Vraag & Antwoord

Beveiliging & privacy

HijackThis report

15 antwoorden
  • Onderstaand rapport is van HijackThis. Kan iemand de resultaten voor mij vertalen. Ik vermoed dat de computer ondanks scans nog bedreigingen bevat. Bovendien staan er nog duizenden pos.tmp bestanden op de schijf, die ik er met geen mogelijkheid af krijg. Hoe verwijder ik deze? Willem Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41:27, on 12-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\lxdicoms.exe C:\Program Files\Router\Router.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\HiJackThis.exe C:\WINDOWS\SoftwareDistribution\Download\49f9356de17faaef8b71e538a183c321\update\update.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=NL&range=AD&phase=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiomarimanga.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1043 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\System32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\formatsys.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-835208182-2548316670-3541621641-1013\..\Run: [Router] C:\Program Files\Router\Router.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?f37d44ac492924dc063287e7256ff18ecfd47e0337570ba83184e71c504e963b95236c868425298f89b447183f619d26ee6674e426fe125aa66fafc22061bd61e2ef0b3c25:9aba7c18c9800e1f1bca9acc387e48ea O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00FD272.dat O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe -- End of file - 6462 bytes
  • Download [b:26c6a049d9][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url][/b:26c6a049d9] naar je [b:26c6a049d9]bureaublad[/b:26c6a049d9] Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate. OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:26c6a049d9]download Combofix opnieuw[/b:26c6a049d9]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen! Dubbelklik op [u:26c6a049d9]combofix.exe[/u:26c6a049d9] Kies voor "Continue" door [b:26c6a049d9]1[/b:26c6a049d9] te typen gevolgd door [b:26c6a049d9]ENTER[/b:26c6a049d9]. Tijdens het runnen van de fix, [b:26c6a049d9]NIET[/b:26c6a049d9] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:26c6a049d9]combofix.txt[/b:26c6a049d9] openen. [i:26c6a049d9]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:26c6a049d9] Succes! Pim
  • ComboFix gedraaid en meteen al een hele stap verder! Hieronder het rapport (drastisch ingekort, want het was ondoenlijk om die hele lap tekst hier in te voegen: weggelaten zijn de meldingen van alle pos.tmp en .dll bestanden die het programma verwijderd heeft). Verder ook een nieuwe HijackThis. In de map Mijn Documenten heb ik zelf nog duizenden pos.tmp bestanden handmatig verwijderd. Vreemd vind ik nog router.exe (nog steeds actief in lijst processen). Verder geen meldingen meer van systeemfouten en de twee icoontjes op het bureaublad die steeds terug kwamen zijn ook weg. -------------------- ComboFix -------------------- ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))) . 2008-01-13 10:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 10:53 . 2008-01-13 15:07 <DIR> dr-h----- C:\Documents and Settings\Luljetaa & Vjoletaa\Onlangs geopend 2008-01-12 16:13 . 2008-01-13 10:52 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2008-01-12 16:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-01-12 15:37 . 2008-01-13 10:26 415 ---hs---- C:\WINDOWS\system32\pocfwblj.ini 2008-01-12 15:30 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-01-12 15:30 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-01-12 15:30 . 2006-08-21 13:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-01-12 15:20 . 2008-01-12 15:20 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-01-12 15:00 . 2008-01-13 10:55 <DIR> d-------- C:\VundoFix Backups 2008-01-12 14:53 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-11 22:03 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-11 22:03 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-11 22:03 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-11 22:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-11 22:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-11 22:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-11 22:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-11 22:00 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-11 21:59 . 2008-01-11 21:59 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-11 21:43 . 2008-01-11 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-11 21:40 . 2008-01-11 21:42 <DIR> d--h----- C:\RD4B335D2AF9F44185AFC417F8D8D4B473DR 2008-01-11 21:39 . 2008-01-11 21:39 <DIR> d-------- C:\Program Files\AusLogics Registry Defrag 2008-01-11 19:39 . 2008-01-11 22:49 128 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe 2008-01-11 19:14 . 2008-01-11 19:14 <DIR> d-------- C:\Documents and Settings\luljeta shala\Bureaublad 2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d-------- C:\Program Files\Avira 2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d-------- C:\WINDOWS\provisioning 2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d-------- C:\WINDOWS\peernet 2008-01-11 18:58 . 2008-01-11 18:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-01-11 18:51 . 2008-01-11 18:51 <DIR> d-------- C:\WINDOWS\EHome 2008-01-11 16:55 . 2008-01-11 19:20 <DIR> d-------- C:\Program Files\CCleaner 2008-01-11 16:34 . 2008-01-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-11 15:57 . 2008-01-11 15:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-11 15:25 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-11 15:25 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-01-08 14:48 . 2008-01-09 20:19 1,049,629 ---hs---- C:\WINDOWS\system32\aamamnll.ini 2008-01-08 14:47 . 2008-01-08 14:47 37,888 --a------ C:\WINDOWS\system32\opnmnop.dll 2008-01-07 18:14 . 2008-01-08 14:45 1,043,855 ---hs---- C:\WINDOWS\system32\ryhgwvws.ini 2008-01-07 18:14 . 2008-01-07 18:14 37,888 --a------ C:\WINDOWS\system32\awttust.dll 2008-01-07 18:14 . 2008-01-07 18:14 260 --a------ C:\6589.bat 2008-01-04 12:43 . 2008-01-05 13:09 1,043,920 ---hs---- C:\WINDOWS\system32\ityvoajr.ini 2008-01-04 11:40 . 2008-01-04 12:16 1,038,424 ---hs---- C:\WINDOWS\system32\mnbqmmng.ini 2008-01-03 19:01 . 2008-01-04 10:53 1,039,144 ---hs---- C:\WINDOWS\system32\cteotmwq.ini 2008-01-03 18:17 . 2008-01-03 18:56 1,039,024 ---hs---- C:\WINDOWS\system32\yijnyvuk.ini 2008-01-03 14:46 . 2008-01-03 18:13 1,036,702 ---hs---- C:\WINDOWS\system32\qbxqekma.ini 2008-01-03 14:46 . 2008-01-13 11:08 134,333 ---hs---- C:\WINDOWS\system32\qqtwa.ini2 2008-01-03 12:56 . 2008-01-03 14:42 1,032,113 ---hs---- C:\WINDOWS\system32\xlglcyok.ini 2008-01-02 18:30 . 2008-01-03 12:52 1,031,698 ---hs---- C:\WINDOWS\system32\fbqnblyw.ini 2008-01-02 17:31 . 2008-01-02 18:26 1,031,578 ---hs---- C:\WINDOWS\system32\pwyuxdoo.ini 2008-01-02 14:25 . 2008-01-02 17:27 1,031,458 ---hs---- C:\WINDOWS\system32\luikxrju.ini 2008-01-01 18:39 . 2008-01-02 10:11 1,031,559 ---hs---- C:\WINDOWS\system32\ipiiwgvk.ini 2007-12-30 14:23 . 2008-01-01 18:36 1,031,439 ---hs---- C:\WINDOWS\system32\mrxsaeww.ini 2007-12-30 11:39 . 2007-12-30 14:21 1,031,319 ---hs---- C:\WINDOWS\system32\tdwhrtcr.ini 2007-12-30 09:45 . 2007-12-30 11:38 1,031,199 ---hs---- C:\WINDOWS\system32\hhjjoecg.ini 2007-12-29 20:25 . 2007-12-30 09:25 1,031,199 ---hs---- C:\WINDOWS\system32\byjhcnyv.ini 2007-12-29 10:25 . 2007-12-29 16:29 1,031,559 ---hs---- C:\WINDOWS\system32\xjwfwarh.ini 2007-12-28 18:29 . 2007-12-29 10:23 1,031,439 ---hs---- C:\WINDOWS\system32\wysufjyk.ini 2007-12-28 15:39 . 2007-12-28 18:27 1,031,319 ---hs---- C:\WINDOWS\system32\gmvtgevg.ini 2007-12-28 15:00 . 2007-12-28 15:38 1,031,199 ---hs---- C:\WINDOWS\system32\mkxomddn.ini 2007-12-28 14:22 . 2007-12-28 14:39 1,031,439 ---hs---- C:\WINDOWS\system32\puwqnvrh.ini 2007-12-28 13:34 . 2007-12-28 14:21 1,031,319 ---hs---- C:\WINDOWS\system32\kimjbtfn.ini 2007-12-28 12:27 . 2007-12-28 13:31 1,031,199 ---hs---- C:\WINDOWS\system32\hvpmfpek.ini 2007-12-28 11:36 . 2007-12-28 12:03 1,031,559 ---hs---- C:\WINDOWS\system32\llulfvxn.ini 2007-12-28 11:22 . 2007-12-28 11:34 1,031,439 ---hs---- C:\WINDOWS\system32\epqrryda.ini 2007-12-28 11:01 . 2007-12-28 11:20 1,031,319 ---hs---- C:\WINDOWS\system32\mwwoutqm.ini 2007-12-28 10:33 . 2007-12-28 11:00 1,031,199 ---hs---- C:\WINDOWS\system32\bpdwpkvg.ini 2007-12-28 09:47 . 2007-12-28 10:11 1,031,499 ---hs---- C:\WINDOWS\system32\lcdtsfvq.ini 2007-12-28 09:12 . 2007-12-28 09:43 1,031,379 ---hs---- C:\WINDOWS\system32\yfjvvppr.ini 2007-12-27 20:54 . 2007-12-28 09:09 1,031,259 ---hs---- C:\WINDOWS\system32\ofyaeuvr.ini 2007-12-27 20:36 . 2007-12-27 20:51 1,031,199 ---hs---- C:\WINDOWS\system32\aurysfmy.ini 2007-12-27 20:21 . 2007-12-27 20:21 260 --a------ C:\7998.bat 2007-12-27 20:21 . 2007-12-27 20:21 77 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat 2007-12-27 20:08 . 2007-12-27 20:17 1,031,199 ---hs---- C:\WINDOWS\system32\vxxvgwkq.ini 2007-12-27 19:59 . 2007-12-27 19:59 77 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat 2007-12-27 19:49 . 2007-12-27 19:59 982,994 ---hs---- C:\WINDOWS\system32\keacldfb.ini 2007-12-27 19:38 . 2007-12-27 19:46 1,031,439 ---hs---- C:\WINDOWS\system32\bwsfkkqs.ini 2007-12-27 19:28 . 2007-12-27 19:28 260 --a------ C:\9397.bat 2007-12-27 19:02 . 2007-12-27 19:23 1,031,259 ---hs---- C:\WINDOWS\system32\eexdaqmt.ini 2007-12-27 17:03 . 2007-12-27 17:03 260 --a------ C:\2082.bat 2007-12-27 17:00 . 2007-12-27 17:12 1,031,559 ---hs---- C:\WINDOWS\system32\hwqejoli.ini 2007-12-27 16:35 . 2007-12-27 16:59 1,031,439 ---hs---- C:\WINDOWS\system32\gidafxgi.ini 2007-12-27 14:29 . 2007-12-27 16:30 1,031,319 ---hs---- C:\WINDOWS\system32\jqfpkpno.ini 2007-12-27 14:07 . 2007-12-27 14:25 1,029,790 ---hs---- C:\WINDOWS\system32\josohsrv.ini 2007-12-27 10:28 . 2007-12-27 10:28 260 --a------ C:\2502.bat 2007-12-27 10:27 . 2007-12-27 13:49 1,029,790 ---hs---- C:\WINDOWS\system32\cphchufq.ini 2007-12-26 19:54 . 2007-12-27 10:08 1,027,702 ---hs---- C:\WINDOWS\system32\kaqmkicw.ini 2007-12-26 19:25 . 2007-12-26 19:50 1,027,582 ---hs---- C:\WINDOWS\system32\xhslvhuc.ini 2007-12-26 18:43 . 2007-12-26 19:10 1,027,702 ---hs---- C:\WINDOWS\system32\fbcljfbg.ini 2007-12-26 18:24 . 