Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Automatische updates uitgeschakeld na virus

None
10 antwoorden
  • Hoi,

    Ik heb een probleem op mijn pc.
    Ik kreeg een virus met AntiVirus XP Pro 2009.
    Ik kon niet meer naar taakbeheer en mijn muis reageerde alleen op de taakbalk. ik kon alleen nog klikken in Startmenu enzo.
    Elk programma starte wel gwoon op maar ik kon niets aanklikken.

    Ik heb avast 4.8 pro laten scannen en nu doet mijn pc het weer.
    Ik heb mijn taakbeheer weer aan de praat gekregen maar er is nog een probleempje:

    Mijn Automatische Updates staat uitgeschakeld en ik krijg hem niet meer ingeschakeld.

    Ook bij services.msc werkt dit niet. Hij geeft de foutmelding Fout:1085.

    Ik heb vele forums gelezen en heb HiJack gedownload.

    Hier is de log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:25:36, on 14-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avast4.8\aswUpdSv.exe
    C:\Program Files\Avast4.8\ashServ.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Avast4.8\ashDisp.exe
    C:\Program Files\Visual ToolTip\VisualToolTip.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\TrueTransparency\TrueTransparency.exe
    C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    C:\Program Files\LowTek CopyFaster\copyfast.exe
    C:\DOCUME~1\MARIJN~1\LOCALS~1\Temp\RarSFX0\deskspace.exe
    C:\Program Files\Thoosje Sidebar\Thoosje Vista Sidebar.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Marijn Villerius\Application Data\G-RAP-IT SHARE.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Tray It 4.6\TrayIt!.exe
    C:\Program Files\Avast4.8\ashMaiSv.exe
    C:\Program Files\Avast4.8\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
    C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    D:\Mijn Documenten\Tijdelijke bestanden\4UsOnly\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4.8\ashDisp.exe
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual ToolTip\VisualToolTip.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [50b4ee94] rundll32.exe "C:\WINDOWS\system32\tpmstqwl.dll",b
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [LowTek CopyFaster] "C:\Program Files\LowTek CopyFaster\copyfast.exe" /startup
    O4 - HKCU\..\Run: [PUSH Wallpaper] C:\Program Files\Watery Desktop 3D\Watery Desktop 3D.exe s
    O4 - HKCU\..\Run: [DeskSpace] C:\DOCUME~1\MARIJN~1\LOCALS~1\Temp\RarSFX0\deskspace.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Easy Window & System Tray Icons Hider.lnk = C:\Program Files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe
    O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar\Thoosje Vista Sidebar.exe
    O4 - Global Startup: Easy Window & System Tray Icons Hider.lnk = C:\Program Files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe
    O4 - Global Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar\Thoosje Vista Sidebar.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\temp
    tdll64.dll
    O10 - Unknown file in Winsock LSP: c:\windows\temp
    tdll64.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228490270015
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: wbsys.dll ugbkmg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4.8\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4.8\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4.8\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4.8\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe


    End of file - 8452 bytes

    Kan iemand mij Helpen???



  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:392e9f65a0]O4 - HKLM\..\Run: [50b4ee94] rundll32.exe "C:\WINDOWS\system32\tpmstqwl.dll",b[/b:392e9f65a0]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:392e9f65a0]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\system32\tpmstqwl.dll) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:392e9f65a0]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    [u:392e9f65a0][b:392e9f65a0]LSPFix[/u:392e9f65a0][/b:392e9f65a0]

    [list:392e9f65a0][*:392e9f65a0] Download LSPFix en sla het op naar je Bureaublad: http://www.cexx.org/lspfix.zip.
    [*:392e9f65a0] Pak het uit met bijvoorbeeld Winzip (Engels) of Winrar (Nederlands).
    [*:392e9f65a0] Open de map "lspfix" op je Bureaublad en dubbelklik op LSPFix.exe.
    [*:392e9f65a0] Schakel nu het vakje voor "I know what I'm doing" in. Nu kun je het programma gebruiken.[/list:u:392e9f65a0]



