Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Services.exe statuscode: 203 en 1073741819 + hwgxqsgd.dll

None
11 antwoorden
  • Hallo, ik heb twee problemen
    Als ik achter de pc zit krijg ik een foutmelding dat services.exe is uitgevallen dat de pc binnen 60 sec opnieuw opstart met de statuscodes: 203 en 1073741819 (afwisselend)

    En als ik de pc opstart krijg ik een melding met:
    "Er is een fout opgetreden tijdens het laden van C:\Windows\system32\hqgxqsgd.dll

    Kan opgegeven module niet vinden."
    Verder heb ik van deze weinig last..

    Heb moeite gedaan om deze log te krijgen, want alles wat met Hijack te maken heeft sluit automatisch af (vraag niet hoe of wat want ik heb geen idee)


    Logfile of HijackThis v1.99.1
    Scan saved at 15:13:47, on 22-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\qbkgjxet.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\bcd2kcpan.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Steam\Steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Jesse\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/en/index.xml
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: (no name) - {2698D627-F846-4CB2-BFE6-D799E9933087} - C:\WINDOWS\system32\vfytpfjf.dll (file missing)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\hiuveyil.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\ssqooll.dll
    O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
    O2 - BHO: (no name) - {F253F3A7-F849-4693-86D3-681C10E6250B} - C:\WINDOWS\system32\awvvv.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\CAMTHINS.exe" /m
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hwgxqsgd.dll",realset
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [WinMedia] svchost
    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
    O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/obj/NpFp415.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: awvvv - C:\WINDOWS\system32\awvvv.dll
    O20 - Winlogon Notify: dacbdfdbfa - C:\WINDOWS\system32\dacbdfdbfa.dll
    O20 - Winlogon Notify: ssqooll - C:\WINDOWS\SYSTEM32\ssqooll.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
    O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\qbkgjxet.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    Edit:
    Er kunnen wat dingen bij zitten die je niet kent, heb hier producer spullen staan vandaar :roll:
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Sorry dat ik zo laat reageer :oops:

    Hier de logs:
    Combofix:

    "Jesse" - 2007-07-29 21:48:35 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\aahbtqlb.dll
    C:\WINDOWS\system32\aokpuikc.dll
    C:\WINDOWS\system32\aouvakar.dll
    C:\WINDOWS\system32\baxmjvoa.dll
    C:\WINDOWS\system32\beumivvr.dll
    C:\WINDOWS\system32\bjkccmpb.dll
    C:\WINDOWS\system32\bomajkhn.dll
    C:\WINDOWS\system32\ccllngfn.dll
    C:\WINDOWS\system32\cgnsakqh.dll
    C:\WINDOWS\system32\crgepcks.dll
    C:\WINDOWS\system32\cwflqenu.dll
    C:\WINDOWS\system32\cymatrjw.dll
    C:\WINDOWS\system32\cyqfinnw.dll
    C:\WINDOWS\system32\djocpbqk.dll
    C:\WINDOWS\system32\dlkwwcai.dll
    C:\WINDOWS\system32\dllhkeyl.dll
    C:\WINDOWS\system32\dwpflwij.dll
    C:\WINDOWS\system32\eafcayxd.dll
    C:\WINDOWS\system32\ebaoreqm.dll
    C:\WINDOWS\system32\eesuruha.dll
    C:\WINDOWS\system32\ejshrnbk.dll
    C:\WINDOWS\system32\envdosyr.dll
    C:\WINDOWS\system32\etammgha.dll
    C:\WINDOWS\system32\ewcgdmcv.dll
    C:\WINDOWS\system32\ewfrpbco.dll
    C:\WINDOWS\system32\ewhuldqb.dll
    C:\WINDOWS\system32\exjcowot.dll
    C:\WINDOWS\system32\ffqoxjqd.dll
    C:\WINDOWS\system32\fglmonsy.dll
    C:\WINDOWS\system32\fhumqejo.dll
    C:\WINDOWS\system32\fmcyojga.dll
    C:\WINDOWS\system32\fmxtnkld.dll
    C:\WINDOWS\system32\ftfpuewm.dll
    C:\WINDOWS\system32\gdhxbylp.dll
    C:\WINDOWS\system32\gglokxle.dll
    C:\WINDOWS\system32\gtjkdciv.dll
    C:\WINDOWS\system32\hcnntfsv.dll
    C:\WINDOWS\system32\hentahfo.dll
    C:\WINDOWS\system32\hiuveyil.dll
    C:\WINDOWS\system32\hjtyocyf.dll
    C:\WINDOWS\system32\hkeigukj.dll
    C:\WINDOWS\system32\hlodomio.dll
    C:\WINDOWS\system32\hnqhphlv.dll
    C:\WINDOWS\system32\hrvctykl.dll
    C:\WINDOWS\system32\iaaglgni.dll
    C:\WINDOWS\system32\ikcrdjvr.dll
    C:\WINDOWS\system32\inghkwco.dll
    C:\WINDOWS\system32\iofrvsym.dll
    C:\WINDOWS\system32\iqcjrpnh.dll
    C:\WINDOWS\system32\iwufcddr.dll
    C:\WINDOWS\system32\ixwxfgvi.dll
    C:\WINDOWS\system32\jbutbrpj.dll
    C:\WINDOWS\system32\jkhfg.dll
    C:\WINDOWS\system32\jvwwhwrj.dll
    C:\WINDOWS\system32\kgbmdfrb.dll
    C:\WINDOWS\system32\kkdwgtua.dll
    C:\WINDOWS\system32\ktkhwusy.dll
    C:\WINDOWS\system32\kwdtbmle.dll
    C:\WINDOWS\system32\kyrmdjut.dll
    C:\WINDOWS\system32\ldjtrish.dll
    C:\WINDOWS\system32\lhfldohb.dll
    C:\WINDOWS\system32\lhuxigmt.dll
    C:\WINDOWS\system32\ljwonjew.dll
    C:\WINDOWS\system32\lphrbkaj.dll
    C:\WINDOWS\system32\lrhoqcag.dll
    C:\WINDOWS\system32\lrqjkfqo.dll
    C:\WINDOWS\system32\luygknhq.dll
    C:\WINDOWS\system32\mihiueje.dll
    C:\WINDOWS\system32\mjueqrsv.dll
    C:\WINDOWS\system32\moygfxch.dll
    C:\WINDOWS\system32\mpldpxjs.dll
    C:\WINDOWS\system32\mpnboqhg.dll
    C:\WINDOWS\system32\mpternep.dll
    C:\WINDOWS\system32\mvwesbpe.dll
    C:\WINDOWS\system32\mwhpvlgr.dll
    C:\WINDOWS\system32\myobgfcn.dll
    C:\WINDOWS\system32\mytswops.dll
    C:\WINDOWS\system32
    jtiojwu.dll
    C:\WINDOWS\system32
    miitrgk.dll
    C:\WINDOWS\system32
    njwgeav.dll
    C:\WINDOWS\system32
    xsdgqma.dll
    C:\WINDOWS\system32\odwjhuxq.dll
    C:\WINDOWS\system32\okidggtx.dll
    C:\WINDOWS\system32\otvfvncb.dll
    C:\WINDOWS\system32\oujdcofx.dll
    C:\WINDOWS\system32\oxgmbqvs.dll
    C:\WINDOWS\system32\oybdjscd.dll
    C:\WINDOWS\system32\paqhuimb.dll
    C:\WINDOWS\system32\pdgvqsiv.dll
    C:\WINDOWS\system32\pdltsmko.dll
    C:\WINDOWS\system32\ptlxeyjb.dll
    C:\WINDOWS\system32\pvyeanbc.dll
    C:\WINDOWS\system32\pwtmckia.dll
    C:\WINDOWS\system32\qqhmbsxp.dll
    C:\WINDOWS\system32\qvgmagld.dll
    C:\WINDOWS\system32\rdgvflam.dll
    C:\WINDOWS\system32\rgttxtkm.dll
    C:\WINDOWS\system32\rjdfdbas.dll
    C:\WINDOWS\system32\rnufrocq.dll
    C:\WINDOWS\system32\rpoaeite.dll
    C:\WINDOWS\system32\rtrhvelf.dll
    C:\WINDOWS\system32\rxopuxgh.dll
    C:\WINDOWS\system32\sapnpvph.dll
    C:\WINDOWS\system32\sirwavbm.dll
    C:\WINDOWS\system32\sjwbyqss.dll
    C:\WINDOWS\system32\snnnmtld.dll
    C:\WINDOWS\system32\sphsqbej.dll
    C:\WINDOWS\system32\tifsjtmy.dll
    C:\WINDOWS\system32\ttiisvjx.dll
    C:\WINDOWS\system32\tygkhhcr.dll
    C:\WINDOWS\system32\uhodujfd.dll
    C:\WINDOWS\system32\ukctauxt.dll
    C:\WINDOWS\system32\uniqbwsb.dll
    C:\WINDOWS\system32\uvybdxrh.dll
    C:\WINDOWS\system32\uwhjmybi.dll
    C:\WINDOWS\system32\uykcpode.dll
    C:\WINDOWS\system32\vchtiehq.dll
    C:\WINDOWS\system32\vikyxmjc.dll
    C:\WINDOWS\system32\vksxbxmd.dll
    C:\WINDOWS\system32\vsklsvxb.dll
    C:\WINDOWS\system32\wbriyyvk.dll
    C:\WINDOWS\system32\wcprnsyu.dll
    C:\WINDOWS\system32\wjhphqbm.dll
    C:\WINDOWS\system32\wrwwlucb.dll
    C:\WINDOWS\system32\xbjfbnly.dll
    C:\WINDOWS\system32\xmtdjeas.dll
    C:\WINDOWS\system32\xpdelvke.dll
    C:\WINDOWS\system32\xpiuwfle.dll
    C:\WINDOWS\system32\xqndyhya.dll
    C:\WINDOWS\system32\xtoavhum.dll
    C:\WINDOWS\system32\ycjvwrmy.dll
    C:\WINDOWS\system32\yetbsteh.dll
    C:\WINDOWS\system32\yhmuqvdg.dll
    C:\WINDOWS\system32\ympglkdl.dll
    C:\WINDOWS\system32\yrqesqaf.dll
    C:\WINDOWS\system32\yulxgkeg.dll
    C:\WINDOWS\system32\effbwvgn.exe