2007-12-26 18:42 1,027,582 ---hs---- C:\WINDOWS\system32\iitlkyfi.ini 2007-12-26 12:41 . 2007-12-26 18:12 1,027,642 ---hs---- C:\WINDOWS\system32\ngvxseaf.ini 2007-12-26 10:38 . 2007-12-26 11:02 1,018,742 ---hs---- C:\WINDOWS\system32\upfkmftc.ini 2007-12-26 09:51 . 2007-12-26 10:34 1,018,622 ---hs---- C:\WINDOWS\system32\wnbrdukj.ini 2007-12-25 20:13 . 2007-12-26 09:14 1,018,862 ---hs---- C:\WINDOWS\system32\vooasukf.ini 2007-12-25 18:56 . 2007-12-25 20:10 1,018,742 ---hs---- C:\WINDOWS\system32\odseduoh.ini 2007-12-25 18:30 . 2007-12-25 18:55 1,018,622 ---hs---- C:\WINDOWS\system32\bnefaykv.ini 2007-12-25 17:08 . 2007-12-25 17:48 1,018,062 ---hs---- C:\WINDOWS\system32\hqiglylo.ini 2007-12-25 16:26 . 2007-12-25 16:46 1,017,967 ---hs---- C:\WINDOWS\system32\wrnjdhrx.ini 2007-12-25 15:56 . 2007-12-25 16:23 1,017,847 ---hs---- C:\WINDOWS\system32\gpcycuwb.ini 2007-12-25 15:22 . 2007-12-25 15:52 1,013,190 ---hs---- C:\WINDOWS\system32\byhfjnji.ini . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\bowscopygplbias 2008-01-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-11 15:53 --------- d-----w C:\Program Files\Logitech 2008-01-11 15:52 --------- d-----w C:\Program Files\Java 2008-01-11 15:34 --------- d-----w C:\Program Files\Lavasoft 2008-01-11 14:54 --------- d-----w C:\Program Files\Sonic 2007-12-23 09:44 134 ----a-w C:\n.bat 2007-12-06 14:46 260 ----a-w C:\9512.bat 2007-12-06 11:49 260 ----a-w C:\8232.bat 2007-12-02 07:50 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2007-12-02 07:50 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series 2007-11-30 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr 2007-11-30 16:11 278,548 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-11-25 08:07 --------- d-----w C:\Program Files\MSN Messenger 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280D88AE-CE64-4BE7-8E52-551B34657A15}] C:\WINDOWS\System32\kgsyksuy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5231DF7D-A750-42D9-A5E6-0D571C3A080d}] C:\WINDOWS\System32\kgsyksuy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598DD3A8-E10F-44B2-9253-EEEB07706F7D}] C:\WINDOWS\System32\awtqq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a}] C:\WINDOWS\System32\kgsyksuy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B818DDD6-F572-460D-BCA6-EAF1AB6B31E1}] C:\WINDOWS\System32\kgsyksuy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0AFA514-6CFB-3D29-8F5C-4FE6708709E4}] C:\WINDOWS\System32\kjjrtw.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Router"="C:\Program Files\Router\Router.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 10:33 249896] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "avnort"= C:\WINDOWS\System32\serbw.exe "ltwob"= C:\WINDOWS\System32\serbw.exe "serpe"= C:\WINDOWS\System32\formatsys.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxwwu] cbxxwwu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgd] C:\WINDOWS\System32\mljgd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnnm] ssqnnnm.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare Software.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare Software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Date Army Wma Spam] C:\Documents and Settings\All Users\Application Data\Peak ooze date army\Book Idle.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] --a------ 2007-07-16 17:54 311984 C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process] C:\WINDOWS\Fonts\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] C:\Program Files\Internet Optimizer\optimize313.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls] --a------ 2007-04-18 15:49 7116352 C:\program files\internetcalls.com\internetcalls\internetcalls.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --------- 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --------- 2004-06-01 11:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --------- 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --------- 2004-06-01 10:03 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2004-05-21 18:11 221184 C:\WINDOWS\System32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] --a------ 2007-07-16 17:54 25264 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] --a------ 2007-07-16 17:54 434864 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\Messenger Plus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCompromaat] C:\Program Files\NoCompromaat\GDC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-06-25 15:20 81920 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\retadpu1000627.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalesMonitor] C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart] C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer] --a------ 2007-09-24 18:58 82964 C:\WINDOWS\System32\hcowxxly.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook] --a------ 2004-04-16 14:53 249856 C:\WINDOWS\System32\keyhook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector] C:\Program Files\StorageProtector\SysRep.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ucookw] C:\PROGRA~1\STORAG~1\ucookw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uerscw] C:\Program Files\ErrorSafe Free\uerscw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugdccw] C:\PROGRA~1\NOCOMP~1\UGDCcw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uwxlof] C:\Program Files\Dxmd\Vqhrbwc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTiFQgdch] C:\WINDOWS\erqyfrno.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] C:\Program Files\WinPop\winpop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words] C:\Program Files\Words\Words.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\erqyfrno.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\erqyfrno.exe R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04] R2 lxdi_device;lxdi_device;C:\WINDOWS\System32\lxdicoms.exe [2007-06-11 15:14] R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 15:14] . Inhoud van de 'Gedeelde Taken' map "2007-12-07 15:04:18 C:\WINDOWS\Tasks\A07799F291881936.job" - c:\docume~1\luljeta\applic~1\memopi~1\filmaudioteam.exe "2005-10-21 18:00:01 C:\WINDOWS\Tasks\HDReg.job" - c:\Apps\HDReg\HDRegRem.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 18:14:08 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-13 18:25:22 - machine was rebooted [Luljetaa & Vjoletaa] ComboFix-quarantined-files.txt 2008-01-13 17:25:16 . 2008-01-13 09:53:05 --- E O F --- -------------------- Nieuwe HijackThis -------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:12, on 13-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe C:\WINDOWS\System32\lxdicoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiomarimanga.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1043 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {280D88AE-CE64-4BE7-8E52-551B34657A15} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {5231DF7D-A750-42D9-A5E6-0D571C3A080d} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {598DD3A8-E10F-44B2-9253-EEEB07706F7D} - C:\WINDOWS\System32\awtqq.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {B818DDD6-F572-460D-BCA6-EAF1AB6B31E1} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {C0AFA514-6CFB-3D29-8F5C-4FE6708709E4} - C:\WINDOWS\System32\kjjrtw.dll (file missing) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\System32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\formatsys.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?f37d44ac492924dc063287e7256ff18ecfd47e0337570ba83184e71c504e963b95236c868425298f89b447183f619d26ee6674e426fe125aa66fafc22061bd61e2ef0b3c25:9aba7c18c9800e1f1bca9acc387e48ea O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: cbxxwwu - cbxxwwu.dll (file missing) O20 - Winlogon Notify: mljgd - C:\WINDOWS\System32\mljgd.dll (file missing) O20 - Winlogon Notify: ssqnnnm - ssqnnnm.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe -- End of file - 7147 bytes
  • Prima dat je hem had ingekort, wil je volgende keer el het bovenste stukje met versie erbij plaatsen :) 1. Ga naar start --> configuratiescherm --> software en verwijder daar, [b:f9d9fa85d0]indien aanwezig[/b:f9d9fa85d0] [b:f9d9fa85d0] BullsEye Network Internet Optimizer internetcalls.com Media Gateway WinAntiSpyware 2007 StorageProtector SurfAccuracy ErrorSafe Free webHancer WinPop ISTsvc [/b:f9d9fa85d0] [i:f9d9fa85d0]*Note: het zou kunnen dat sommige programma's een iets wat andere benaming hebben. [/i:f9d9fa85d0] Na het verwijderen van deze programma's, herstart je PC. 2. Start Hijackthis, kies voor [i:f9d9fa85d0]'Do a system scan only'[/i:f9d9fa85d0] en vink onderstaande regels aan: [b:f9d9fa85d0] O2 - BHO: (no name) - {280D88AE-CE64-4BE7-8E52-551B34657A15} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {5231DF7D-A750-42D9-A5E6-0D571C3A080d} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {598DD3A8-E10F-44B2-9253-EEEB07706F7D} - C:\WINDOWS\System32\awtqq.dll (file missing) O2 - BHO: (no name) - {AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {B818DDD6-F572-460D-BCA6-EAF1AB6B31E1} - C:\WINDOWS\System32\kgsyksuy.dll (file missing) O2 - BHO: (no name) - {C0AFA514-6CFB-3D29-8F5C-4FE6708709E4} - C:\WINDOWS\System32\kjjrtw.dll (file missing) O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\System32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\serbw.exe O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\formatsys.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O20 - Winlogon Notify: cbxxwwu - cbxxwwu.dll (file missing) O20 - Winlogon Notify: mljgd - C:\WINDOWS\System32\mljgd.dll (file missing) O20 - Winlogon Notify: ssqnnnm - ssqnnnm.dll (file missing) [/b:f9d9fa85d0] Sluit nu [u:f9d9fa85d0]alle[/u:f9d9fa85d0] openstaande vensters, behalve Hijackthis en klik op [b:f9d9fa85d0]Fix Checked[/b:f9d9fa85d0]. 