    Download [b:392e9f65a0] en sla het op je bureaublad op.
    Dubbelklik op [b:392e9f65a0]mbam-setup.exe[/b:392e9f65a0] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:392e9f65a0]
    [*:392e9f65a0]Update MalwareBytes' Anti-Malware
    [*:392e9f65a0]Start MalwareBytes' Anti-Malware
    [/list:u:392e9f65a0]Klik daarna op "[b:392e9f65a0]Voltooien[/b:392e9f65a0]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:392e9f65a0]
    [*:392e9f65a0]Zodra het programma gestart is, ga dan naar het tabblad "[b:392e9f65a0]Instellingen[/b:392e9f65a0]".
    [*:392e9f65a0]Vink hier aan: "[b:392e9f65a0]Sluit Internet Explorer tijdens verwijdering van malware[/b:392e9f65a0]".
    [*:392e9f65a0]Ga daarna naar het tabblad "[b:392e9f65a0]Scanner[/b:392e9f65a0]", kies hier voor "[b:392e9f65a0]Snelle Scan[/b:392e9f65a0]".
    [*:392e9f65a0]Druk vervolgens op "[b:392e9f65a0]Scannen[/b:392e9f65a0]" om de scan te starten.
    [*:392e9f65a0]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:392e9f65a0]Wanneer de scan voltooid is, klik op [b:392e9f65a0]OK[/b:392e9f65a0], daarna "[b:392e9f65a0]Bekijk Resultaten[/b:392e9f65a0]" om de resultaten te zien.
    [*:392e9f65a0]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:392e9f65a0]Verwijder geselecteerde[/b:392e9f65a0]".
    [*:392e9f65a0]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:392e9f65a0]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:392e9f65a0]Logs[/b:392e9f65a0]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • MBAM:

    Malwarebytes' Anti-Malware 1.34
    Database versie: 1761
    Windows 5.1.2600 Service Pack 2

    14-2-2009 15:12:22
    mbam-log-2009-02-14 (15-12-22).txt

    Scan type: Snelle Scan
    Objecten gescand: 68058
    Verstreken tijd: 4 minute(s), 30 second(s)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 5
    Registersleutels geïnfecteerd: 16
    Registerwaarden geïnfecteerd: 1
    Registerdata bestanden geïnfecteerd: 11
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 63

    Geheugenprocessen geïnfecteerd:
    C:\Documents and Settings\Marijn Villerius\Application Data\G-RAP-IT SHARE.exe (Trojan.Lop.H) -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\tpmstqwl.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\urqPjIXp.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\byXppPIy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ugbkmg.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\Temp
    tdll64.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f4c005f-a879-4198-9432-e9d9820b11eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4f4c005f-a879-4198-9432-e9d9820b11eb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7108bb3-b6a6-4011-a4e5-d7fb1786cc9e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{a7108bb3-b6a6-4011-a4e5-d7fb1786cc9e} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxpppiy (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4f4c005f-a879-4198-9432-e9d9820b11eb} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7108bb3-b6a6-4011-a4e5-d7fb1786cc9e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{96e74e0b-9143-4d55-b522-35112296956a} (Trojan.Vundo) -> Delete on reboot.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqpjixp -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqpjixp -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\ugbkmg.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\urqPjIXp.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\pXIjPqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pXIjPqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aibfehbh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hbhefbia.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bpgvdgcy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ycgdvgpb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlsrdwoc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cowdrsld.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drogjsxb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bxsjgord.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\edmktept.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tpetkmde.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ensknkln.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32
    lknksne.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ewqfjgbk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kbgjfqwe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hdeoftuk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kutfoedh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hscqtopx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xpotqcsh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jifwjvud.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\duvjwfij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kbvoswnl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lnwsovbk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32
    ssnfvfv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vfvfnssn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ololmlra.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\arlmlolo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qxhdghqt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tqhgdhxq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sndpgtju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ujtgpdns.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tpmstqwl.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\lwqtsmpt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yogosrhi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ihrsogoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXppPIy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\upcpcxdq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fokkzx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\maebdusk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mowintup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqRhhhHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sosndhbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\siylkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\veqxrymj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekalxufebvh.dll (Trojan.Seneka) -> Delete on reboot.
    C:\WINDOWS\system32\senekapmjxbrwg.dll (Trojan.Seneka) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\senekamnkrgkgm.sys (Trojan.Seneka) -> Delete on reboot.
    C:\Documents and Settings\Marijn Villerius\Local Settings\Temporary Internet Files\Content.IE5\HFT8O83W\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Marijn Villerius\Application Data\G-RAP-IT SHARE.exe (Trojan.Lop.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32
    tdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp
    tdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\senekanbdovrdl.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekaqpktdjbq.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\senekaxvkypmvn.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.