    C:\WINDOWS\system32\jhxpmcny.exe
    C:\WINDOWS\system32\abbpcqsu.dll
    C:\WINDOWS\system32\ahecoidv.dll
    C:\WINDOWS\system32\aimoodbi.dll
    C:\WINDOWS\system32\aqlvqaqq.dll
    C:\WINDOWS\system32\asmqvwwf.dll
    C:\WINDOWS\system32\bcntqtdg.dll
    C:\WINDOWS\system32\bhihfjxg.dll
    C:\WINDOWS\system32\caewhswe.dll
    C:\WINDOWS\system32\ccyovaxh.dll
    C:\WINDOWS\system32\dawvtwdh.dll
    C:\WINDOWS\system32\dntlevno.dll
    C:\WINDOWS\system32\dspsqllo.dll
    C:\WINDOWS\system32\dwievwda.dll
    C:\WINDOWS\system32\dyxqopds.dll
    C:\WINDOWS\system32\eheutvje.dll
    C:\WINDOWS\system32\ektablei.dll
    C:\WINDOWS\system32\eokddsig.dll
    C:\WINDOWS\system32\ewbfsnnu.dll
    C:\WINDOWS\system32\fdryfhav.dll
    C:\WINDOWS\system32\ffohbjyi.dll
    C:\WINDOWS\system32\fhqlttax.dll
    C:\WINDOWS\system32\flxrbqdx.dll
    C:\WINDOWS\system32\frkixfml.dll
    C:\WINDOWS\system32\gewxinpg.dll
    C:\WINDOWS\system32\gkeiiwyq.dll
    C:\WINDOWS\system32\gyayqcao.dll
    C:\WINDOWS\system32\hakxunyl.dll
    C:\WINDOWS\system32\harinrgs.dll
    C:\WINDOWS\system32\hmgrnlki.dll
    C:\WINDOWS\system32\hnqogycp.dll
    C:\WINDOWS\system32\hnsffpia.dll
    C:\WINDOWS\system32\hoxykssr.dll
    C:\WINDOWS\system32\hqbwfeij.dll
    C:\WINDOWS\system32\hybpcdhg.dll
    C:\WINDOWS\system32\iixgxghu.dll
    C:\WINDOWS\system32\ikqvxhwb.dll
    C:\WINDOWS\system32\iloqjrss.dll
    C:\WINDOWS\system32\iqbuargj.dll
    C:\WINDOWS\system32\jcbjlreg.dll
    C:\WINDOWS\system32\jkldmvkw.dll
    C:\WINDOWS\system32\jlrpiigc.dll
    C:\WINDOWS\system32\jspynjbv.dll
    C:\WINDOWS\system32\jtsaoclv.dll
    C:\WINDOWS\system32\jxdmooeg.dll
    C:\WINDOWS\system32\jxpckwtm.dll
    C:\WINDOWS\system32\klvuaqst.dll
    C:\WINDOWS\system32\knhcqyjb.dll
    C:\WINDOWS\system32\knvdgqnr.dll
    C:\WINDOWS\system32\leailnqs.dll
    C:\WINDOWS\system32\lfdlxblf.dll
    C:\WINDOWS\system32\lfrlpogx.dll
    C:\WINDOWS\system32\lgkvocuj.dll
    C:\WINDOWS\system32\lkjlrwvv.dll
    C:\WINDOWS\system32\lvvauslg.dll
    C:\WINDOWS\system32\lxwbbtrn.dll
    C:\WINDOWS\system32\mgswctbn.dll
    C:\WINDOWS\system32\mljlsdyr.dll
    C:\WINDOWS\system32\mnlijade.dll
    C:\WINDOWS\system32\mvyoxljs.dll
    C:\WINDOWS\system32
    cnmsohp.dll
    C:\WINDOWS\system32\oigadgrr.dll
    C:\WINDOWS\system32\ollxdfvl.dll
    C:\WINDOWS\system32\pernbhbm.dll
    C:\WINDOWS\system32\pmuuawok.dll
    C:\WINDOWS\system32\pnmgfcuo.dll
    C:\WINDOWS\system32\prtlfpin.dll
    C:\WINDOWS\system32\psujhquy.dll
    C:\WINDOWS\system32\pubxorit.dll
    C:\WINDOWS\system32\pygugxnn.dll
    C:\WINDOWS\system32\qkuyuwrg.dll
    C:\WINDOWS\system32\qpvvaard.dll
    C:\WINDOWS\system32\qrdtbjew.dll
    C:\WINDOWS\system32\rrnaknwi.dll
    C:\WINDOWS\system32\rsxgpkpm.dll
    C:\WINDOWS\system32\spmykpmf.dll
    C:\WINDOWS\system32\sruocjfm.dll
    C:\WINDOWS\system32\stfxhogd.dll
    C:\WINDOWS\system32\tapritve.dll
    C:\WINDOWS\system32\tbthclsn.dll
    C:\WINDOWS\system32\thnycseb.dll
    C:\WINDOWS\system32\tqmqfnvc.dll
    C:\WINDOWS\system32\tvotjhwp.dll
    C:\WINDOWS\system32\tvqlqfjn.dll
    C:\WINDOWS\system32\urugiqsj.dll
    C:\WINDOWS\system32\uvbtwyah.dll
    C:\WINDOWS\system32\vbexyyug.dll
    C:\WINDOWS\system32\virhwert.dll
    C:\WINDOWS\system32\vnihdlux.dll
    C:\WINDOWS\system32\vthsxotq.dll
    C:\WINDOWS\system32\vtxcwtbu.dll
    C:\WINDOWS\system32\vxrssetn.dll
    C:\WINDOWS\system32\wdxuwnoh.dll
    C:\WINDOWS\system32\wiggffqr.dll
    C:\WINDOWS\system32\wkrqciuo.dll
    C:\WINDOWS\system32\wsmfapxt.dll
    C:\WINDOWS\system32\xfegfqgp.dll
    C:\WINDOWS\system32\xkfmksnb.dll
    C:\WINDOWS\system32\xymhyter.dll
    C:\WINDOWS\system32\ybkgsoyv.dll
    C:\WINDOWS\system32\ybsvqsbt.dll
    C:\WINDOWS\system32\yealtabf.dll
    C:\WINDOWS\system32\ykjjmndr.dll
    C:\WINDOWS\system32\yuolicav.dll
    C:\WINDOWS\system32\vvvwa.bak1
    C:\WINDOWS\system32\vvvwa.bak2
    C:\WINDOWS\system32\vvvwa.ini
    C:\WINDOWS\system32\vvvwa.ini2
    C:\WINDOWS\system32\vvvwa.tmp
    C:\WINDOWS\system32\blqtbhaa.ini
    C:\WINDOWS\system32\ckiupkoa.ini
    C:\WINDOWS\system32\rakavuoa.ini
    C:\WINDOWS\system32\aovjmxab.ini
    C:\WINDOWS\system32
    fgnllcc.ini
    C:\WINDOWS\system32\hqkasngc.ini
    C:\WINDOWS\system32\skcpegrc.ini
    C:\WINDOWS\system32\uneqlfwc.ini
    C:\WINDOWS\system32\wjrtamyc.ini
    C:\WINDOWS\system32\wnnifqyc.ini
    C:\WINDOWS\system32\kqbpcojd.ini
    C:\WINDOWS\system32\iacwwkld.ini
    C:\WINDOWS\system32\lyekhlld.ini
    C:\WINDOWS\system32\jiwlfpwd.ini
    C:\WINDOWS\system32\dxyacfae.ini
    C:\WINDOWS\system32\mqeroabe.ini
    C:\WINDOWS\system32\ahurusee.ini
    C:\WINDOWS\system32\kbnrhsje.ini
    C:\WINDOWS\system32\rysodvne.ini
    C:\WINDOWS\system32\ahgmmate.ini
    C:\WINDOWS\system32\vcmdgcwe.ini
    C:\WINDOWS\system32\ocbprfwe.ini
    C:\WINDOWS\system32\bqdluhwe.ini
    C:\WINDOWS\system32\towocjxe.ini
    C:\WINDOWS\system32\dqjxoqff.ini
    C:\WINDOWS\system32\ysnomlgf.ini
    C:\WINDOWS\system32\ojeqmuhf.ini
    C:\WINDOWS\system32\agjoycmf.ini
    C:\WINDOWS\system32\dlkntxmf.ini
    C:\WINDOWS\system32\mweupftf.ini