3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:f9d9fa85d0] File:: C:\WINDOWS\system32\pocfwblj.ini C:\WINDOWS\system32\aamamnll.ini C:\WINDOWS\system32\opnmnop.dll C:\WINDOWS\system32\awttust.dll C:\6589.bat C:\WINDOWS\system32\ityvoajr.ini C:\WINDOWS\system32\mnbqmmng.ini C:\WINDOWS\system32\cteotmwq.ini C:\WINDOWS\system32\yijnyvuk.ini C:\WINDOWS\system32\qbxqekma.ini C:\WINDOWS\system32\qqtwa.ini2 C:\WINDOWS\system32\xlglcyok.ini C:\WINDOWS\system32\fbqnblyw.ini C:\WINDOWS\system32\pwyuxdoo.ini C:\WINDOWS\system32\luikxrju.ini C:\WINDOWS\system32\ipiiwgvk.ini C:\WINDOWS\system32\mrxsaeww.ini C:\WINDOWS\system32\tdwhrtcr.ini C:\WINDOWS\system32\hhjjoecg.ini C:\WINDOWS\system32\byjhcnyv.ini C:\WINDOWS\system32\xjwfwarh.ini C:\WINDOWS\system32\wysufjyk.ini C:\WINDOWS\system32\gmvtgevg.ini C:\WINDOWS\system32\mkxomddn.ini C:\WINDOWS\system32\puwqnvrh.ini C:\WINDOWS\system32\kimjbtfn.ini C:\WINDOWS\system32\hvpmfpek.ini C:\WINDOWS\system32\llulfvxn.ini C:\WINDOWS\system32\epqrryda.ini C:\WINDOWS\system32\mwwoutqm.ini C:\WINDOWS\system32\bpdwpkvg.ini C:\WINDOWS\system32\lcdtsfvq.ini C:\WINDOWS\system32\yfjvvppr.ini C:\WINDOWS\system32\ofyaeuvr.ini C:\WINDOWS\system32\aurysfmy.ini C:\7998.bat C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat C:\WINDOWS\system32\vxxvgwkq.ini C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat C:\WINDOWS\system32\keacldfb.ini C:\WINDOWS\system32\bwsfkkqs.ini C:\9397.bat C:\WINDOWS\system32\eexdaqmt.ini C:\2082.bat C:\WINDOWS\system32\hwqejoli.ini C:\WINDOWS\system32\gidafxgi.ini C:\WINDOWS\system32\jqfpkpno.ini C:\WINDOWS\system32\josohsrv.ini C:\2502.bat C:\WINDOWS\system32\cphchufq.ini C:\WINDOWS\system32\kaqmkicw.ini C:\WINDOWS\system32\xhslvhuc.ini C:\WINDOWS\system32\fbcljfbg.ini C:\WINDOWS\system32\iitlkyfi.ini C:\WINDOWS\system32\ngvxseaf.ini C:\WINDOWS\system32\upfkmftc.ini C:\WINDOWS\system32\wnbrdukj.ini C:\WINDOWS\system32\vooasukf.ini C:\WINDOWS\system32\odseduoh.ini C:\WINDOWS\system32\bnefaykv.ini C:\WINDOWS\system32\hqiglylo.ini C:\WINDOWS\system32\wrnjdhrx.ini C:\WINDOWS\system32\gpcycuwb.ini C:\WINDOWS\system32\byhfjnji.ini C:\WINDOWS\system32\aswBoot.exe C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe C:\n.bat C:\8232.bat C:\9512.bat C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\System32\serbw.exe C:\WINDOWS\System32\formatsys.exe C:\WINDOWS\retadpu1000627.exe C:\WINDOWS\System32\hcowxxly.dll C:\WINDOWS\erqyfrno.exe C:\WINDOWS\Tasks\A07799F291881936.job Folder:: C:\VundoFix Backups C:\Documents and Settings\All Users\Application Data\bowscopygplbias C:\Program Files\BullsEye Network C:\Documents and Settings\All Users\Application Data\Peak ooze date army C:\Program Files\Internet Optimizer C:\program files\internetcalls.com C:\Program Files\Media Gateway C:\Program Files\Common Files\WinAntiSpyware 2007 C:\Program Files\StorageProtector C:\Program Files\SurfAccuracy C:\Program Files\ErrorSafe Free C:\PROGRA~1\NOCOMP~1 C:\Program Files\Dxmd C:\Program Files\webHancer C:\Program Files\WinPop C:\Program Files\ISTsvc Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280D88AE-CE64-4BE7-8E52-551B34657A15}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5231DF7D-A750-42D9-A5E6-0D571C3A080d}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598DD3A8-E10F-44B2-9253-EEEB07706F7D}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B818DDD6-F572-460D-BCA6-EAF1AB6B31E1}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0AFA514-6CFB-3D29-8F5C-4FE6708709E4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Router"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "avnort"=- "ltwob"=- "serpe"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxwwu] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgd] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnnm] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Date Army Wma Spam] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalesMonitor] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uerscw] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugdccw] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uwxlof] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTiFQgdch] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc\istsvc.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc\istsvc.exe] [/b:f9d9fa85d0] Sla dit op op je Bureaublad als [b:f9d9fa85d0]CFScript.txt[/b:f9d9fa85d0] Sleep [b:f9d9fa85d0]CFScript.txt[/b:f9d9fa85d0] in [b:f9d9fa85d0]ComboFix.exe[/b:f9d9fa85d0] zoals getoond in onderstaand voorbeeld : [img:f9d9fa85d0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:f9d9fa85d0] Dit zal [b:f9d9fa85d0]ComboFix[/b:f9d9fa85d0] doen herstarten. Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de [b:f9d9fa85d0]Combofix.txt[/b:f9d9fa85d0] in je volgende antwoord samen met een nieuw HijackThislogje. Succes! Pim :)
  • --------------------------------- Logbestand ComboFix --------------------------------- ComboFix 08-01-13.1 - Luljetaa & Vjoletaa 2008-01-14 18:17:26.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.42 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt FILE C:\2082.bat C:\2502.bat C:\6589.bat C:\7998.bat C:\8232.bat C:\9397.bat C:\9512.bat C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe C:\n.bat C:\WINDOWS\erqyfrno.exe C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\retadpu1000627.exe C:\WINDOWS\system32\aamamnll.ini C:\WINDOWS\system32\aswBoot.exe C:\WINDOWS\system32\aurysfmy.ini C:\WINDOWS\system32\awttust.dll C:\WINDOWS\system32\bnefaykv.ini C:\WINDOWS\system32\bpdwpkvg.ini C:\WINDOWS\system32\bwsfkkqs.ini C:\WINDOWS\system32\byhfjnji.ini C:\WINDOWS\system32\byjhcnyv.ini C:\WINDOWS\system32\cphchufq.ini C:\WINDOWS\system32\cteotmwq.ini C:\WINDOWS\system32\eexdaqmt.ini C:\WINDOWS\system32\epqrryda.ini C:\WINDOWS\system32\fbcljfbg.ini C:\WINDOWS\system32\fbqnblyw.ini C:\WINDOWS\System32\formatsys.exe C:\WINDOWS\system32\gidafxgi.ini C:\WINDOWS\system32\gmvtgevg.ini C:\WINDOWS\system32\gpcycuwb.ini C:\WINDOWS\System32\hcowxxly.dll C:\WINDOWS\system32\hhjjoecg.ini C:\WINDOWS\system32\hqiglylo.ini C:\WINDOWS\system32\hvpmfpek.ini C:\WINDOWS\system32\hwqejoli.ini C:\WINDOWS\system32\iitlkyfi.ini C:\WINDOWS\system32\ipiiwgvk.ini C:\WINDOWS\system32\ityvoajr.ini C:\WINDOWS\system32\josohsrv.ini C:\WINDOWS\system32\jqfpkpno.ini C:\WINDOWS\system32\kaqmkicw.ini C:\WINDOWS\system32\keacldfb.ini C:\WINDOWS\system32\kimjbtfn.ini C:\WINDOWS\system32\lcdtsfvq.ini C:\WINDOWS\system32\llulfvxn.ini C:\WINDOWS\system32\luikxrju.ini C:\WINDOWS\system32\mkxomddn.ini C:\WINDOWS\system32\mnbqmmng.ini C:\WINDOWS\system32\mrxsaeww.ini C:\WINDOWS\system32\mwwoutqm.ini C:\WINDOWS\system32\ngvxseaf.ini C:\WINDOWS\system32\odseduoh.ini C:\WINDOWS\system32\ofyaeuvr.ini C:\WINDOWS\system32\opnmnop.dll C:\WINDOWS\system32\pocfwblj.ini C:\WINDOWS\system32\puwqnvrh.ini C:\WINDOWS\system32\pwyuxdoo.ini C:\WINDOWS\system32\qbxqekma.ini C:\WINDOWS\system32\qqtwa.ini2 C:\WINDOWS\System32\serbw.exe C:\WINDOWS\system32\tdwhrtcr.ini C:\WINDOWS\system32\upfkmftc.ini C:\WINDOWS\system32\vooasukf.ini C:\WINDOWS\system32\vxxvgwkq.ini C:\WINDOWS\system32\wnbrdukj.ini C:\WINDOWS\system32\wrnjdhrx.ini C:\WINDOWS\system32\wysufjyk.ini C:\WINDOWS\system32\xhslvhuc.ini C:\WINDOWS\system32\xjwfwarh.ini C:\WINDOWS\system32\xlglcyok.ini C:\WINDOWS\system32\yfjvvppr.ini C:\WINDOWS\system32\yijnyvuk.ini C:\WINDOWS\Tasks\A07799F291881936.job . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2082.bat C:\2502.bat C:\6589.bat C:\7998.bat C:\8232.bat C:\9397.bat C:\9512.bat C:\Documents and Settings\All Users\Application Data\bowscopygplbias C:\Documents and Settings\All Users\Application Data\bowscopygplbias\ballownsmulti C:\Documents and Settings\All Users\Application Data\bowscopygplbias\CopyNounMp3 C:\Documents and Settings\All Users\Application Data\bowscopygplbias\media jugs wipe C:\Documents and Settings\All Users\Application Data\bowscopygplbias\Stupid rdr nurb C:\n.bat C:\VundoFix Backups C:\VundoFix Backups\__c0011E63.dat.bad C:\VundoFix Backups\__c00120CA.dat.bad C:\VundoFix Backups\__c00184CF.dat.bad C:\VundoFix Backups\__c00238DE.dat.bad C:\VundoFix Backups\__c0024402.dat.bad C:\VundoFix Backups\__c002ACA1.dat.bad C:\VundoFix Backups\__c00324CC.dat.bad C:\VundoFix Backups\__c00451AF.dat.bad C:\VundoFix Backups\__c0047686.dat.bad C:\VundoFix Backups\__c0048E90.dat.bad C:\VundoFix Backups\__c00498B1.dat.bad C:\VundoFix Backups\__c004EC80.dat.bad C:\VundoFix Backups\__c004F7D0.dat.bad C:\VundoFix Backups\__c0050999.dat.bad C:\VundoFix Backups\__c0050A24.dat.bad C:\VundoFix Backups\__c0057C73.dat.bad C:\VundoFix Backups\__c005C708.dat.bad C:\VundoFix Backups\__c005DD0A.dat.bad C:\VundoFix Backups\__c005DD2.dat.bad C:\VundoFix Backups\__c005F90.dat.bad C:\VundoFix Backups\__c00622A1.dat.bad C:\VundoFix Backups\__c0063A10.dat.bad C:\VundoFix Backups\__c006C1AF.dat.bad C:\VundoFix Backups\__c006F0D8.dat.bad C:\VundoFix Backups\__c0074832.dat.bad C:\VundoFix Backups\__c007B214.dat.bad C:\VundoFix Backups\__c007D900.dat.bad C:\VundoFix Backups\__c00816D0.dat.bad C:\VundoFix Backups\__c008276E.dat.bad C:\VundoFix Backups\__c00839B1.dat.bad C:\VundoFix Backups\__c0083DDC.dat.bad C:\VundoFix Backups\__c0087D48.dat.bad C:\VundoFix Backups\__c0088990.dat.bad C:\VundoFix Backups\__c008B1EA.dat.bad C:\VundoFix Backups\__c0092131.dat.bad C:\VundoFix Backups\__c009C04F.dat.bad C:\VundoFix Backups\__c009FF10.dat.bad C:\VundoFix Backups\__c00A3598.dat.bad C:\VundoFix Backups\__c00A5396.dat.bad C:\VundoFix Backups\__c00A6F68.dat.bad C:\VundoFix Backups\__c00BAE76.dat.bad C:\VundoFix Backups\__c00C2F0B.dat.bad C:\VundoFix Backups\__c00C5412.dat.bad C:\VundoFix Backups\__c00CD4C6.dat.bad C:\VundoFix Backups\__c00D1BF8.dat.bad C:\VundoFix Backups\__c00D2DE1.dat.bad C:\VundoFix Backups\__c00D3D44.dat.bad C:\VundoFix Backups\__c00D44B4.dat.bad C:\VundoFix Backups\__c00D9C71.dat.bad C:\VundoFix Backups\__c00DA817.dat.bad C:\VundoFix Backups\__c00E5B32.dat.bad C:\VundoFix Backups\__c00E93EE.dat.bad C:\VundoFix Backups\__c00EB8EA.dat.bad C:\VundoFix Backups\__c00F2369.dat.bad C:\VundoFix Backups\__c00F54F9.dat.bad C:\VundoFix Backups\__c00F5DE7.dat.bad C:\VundoFix Backups\__c00F65B9.dat.bad C:\VundoFix Backups\__c00F7825.dat.bad C:\VundoFix Backups\__c00F8FD9.dat.bad C:\VundoFix Backups\acsqgrbd.exe.bad C:\VundoFix Backups\aefbaqtt.dll.bad C:\VundoFix Backups\anrsaujg.exe.bad C:\VundoFix Backups\awtqoom.dll.bad C:\VundoFix Backups\awtqroo.dll.bad C:\VundoFix Backups\awtttrp.dll.bad C:\VundoFix Backups\ayskpkty.dll.bad C:\VundoFix Backups\biddxsik.dll.bad C:\VundoFix Backups\bligxdar.dll.bad C:\VundoFix Backups\brcgpnju.dll.bad C:\VundoFix