    HiJack Nieuw:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:36:30, on 14-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avast4.8\aswUpdSv.exe
    C:\Program Files\Avast4.8\ashServ.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Avast4.8\ashDisp.exe
    C:\Program Files\Visual ToolTip\VisualToolTip.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\TrueTransparency\TrueTransparency.exe
    C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    C:\Program Files\LowTek CopyFaster\copyfast.exe
    C:\DOCUME~1\MARIJN~1\LOCALS~1\Temp\RarSFX0\deskspace.exe
    C:\Program Files\Thoosje Sidebar\Thoosje Vista Sidebar.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Tray It 4.6\TrayIt!.exe
    C:\Program Files\Avast4.8\ashMaiSv.exe
    C:\Program Files\Avast4.8\ashWebSv.exe
    C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    D:\Mijn Documenten\Tijdelijke bestanden\4UsOnly\HiJackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4.8\ashDisp.exe
    O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\Visual ToolTip\VisualToolTip.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [TrueTransparency] "C:\Program Files\TrueTransparency\TrueTransparency.exe"
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [LowTek CopyFaster] "C:\Program Files\LowTek CopyFaster\copyfast.exe" /startup
    O4 - HKCU\..\Run: [PUSH Wallpaper] C:\Program Files\Watery Desktop 3D\Watery Desktop 3D.exe s
    O4 - HKCU\..\Run: [DeskSpace] C:\DOCUME~1\MARIJN~1\LOCALS~1\Temp\RarSFX0\deskspace.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Easy Window & System Tray Icons Hider.lnk = C:\Program Files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe
    O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar\Thoosje Vista Sidebar.exe
    O4 - Global Startup: Easy Window & System Tray Icons Hider.lnk = C:\Program Files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe
    O4 - Global Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar\Thoosje Vista Sidebar.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228490270015
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: wbsys.dll ugbkmg.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4.8\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4.8\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4.8\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4.8\ashWebSv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe


    End of file - 8049 bytes






  • Je hebt de instructies met het kladblok bestand niet uitgevoerd, maar dat maakt niet meer uit MBAM heeft het bestand al verwijderd.


    Download [b:e8abb1de96] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:e8abb1de96]
  • ComboFix 09-02-12.03 - Marijn Villerius 2009-02-14 17:04:14.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.542 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marijn Villerius\Bureaublad\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090213-0] *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .
    /wow section - STAGE 41
    Het systeem kan het opgegeven pad niet vinden.
    Het systeem kan het opgegeven pad niet vinden.


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Marijn Villerius\Application Data\.#
    c:\documents and settings\Marijn Villerius\Application Data\inst.exe
    c:\windows\system32\303350.exe
    c:\windows\system32\blrmrvkr.ini
    c:\windows\system32\drivers\senekamnkrgkgm.sys
    c:\windows\system32\gxyjheac.ini
    c:\windows\system32\init32.exe
    c:\windows\system32\lvvtiiyk.ini
    c:\windows\system32
    pnbmuul.ini
    c:\windows\system32\senekalxufebvh.dll
    c:\windows\system32\senekanbdovrdl.dat
    c:\windows\system32\senekapmjxbrwg.dll
    c:\windows\system32\senekaqpktdjbq.dat
    c:\windows\system32\senekaxvkypmvn.dll
    c:\windows\system32\uniq.tll
    c:\windows\system32\win32hlp.cnf
    D:\resycled
    d:\resycled\boot.com


  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • ComboFix 09-02-12.03 - Marijn Villerius 2009-02-14 18:08:43.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.525 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Marijn Villerius\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Marijn Villerius\Bureaublad\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090213-0] *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .
    /wow section - STAGE 41
    Het systeem kan het opgegeven pad niet vinden.
    Het systeem kan het opgegeven pad niet vinden.