    C:\WINDOWS\system32\plybxhdg.ini
    C:\WINDOWS\system32\elxkolgg.ini
    C:\WINDOWS\system32\vicdkjtg.ini
    C:\WINDOWS\system32\vsftnnch.ini
    C:\WINDOWS\system32\ofhatneh.ini
    C:\WINDOWS\system32\fycoytjh.ini
    C:\WINDOWS\system32\jkugiekh.ini
    C:\WINDOWS\system32\oimodolh.ini
    C:\WINDOWS\system32\vlhphqnh.ini
    C:\WINDOWS\system32\rvjdrcki.ini
    C:\WINDOWS\system32\ocwkhgni.ini
    C:\WINDOWS\system32\mysvrfoi.ini
    C:\WINDOWS\system32\hnprjcqi.ini
    C:\WINDOWS\system32\rddcfuwi.ini
    C:\WINDOWS\system32\gfhkj.ini
    C:\WINDOWS\system32\jrwhwwvj.ini
    C:\WINDOWS\system32\brfdmbgk.ini
    C:\WINDOWS\system32\autgwdkk.ini
    C:\WINDOWS\system32\elmbtdwk.ini
    C:\WINDOWS\system32\tujdmryk.ini
    C:\WINDOWS\system32\hsirtjdl.ini
    C:\WINDOWS\system32\bhodlfhl.ini
    C:\WINDOWS\system32\tmgixuhl.ini
    C:\WINDOWS\system32\wejnowjl.ini
    C:\WINDOWS\system32\gacqohrl.ini
    C:\WINDOWS\system32\oqfkjqrl.ini
    C:\WINDOWS\system32\qhnkgyul.ini
    C:\WINDOWS\system32\ejeuihim.ini
    C:\WINDOWS\system32\vsrqeujm.ini
    C:\WINDOWS\system32\hcxfgyom.ini
    C:\WINDOWS\system32\ghqobnpm.ini
    C:\WINDOWS\system32\epbsewvm.ini
    C:\WINDOWS\system32
    cfgboym.ini
    C:\WINDOWS\system32\spowstym.ini
    C:\WINDOWS\system32\uwjoitjn.ini
    C:\WINDOWS\system32\vaegwjnn.ini
    C:\WINDOWS\system32\amqgdsxn.ini
    C:\WINDOWS\system32\qxuhjwdo.ini
    C:\WINDOWS\system32\xtggdiko.ini
    C:\WINDOWS\system32\bcnvfvto.ini
    C:\WINDOWS\system32\xfocdjuo.ini
    C:\WINDOWS\system32\svqbmgxo.ini
    C:\WINDOWS\system32\dcsjdbyo.ini
    C:\WINDOWS\system32\bmiuhqap.ini
    C:\WINDOWS\system32\visqvgdp.ini
    C:\WINDOWS\system32\okmstldp.ini
    C:\WINDOWS\system32\bjyexltp.ini
    C:\WINDOWS\system32\aikcmtwp.ini
    C:\WINDOWS\system32\pxsbmhqq.ini
    C:\WINDOWS\system32\dlgamgvq.ini
    C:\WINDOWS\system32\sabdfdjr.ini
    C:\WINDOWS\system32\qcorfunr.ini
    C:\WINDOWS\system32\etieaopr.ini
    C:\WINDOWS\system32\flevhrtr.ini
    C:\WINDOWS\system32\ssqybwjs.ini
    C:\WINDOWS\system32\jebqshps.ini
    C:\WINDOWS\system32\ymtjsfit.ini
    C:\WINDOWS\system32\xjvsiitt.ini
    C:\WINDOWS\system32\dfjudohu.ini
    C:\WINDOWS\system32\txuatcku.ini
    C:\WINDOWS\system32\bswbqinu.ini
    C:\WINDOWS\system32\hrxdbyvu.ini
    C:\WINDOWS\system32\ibymjhwu.ini
    C:\WINDOWS\system32\edopckyu.ini
    C:\WINDOWS\system32\qheithcv.ini
    C:\WINDOWS\system32\cjmxykiv.ini
    C:\WINDOWS\system32\dmxbxskv.ini
    C:\WINDOWS\system32\bxvslksv.ini
    C:\WINDOWS\system32\kvyyirbw.ini
    C:\WINDOWS\system32\uysnrpcw.ini
    C:\WINDOWS\system32\mbqhphjw.ini
    C:\WINDOWS\system32\bculwwrw.ini
    C:\WINDOWS\system32\ylnbfjbx.ini
    C:\WINDOWS\system32\ekvledpx.ini
    C:\WINDOWS\system32\elfwuipx.ini
    C:\WINDOWS\system32\ayhydnqx.ini
    C:\WINDOWS\system32\muhvaotx.ini
    C:\WINDOWS\system32\ymrwvjcy.ini
    C:\WINDOWS\system32\gdvqumhy.ini
    C:\WINDOWS\system32\ldklgpmy.ini
    C:\WINDOWS\system32\faqseqry.ini
    C:\WINDOWS\system32\gekgxluy.ini
    C:\WINDOWS\system32\vvvwa.bak1
    C:\WINDOWS\system32\vvvwa.bak2
    C:\WINDOWS\system32\vvvwa.ini
    C:\WINDOWS\system32\vvvwa.ini2
    C:\WINDOWS\system32\vvvwa.tmp
    C:\WINDOWS\system32\vvvwa.bak1
    C:\WINDOWS\system32\vvvwa.bak2
    C:\WINDOWS\system32\vvvwa.ini
    C:\WINDOWS\system32\vvvwa.ini2
    C:\WINDOWS\system32\vvvwa.tmp
    C:\WINDOWS\system32\awvvv.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
    C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
    C:\Program Files\inetget2
    C:\Program Files\winpop
    C:\Program Files\winpop\UnInstall.exe
    C:\WINDOWS\b122.exe
    C:\WINDOWS\system32\aahddrty.exe
    C:\WINDOWS\system32\afrqsxcg.exe
    C:\WINDOWS\system32\agdfbork.exe
    C:\WINDOWS\system32\anlulavm.exe
    C:\WINDOWS\system32\aqgfdblm.exe
    C:\WINDOWS\system32\arkpunsc.exe
    C:\WINDOWS\system32\auslhdfb.exe
    C:\WINDOWS\system32\ayooelde.exe
    C:\WINDOWS\system32\bakcmxwg.exe
    C:\WINDOWS\system32\beuoguxg.exe
    C:\WINDOWS\system32\bewpneoe.exe
    C:\WINDOWS\system32\bfnhhigf.exe
    C:\WINDOWS\system32\blqtalpm.exe
    C:\WINDOWS\system32\btttfwin.exe
    C:\WINDOWS\system32\byftyfvi.exe
    C:\WINDOWS\system32\cbgexeok.exe
    C:\WINDOWS\system32\ckljhhnw.exe
    C:\WINDOWS\system32\cmidwfah.exe
    C:\WINDOWS\system32\dfoxbxxm.exe
    C:\WINDOWS\system32\dgrkgbpw.exe
    C:\WINDOWS\system32\dqsxlxbv.exe
    C:\WINDOWS\system32\efwvifkx.exe
    C:\WINDOWS\system32\eohifnip.exe
    C:\WINDOWS\system32\esanficl.exe
    C:\WINDOWS\system32\esuuekjr.exe
    C:\WINDOWS\system32\evcwwnek.exe
    C:\WINDOWS\system32\exhehxir.exe
    C:\WINDOWS\system32\fdkhmbgc.exe
    C:\WINDOWS\system32\fejwyjfm.exe
    C:\WINDOWS\system32\fgcdexmj.exe
    C:\WINDOWS\system32\fikjwveu.exe
    C:\WINDOWS\system32\fkstptdk.exe
    C:\WINDOWS\system32\fkwoorkk.exe
    C:\WINDOWS\system32\fvmokwkp.exe
    C:\WINDOWS\system32\fyrgumrt.exe
    C:\WINDOWS\system32\gcxcmsax.exe
    C:\WINDOWS\system32\glowhwhr.exe
    C:\WINDOWS\system32\grhjonxs.exe
    C:\WINDOWS\system32\gsqekdsg.exe
    C:\WINDOWS\system32\gurwdluh.exe
    C:\WINDOWS\system32\hekpgsvo.exe