Backups\bwyxwdjl.dll.bad C:\VundoFix Backups\byxutss.dll.bad C:\VundoFix Backups\byxvwwv.dll.bad C:\VundoFix Backups\byxwwvt.dll.bad C:\VundoFix Backups\byxxxvs.dll.bad C:\VundoFix Backups\byxyaby.dll.bad C:\VundoFix Backups\byxyxvv.dll.bad C:\VundoFix Backups\cbdbebfx.dll.bad C:\VundoFix Backups\cbxurpp.dll.bad C:\VundoFix Backups\cbxuvts.dll.bad C:\VundoFix Backups\cpmduwgr.dll.bad C:\VundoFix Backups\crobhwok.dll.bad C:\VundoFix Backups\ddcbbyw.dll.bad C:\VundoFix Backups\ddccbxv.dll.bad C:\VundoFix Backups\djiuwwyh.ini.bad C:\VundoFix Backups\djqekqed.dll.bad C:\VundoFix Backups\dwkakjsy.dll.bad C:\VundoFix Backups\dwprupfs.dll.bad C:\VundoFix Backups\edalkknx.dll.bad C:\VundoFix Backups\efcaxxx.dll.bad C:\VundoFix Backups\efcbbxu.dll.bad C:\VundoFix Backups\efcywvt.dll.bad C:\VundoFix Backups\efnvlgqv.dll.bad C:\VundoFix Backups\eiwvbepp.exe.bad C:\VundoFix Backups\eknwfble.ini.bad C:\VundoFix Backups\elbfwnke.dll.bad C:\VundoFix Backups\esrthxxe.dll.bad C:\VundoFix Backups\fbsvjaht.dll.bad C:\VundoFix Backups\fccabab.dll.bad C:\VundoFix Backups\fccyxyy.dll.bad C:\VundoFix Backups\fcuxqurv.dll.bad C:\VundoFix Backups\fehytvpt.dll.bad C:\VundoFix Backups\feqdrkdw.dll.bad C:\VundoFix Backups\ferqfivv.exe.bad C:\VundoFix Backups\fntycshj.dll.bad C:\VundoFix Backups\gbewwboj.dll.bad C:\VundoFix Backups\gccefoin.dll.bad C:\VundoFix Backups\gebbywx.dll.bad C:\VundoFix Backups\gebcaww.dll.bad C:\VundoFix Backups\gebyvwv.dll.bad C:\VundoFix Backups\gebyxxw.dll.bad C:\VundoFix Backups\ggxftera.exe.bad C:\VundoFix Backups\gmobnwjj.dll.bad C:\VundoFix Backups\gpqvjpiv.dll.bad C:\VundoFix Backups\gucsmsgu.dll.bad C:\VundoFix Backups\hextaujp.dll.bad C:\VundoFix Backups\hfnpskhw.dll.bad C:\VundoFix Backups\hggdaxy.dll.bad C:\VundoFix Backups\hggdayv.dll.bad C:\VundoFix Backups\hggdefg.dll.bad C:\VundoFix Backups\hggfgdd.dll.bad C:\VundoFix Backups\hgggdcy.dll.bad C:\VundoFix Backups\hguwanoo.dll.bad C:\VundoFix Backups\hitehfum.dll.bad C:\VundoFix Backups\hocoudkx.exe.bad C:\VundoFix Backups\hqmwfxrl.dll.bad C:\VundoFix Backups\hqtkowic.dll.bad C:\VundoFix Backups\hvhgmsbg.exe.bad C:\VundoFix Backups\hyhxwfud.dll.bad C:\VundoFix Backups\hywwuijd.dll.bad C:\VundoFix Backups\iakodymq.dll.bad C:\VundoFix Backups\iifcbxv.dll.bad C:\VundoFix Backups\iifddba.dll.bad C:\VundoFix Backups\iifgded.dll.bad C:\VundoFix Backups\ijsueqwr.dll.bad C:\VundoFix Backups\imebpxwc.dll.bad C:\VundoFix Backups\iqxxpipu.dll.bad C:\VundoFix Backups\irfqmmbs.dll.bad C:\VundoFix Backups\ixytjqxh.dll.bad C:\VundoFix Backups\jadgixew.dll.bad C:\VundoFix Backups\jcgpghpu.dll.bad C:\VundoFix Backups\jdphvvxb.dll.bad C:\VundoFix Backups\jhscytnf.ini.bad C:\VundoFix Backups\jimfrqwa.dll.bad C:\VundoFix Backups\jkkjihf.dll.bad C:\VundoFix Backups\jkkklmn.dll.bad C:\VundoFix Backups\jkklklj.dll.bad C:\VundoFix Backups\jkkllml.dll.bad C:\VundoFix Backups\jkklmlk.dll.bad C:\VundoFix Backups\joasvnjo.exe.bad C:\VundoFix Backups\jsrjbbuv.dll.bad C:\VundoFix Backups\jswatfgt.dll.bad C:\VundoFix Backups\jxyxqtpx.dll.bad C:\VundoFix Backups\khfddax.dll.bad C:\VundoFix Backups\khffday.dll.bad C:\VundoFix Backups\kkdqjmnc.dll.bad C:\VundoFix Backups\kmfciwim.exe.bad C:\VundoFix Backups\kregvpsx.exe.bad C:\VundoFix Backups\kryirprs.dll.bad C:\VundoFix Backups\kvcywmkl.dll.bad C:\VundoFix Backups\lehtgvga.dll.bad C:\VundoFix Backups\lgdtyrnw.dll.bad C:\VundoFix Backups\ljjgdcc.dll.bad C:\VundoFix Backups\ljjhghi.dll.bad C:\VundoFix Backups\ljjkiij.dll.bad C:\VundoFix Backups\lspklfmf.dll.bad C:\VundoFix Backups\mdpxhvnj.dll.bad C:\VundoFix Backups\mjaomxty.dll.bad C:\VundoFix Backups\mljklkk.dll.bad C:\VundoFix Backups\mpuahffl.dll.bad C:\VundoFix Backups\mtlblwmn.dll.bad C:\VundoFix Backups\mutthuwu.dll.bad C:\VundoFix Backups\niofeccg.ini.bad C:\VundoFix Backups\nnnkhhg.dll.bad C:\VundoFix Backups\nnnmjih.dll.bad C:\VundoFix Backups\nnnmmlk.dll.bad C:\VundoFix Backups\nqpwwxll.dll.bad C:\VundoFix Backups\ogxoiejy.exe.bad C:\VundoFix Backups\oiupfdgf.exe.bad C:\VundoFix Backups\opnomnl.dll.bad C:\VundoFix Backups\opqfpqrf.dll.bad C:\VundoFix Backups\pfvjfapq.dll.bad C:\VundoFix Backups\pidjwenu.dll.bad C:\VundoFix Backups\pmfpwwah.exe.bad C:\VundoFix Backups\pmnmkih.dll.bad C:\VundoFix Backups\pmnnkjk.dll.bad C:\VundoFix Backups\psrtqusu.dll.bad C:\VundoFix Backups\qbdokftb.dll.bad C:\VundoFix Backups\qevpafpk.dll.bad C:\VundoFix Backups\qfikfhgn.dll.bad C:\VundoFix Backups\qfrqsdns.dll.bad C:\VundoFix Backups\qngqjfhw.dll.bad C:\VundoFix Backups\qomjghf.dll.bad C:\VundoFix Backups\qomnkij.dll.bad C:\VundoFix Backups\qpuxbafy.dll.bad C:\VundoFix Backups\qqhjifus.dll.bad C:\VundoFix Backups\qsppssri.dll.bad C:\VundoFix Backups\qtjwavso.dll.bad C:\VundoFix Backups\raluqfao.dll.bad C:\VundoFix Backups\rdexvqio.dll.bad C:\VundoFix Backups\reodcfwo.dll.bad C:\VundoFix Backups\rgcopefw.dll.bad C:\VundoFix Backups\ridepahp.dll.bad C:\VundoFix Backups\rjfeobew.dll.bad C:\VundoFix Backups\rooelnhr.dll.bad C:\VundoFix Backups\rqcejuyh.dll.bad C:\VundoFix Backups\rqrpopq.dll.bad C:\VundoFix Backups\rxdrkcxk.dll.bad C:\VundoFix Backups\sgkcqpvy.exe.bad C:\VundoFix Backups\sjqounss.dll.bad C:\VundoFix Backups\ssqonno.dll.bad C:\VundoFix Backups\ssqqron.dll.bad C:\VundoFix Backups\stirtcbe.exe.bad C:\VundoFix Backups\svfyjdnq.dll.bad C:\VundoFix Backups\tenwbdvd.dll.bad C:\VundoFix Backups\tfgwmnwn.dll.bad C:\VundoFix Backups\thfneguh.exe.bad C:\VundoFix Backups\tkokgovx.dll.bad C:\VundoFix Backups\tturanhl.dll.bad C:\VundoFix Backups\tuvvtro.dll.bad C:\VundoFix Backups\tuvwttu.dll.bad C:\VundoFix Backups\tyeqkskh.dll.bad C:\VundoFix Backups\ukeloglm.dll.bad C:\VundoFix Backups\unewjdip.ini.bad C:\VundoFix Backups\urqolii.dll.bad C:\VundoFix Backups\urqpqqp.dll.bad C:\VundoFix Backups\urqqnkl.dll.bad C:\VundoFix Backups\urqrqqr.dll.bad C:\VundoFix Backups\uwpkhmtf.exe.bad C:\VundoFix Backups\uwuhttum.ini.bad C:\VundoFix Backups\vbnscfae.dll.bad C:\VundoFix Backups\vdhprebl.dll.bad C:\VundoFix Backups\vhwjicou.dll.bad C:\VundoFix Backups\vmqsrldy.exe.bad C:\VundoFix Backups\vqglvnfe.ini.bad C:\VundoFix Backups\vrmaabth.dll.bad C:\VundoFix Backups\whfjqgnq.ini.bad C:\VundoFix Backups\wjdwrspy.dll.bad C:\VundoFix Backups\wmxlhnxm.exe.bad C:\VundoFix Backups\wvurrrq.dll.bad C:\VundoFix Backups\wvusrpn.dll.bad C:\VundoFix Backups\xcesdfxs.exe.bad C:\VundoFix Backups\xdcppdbb.dll.bad C:\VundoFix Backups\xdcppdbb.dllbox.bad C:\VundoFix Backups\xfbebdbc.ini.bad C:\VundoFix Backups\xgrswkoe.exe.bad C:\VundoFix Backups\xsaxsyim.dll.bad C:\VundoFix Backups\xuyfsnpu.dll.bad C:\VundoFix Backups\xxyywvt.dll.bad C:\VundoFix Backups\xxyyyax.dll.bad C:\VundoFix Backups\ycxkwtdf.dll.bad C:\VundoFix Backups\yjhfdjch.dll.bad C:\VundoFix Backups\ypsrwdjw.ini.bad C:\VundoFix Backups\ywumtgsu.dll.bad C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\system32\aamamnll.ini C:\WINDOWS\system32\abjnwnku.ini C:\WINDOWS\system32\acuymatv.ini C:\WINDOWS\system32\adpvoecc.ini C:\WINDOWS\system32\agvugwop.ini C:\WINDOWS\system32\ashfovss.ini C:\WINDOWS\system32\atpseulj.ini C:\WINDOWS\system32\aurysfmy.ini C:\WINDOWS\system32\awttust.dll C:\WINDOWS\system32\ayacpsxj.ini C:\WINDOWS\system32\ayjsefus.ini C:\WINDOWS\system32\bbqrqojm.ini C:\WINDOWS\system32\bfrxfbef.ini C:\WINDOWS\system32\bgdlnuxt.ini C:\WINDOWS\system32\bgylcxpo.ini C:\WINDOWS\system32\bimahrcs.ini C:\WINDOWS\system32\bnefaykv.ini C:\WINDOWS\system32\bpdwpkvg.ini C:\WINDOWS\system32\bplgcyla.ini C:\WINDOWS\system32\bsgqjwew.ini C:\WINDOWS\system32\bvhpteti.ini C:\WINDOWS\system32\bwsfkkqs.ini C:\WINDOWS\system32\byhfjnji.ini C:\WINDOWS\system32\byjhcnyv.ini C:\WINDOWS\system32\chllirsd.ini C:\WINDOWS\system32\cjjroikg.ini C:\WINDOWS\system32\cphchufq.ini C:\WINDOWS\system32\cpudvuyp.ini C:\WINDOWS\system32\crokoyfb.ini C:\WINDOWS\system32\cteotmwq.ini C:\WINDOWS\system32\cvbyjxtw.ini C:\WINDOWS\system32\cvtweyvt.ini C:\WINDOWS\system32\dbkjetuk.ini C:\WINDOWS\system32\dcgjdhwm.ini C:\WINDOWS\system32\dgjlm.bak1 C:\WINDOWS\system32\dgjlm.bak2 C:\WINDOWS\system32\dgjlm.ini C:\WINDOWS\system32\dgjlm.ini2 C:\WINDOWS\system32\dgjlm.tmp C:\WINDOWS\system32\djfgiplv.ini C:\WINDOWS\system32\dkmpieqx.ini C:\WINDOWS\system32\dmgajktv.ini C:\WINDOWS\system32\dthqfldf.ini C:\WINDOWS\system32\dweeakrs.ini C:\WINDOWS\system32\earkawbc.ini C:\WINDOWS\system32\eexdaqmt.ini C:\WINDOWS\system32\ejwwxwxu.ini C:\WINDOWS\system32\ekfbppqa.ini C:\WINDOWS\system32\ellnqhlm.ini C:\WINDOWS\system32\enyuihqq.ini C:\WINDOWS\system32\epqrryda.ini C:\WINDOWS\system32\eqasdywa.ini C:\WINDOWS\system32\esqfopdl.ini C:\WINDOWS\system32\fbcljfbg.ini C:\WINDOWS\system32\fbkbxqfl.ini C:\WINDOWS\system32\fbqnblyw.ini C:\WINDOWS\system32\fqcuugkt.ini C:\WINDOWS\system32\fuwcrvta.ini C:\WINDOWS\system32\gajsekgg.ini C:\WINDOWS\system32\gejritpt.ini C:\WINDOWS\system32\gfdvniqc.ini C:\WINDOWS\system32\gidafxgi.ini C:\WINDOWS\system32\gmjyxdgx.ini C:\WINDOWS\system32\gmvtgevg.ini C:\WINDOWS\system32\gmvyyhag.ini C:\WINDOWS\system32\gpcycuwb.ini C:\WINDOWS\system32\gsubasoo.ini C:\WINDOWS\system32\hasaocsc.ini C:\WINDOWS\system32\hbkloebh.ini C:\WINDOWS\System32\hcowxxly.dll C:\WINDOWS\system32\hehbleui.ini C:\WINDOWS\system32\hfcebbcv.ini C:\WINDOWS\system32\hhjjoecg.ini C:\WINDOWS\system32\hkbqtutw.ini C:\WINDOWS\system32\hmxyliqq.ini C:\WINDOWS\system32\hqiglylo.ini C:\WINDOWS\system32\hseeyghm.ini C:\WINDOWS\system32\hvpmfpek.ini C:\WINDOWS\system32\hwqejoli.ini C:\WINDOWS\system32\ifwmfjpn.ini C:\WINDOWS\system32\igoiikbb.ini C:\WINDOWS\system32\iitlkyfi.ini C:\WINDOWS\system32\ipdbkhhx.ini C:\WINDOWS\system32\ipiiwgvk.ini C:\WINDOWS\system32\irkdhuop.ini C:\WINDOWS\system32\ityvoajr.ini C:\WINDOWS\system32\jbrmermy.ini C:\WINDOWS\system32\jfphcsuw.ini C:\WINDOWS\system32\jmafqhsd.ini C:\WINDOWS\system32\josohsrv.ini C:\WINDOWS\system32\jqfpkpno.ini C:\WINDOWS\system32\kaqmkicw.ini C:\WINDOWS\system32\kbclshvn.ini C:\WINDOWS\system32\keacldfb.ini C:\WINDOWS\system32\kektacrs.ini C:\WINDOWS\system32\khvxiwkm.ini C:\WINDOWS\system32\kimjbtfn.ini C:\WINDOWS\system32\koljkgte.ini C:\WINDOWS\system32\kpikknqw.ini C:\WINDOWS\system32\kryxmyyk.ini C:\WINDOWS\system32\ksqrycxf.ini C:\WINDOWS\system32\kuffhugm.ini C:\WINDOWS\system32\kyvulgdf.ini C:\WINDOWS\system32\lcdtsfvq.ini C:\WINDOWS\system32\ldoohteu.ini C:\WINDOWS\system32\llulfvxn.ini