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_dvxfu


    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-14 to 2009-02-14 ))))))))))))))))))))))))))))))
    .

    2009-02-14 17:01 . 2009-02-14 18:07 <DIR> dr-h—– c:\documents and settings\Marijn Villerius\Onlangs geopend
    2009-02-14 16:57 . 2009-02-14 17:28 1,369,088 –a—— c:\documents and settings\Marijn Villerius\Application Data\G-RAP-IT SHARE.exe
    2009-02-14 15:05 . 2009-02-14 15:05 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-14 15:05 . 2009-02-14 15:05 <DIR> d——– c:\documents and settings\Marijn Villerius\Application Data\Malwarebytes
    2009-02-14 15:05 . 2009-02-14 15:05 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-14 15:05 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-14 15:05 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-14 14:04 . 2009-02-14 18:12 <DIR> d——– c:\windows\system32\CatRoot2
    2009-02-14 10:49 . 2008-05-28 20:06 860,297 –a—— c:\windows\vista 03.jpg
    2009-02-14 10:27 . 2009-02-14 10:27 552 –a—— c:\windows\system32\d3d8caps.dat
    2009-02-14 10:09 . 2009-02-14 10:09 <DIR> dr-h—– c:\documents and settings\Administrator\Onlangs geopend
    2009-02-13 23:21 . 2008-12-05 11:31 <DIR> d–h—– c:\documents and settings\Administrator\Sjablonen
    2009-02-13 23:21 . 2008-12-05 12:26 <DIR> d–h—– c:\documents and settings\Administrator\Netwerkprinteromgeving
    2009-02-13 23:21 . 2008-12-05 12:26 <DIR> d——– c:\documents and settings\Administrator\Mijn documenten
    2009-02-13 23:21 . 2008-12-05 12:26 <DIR> dr——- c:\documents and settings\Administrator\Menu Start
    2009-02-13 23:21 . 2008-12-05 12:26 <DIR> d——– c:\documents and settings\Administrator\Favorieten
    2009-02-13 23:21 . 2008-12-05 12:26 <DIR> d——– c:\documents and settings\Administrator\Bureaublad
    2009-02-13 23:21 . 2009-02-14 10:09 <DIR> d——– c:\documents and settings\Administrator
    2009-02-13 22:32 . 2009-02-13 22:37 632 –a—— c:\windows\Sofplat.INI
    2009-02-13 20:56 . 2002-04-22 08:15 4,284,416 -ra—— c:\windows\uncsetup.exe
    2009-02-13 19:00 . 2009-02-13 19:00 117 –a—— c:\windows\AutoScreenRecorder.INI
    2009-02-13 18:54 . 2009-02-13 18:54 <DIR> d——– c:\program files\Wisdom-soft AutoScreenRecorder 3 Pro
    2009-02-12 21:22 . 2009-02-12 21:22 <DIR> d——– c:\program files\Watery Desktop 3D
    2009-02-12 21:22 . 2007-11-15 00:53 1,011,712 –a—— c:\windows\WATERYDS.SCR
    2009-02-12 21:22 . 2007-09-21 11:09 90,112 –a—— c:\windows\WateryDesktop_vista.dll
    2009-02-12 21:22 . 2007-09-21 11:09 69,632 –a—— c:\windows\WateryDesktop_xp.dll
    2009-02-11 20:04 . 2009-02-11 20:05 <DIR> d——– c:\program files\Torrent Searcher 9.0
    2009-02-05 21:23 . 2009-02-05 21:30 <DIR> d——– c:\program files\RapidFinder 3.0
    2009-02-05 21:17 . 2009-02-05 21:17 <DIR> d——– c:\program files\Rapid Hacker
    2009-02-05 21:03 . 2009-02-05 21:07 <DIR> d——– c:\program files\Desktop Icons Arranger
    2009-02-05 19:13 . 2009-02-05 19:13 <DIR> d——– c:\program files\Active Desktop Calendar
    2009-02-05 19:13 . 2009-02-05 19:13 <DIR> d——– c:\documents and settings\Marijn Villerius\Application Data\XemiComputers
    2009-02-05 19:13 . 2009-02-05 19:13 <DIR> d——– c:\documents and settings\All Users\Application Data\XemiComputers
    2009-02-05 19:10 . 2009-02-05 19:11 53 –a—— c:\windows\setam.ini
    2009-02-05 19:08 . 2009-02-05 19:08 14 –a—— c:\windows\psevd.ini
    2009-02-05 19:07 . 2009-02-05 19:07 1,311 –a—— c:\windows\system32\msvtr.dll
    2009-02-05 19:06 . 2009-02-05 19:12 109 –a—— c:\windows\am3.ini
    2009-02-05 19:02 . 2009-02-05 20:41 1,004 –ahs—- c:\windows\system32\sys_drv.dat