    C:\WINDOWS\system32\hfpnkbqc.exe
    C:\WINDOWS\system32\hobykiew.exe
    C:\WINDOWS\system32\hrfcwysx.exe
    C:\WINDOWS\system32\ifirwats.exe
    C:\WINDOWS\system32\iivpydft.exe
    C:\WINDOWS\system32\isjknars.exe
    C:\WINDOWS\system32\ivxyarxr.exe
    C:\WINDOWS\system32\iybxgmee.exe
    C:\WINDOWS\system32\jfeerobf.exe
    C:\WINDOWS\system32\jmlsdgmu.exe
    C:\WINDOWS\system32\jpdgpbev.exe
    C:\WINDOWS\system32\jpdwctfp.exe
    C:\WINDOWS\system32\jpiaqvgm.exe
    C:\WINDOWS\system32\jqdkqqnx.exe
    C:\WINDOWS\system32\jretrrnn.exe
    C:\WINDOWS\system32\jtdftgvo.exe
    C:\WINDOWS\system32\jurrgqqn.exe
    C:\WINDOWS\system32\jvdganud.exe
    C:\WINDOWS\system32\kcymamnt.exe
    C:\WINDOWS\system32\kdssveea.exe
    C:\WINDOWS\system32\kluqrswb.exe
    C:\WINDOWS\system32\ktpoaesi.exe
    C:\WINDOWS\system32\lajkjmnt.exe
    C:\WINDOWS\system32\lphqogui.exe
    C:\WINDOWS\system32\luwkmmth.exe
    C:\WINDOWS\system32\luyhoxlj.exe
    C:\WINDOWS\system32\max1d1641.exe
    C:\WINDOWS\system32\mdgpduqy.exe
    C:\WINDOWS\system32\mgbbgxmn.exe
    C:\WINDOWS\system32\mhlmbkem.exe
    C:\WINDOWS\system32\mhsnmaro.exe
    C:\WINDOWS\system32\mkgrbnft.exe
    C:\WINDOWS\system32\mlerdbox.exe
    C:\WINDOWS\system32\mmdfeolm.exe
    C:\WINDOWS\system32\movvjfse.exe
    C:\WINDOWS\system32\mqsyknbb.exe
    C:\WINDOWS\system32\myfxeytm.exe
    C:\WINDOWS\system32\myhbyrby.exe
    C:\WINDOWS\system32
    fwmltgs.exe
    C:\WINDOWS\system32
    gomqyng.exe
    C:\WINDOWS\system32
    hegjkfh.exe
    C:\WINDOWS\system32
    lnwsqvq.exe
    C:\WINDOWS\system32
    oakgvxe.exe
    C:\WINDOWS\system32
    thjhhpd.exe
    C:\WINDOWS\system32
    tjeusyx.exe
    C:\WINDOWS\system32
    ufdepcx.exe
    C:\WINDOWS\system32
    xrvsbhw.exe
    C:\WINDOWS\system32\ohmsmlvc.exe
    C:\WINDOWS\system32\oifxaaog.exe
    C:\WINDOWS\system32\ojphdtvk.exe
    C:\WINDOWS\system32\omypkhfq.exe
    C:\WINDOWS\system32\onydsexo.exe
    C:\WINDOWS\system32\orymnndc.exe
    C:\WINDOWS\system32\oukiclsu.exe
    C:\WINDOWS\system32\ovtjkmbd.exe
    C:\WINDOWS\system32\owpifibh.exe
    C:\WINDOWS\system32\oxdxjcxj.exe
    C:\WINDOWS\system32\pcxlrfvn.exe
    C:\WINDOWS\system32\pessgdrb.exe
    C:\WINDOWS\system32\pfcqmoeu.exe
    C:\WINDOWS\system32\pijlslah.exe
    C:\WINDOWS\system32\pnmralxt.exe
    C:\WINDOWS\system32\puftjpar.exe
    C:\WINDOWS\system32\pumfvcrr.exe
    C:\WINDOWS\system32\pxkvsnlg.exe
    C:\WINDOWS\system32\qfytociy.exe
    C:\WINDOWS\system32\qijsexon.exe
    C:\WINDOWS\system32\qjkiblko.exe
    C:\WINDOWS\system32\qjnfvcfq.exe
    C:\WINDOWS\system32\qnveecxu.exe
    C:\WINDOWS\system32\qrjgkehg.exe
    C:\WINDOWS\system32\qrpjkuee.exe
    C:\WINDOWS\system32\qsfqaugp.exe
    C:\WINDOWS\system32\quwftffb.exe
    C:\WINDOWS\system32\qywfguqm.exe
    C:\WINDOWS\system32\rgwplfuj.exe
    C:\WINDOWS\system32\rkfxeusu.exe
    C:\WINDOWS\system32\rnqeaglq.exe
    C:\WINDOWS\system32\rpiiuxrp.exe
    C:\WINDOWS\system32\rsaphovl.exe
    C:\WINDOWS\system32\ryvfjybj.exe
    C:\WINDOWS\system32\sexsgdgg.exe
    C:\WINDOWS\system32\sfdwxoyj.exe
    C:\WINDOWS\system32\sicmyqyh.exe
    C:\WINDOWS\system32\sjwugfif.exe
    C:\WINDOWS\system32\smirtfst.exe
    C:\WINDOWS\system32\spvbmnkc.exe
    C:\WINDOWS\system32\talstngt.exe
    C:\WINDOWS\system32\tasiubwg.exe
    C:\WINDOWS\system32\tglnsawe.exe
    C:\WINDOWS\system32\thriiexq.exe
    C:\WINDOWS\system32\tmtcslbk.exe
    C:\WINDOWS\system32\toerlscr.exe
    C:\WINDOWS\system32\twojdsin.exe
    C:\WINDOWS\system32\txtvccte.exe
    C:\WINDOWS\system32\txwjuuik.exe
    C:\WINDOWS\system32\unxhfqfo.exe
    C:\WINDOWS\system32\uuqginoa.exe
    C:\WINDOWS\system32\uvplarlp.exe
    C:\WINDOWS\system32\uvwcgfyp.exe
    C:\WINDOWS\system32\uwnvtxno.exe
    C:\WINDOWS\system32\vdvitwxv.exe
    C:\WINDOWS\system32\vfywfqoe.exe
    C:\WINDOWS\system32\vxegixbk.exe
    C:\WINDOWS\system32\wengcnlo.exe
    C:\WINDOWS\system32\wmlkoyaw.exe
    C:\WINDOWS\system32\wnqungvy.exe
    C:\WINDOWS\system32\wpkmqmxt.exe
    C:\WINDOWS\system32\wqodmwwv.exe
    C:\WINDOWS\system32\wsmhigdc.exe
    C:\WINDOWS\system32\wsrchymn.exe
    C:\WINDOWS\system32\wsvqpcdc.exe
    C:\WINDOWS\system32\wukpysqi.exe
    C:\WINDOWS\system32\wwnaoyln.exe
    C:\WINDOWS\system32\xbxbxaoe.exe
    C:\WINDOWS\system32\xcojuylo.exe
    C:\WINDOWS\system32\xcqgmtox.exe
    C:\WINDOWS\system32\xfihcsuu.exe
    C:\WINDOWS\system32\xkjbpigr.exe
    C:\WINDOWS\system32\xmipexed.exe
    C:\WINDOWS\system32\xmpdqdmg.exe
    C:\WINDOWS\system32\xpdx.sys
    C:\WINDOWS\system32\xqnxdlnd.exe
    C:\WINDOWS\system32\xuugvepu.exe
    C:\WINDOWS\system32\xuutfptg.exe
    C:\WINDOWS\system32\xyolmhcj.exe
    C:\WINDOWS\system32\ybdmlmcf.exe
    C:\WINDOWS\system32\yeigjihu.exe
    C:\WINDOWS\system32\yiiryfym.exe
    C:\WINDOWS\system32\ymuslikf.exe
    C:\WINDOWS\system32\ymytlkra.exe
    C:\WINDOWS\system32\ynxhpivu.exe
    C:\WINDOWS\system32\ynyycfkk.exe
    C:\WINDOWS\system32\yqegsmjl.exe
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    ——-\LEGACY_DOMAINSERVICE
    ——-\LEGACY_NTMLSVC
    ——-\DomainService
    ——-\NtmlSvc
    ——-\xpdx


    ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


    2007-07-29 21:47 51,200 –a—— C:\WINDOWS
    ircmd.exe
    2007-07-29 18:20 125,972 –a—— C:\WINDOWS\system32\lgbaammi.dll
    2007-07-28 13:10 <DIR> dr-h—– C:\DOCUME~1\Jesse\Onlangs geopend
    2007-07-28 13:00 69,140 –a—— C:\WINDOWS\system32\fwrmtual.dll
    2007-07-28 12:56 125,972 –a—— C:\WINDOWS\system32\alptynmn.dll
    2007-07-26 13:08 125,972 –a—— C:\WINDOWS\system32\rtcexsiw.dll
    2007-07-25 13:34 125,972 –a—— C:\WINDOWS\system32\ormtsfhr.dll
    2007-07-23 00:02 10,872 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-22 23:34 3,968 –a—— C:\WINDOWS\system32\drivers\AvgArCln.sys
    2007-07-22 17:54 <DIR> d——– C:\Program Files\Steinberg
    2007-07-22 17:53 796,672 –a—— C:\WINDOWS\GPInstall.exe
    2007-07-21 18:26 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-07-21 17:48 524,288 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
    2007-07-21 17:48 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-07-21 17:48 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-07-21 17:48 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-07-21 17:48 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-07-21 17:48 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-07-21 17:48 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
    2007-07-21 17:48 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-07-21 17:44 <DIR> d——– C:\WINDOWS\pss
    2007-07-19 10:51 68,888 –a—— C:\WINDOWS\system32\xinput1_3.dll
    2007-07-19 10:51 62,744 –a—— C:\WINDOWS\system32\xinput1_2.dll
    2007-07-19 10:51 3,426,072 –a—— C:\WINDOWS\system32\d3dx9_32.dll
    2007-07-19 10:51 255,848 –a—— C:\WINDOWS\system32\xactengine2_6.dll
    2007-07-19 10:51 251,672 –a—— C:\WINDOWS\system32\xactengine2_5.dll
    2007-07-19 10:51 237,848 –a—— C:\WINDOWS\system32\xactengine2_4.dll
    2007-07-19 10:51 236,824 –a—— C:\WINDOWS\system32\xactengine2_3.dll
    2007-07-19 10:51 2,414,360 –a—— C:\WINDOWS\system32\d3dx9_31.dll
    2007-07-19 10:51 15,128 –a—— C:\WINDOWS\system32\x3daudio1_1.dll
    2007-07-08 12:30 <DIR> d——– C:\Program Files\DivX
    2007-07-02 21:41 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-07-02 21:41 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-07-01 22:03 <DIR> d——– C:\DOCUME~1\Jesse\APPLIC~1\Media Player Classic


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-29 17:28:42 ——– d—–w C:\DOCUME~1\Jesse\APPLIC~1\StumbleUpon
    2007-07-29 10:59:43 ——– d—–w C:\DOCUME~1\Jesse\APPLIC~1\Skype
    2007-07-24 07:52:10 505,344 —-a-w C:\WINDOWS\system32\winlogon.exe
    2007-07-21 16:25:34 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-21 15:52:10 93,184 ——w C:\WINDOWS\system32\dacbdfdbfa.dll
    2007-07-20 12:26:46 ——– d—–w C:\DOCUME~1\Jesse\APPLIC~1\Xfire
    2007-07-19 08:50:20 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-07-14 10:58:03 1,324 —-a-w C:\WINDOWS\system32\d3d9caps.dat
    2007-07-08 10:31:38 1,302 —-a-w C:\WINDOWS\mozver.dat
    2007-06-24 19:26:11 71,680 —-a-w C:\WINDOWS\g33913203.exe
    2007-06-24 19:04:06 71,680 —-a-w C:\WINDOWS\g32587968.exe
    2007-06-24 18:42:03 71,680 —-a-w C:\WINDOWS\g31265093.exe
    2007-06-24 10:03:40 71,680 —-a-w C:\WINDOWS\g159875.exe
    2007-06-23 19:43:34 71,680 —-a-w C:\WINDOWS\g37761078.exe
    2007-06-23 19:23:18 71,680 —-a-w C:\WINDOWS\g36545078.exe
    2007-06-23 18:46:39 ——– d—–w C:\DOCUME~1\Jesse\APPLIC~1\Turbine
    2007-06-23 18:38:41 71,680 —-a-w C:\WINDOWS\g33868765.exe
    2007-06-23 17:39:29 71,680 —-a-w C:\WINDOWS\g30315718.exe
    2007-06-23 17:19:27 71,680 —-a-w C:\WINDOWS\g29113796.exe
    2007-06-23 16:59:27 71,680 —-a-w C:\WINDOWS\g27914296.exe
    2007-06-23 16:37:27 71,680 —-a-w C:\WINDOWS\g26593718.exe
    2007-06-23 16:15:25 71,680 —-a-w C:\WINDOWS\g25272015.exe
    2007-06-23 15:53:28 71,680 —-a-w C:\WINDOWS\g23954890.exe
    2007-06-23 15:33:26 71,680 —-a-w C:\WINDOWS\g22753046.exe
    2007-06-23 15:13:29 71,680 —-a-w C:\WINDOWS\g21555531.exe
    2007-06-23 14:51:20 71,680 —-a-w C:\WINDOWS\g20226890.exe
    2007-06-23 14:31:21 71,680 —-a-w C:\WINDOWS\g19027984.exe
    2007-06-23 14:09:25 71,680 —-a-w C:\WINDOWS\g17711718.exe
    2007-06-23 13:47:25 71,680 —-a-w C:\WINDOWS\g16392468.exe
    2007-06-23 13:27:28 71,680 —-a-w C:\WINDOWS\g15195140.exe
    2007-06-23 13:07:23 71,680 —-a-w C:\WINDOWS\g13990015.exe
    2007-06-23 12:45:15 71,680 —-a-w C:\WINDOWS\g12662468.exe
    2007-06-23 12:25:12 71,680 —-a-w C:\WINDOWS\g11458843.exe
    2007-06-23 12:05:06 71,680 —-a-w C:\WINDOWS\g10252765.exe
    2007-06-23 11:43:05 71,680 —-a-w C:\WINDOWS\g8932390.exe
    2007-06-23 11:21:09 71,680 —-a-w C:\WINDOWS\g7616000.exe
    2007-06-23 11:01:09 71,680 —-a-w C:\WINDOWS\g6416000.exe
    2007-06-23 10:41:09 71,680 —-a-w C:\WINDOWS\g5215984.exe
    2007-06-23 10:21:06 71,680 —-a-w C:\WINDOWS\g4012593.exe
    2007-06-23 10:00:53 71,680 —-a-w C:\WINDOWS\g2800156.exe
    2007-06-23 09:38:51 71,680 —-a-w C:\WINDOWS\g1477671.exe
    2007-06-23 09:18:52 71,680 —-a-w C:\WINDOWS\g278890.exe
    2007-06-22 19:00:28 22,584 —-a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-06-22 18:58:26 99,904 —-a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-06-22 09:50:22 71,680 —-a-w C:\WINDOWS\g1716968.exe
    2007-06-21 18:38:43 71,680 —-a-w C:\WINDOWS\g7965125.exe
    2007-06-21 18:18:42 71,680 —-a-w C:\WINDOWS\g6764812.exe
    2007-06-21 17:56:44 71,680 —-a-w C:\WINDOWS\g5446203.exe
    2007-06-21 17:34:45 71,680 —-a-w C:\WINDOWS\g4127156.exe
    2007-06-21 17:14:43 71,680 —-a-w C:\WINDOWS\g2925062.exe
    2007-06-21 16:54:42 71,680 —-a-w C:\WINDOWS\g1724640.exe
    2007-06-21 16:32:34 71,680 —-a-w C:\WINDOWS\g395593.exe
    2007-06-20 13:47:21 71,680 —-a-w C:\WINDOWS\g3161765.exe
    2007-06-20 13:27:16 71,680 —-a-w C:\WINDOWS\g1956796.exe
    2007-06-20 13:05:11 71,680 —-a-w C:\WINDOWS\g631406.exe
    2007-06-20 08:35:41 70,656 —-a-w C:\WINDOWS\system32\d3dxim.dll
    2007-06-20 07:39:39 71,680 —-a-w C:\WINDOWS\g276859.exe
    2007-06-19 16:54:00 71,680 —-a-w C:\WINDOWS\g15638546.exe
    2007-06-19 12:39:59 71,680 —-a-w C:\WINDOWS\g396953.exe
    2007-06-18 16:30:46 71,680 —-a-w C:\WINDOWS\g29719109.exe
    2007-06-18 16:08:44 71,680 —-a-w C:\WINDOWS\g28397531.exe
    2007-06-18 15:58:40 71,680 —-a-w C:\WINDOWS\g27792953.exe
    2007-06-18 10:52:24 71,680 —-a-w C:\WINDOWS\g9416687.exe
    2007-06-18 10:32:19 71,680 —-a-w C:\WINDOWS\g8211046.exe
    2007-06-18 08:19:58 71,680 —-a-w C:\WINDOWS\g271515.exe
    2007-06-17 19:17:02 ——– d—–w C:\DOCUME~1\Jesse\APPLIC~1\Lavasoft
    2007-06-17 18:54:35 71,680 —-a-w C:\WINDOWS\g39414468.exe
    2007-06-17 15:59:56 71,680 —-a-w C:\WINDOWS\g28934546.exe
    2007-06-17 15:36:28 71,680 —-a-w C:\WINDOWS\g27526812.exe
    2007-06-17 15:16:26 71,680 —-a-w C:\WINDOWS\g26325437.exe
    2007-06-17 14:54:26 71,680 —-a-w C:\WINDOWS\g25005421.exe
    2007-06-17 14:32:26 71,680 —-a-w C:\WINDOWS\g23684953.exe
    2007-06-17 12:38:24 71,680 —-a-w C:\WINDOWS\g16842953.exe
    2007-06-17 12:16:24 71,680 —-a-w C:\WINDOWS\g15523062.exe
    2007-06-17 11:56:23 71,680 —-a-w C:\WINDOWS\g14321906.exe
    2007-06-17 11:34:24 71,680 —-a-w C:\WINDOWS\g13002765.exe
    2007-06-17 11:12:23 71,680 —-a-w C:\WINDOWS\g11680468.exe
    2007-06-17 10:50:23 71,680 —-a-w C:\WINDOWS\g10360328.exe
    2007-06-17 10:28:25 71,680 —-a-w C:\WINDOWS\g9041828.exe
    2007-06-17 10:06:22 71,680 —-a-w C:\WINDOWS\g7719281.exe
    2007-06-17 09:46:19 71,680 —-a-w C:\WINDOWS\g6515843.exe
    2007-06-17 09:24:21 71,680 —-a-w C:\WINDOWS\g5197828.exe
    2007-06-17 09:04:18 71,680 —-a-w C:\WINDOWS\g3995046.exe
    2007-06-17 08:42:18 71,680 —-a-w C:\WINDOWS\g2674843.exe
    2007-06-17 08:22:16 71,680 —-a-w C:\WINDOWS\g1473093.exe
    2007-06-17 08:04:19 71,680 —-a-w C:\WINDOWS\g395875.exe
    2007-06-16 10:41:20 63,040 —-a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-06-16 09:10:03 3,072 —-a-w C:\WINDOWS\system32\drivers\kcp.sys
    2007-06-16 09:10:02 53,248 —-a-w C:\WINDOWS\system32\oleauth32.dll
    2007-06-16 09:09:54 7,200 —-a-w C:\gghdwaq.exe
    2007-06-16 09:09:54 1,536 —-a-w C:\bwarny.exe
    2007-06-13 12:25:10 ——– d—–w C:\Program Files\Creative
    2007-06-12 07:03:45 498,176 —-a-w C:\WINDOWS\system32\Dominator 2007.scr
    2007-06-12 07:03:45 498,176 —-a-w C:\WINDOWS\system32\Dominator 2007.exe
    2007-06-09 12:11:23 ——– d—–w C:\Program Files\Windows Live
    2007-06-06 15:33:02 ——– d—–w C:\Program Files\Media Player Classic
    2007-06-04 13:18:48 9,344 —-a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 13:17:02 8,320 —-a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 13:14:56 6,272 —-a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-06-03 06:26:49 552 —-a-w C:\WINDOWS\system32\d3d8caps.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2698D627-F846-4CB2-BFE6-D799E9933087}]
    C:\WINDOWS\system32\vfytpfjf.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
    2007-07-28 13:00 69140 –a—— C:\WINDOWS\system32\fwrmtual.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1159422-16E3-462F-A93D-FB718E100408}]
    2007-06-20 10:35 70656 –a—— C:\WINDOWS\system32\d3dxim.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00]
    "BCD2000"="%SystemRoot%\system32\bcd2kcpan.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
    "WebcamMaxMoniter"="D:\Program Files\WebcamMax\CAMTHINS.exe" []
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34]
    "Steam"="D:\Program Files\Steam\Steam.exe" [2007-06-28 07:54]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "VoipBuster"="D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" []
    "AWMON"="D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" [2005-05-25 12:12]