C:\WINDOWS\system32\lskjctug.ini C:\WINDOWS\system32\ltdmplne.ini C:\WINDOWS\system32\luikxrju.ini C:\WINDOWS\system32\mautcsol.ini C:\WINDOWS\system32\melqhmct.ini C:\WINDOWS\system32\mjqmkgqf.ini C:\WINDOWS\system32\mkxomddn.ini C:\WINDOWS\system32\mnbqmmng.ini C:\WINDOWS\system32\mpbvdavc.ini C:\WINDOWS\system32\mrxsaeww.ini C:\WINDOWS\system32\msqndffr.ini C:\WINDOWS\system32\mthnsywi.ini C:\WINDOWS\system32\mtmcmvmo.ini C:\WINDOWS\system32\mwjidgro.ini C:\WINDOWS\system32\mwwoutqm.ini C:\WINDOWS\system32\myjsvmjm.ini C:\WINDOWS\system32\myvyqsxo.ini C:\WINDOWS\system32\ncqgveok.ini C:\WINDOWS\system32\ngvxseaf.ini C:\WINDOWS\system32\noubeggk.ini C:\WINDOWS\system32\nrxyxggn.ini C:\WINDOWS\system32\odseduoh.ini C:\WINDOWS\system32\ofyaeuvr.ini C:\WINDOWS\system32\ogbndlqn.ini C:\WINDOWS\system32\ogmwasno.ini C:\WINDOWS\system32\omwlerch.ini C:\WINDOWS\system32\onmrpytf.ini C:\WINDOWS\system32\oooilrod.ini C:\WINDOWS\system32\opnmnop.dll C:\WINDOWS\system32\ovrjwqll.ini C:\WINDOWS\system32\owdmuhgq.ini C:\WINDOWS\system32\pakybsse.ini C:\WINDOWS\system32\peieqnur.ini C:\WINDOWS\system32\pgvcsnev.ini C:\WINDOWS\system32\piojdkms.ini C:\WINDOWS\system32\pjwaikbn.ini C:\WINDOWS\system32\pknilfho.ini C:\WINDOWS\system32\pocfwblj.ini C:\WINDOWS\system32\prsabvns.ini C:\WINDOWS\system32\ptvtgoeg.ini C:\WINDOWS\system32\puwqnvrh.ini C:\WINDOWS\system32\pvmbivie.ini C:\WINDOWS\system32\pwyuxdoo.ini C:\WINDOWS\system32\pxvdekxn.ini C:\WINDOWS\system32\pywbaivx.ini C:\WINDOWS\system32\qbxqekma.ini C:\WINDOWS\system32\qgrojsnu.ini C:\WINDOWS\system32\qgyqtycx.ini C:\WINDOWS\system32\qhmrhclx.ini C:\WINDOWS\system32\qjeccwox.ini C:\WINDOWS\system32\qovsbjep.ini C:\WINDOWS\system32\qpdlqteb.ini C:\WINDOWS\system32\qpilnmnr.ini C:\WINDOWS\system32\qqodyjsb.ini C:\WINDOWS\system32\qqtwa.bak1 C:\WINDOWS\system32\qqtwa.bak2 C:\WINDOWS\system32\qqtwa.ini C:\WINDOWS\system32\qqtwa.ini2 C:\WINDOWS\system32\qqtwa.tmp C:\WINDOWS\system32\qxnkhbnl.ini C:\WINDOWS\system32\rcscbkpo.ini C:\WINDOWS\system32\rdksifcv.ini C:\WINDOWS\system32\rjdhvcxg.ini C:\WINDOWS\system32\rnwhtldj.ini C:\WINDOWS\system32\roaiceus.ini C:\WINDOWS\system32\ryhgwvws.ini C:\WINDOWS\system32\scrgptuh.ini C:\WINDOWS\system32\sdsxrcnn.ini C:\WINDOWS\system32\sibawqyq.ini C:\WINDOWS\system32\slharorh.ini C:\WINDOWS\system32\smhgblsd.ini C:\WINDOWS\system32\stoihqmk.ini C:\WINDOWS\system32\sujggitd.ini C:\WINDOWS\system32\tdwhrtcr.ini C:\WINDOWS\system32\tfyyudtv.ini C:\WINDOWS\system32\tipmdgsp.ini C:\WINDOWS\system32\tnnyxvfk.ini C:\WINDOWS\system32\ttwaaswr.ini C:\WINDOWS\system32\ublegjcx.ini C:\WINDOWS\system32\ugqokqkd.ini C:\WINDOWS\system32\uhhdwbax.ini C:\WINDOWS\system32\umfnuntt.ini C:\WINDOWS\system32\unomyvcb.ini C:\WINDOWS\system32\unoqvtpv.ini C:\WINDOWS\system32\upfkmftc.ini C:\WINDOWS\system32\urwifnyb.ini C:\WINDOWS\system32\utwkwjep.ini C:\WINDOWS\system32\uvffuadt.ini C:\WINDOWS\system32\uyafyksv.ini C:\WINDOWS\system32\vdvdgiec.ini C:\WINDOWS\system32\vnxerqol.ini C:\WINDOWS\system32\vooasukf.ini C:\WINDOWS\system32\vskdhhbs.ini C:\WINDOWS\system32\vxxvgwkq.ini C:\WINDOWS\system32\weayufmr.ini C:\WINDOWS\system32\whuynaix.ini C:\WINDOWS\system32\wlehiqpm.ini C:\WINDOWS\system32\wloahafg.ini C:\WINDOWS\system32\wnbrdukj.ini C:\WINDOWS\system32\wrnjdhrx.ini C:\WINDOWS\system32\wurkjxjh.ini C:\WINDOWS\system32\wysufjyk.ini C:\WINDOWS\system32\xbbqesxt.ini C:\WINDOWS\system32\xfcsgusb.ini C:\WINDOWS\system32\xhjqayhy.ini C:\WINDOWS\system32\xhslvhuc.ini C:\WINDOWS\system32\xjwfwarh.ini C:\WINDOWS\system32\xlglcyok.ini C:\WINDOWS\system32\xnsxfuol.ini C:\WINDOWS\system32\xrvduuhd.ini C:\WINDOWS\system32\ybyyqkph.ini C:\WINDOWS\system32\yfjvvppr.ini C:\WINDOWS\system32\yijnyvuk.ini C:\WINDOWS\system32\yjspxflw.ini C:\WINDOWS\system32\ymealjuk.ini C:\WINDOWS\system32\ymusqphe.ini C:\WINDOWS\system32\yoaplpep.ini C:\WINDOWS\system32\yqnbbtgi.ini C:\WINDOWS\system32\yucnsisq.ini C:\WINDOWS\system32\yumriexg.ini C:\WINDOWS\system32\ywegsxtc.ini C:\WINDOWS\Tasks\A07799F291881936.job . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))) . 2008-01-14 18:02 . 2007-07-30 19:19 92,504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2008-01-14 18:02 . 2007-07-30 19:19 92,504 --a------ C:\WINDOWS\system32\cdm.dll 2008-01-14 18:00 . 2008-01-14 18:16 <DIR> dr-h----- C:\Documents and Settings\Luljetaa & Vjoletaa\Onlangs geopend 2008-01-13 20:48 . 2008-01-13 20:48 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-01-13 20:48 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll 2008-01-13 20:48 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-01-13 20:48 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-01-13 20:39 . 2008-01-13 20:39 122 --ah----- C:\IPH.PH 2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Leadertech 2008-01-13 20:37 . 2008-01-13 20:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-13 20:37 . 2008-01-13 20:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-13 20:12 . 2008-01-13 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-01-13 20:09 . 2008-01-13 20:09 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-01-13 20:02 . 2008-01-13 20:02 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Template 2008-01-13 19:54 . 2008-01-13 19:54 141,824 --a------ C:\WINDOWS\system32\sfc_os.dll.tmp 2008-01-13 19:54 . 2004-08-04 09:03 141,824 --a------ C:\WINDOWS\system32\sfc_os.dll.orig 2008-01-13 10:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 16:13 . 2008-01-13 10:52 <DIR> d-------- C:\WINDOWS\system32\nl-nl 2008-01-12 16:01 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-01-12 15:30 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-01-12 15:30 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-01-12 15:30 . 2006-08-21 13:28 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-01-12 15:20 . 2008-01-12 15:20 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-01-12 14:53 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-11 21:43 . 2008-01-11 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-11 21:40 . 2008-01-11 21:42 <DIR> d--h----- C:\RD4B335D2AF9F44185AFC417F8D8D4B473DR 2008-01-11 21:39 . 2008-01-11 21:39 <DIR> d-------- C:\Program Files\AusLogics Registry Defrag 2008-01-11 19:39 . 2008-01-11 22:49 128 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe 2008-01-11 19:14 . 2008-01-11 19:14 <DIR> d-------- C:\Documents and Settings\luljeta shala\Bureaublad 2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d-------- C:\Program Files\Avira 2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d-------- C:\WINDOWS\provisioning 2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d-------- C:\WINDOWS\peernet 2008-01-11 18:58 . 2008-01-11 18:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-01-11 18:51 . 2008-01-11 18:51 <DIR> d-------- C:\WINDOWS\EHome 2008-01-11 16:55 . 2008-01-11 19:20 <DIR> d-------- C:\Program Files\CCleaner 2008-01-11 16:34 . 2008-01-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-11 15:57 . 2008-01-11 15:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-11 15:25 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-01-11 15:25 . 2001-09-06 19:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-12-27 20:21 . 2007-12-27 20:21 77 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat 2007-12-27 19:59 . 2007-12-27 19:59 77 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat 2007-12-25 15:07 . 2007-12-25 15:07 77 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\3568.bat 2007-12-25 11:01 . 2007-12-25 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NoCompromaat 2007-12-24 13:52 . 2007-12-24 13:52 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Talkback 2007-12-24 13:15 . 2007-12-24 21:12 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\InternetCalls 2007-12-24 10:22 . 2008-01-11 16:45 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Shared 2007-12-23 12:21 . 2007-12-23 12:21 <DIR> d---s---- C:\Documents and Settings\Luljetaa & Vjoletaa\UserData 2007-12-23 11:26 . 2007-12-23 11:26 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Contacts 2007-12-23 11:23 . 2007-12-23 11:23 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Incomplete 2007-12-23 10:44 . 2007-12-23 10:44 40,960 --a------ C:\Documents and Settings\Luljetaa & Vjoletaa\f.exe 2007-12-23 10:39 . 2008-01-02 10:33 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\FaxCtr 2007-12-23 10:34 . 2004-09-30 16:14 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\WINDOWS 2007-12-23 10:34 . 2003-06-27 23:36 <DIR> d--h----- C:\Documents and Settings\Luljetaa & Vjoletaa\Sjablonen 2007-12-23 10:34 . 2003-06-27 23:36 <DIR> d--h----- C:\Documents and Settings\Luljetaa & Vjoletaa\Netwerkprinteromgeving 2007-12-23 10:34 . 2008-01-13 20:37 <DIR> dr------- C:\Documents and Settings\Luljetaa & Vjoletaa\Mijn documenten 2007-12-23 10:34 . 2003-06-27 23:36 <DIR> dr------- C:\Documents and Settings\Luljetaa & Vjoletaa\Menu Start 2007-12-23 10:34 . 2008-01-12 16:19 <DIR> dr------- C:\Documents and Settings\Luljetaa & Vjoletaa\Favorieten 2007-12-23 10:34 . 2008-01-14 18:27 <DIR> dr------- C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad 2007-12-23 10:34 . 2004-09-30 16:25 <DIR> d-------- C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Symantec 2007-12-22 15:27 . 2007-12-22 15:27 87,104 --a------ C:\WINDOWS\system32\itetphvb.dll 2007-12-22 15:24 . 2007-12-22 15:24 78,400 --a------ C:\WINDOWS\system32\agpfqrgc.dll 2007-12-22 15:21 . 2007-12-22 15:21 74,304 --a------ C:\WINDOWS\system32\rhggbpbp.exe 2007-12-22 11:43 . 2004-09-30 16:14 <DIR> d-------- C:\Documents and Settings\Gast\WINDOWS 2007-12-22 11:43 . 2003-06-27 23:36 <DIR> d--h----- C:\Documents and Settings\Gast\Sjablonen 2007-12-22 11:43 . 2003-06-27 23:49 <DIR> dr-h----- C:\Documents and Settings\Gast\Onlangs geopend 2007-12-22 11:43 . 2003-06-27 23:36 <DIR> d--h----- C:\Documents and Settings\Gast\Netwerkprinteromgeving 2007-12-22 11:43 . 2003-06-27 23:49 <DIR> dr------- C:\Documents and Settings\Gast\Mijn documenten 2007-12-22 11:43 . 2003-06-27 23:36 <DIR> dr------- C:\Documents and Settings\Gast\Menu Start 2007-12-22 11:43 . 2003-06-27 23:49 <DIR> dr------- C:\Documents and Settings\Gast\Favorieten 2007-12-22 11:43 . 