    2009-02-05 18:57 . 2009-02-05 20:43 <DIR> d——– c:\program files\Folder Lock 6
    2009-02-02 16:11 . 2009-02-02 16:11 <DIR> d——– c:\windows\system32\psconv
    2009-02-02 16:11 . 2009-02-02 16:11 <DIR> d——– c:\program files\psconvert
    2009-02-02 16:11 . 2009-02-02 16:11 164 –a—— c:\windows\system32\psconv.ini
    2009-02-02 16:04 . 2009-02-02 16:04 <DIR> d——– c:\program files\PDF To Image Converter
    2009-02-02 16:04 . 2009-02-02 16:08 1,024 –a—— c:\windows\system32\gmi2fdp.dat
    2009-02-02 15:57 . 2009-02-02 15:57 181 –a—— c:\windows\pdf2word.INI
    2009-01-30 21:11 . 2009-01-30 21:11 <DIR> d——– c:\program files\Common Files\Macrovision Shared
    2009-01-27 17:23 . 2009-01-27 17:23 <DIR> d——– c:\documents and settings\Marijn Villerius\Application Data\Zylom
    2009-01-27 17:23 . 2009-01-27 17:23 <DIR> d——– c:\documents and settings\All Users\Application Data\Zylom
    2009-01-24 12:24 . 2009-01-24 12:24 <DIR> d——– c:\documents and settings\Marijn Villerius\Application Data\ABBYY
    2009-01-23 14:14 . 2009-01-23 14:25 <DIR> d——– c:\program files\Thoosje Sidebar
    2009-01-23 13:45 . 2009-01-23 14:22 <DIR> d——– c:\documents and settings\Marijn Villerius\Application Data\Desktop Sidebar
    2009-01-23 13:38 . 2009-02-14 11:28 <DIR> d——– c:\program files\Easy Window & System Tray Icons Hider
    2009-01-23 13:31 . 2009-01-23 13:32 <DIR> d——– c:\program files\Clock Tray Skins
    2009-01-23 13:31 . 2004-08-04 01:03 219,136 –a—— c:\windows\system32\uxtheme.backup
    2009-01-23 13:30 . 2009-01-23 13:31 <DIR> d——– c:\program files\Theme XPack
    2009-01-22 20:56 . 2008-03-22 21:01 105,954 –a—— c:\windows\Vista 22- (3).jpg
    2009-01-20 10:14 . 2001-08-17 22:02 9,600 –a—— c:\windows\system32\drivers\hidusb.sys
    2009-01-20 10:14 . 2001-08-17 22:02 9,600 –a–c— c:\windows\system32\dllcache\hidusb.sys
    2009-01-19 19:41 . 2009-01-19 19:42 <DIR> d——– c:\program files\7-Zip
    2009-01-19 19:30 . 2009-01-19 19:30 <DIR> d——– c:\program files\UselessCreations
    2009-01-19 17:28 . 2005-08-15 16:54 1,536 –a—— c:\windows\system32\hidec.exe
    2009-01-19 12:36 . 2006-03-01 06:21 1,263,616 –a—— c:\windows\system32\Aurora.scr
    2009-01-19 12:36 . 2008-06-16 17:56 837,632 –a—— c:\windows\system32\Vista.scr
    2009-01-19 12:36 . 2006-03-01 05:53 773,120 –a—— c:\windows\system32\Bubbles.scr
    2009-01-19 12:36 . 2006-03-01 06:21 117,248 –a—— c:\windows\system32\Ribbons.scr
    2009-01-19 12:36 . 2006-03-03 15:42 117,248 –a—— c:\windows\system32\Mystify.scr
    2009-01-19 12:36 . 2005-10-22 12:53 61,440 –a—— c:\windows\system32\Vista.Emulation.dll
    2009-01-19 12:36 . 2008-06-16 17:56 33,234 –a—— c:\windows\system32\oemlogo.bmp
    2009-01-19 12:36 . 2008-09-13 01:34 210 –a—— c:\windows\system32\oeminfo.ini
    2009-01-17 16:43 . 2009-01-17 16:43 <DIR> d——– c:\program files\EA Games
    2009-01-16 13:37 . 2006-12-05 10:56 82,781 –a—— c:\windows\system32\My Videos.png
    2009-01-15 20:59 . 2009-01-15 20:59 <DIR> d——– c:\program files\WinCustomize
    2009-01-15 20:59 . 2000-10-10 13:01 198,656 –a—— c:\windows\system32\comdlg32.ocx
    2009-01-15 20:59 . 2000-05-17 09:52 187,392 –a—— c:\windows\system32\JPGUtils.dll
    2009-01-15 20:59 . 2009-02-14 18:14 24 –a—— c:\windows\LogonStudio.ini
    2009-01-15 18:15 . 2009-02-14 12:12 45 –a—— C:\TEST.XML
    2009-01-14 21:48 . 2009-01-14 21:48 <DIR> d——– c:\windows\Sun
    2009-01-14 19:11 . 2009-01-14 19:11 <DIR> d——– c:\documents and settings\Marijn Villerius\Application Data\Thinstall
    2009-01-14 18:11 . 2009-02-10 17:36 <DIR> d——– c:\program files\LowTek CopyFaster