    C:\Documents and Settings\Jesse\Menu Start\Programma's\Opstarten\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
    Adobe Reader Synchronizer.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
    BlueSoleil.lnk - D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 18:33:36]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{D1159422-16E3-462F-A93D-FB718E100408}"= C:\WINDOWS\system32\d3dxim.dll [2007-06-20 10:35 70656]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\dacbdfdbfa]
    C:\WINDOWS\system32\dacbdfdbfa.dll 2007-07-21 17:52 93184 C:\WINDOWS\system32\dacbdfdbfa.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ssqooll]
    ssqooll.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winmxw32]
    winmxw32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\wudb]
    C:\WINDOWS\system32\wudb.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    R0 BTHidMgr;Bluetooth HID Manager Service;C:\WINDOWS\system32\Drivers\BTHidMgr.sys
    R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys
    R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
    R1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys
    R1 NetBT;NetBios over Tcpip;C:\WINDOWS\system32\DRIVERS
    etbt.sys
    R3 BT;Bluetooth PAN Network Adapter;C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
    R3 Btcsrusb;Bluetooth USB For Bluetooth Service;C:\WINDOWS\system32\Drivers\btcusb.sys
    R3 BTHidEnum;Bluetooth HID Enumerator;C:\WINDOWS\system32\DRIVERS\vbtenum.sys
    R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    R3 irsir;Microsoft-stuurprogramma voor serieel infraroodapparaat;C:\WINDOWS\system32\DRIVERS\irsir.sys
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART-stuurprogramma;C:\WINDOWS\system32\drivers\msmpu401.sys
    R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
    R3 VComm;Virtual Serial port driver;C:\WINDOWS\system32\DRIVERS\VComm.sys
    R3 VcommMgr;Bluetooth VComm Manager Service;C:\WINDOWS\system32\Drivers\VcommMgr.sys
    S2 BlueSoleil Hid Service;BlueSoleil Hid Service;D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
    S3 BCD2000;Behringer BCD2000 V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000.SYS
    S3 BCD2000WDM;Behringer BCD2000WDM V1.0.0.6;C:\WINDOWS\system32\Drivers\BCD2000WDM.SYS
    S3 BlueletAudio;Bluetooth Audio Service;C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
    S3 BlueletSCOAudio;Bluetooth SCO Audio Service;C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
    S3 NABTSFEC;NABTS/FEC VBI Codec;C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    S3 PnkBstrK;PnkBstrK;\??\C:\WINDOWS\system32\drivers\PnkBstrK.sys