2003-06-27 23:36 <DIR> dr------- C:\Documents and Settings\Gast\Bureaublad 2007-12-22 11:43 . 2004-09-30 16:25 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\Symantec 2007-12-22 11:29 . 2007-12-22 11:29 85,568 --a------ C:\WINDOWS\system32\rffdnqsm.dll 2007-12-22 11:29 . 2007-12-22 11:29 80,448 --a------ C:\WINDOWS\system32\ndisfxrr.dll 2007-12-22 11:26 . 2007-12-22 11:26 74,304 --a------ C:\WINDOWS\system32\fskohoaa.exe 2007-12-21 19:46 . 2007-12-21 19:46 80,448 --a------ C:\WINDOWS\system32\hvwldgcj.dll 2007-12-21 19:06 . 2007-12-21 19:06 74,304 --a------ C:\WINDOWS\system32\obbvdyai.exe 2007-12-21 18:05 . 2007-12-21 18:05 80,448 --a------ C:\WINDOWS\system32\ebcuxxtf.dll 2007-12-21 18:02 . 2007-12-21 18:02 74,304 --a------ C:\WINDOWS\system32\csgfvjlf.exe 2007-12-21 15:23 . 2007-12-21 15:23 80,448 --a------ C:\WINDOWS\system32\luwwriak.dll 2007-12-21 15:20 . 2007-12-21 15:20 85,568 --a------ C:\WINDOWS\system32\opxclygb.dll 2007-12-21 15:18 . 2007-12-21 15:18 74,304 --a------ C:\WINDOWS\system32\tbkpwiln.exe 2007-12-21 14:37 . 2007-12-21 14:37 80,448 --a------ C:\WINDOWS\system32\qvypegye.dll 2007-12-21 14:31 . 2007-12-21 14:31 74,304 --a------ C:\WINDOWS\system32\xkhfppot.exe 2007-12-21 12:59 . 2007-12-21 12:59 80,448 --a------ C:\WINDOWS\system32\yscjfvfx.dll 2007-12-21 12:54 . 2007-12-21 12:54 74,304 --a------ C:\WINDOWS\system32\wilcbwce.exe 2007-12-21 10:58 . 2007-12-21 10:58 80,448 --a------ C:\WINDOWS\system32\cwnncfpm.dll 2007-12-21 10:52 . 2007-12-21 10:52 74,304 --a------ C:\WINDOWS\system32\wogjgxev.exe 2007-12-21 09:20 . 2007-12-21 09:20 80,448 --a------ C:\WINDOWS\system32\gctnxwee.dll 2007-12-21 09:17 . 2007-12-21 09:17 74,304 --a------ C:\WINDOWS\system32\aifmwhmr.exe 2007-12-20 16:14 . 2007-12-20 16:14 80,448 --a------ C:\WINDOWS\system32\sunbprex.dll 2007-12-20 16:11 . 2007-12-20 16:11 85,568 --a------ C:\WINDOWS\system32\vskyfayu.dll 2007-12-20 16:08 . 2007-12-20 16:08 74,304 --a------ C:\WINDOWS\system32\krlcxlpg.exe 2007-12-20 15:25 . 2007-12-20 15:25 85,568 --a------ C:\WINDOWS\system32\tptirjeg.dll 2007-12-20 15:22 . 2007-12-20 15:22 80,448 --a------ C:\WINDOWS\system32\dutufbda.dll 2007-12-20 15:19 . 2007-12-20 15:19 74,304 --a------ C:\WINDOWS\system32\rojeeonf.exe 2007-12-20 15:08 . 2007-12-20 15:08 80,448 --a------ C:\WINDOWS\system32\wvuunfcd.dll 2007-12-20 15:05 . 2007-12-20 15:05 74,304 --a------ C:\WINDOWS\system32\jxvfltce.exe 2007-12-20 15:03 . 2007-12-20 15:03 80,448 --a------ C:\WINDOWS\system32\qkgnywqm.dll 2007-12-20 15:00 . 2007-12-20 15:00 74,304 --a------ C:\WINDOWS\system32\mnumwnuf.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 19:34 --------- d-----w C:\Program Files\Belastingdienst 2008-01-13 19:25 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-13 19:13 --------- d-----w C:\Program Files\MSN Messenger 2008-01-13 19:11 --------- d-----w C:\Program Files\Java 2008-01-11 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-11 15:53 --------- d-----w C:\Program Files\Logitech 2008-01-11 15:34 --------- d-----w C:\Program Files\Lavasoft 2007-12-02 07:50 --------- d-----w C:\Program Files\Lexmark Fax Solutions 2007-12-02 07:50 --------- d-----w C:\Program Files\Lexmark 3500-4500 Series 2007-11-30 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\FaxCtr . ((((((((((((((((((((((((((((( snapshot@2008-01-13_18.20.31.48 ))))))))))))))))))))))))))))))))))))))))) . - 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe - 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe - 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll - 2008-01-13 10:03:01 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000001\NTUSER.DAT + 2008-01-14 17:17:01 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000001\NTUSER.DAT - 2008-01-13 10:03:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000002\UsrClass.dat + 2008-01-14 17:17:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000002\UsrClass.dat - 2008-01-13 10:03:03 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000003\NTUSER.DAT + 2008-01-14 17:17:01 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000003\NTUSER.DAT - 2008-01-13 10:03:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000004\UsrClass.dat + 2008-01-14 17:17:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000004\UsrClass.dat - 2008-01-13 10:03:10 1,937,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000005\NTUSER.DAT + 2008-01-14 17:17:01 1,953,792 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000005\NTUSER.DAT - 2008-01-13 10:03:15 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000006\UsrClass.dat + 2008-01-14 17:17:01 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000006\UsrClass.dat + 2008-01-13 19:28:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-A81000000003}\SC_Reader.exe - 2008-01-12 15:16:58 219,248 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-01-13 19:08:53 218,448 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-10-30 23:27:15 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-10-31 03:57:16 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-01-11 16:21:48 67,786 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-01-13 17:17:33 67,786 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-01-11 16:21:48 393,542 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-01-13 17:17:33 393,542 ----a-w C:\WINDOWS\system32\perfh013.dat - 2005-06-28 09:21:58 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2006-09-06 16:43:46 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 10:33 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoInternetIcon"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare Software.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare Software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] --a------ 2007-07-16 17:54 311984 C:\Program Files\\Lexmark Fax Solutions\fm3032.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --------- 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --------- 2004-06-01 11:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --------- 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --------- 2004-06-01 10:03 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2004-05-21 18:11 221184 C:\WINDOWS\System32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] --a------ 2007-07-16 17:54 25264 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] --a------ 2007-07-16 17:54 434864 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\Messenger Plus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCompromaat] C:\Program Files\NoCompromaat\GDC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --a------ 2004-06-25 15:20 81920 c:\Apps\Powercinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook] --a------ 2004-04-16 14:53 249856 C:\WINDOWS\System32\keyhook.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ucookw] C:\PROGRA~1\STORAG~1\ucookw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words] C:\Program Files\Words\Words.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\erqyfrno.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\erqyfrno.exe R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22] R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04] . Inhoud van de 'Gedeelde Taken' map "2005-10-21 18:00:01 C:\WINDOWS\Tasks\HDReg.job" - c:\Apps\HDReg\HDRegRem.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 18:28:07 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-14 18:37:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-14 17:37:35 ComboFix2.txt 2008-01-13 17:25:22 . 2008-01-13 19:30:25 --- E O F --- --------------------------------- Logbestand HijackThis --------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:32, on 14-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe C:\WINDOWS\System32\lxdicoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1043 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?f37d44ac492924dc063287e7256ff18ecfd47e0337570ba83184e71c504e963b95236c868425298f89b447183f619d26ee6674e426fe125aa66fafc22061bd61e2ef0b3c25:9aba7c18c9800e1f1bca9acc387e48ea O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe -- End of file - 5305 bytes
  • De laatste stap schijnt niet helemaal goed gegaan te zijn, kan je die nogmaals uitvoeren. Sla de regels die je niet in Hijackthis kan vinden over :wink:
  • Wat bedoel je precies? Het tekstbestand met ComboFix openen? Ik heb het precies gedaan zoals het er staat...
  • Het tekstbestand moet je in Combofix slepen, aan de verwijderingen te zien kan het goed gegaan zijn, maar veel staat er nog. Daarom zou ik het graag nogmaals zien, want ik mis namelijk de switch van CFscript die er normaal onder hoort te staan, dat is bij jou niet het geval.
  • Excuus voor de late reactie...had internetproblemen. Maar alles is opgelost nu wat de problemen van bovenstaande computer betreft. Wel heb ik nu een ander probleem. Mijn eigen computer doet...vreemd. Echt vreemd. Eerst dacht ik dat het toevallig een verkeerd geïnstalleerd programma was. Dit is er tot nu toe gebeurd: - Windows Defender startte niet meer op (ook niet na nieuwe installatie) - AntiVir wil nu ook niet meer (nieuwe installatie lukt helemaal niet) - Van Spybot kan de .exe niet worden gevonden (ook niet na nieuwe installatie) - CCleaner kan wel worden geïnstalleerd, maar start niet meer op. - AdWare werkt nog wel, maar voor hoe lang...? Ik vermoed dat ik een virus heb. Heb al iets gezien van flec006.exe (kan ik niet verwijderen uit taaklijst. Wat te doen? Dit is het HijackThis rapportje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58:18, on 19-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Application Data\m\flec006.exe C:\Program Files\HD Tune\HDTune.exe C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\PureText.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Downloads\stinger.exe E:\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {661294F7-1833-46B3-99EA-7AF25A41FC33} - (no file) O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe O4 - Startup: PureText.exe O4 - Global Startup: HD Tune.lnk = C:\Program Files\HD Tune\HDTune.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164649022593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB635358-8E4B-44FB-811D-E782E4398782}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3CE5D56-F1A1-47AE-9C3C-93678EE6E0C2}: NameServer = 10.0.0.138 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: 22 - C:\WINDOWS\system32\22.tmp (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe (file missing) O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 5245 bytes
