——– C:\Program Files\alcohol soft
    2006-12-27 15:44 ——– d——– C:\Program Files\poweriso
    2006-12-27 07:59 ——– d——– C:\Program Files\slysoft
    2006-12-27 07:58 ——– d——– C:\Program Files\elaborate bytes
    2006-12-26 22:38 ——– d——– C:\Program Files\flashfxp
    2006-12-26 22:20 ——– d——– C:\Program Files\limewire
    2006-12-26 22:17 ——– d——– C:\Program Files\autoruns
    2006-12-26 22:15 ——– d——– C:\Documents and Settings\Leo\Application Data\google
    2006-12-26 21:54 ——– d——– C:\Program Files\firetrust
    2006-12-26 21:28 ——– d——– C:\Program Files\acro software
    2006-12-26 21:28 ——– d——– C:\Documents and Settings\Leo\Application Data\help
    2006-12-26 21:27 ——– d——– C:\Program Files\messenger plus! live
    2006-12-26 21:16 ——– d——– C:\Program Files\diskeeper corporation
    2006-12-26 21:16 ——– d——– C:\Documents and Settings\Leo\Application Data\leadertech
    2006-12-26 21:05 ——– d——– C:\Program Files\techsmith
    2006-12-26 21:05 ——– d——– C:\Program Files\Common Files\wise installation wizard
    2006-12-26 21:04 ——– d——– C:\Program Files\pagedefrag
    2006-12-26 20:56 ——– d——– C:\Program Files\Common Files\acd systems
    2006-12-26 20:56 ——– d——– C:\Program Files\acd systems
    2006-12-26 20:54 ——– d——– C:\Program Files\skype
    2006-12-26 20:54 ——– d——– C:\Program Files\Common Files\skype
    2006-12-26 20:52 ——– d——– C:\Program Files\voipbuster.com
    2006-12-26 20:46 ——– d——– C:\Documents and Settings\Leo\Application Data\flashfxp
    2006-12-26 20:45 ——– d——– C:\Program Files\lavasoft
    2006-12-26 20:45 ——– d——– C:\Documents and Settings\Leo\Application Data\lavasoft
    2006-12-26 20:00 ——– d——– C:\Program Files\microsoft.net
    2006-12-26 19:35 ——– d——– C:\Program Files\linux
    2006-12-26 19:35 ——– d——– C:\Program Files\cyberlink
    2006-12-07 05:14 2330624 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-30 15:24 278528 –a—— C:\WINDOWS\system32\livesnth.dll
    2006-10-30 15:24 203776 –a—— C:\WINDOWS\system32\clrviddc.dll
    2006-10-30 12:23 8 -r-hs—- C:\WINDOWS\system32\6b8972dcc0.sys
    2006-10-30 12:23 4704 –ahs—- C:\WINDOWS\system32\kgygaavl.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "VoipBuster"="\"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe\" -nosplash -minimized"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "Alcmtr"="ALCMTR.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "LanguageShortcut"="\"C:\\Program Files\\Home Cinema\\PowerDVD\\Language\\Language.exe\""
    "InstantOn"="\"C:\\Program Files\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \""
    @=""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
    73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
    00
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WinSystems"="C:\\WINDOWS\\system32\\winsystems16.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bullguard"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CloneCDTray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DkIcon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GhostTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
    "inimapping"="0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="pushow10.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    bthsvcs REG_MULTI_SZ BthServ\0\0


    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    Shell\AutoRun\command G:\setup.exe -q

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c5f6850-70c7-11db-a1f6-0012bfc591d8}]
    Shell\AutoRun\command J:\prime.bat

    Completion time: 07-01-30 0:00:56
    C:\ComboFix2.txt … 07-01-29 20:46
    C:\ComboFix3.txt … 07-01-29 18:59

    Hyjack This:
    Logfile of HijackThis v1.99.1
    Scan saved at 0:06:30, on 30-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msncall.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hyjakhthis\HijackThis1991.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: pushow10.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Hartelijk bedankt voorje hulp tot zo ver, zie je nog wat bijzonders?





  • Het ziet er al beter uit :)

    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    [b:dbc0d5bfd9]O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
    O20 - AppInit_DLLs: pushow10.dll [/b:dbc0d5bfd9]
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Doe daarna de volgende stappen:

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:dbc0d5bfd9]Select All[/b:dbc0d5bfd9].
    Klik op de knop [b:dbc0d5bfd9]Empty Selected[/b:dbc0d5bfd9].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:dbc0d5bfd9]Select All[/b:dbc0d5bfd9].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:dbc0d5bfd9]Empty Selected[/b:dbc0d5bfd9].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:dbc0d5bfd9]Select All[/b:dbc0d5bfd9].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:dbc0d5bfd9]Empty Selected[/b:dbc0d5bfd9].
    Ga naar het tabblad "Main" en klik op de knop [b:dbc0d5bfd9]Exit[/b:dbc0d5bfd9] om het programma af te sluiten.

    2. Download [b:dbc0d5bfd9]Dr.Web CureIt[/b:dbc0d5bfd9] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:dbc0d5bfd9]drweb-cureit.exe[/b:dbc0d5bfd9] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:dbc0d5bfd9]Options[/b:dbc0d5bfd9] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:dbc0d5bfd9]groene pijl[/b:dbc0d5bfd9] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:dbc0d5bfd9]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:dbc0d5bfd9]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:dbc0d5bfd9]Move incurable[/b:dbc0d5bfd9] zoals je zal zien in volgende afbeelding:
    [img:dbc0d5bfd9]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:dbc0d5bfd9]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:dbc0d5bfd9]file[/b:dbc0d5bfd9] en kies [b:dbc0d5bfd9]save report list[/b:dbc0d5bfd9]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:dbc0d5bfd9]Herstart[/b:dbc0d5bfd9] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis ;)
  • [u:c26533700f]Log drweb-cureit.exe:[/u:c26533700f]
    niks gevonden


    [u:c26533700f]Log Hijack This:[/u:c26533700f]Logfile of HijackThis v1.99.1
    Scan saved at 12:27:04, on 30-1-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msncall.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hyjakhthis\HijackThis1991.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162213379953
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Zo te zien zijn de items die je noemde verdwenen en lijkt het erop dat mijn systeem weer opgeknapt is of zie jij nog wat bijzonders.

  • Logje ziet er schoon uit :)

    Doe dit nog even:
    [b:8972da3744]
  • Hartelijk bedankt voor de moeite, prima hulp van je gehad. Probleem opgelost!!!!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.