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-14 11:19 ——— d—–w c:\program files\Avast4.8
    2009-02-14 09:56 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-05 20:02 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-02 14:13 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\Babylon
    2009-02-02 14:11 ——— d—–w c:\documents and settings\All Users\Application Data\Babylon
    2009-01-30 20:25 ——— d—–w c:\program files\Common Files\Adobe
    2009-01-26 16:53 ——— d—–w c:\program files\CCleaner
    2009-01-19 18:19 ——— d—–w c:\program files\3D Screensavers
    2009-01-19 18:14 ——— d—–w c:\program files\MagicISO
    2009-01-19 18:10 ——— d—–w c:\program files\A-Z
    2009-01-19 18:05 ——— d—–w c:\program files\ImTOO
    2009-01-19 12:44 ——— d—–w c:\program files\Any Audio Converter
    2009-01-19 12:13 ——— d—–w c:\program files\TechSmith
    2009-01-19 12:13 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-01-19 12:13 ——— d—–w c:\documents and settings\All Users\Application Data\TechSmith
    2009-01-16 13:08 163,712 —-a-w c:\windows\system32\drivers\vidstub.sys
    2009-01-14 21:24 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-12 18:00 ——— d—–w c:\program files\Stardock
    2009-01-12 18:00 ——— d—–w c:\program files\Common Files\Stardock
    2009-01-12 15:24 ——— d—–w c:\program files\Real
    2009-01-12 15:24 ——— d—–w c:\program files\Common Files\xing shared
    2009-01-12 15:24 ——— d—–w c:\program files\Common Files\Real
    2009-01-12 15:24 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\OtakuSoftware
    2009-01-12 15:13 ——— d—–w c:\program files\EPCTV
    2009-01-12 15:09 ——— d—–w c:\program files\Framing Studio
    2009-01-10 23:06 ——— d—–w c:\program files\Unlocker
    2009-01-10 18:33 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\Real Desktop
    2009-01-10 17:29 ——— d—–w c:\program files\Undelete NOW! Trial
    2009-01-10 17:06 ——— d—–w c:\program files\Everest Ultimate
    2009-01-10 15:56 ——— d—–w c:\program files\Fraps
    2009-01-10 15:42 ——— d—–w c:\program files\proDAD
    2009-01-10 15:42 ——— d—–w c:\program files\LooksBuilderSE
    2009-01-10 15:42 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\proDAD
    2009-01-10 15:41 ——— d—–w c:\program files\Boris FX, Inc
    2009-01-10 15:39 ——— d—–w c:\program files\Pinnacle
    2009-01-10 15:24 ——— d—–w c:\program files\Common Files\Pinnacle
    2009-01-10 15:13 ——— d—–w c:\program files\Common Files\Yahoo!
    2009-01-10 15:13 ——— d—–w c:\documents and settings\All Users\Application Data\Studio 12
    2009-01-10 15:13 ——— d—–w c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
    2009-01-10 15:13 ——— d—–w c:\documents and settings\All Users\Application Data\Pinnacle
    2009-01-10 12:40 ——— d—–w c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
    2009-01-09 22:47 ——— d—–w c:\program files\YouTube Downloader
    2009-01-09 22:02 ——— dc-h–w c:\documents and settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}
    2009-01-09 21:56 ——— d—–w c:\program files\IconPackager
    2009-01-06 18:01 ——— d—–w c:\program files\Microsoft
    2009-01-06 17:58 ——— d—–w c:\program files\Windows Live SkyDrive
    2009-01-06 17:57 ——— d—–w c:\program files\Windows Live
    2009-01-06 17:47 ——— d—–w c:\program files\Common Files\Windows Live
    2009-01-03 18:52 ——— d—–w c:\program files\K-Lite Codec Pack
    2009-01-03 17:38 ——— d—–w c:\program files\Keyboard Music 2.4
    2009-01-03 17:28 ——— d—–w c:\program files\Steinberg
    2009-01-03 17:28 ——— d—–w c:\program files\KORG Legacy
    2009-01-03 17:28 ——— d—–w c:\program files\Common Files\KORG
    2009-01-03 17:28 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\KORG
    2009-01-03 17:28 ——— d—–w c:\documents and settings\All Users\Application Data\KORG
    2008-12-30 21:09 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\Nero
    2008-12-27 22:29 ——— d—–w c:\program files\QuickTime
    2008-12-27 22:28 ——— d—–w c:\program files\FLVPlayer
    2008-12-27 17:30 ——— d—–w c:\program files\3Planesoft Screensaver Manager
    2008-12-26 13:46 ——— d—–w c:\program files\Adobe Media Player
    2008-12-26 13:43 ——— d—–w c:\program files\CyberLink
    2008-12-26 13:43 ——— d—–w c:\program files\Common Files\CyberLink
    2008-12-26 13:43 ——— d—–w c:\documents and settings\All Users\Application Data\CyberLink
    2008-12-25 00:52 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\EPSON
    2008-12-20 20:41 ——— d—–w c:\documents and settings\Marijn Villerius\Application Data\DivX