  • ComboFix uitgevoerd. Ik kan nu AntiVir weer installeren. Ook CCleaner werkt weer. Ik hoop dat ik er nu van af ben. Hieronder het rapport van ComboFix en daaronder een nieuwe HijackThis. Kam iemand mij zeggen dat alles nu goed is? Of moet ik nog een paar andere handelingen uitvoeren? ---------------------------- ComboFix ---------------------------- ComboFix 08-01-18.5 - Administrator 2008-01-19 11:42:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1696 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe [color=red:2af2dcff66][b:2af2dcff66]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:2af2dcff66][/color:2af2dcff66] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe . ---- Previous Run ------- . C:\Documents and Settings\Administrator\Application Data\inst.exe C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa -------\LEGACY_SROSA -------\srosa (((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))) . 2008-01-19 11:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-19 11:09 . 2008-01-19 11:09 <DIR> d-------- C:\Program Files\Spybot 2008-01-19 09:55 . 2008-01-19 09:55 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-01-19 09:15 . 2008-01-19 09:15 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-16 17:05 . 2008-01-19 11:33 70,660 --a------ C:\WINDOWS\system32\mdelk.exe 2008-01-13 17:04 . 2008-01-19 11:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\m 2008-01-13 13:53 . 2008-01-13 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PCF-VLC 2008-01-07 20:13 . 2008-01-19 11:38 <DIR> d-------- C:\WINDOWS\system32\drivers\down 2008-01-07 20:13 . 2006-08-19 05:01 745,861 --------- C:\WINDOWS\system32\drivers\hldrrr.exe 2008-01-07 19:26 . 2008-01-07 19:26 <DIR> d-------- C:\Program Files\Analog Devices 2008-01-07 19:25 . 2008-01-07 19:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-01-05 17:40 . 2003-07-14 04:58 28,672 -r------- C:\WINDOWS\CmiPCIUninstall.exe 2008-01-05 17:40 . 2008-01-07 19:12 485 --a------ C:\WINDOWS\system\Cmicnfg3.ini 2008-01-05 17:39 . 2008-01-19 09:46 <DIR> d-------- C:\Program Files\C-Media PCI Audio 2008-01-05 17:37 . 2003-07-14 04:58 2,568,192 -ra------ C:\WINDOWS\system\CMICNFG3.CPL 2008-01-05 17:37 . 2003-07-14 04:58 917,504 -ra------ C:\WINDOWS\system\CMDS3D3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 800,192 -ra------ C:\WINDOWS\system32\drivers\cmuda3.sys 2008-01-05 17:37 . 2003-07-14 04:58 712,704 -ra------ C:\WINDOWS\system32\AUDIO3D3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 233,472 -ra------ C:\WINDOWS\system32\CMRMDRV3.exe 2008-01-05 17:37 . 2003-07-14 04:58 36,864 -ra------ C:\WINDOWS\system32\CMUDA3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 32,768 -ra------ C:\WINDOWS\system32\UDAPROP3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 28,672 -ra------ C:\WINDOWS\system32\CMRMDRV3.DLL 2008-01-03 11:40 . 2008-01-03 11:40 <DIR> d-------- C:\Program Files\Paragon Software 2008-01-03 11:40 . 2007-09-20 15:18 39,472 --a------ C:\WINDOWS\system32\drivers\hotcore3.sys 2008-01-03 11:31 . 2008-01-03 11:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VSRevoGroup 2007-12-30 17:27 . 2008-01-04 17:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-30 17:26 . 2007-12-30 17:26 <DIR> d-------- C:\Program Files\Real Alternative 2007-12-30 17:08 . 2007-09-20 15:18 4,244,744 --a------ C:\WINDOWS\system32\qtp-mt334.dll 2007-12-30 17:08 . 2007-03-07 13:27 247,824 --a------ C:\WINDOWS\system32\prgiso.dll 2007-12-30 17:08 . 2007-03-07 13:27 13,840 --a------ C:\WINDOWS\system32\wnaspi32.dll 2007-12-30 16:14 . 2007-12-30 16:58 <DIR> d-------- C:\Program Files\PDFCreator 2007-12-30 16:14 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2007-12-30 16:14 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX 2007-12-30 16:14 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2007-12-24 11:00 . 2007-12-24 11:00 <DIR> d-------- C:\Program Files\Belastingdienst 2007-12-22 10:10 . 2007-12-22 10:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 10:33 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-01-19 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-19 08:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-01-19 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-19 08:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-19 08:14 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-19 08:13 --------- d-----w C:\Program Files\Notepad++ 2008-01-13 19:46 --------- d-----w C:\Program Files\FileZilla Client 2008-01-13 12:51 --------- d-----w C:\Program Files\Participatory Culture Foundation 2008-01-13 12:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FileZilla 2008-01-03 10:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 16:05 --------- d-----w C:\Program Files\QT Lite 2007-12-30 15:57 --------- d-----w C:\Program Files\7-Zip 2007-12-22 09:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2007-12-22 09:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2007-12-15 09:41 --------- d-----w C:\Program Files\support.com 2007-12-15 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com 2007-12-08 19:02 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-08 19:02 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-25 15:07 --------- d-----w C:\Program Files\Opera 9.5 beta 2007-11-25 15:05 --------- d-----w C:\Program Files\WMR11 2007-11-21 20:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit 2007-11-21 19:58 --------- d-----w C:\Program Files\WinPcap 2007-11-21 19:32 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys 2007-11-21 19:32 --------- d-----w C:\Program Files\vso 2007-11-21 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software 2007-07-20 07:20 8 ----a-w C:\Documents and Settings\Administrator\Application Data\usb.dat.bin 2007-04-26 14:29 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 30208] "german.exe"="C:\WINDOWS\system32\wintems.exe" [ ] "mule_st_key"="C:\Documents and Settings\Administrator\Application Data\m\flec006.exe" [2006-08-19 05:01 745861] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:03 30208] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160] C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2006-12-13 17:33:32] PureText.exe [2003-08-21 02:00:00] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HD Tune.lnk - C:\Program Files\HD Tune\HDTune.exe [2006-12-15 14:41:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\22] C:\WINDOWS\system32\22.tmp [color=red:2af2dcff66]SafeBoot register sleutel dient gerepareerd. Deze PC kan niet opstarten in Veilige Modus.[/color:2af2dcff66] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^E-mail.lnk] path=C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\E-mail.lnk backup=C:\WINDOWS\pss\E-mail.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Firefox Preloader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Firefox Preloader.lnk backup=C:\WINDOWS\pss\Firefox Preloader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmPCIaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-05-14 08:01 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "UPnPService"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "FileZilla Server"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] S2 Apache2.2;Apache2.2;"C:\xampp\apache\bin\apache.exe" [] S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 21:18] S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 19:27] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 21:55] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-05-15 11:29] S4 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00] . Inhoud van de 'Gedeelde Taken' map "2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 11:47:31 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-19 11:49:36 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-01-19 10:49:33 . 2007-12-28 16:21:24 --- E O F --- -------------------------------- HijackThis -------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:15, on 19-1-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {661294F7-1833-46B3-99EA-7AF25A41FC33} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrator\Application Data\m\flec006.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe O4 - Startup: PureText.exe O4 - Global Startup: HD Tune.lnk = C:\Program Files\HD Tune\HDTune.exe O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164649022593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AB635358-8E4B-44FB-811D-E782E4398782}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{B3CE5D56-F1A1-47AE-9C3C-93678EE6E0C2}: NameServer = 10.0.0.138 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: 22 - C:\WINDOWS\system32\22.tmp (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe (file missing) O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarOpen - Avira GmbH - (no file) O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- End of file - 5712 bytes
  • Start Hijackthis, kies voor [i:e52719e710]'Do a system scan only'[/i:e52719e710] en vink onderstaande regels aan: [b:e52719e710] O3 - Toolbar: (no name) - {661294F7-1833-46B3-99EA-7AF25A41FC33} - (no file) O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrator\Application Data\m\flec006.exe O20 - Winlogon Notify: 22 - C:\WINDOWS\system32\22.tmp (file missing) [/b:e52719e710] Sluit nu [u:e52719e710]alle[/u:e52719e710] openstaande vensters, behalve Hijackthis en klik op [b:e52719e710]Fix Checked[/b:e52719e710]. Download de [url=http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair-CF.exe][b:e52719e710][color=red:e52719e710]SafeBoot Reparatietool[/color:e52719e710][/b:e52719e710][/url] en sla het op je buraublad op. Dubbelklik [b:e52719e710]SafeBootKeyRepair.exe[/b:e52719e710] om de tool te starten. Er wordt een log opgeslagen in C:\SafeBoot_Repair.txt. Post dat logje in je volgende reactie. Maak vervolgens een nieuwe log met Combofix en post die.