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-29 22:05:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    scanning hidden files …

    **************************************************************************

    Completion time: 2007-07-29 22:09:24 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-07-29 22:08

    — E O F —






    ——————————————————————————————————–

    HJThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:11:14, on 29-7-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\system32\bcd2kcpan.exe
    C:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Steam\Steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\Documents and Settings\Jesse\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/en/index.xml
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: (no name) - {2698D627-F846-4CB2-BFE6-D799E9933087} - C:\WINDOWS\system32\vfytpfjf.dll (file missing)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\fwrmtual.dll
    O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100408} - C:\WINDOWS\system32\d3dxim.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [BCD2000] %SystemRoot%\system32\bcd2kcpan.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\CAMTHINS.exe" /m
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O15 - Trusted Zone: *.stumbleupon.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB60} (Flatcast Producer 4.15) - http://www.flatcast.com/obj/NpFp415.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/de/download/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: dacbdfdbfa - C:\WINDOWS\system32\dacbdfdbfa.dll
    O20 - Winlogon Notify: ssqooll - ssqooll.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
    O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe (file missing)
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
  • Ik zou heel graag 2 bestandjes van je hebben.
    Zou je dit even voor me willen doen?
    Ga naar deze site: http://www.bleepingcomputer.com/submit-malware.php?channel=11
    Bij "Link to topic where this file was requested:" plaats je een link naar dit topic.
    Bij "Browse to the file you want to submit:" klik je op de knop "Bladeren" en navigeer je naar dit bestand: [b:2836efe89b]C:\WINDOWS\system32\d3dxim.dll [/b:2836efe89b]
    Klik daarna op de knop "Send file".

    Doe dit ook voor C:\WINDOWS\system32\dacbdfdbfa.dll
  • Daarna doe je dit:
    Open een kladblokbestand.
    Kopieer de ondestaande code, en plak deze in het kladblokbestand.
    Sla het kladblokbestand op als CFScript.txt
    [code:1:124ed60999]
    File::
    C:\WINDOWS\system32\fwrmtual.dll
    C:\WINDOWS\system32\d3dxim.dll
    C:\WINDOWS\system32\dacbdfdbfa.dll
    C:\WINDOWS\g33913203.exe
    C:\WINDOWS\g32587968.exe
    C:\WINDOWS\g31265093.exe
    C:\WINDOWS\g159875.exe
    C:\WINDOWS\g37761078.exe
    C:\WINDOWS\g36545078.exe
    C:\WINDOWS\g33868765.exe
    C:\WINDOWS\g30315718.exe
    C:\WINDOWS\g29113796.exe
    C:\WINDOWS\g27914296.exe
    C:\WINDOWS\g26593718.exe
    C:\WINDOWS\g25272015.exe
    C:\WINDOWS\g23954890.exe
    C:\WINDOWS\g22753046.exe
    C:\WINDOWS\g21555531.exe
    C:\WINDOWS\g20226890.exe
    C:\WINDOWS\g19027984.exe
    C:\WINDOWS\g17711718.exe
    C:\WINDOWS\g16392468.exe
    C:\WINDOWS\g15195140.exe
    c:\WINDOWS\g13990015.exe
    C:\WINDOWS\g12662468.exe
    C:\WINDOWS\g11458843.exe
    C:\WINDOWS\g10252765.exe
    C:\WINDOWS\g8932390.exe
    C:\WINDOWS\g7616000.exe
    C:\WINDOWS\g6416000.exe
    C:\WINDOWS\g5215984.exe
    C:\WINDOWS\g4012593.exe
    C:\WINDOWS\g2800156.exe
    C:\WINDOWS\g1477671.exe
    C:\WINDOWS\g278890.exe
    C:\WINDOWS\g1716968.exe
    C:\WINDOWS\g7965125.exe
    C:\WINDOWS\g6764812.exe
    C:\WINDOWS\g5446203.exe
    C:\WINDOWS\g4127156.exe
    C:\WINDOWS\g2925062.exe
    C:\WINDOWS\g1724640.exe
    C:\WINDOWS\g395593.exe
    C:\WINDOWS\g3161765.exe
    C:\WINDOWS\g1956796.exe
    C:\WINDOWS\g631406.exe
    C:\WINDOWS\g276859.exe
    C:\WINDOWS\g15638546.exe
    C:\WINDOWS\g396953.exe
    C:\WINDOWS\g29719109.exe
    C:\WINDOWS\g28397531.exe
    C:\WINDOWS\g27792953.exe
    C:\WINDOWS\g9416687.exe
    C:\WINDOWS\g8211046.exe
    C:\WINDOWS\g271515.exe
    C:\WINDOWS\g39414468.exe
    C:\WINDOWS\g28934546.exe
    C:\WINDOWS\g27526812.exe
    C:\WINDOWS\g26325437.exe
    C:\WINDOWS\g25005421.exe
    C:\WINDOWS\g23684953.exe
    C:\WINDOWS\g16842953.exe
    C:\WINDOWS\g15523062.exe
    C:\WINDOWS\g14321906.exe
    C:\WINDOWS\g13002765.exe
    C:\WINDOWS\g11680468.exe
    C:\WINDOWS\g10360328.exe
    C:\WINDOWS\g9041828.exe
    C:\WINDOWS\g7719281.exe
    C:\WINDOWS\g6515843.exe
    C:\WINDOWS\g5197828.exe
    c:\WINDOWS\g3995046.exe
    C:\WINDOWS\g2674843.exe
    C:\WINDOWS\g1473093.exe
    C:\WINDOWS\g395875.exe
    C:\gghdwaq.exe
    C:\bwarny.exe
    [/code:1:124ed60999]
    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe
    [img:124ed60999]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:124ed60999]
    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
    Maak een nieuwe hijackthislog en post deze ook.
  • Hee Marc,
    Ik had dat dus gedaan
    De exe file lijst gekopieerd, opgeslagen als CFScript.txt en dan in ComboFix gesleept.
    Daarna startte hij opnieuw op (dat stond ook in ComboFix)
    En zodra hij weer opstartte kwam na de bios te staan dat "hal.dll" word gemist/kapot is.
    En nu start mijn PC niet meer op (zit op andere pc)

    Wat moet ik doen?
  • Hopelijk heb je een windows installatiecd bij de hand?

    boot van de cd en start recovery console.
    Log in je windows installatie en geef vervolgens dit commando in

    [b:b7b68744b6]BootCfg /Rebuild
    Fixboot[/b:b7b68744b6]
    Volg de instructies.
  • zie ook http://support.microsoft.com/kb/314477
  • Ik heb meteen heel windows er opnieuw op gedaan, heb er nu geen last meer van.

    (De meeste files stonden op D)
    Moet ik toch effe een Hijack logje achterlaten??
  • Een nieuwe log lijkt me niet nodig.
    Bij een nieuwe installatie zou de computer malwarevrij moeten zijn.
  • Ok, toch bedankt voor je hulp. :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.