    2008-12-20 20:40 ——— d—–w c:\program files\DivX
    2008-12-19 14:53 ——— d—–w c:\documents and settings\All Users\Application Data\FLEXnet
    2008-12-05 12:33 47,360 —-a-w c:\documents and settings\Marijn Villerius\Application Data\pcouffin.sys
    2001-11-23 05:08 712,704 —-a-r c:\windows\inf\OTHER\AUDIO3D.DLL
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-14_17.21.31.03 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-14 15:59:05 76,918 —-a-w c:\windows\system32\perfc009.dat
    + 2009-02-14 16:19:39 77,034 —-a-w c:\windows\system32\perfc009.dat
    - 2009-02-14 15:59:05 108,276 —-a-w c:\windows\system32\perfc013.dat
    + 2009-02-14 16:19:39 108,436 —-a-w c:\windows\system32\perfc013.dat
    - 2009-02-14 15:59:05 456,392 —-a-w c:\windows\system32\perfh009.dat
    + 2009-02-14 16:19:39 456,700 —-a-w c:\windows\system32\perfh009.dat
    - 2009-02-14 15:59:05 555,416 —-a-w c:\windows\system32\perfh013.dat
    + 2009-02-14 16:19:39 555,844 —-a-w c:\windows\system32\perfh013.dat
    + 2009-02-14 17:15:01 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_23c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
    "TrueTransparency"="c:\program files\TrueTransparency\TrueTransparency.exe" [2007-10-20 132608]
    "SkinClock"="c:\program files\Clock Tray Skins\ClockTraySkins.exe" [2009-01-23 1259008]
    "Active Desktop Calendar"="c:\program files\Active Desktop Calendar\ADC.exe" [2008-08-26 3780608]
    "LowTek CopyFaster"="c:\program files\LowTek CopyFaster\copyfast.exe" [2000-06-18 86096]
    "PUSH Wallpaper"="c:\program files\Watery Desktop 3D\Watery Desktop 3D.exe" [2007-05-24 61440]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\Avast4.8\ashDisp.exe" [2009-02-05 81000]
    "VisualTooltip"="c:\program files\Visual ToolTip\VisualToolTip.exe" [2007-12-06 988672]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
    "DrvIcon"="c:\program files\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe" [2008-07-07 45056]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-05 7561216]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Marijn Villerius\Menu Start\Programma's\Opstarten\
    Easy Window & System Tray Icons Hider.lnk - c:\program files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe [2009-01-23 524288]
    Thoosje Vista Sidebar.lnk - c:\program files\Thoosje Sidebar\Thoosje Vista Sidebar.exe [2007-10-22 524288]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Easy Window & System Tray Icons Hider.lnk - c:\program files\Easy Window & System Tray Icons Hider\Easy window & system tray icons hider.exe [2009-01-23 524288]
    Thoosje Vista Sidebar.lnk - c:\program files\Thoosje Sidebar\Thoosje Vista Sidebar.exe [2007-10-22 524288]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCpl"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuSubFolders"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    "NoPrinters"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoChangeAnimation"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\system32\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\WBSrv]
    2005-12-06 21:16 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codec"= L3codecp.acm
    "msacm.ac3filter"= ac3filter.acm
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "vidc.mjpg"= pvmjpg30.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Mijn Documenten\\Drivers & Software\\Basis Software\\Netwerk\\MSN Live Messenger\\Smileys\\Packmatronic 1.0 CrystalXP.exe"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\CCleaner\\CCleaner.exe"=
    "c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Torrent Searcher 9.0\\giFT\\giFTl.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys –> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-05 114768]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\[u:ca73447d4a]0[/u:ca73447d4a]00.fcl [2008-06-27 16:50:32 61424]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-05 20560]
    R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [2008-09-10 229648]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-12-05 1527900]
    S3 mpr_freader;MPR FileReader Driver;\??\d:\mijn documenten\Drivers & Software\Basis Software\Wachtwoord Software\Portable Multi Password Recovery\mpr_freader.sys –> d:\mijn documenten\Drivers & Software\Basis Software\Wachtwoord Software\Portable Multi Password Recovery\mpr_freader.sys [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-13 c:\windows\Tasks\Easy Onderhoud.job
    - c:\program files\TuneUp Utilities 2008\OneClick.exe []