  • -------------------- Safeboot-repair -------------------- Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" ======================== --------------------- ComboFix --------------------- ComboFix 08-01-18.5 - Administrator 2008-01-19 16:51:38.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1451 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe [color=red:f5872fe3f3][b:f5872fe3f3]WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !![/b:f5872fe3f3][/color:f5872fe3f3] . (((((((((((((((((((( Bestanden Gemaakt van 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))) . 2008-01-19 16:46 . 2008-01-19 16:46 <DIR> d-------- C:\WINDOWS\LastGood 2008-01-19 12:28 . 2008-01-19 12:28 <DIR> d-------- C:\Program Files\Windows Defender 2008-01-19 12:18 . 2008-01-19 12:18 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend 2008-01-19 11:55 . 2008-01-19 11:55 <DIR> d-------- C:\Program Files\Avira 2008-01-19 11:55 . 2008-01-19 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-19 11:51 . 2008-01-19 11:51 <DIR> d-------- C:\Program Files\CCleaner 2008-01-19 11:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-19 11:09 . 2008-01-19 11:09 <DIR> d-------- C:\Program Files\Spybot 2008-01-19 09:55 . 2008-01-19 09:55 <DIR> d-------- C:\Program Files\DAEMON Tools 2008-01-19 09:15 . 2008-01-19 09:15 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-13 13:53 . 2008-01-13 13:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PCF-VLC 2008-01-07 19:26 . 2008-01-07 19:26 <DIR> d-------- C:\Program Files\Analog Devices 2008-01-05 17:40 . 2003-07-14 04:58 28,672 -r------- C:\WINDOWS\CmiPCIUninstall.exe 2008-01-05 17:40 . 2008-01-07 19:12 485 --a------ C:\WINDOWS\system\Cmicnfg3.ini 2008-01-05 17:39 . 2008-01-19 09:46 <DIR> d-------- C:\Program Files\C-Media PCI Audio 2008-01-05 17:37 . 2003-07-14 04:58 2,568,192 -ra------ C:\WINDOWS\system\CMICNFG3.CPL 2008-01-05 17:37 . 2003-07-14 04:58 917,504 -ra------ C:\WINDOWS\system\CMDS3D3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 800,192 -ra------ C:\WINDOWS\system32\drivers\cmuda3.sys 2008-01-05 17:37 . 2003-07-14 04:58 712,704 -ra------ C:\WINDOWS\system32\AUDIO3D3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 233,472 -ra------ C:\WINDOWS\system32\CMRMDRV3.exe 2008-01-05 17:37 . 2003-07-14 04:58 36,864 -ra------ C:\WINDOWS\system32\CMUDA3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 32,768 -ra------ C:\WINDOWS\system32\UDAPROP3.DLL 2008-01-05 17:37 . 2003-07-14 04:58 28,672 -ra------ C:\WINDOWS\system32\CMRMDRV3.DLL 2008-01-03 11:40 . 2008-01-03 11:40 <DIR> d-------- C:\Program Files\Paragon Software 2008-01-03 11:40 . 2007-09-20 15:18 39,472 --a------ C:\WINDOWS\system32\drivers\hotcore3.sys 2008-01-03 11:31 . 2008-01-03 11:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VSRevoGroup 2007-12-30 17:27 . 2008-01-04 17:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-12-30 17:26 . 2007-12-30 17:26 <DIR> d-------- C:\Program Files\Real Alternative 2007-12-30 17:08 . 2007-09-20 15:18 4,244,744 --a------ C:\WINDOWS\system32\qtp-mt334.dll 2007-12-30 17:08 . 2007-03-07 13:27 247,824 --a------ C:\WINDOWS\system32\prgiso.dll 2007-12-30 17:08 . 2007-03-07 13:27 13,840 --a------ C:\WINDOWS\system32\wnaspi32.dll 2007-12-30 16:14 . 2007-12-30 16:58 <DIR> d-------- C:\Program Files\PDFCreator 2007-12-30 16:14 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2007-12-30 16:14 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX 2007-12-30 16:14 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2007-12-24 11:00 . 2007-12-24 11:00 <DIR> d-------- C:\Program Files\Belastingdienst 2007-12-22 10:10 . 2007-12-22 10:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-19 15:45 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-01-19 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-19 08:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-01-19 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-19 08:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-19 08:14 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-19 08:13 --------- d-----w C:\Program Files\Notepad++ 2008-01-13 19:46 --------- d-----w C:\Program Files\FileZilla Client 2008-01-13 12:51 --------- d-----w C:\Program Files\Participatory Culture Foundation 2008-01-13 12:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\FileZilla 2008-01-03 10:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-30 16:05 --------- d-----w C:\Program Files\QT Lite 2007-12-30 15:57 --------- d-----w C:\Program Files\7-Zip 2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-22 09:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2007-12-22 09:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2007-12-15 09:41 --------- d-----w C:\Program Files\support.com 2007-12-15 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Support.com 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-08 19:02 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-08 19:02 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-25 15:07 --------- d-----w C:\Program Files\Opera 9.5 beta 2007-11-25 15:05 --------- d-----w C:\Program Files\WMR11 2007-11-21 20:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit 2007-11-21 19:58 --------- d-----w C:\Program Files\WinPcap 2007-11-21 19:32 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys 2007-11-21 19:32 --------- d-----w C:\Program Files\vso 2007-11-21 19:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software 2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:45 2,660,352 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:45 2,660,352 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-07-20 07:20 8 ----a-w C:\Documents and Settings\Administrator\Application Data\usb.dat.bin 2007-04-26 14:29 87,608 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-19_11.49.23.32 ))))))))))))))))))))))))))))))))))))))))) . + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-01-19 10:57:10 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys - 2008-01-19 10:37:08 59,268 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-19 11:22:12 59,268 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-19 10:37:08 77,514 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-01-19 11:22:12 77,514 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-01-19 10:37:08 393,638 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-19 11:22:12 393,638 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-01-19 10:37:08 457,132 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-01-19 11:22:12 457,132 ----a-w C:\WINDOWS\system32\perfh013.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-01-17 10:40 816368] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 30208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 11:57 249896] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:03 30208] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160] C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\ Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe [2006-12-13 17:33:32] PureText.exe [2003-08-21 02:00:00] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ HD Tune.lnk - C:\Program Files\HD Tune\HDTune.exe [2006-12-15 14:41:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^E-mail.lnk] path=C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\E-mail.lnk backup=C:\WINDOWS\pss\E-mail.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Firefox Preloader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Firefox Preloader.lnk backup=C:\WINDOWS\pss\Firefox Preloader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmPCIaudio] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-17 17:51 486856 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2003-05-14 08:01 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key] C:\Documents and Settings\Administrator\Application Data\m\flec006.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-07 15:08 21686568 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "UPnPService"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "FileZilla Server"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] S2 Apache2.2;Apache2.2;"C:\xampp\apache\bin\apache.exe" [] S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 21:18] S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 19:27] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 21:55] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12] S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" [2007-09-05 08:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-05-15 11:29] S4 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 16:00] *Newly Created Service* - WINDEFEND . Inhoud van de 'Gedeelde Taken' map "2008-01-11 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2008-01-19 12:01:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 16:52:42 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-01-19 16:53:08 ComboFix-quarantined-files.txt 2008-01-19 15:53:05 ComboFix2.txt 2008-01-19 10:49:36 . 2007-12-28 16:21:24 --- E O F ---
  • Ziet er goed uit! Hoe is het met je problemen? :)
  • Computer is weer even snel als voorheen en alle software die op de een of andere manier met beveiliging te maken heeft doet het ook weer. Ik zelf ervaar geen problemen meer, maar dat er 'onderhuids' nog iets speelt, weet ik niet. Ik denk van niet. Wat nog wel lastig is, is dat de regels die ik typ op het forum wel erg lang zijn. Ik moet veel horizontaal scrollen om de tekst te lezen. Maar dat heeft waarschijnlijk niets met het virus te maken...
  • Dat heb ik ook, dat komt door de forumsoftware. Deinstalleer Combofix: Ga naar start --> uitvoeren en typ daar: [b:2e39a761b8]combofix /u[/b:2e39a761b8] Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] (by Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:2e39a761b8]Select All[/b:2e39a761b8]. Klik op de knop [b:2e39a761b8]Empty Selected[/b:2e39a761b8]. Het volgende doen als je ook [u:2e39a761b8]FireFox[/u:2e39a761b8] als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:2e39a761b8]Select All[/b:2e39a761b8]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:2e39a761b8]Empty Selected.[/b:2e39a761b8] Het volgende doen als je ook [u:2e39a761b8]Opera[/u:2e39a761b8] als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:2e39a761b8]Select All[/b:2e39a761b8]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:2e39a761b8]Empty Selected[/b:2e39a761b8]. Ga naar het tabblad "Main" en klik op de knop [b:2e39a761b8]Exit[/b:2e39a761b8] om het programma af te sluiten. Lees om herhaling te voorkomen deze beveiligingstips nog eens door: http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.