    2008-12-05 c:\windows\Tasks\Uniblue DiskRescue 2009.job
    - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-12-28 18:31]

    2008-12-05 c:\windows\Tasks\Uniblue SpyEraser.job
    - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-08-25 15:44]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    FF - ProfilePath - c:\documents and settings\Marijn Villerius\Application Data\Mozilla\Firefox\Profiles\f2ekofxd.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components
    prpbrowserrecordplugin.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
    pzylomgamesplayer.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pzylomgamesplayer.dll
    FF - plugin: c:\program files\QuickTime\Plugins
    pqtplugin8.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-14 18:15:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u:ca73447d4a]0[/u:ca73447d4a]00.fcl"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_USERS\S-1-5-21-839522115-1993962763-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)

    [HKEY_USERS\S-1-5-21-839522115-1993962763-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9A82C29-7D2F-A0BF-DCC4-BF1D3D6D37A2}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "haimpjpeclpiieak"=hex:6e,62,6a,6d,66,61,6f,6d,63,70,6a,6d,62,6b,61,64,62,69,
    6d,61,6c,61,6b,61,70,69,70,6d,64,6a,65,61,63,63,6d,67,6e,6f,6c,6f,6b,64,66,\
    "jaimpjpeclpiieakajcm"=hex:66,61,6a,6d,64,61,70,6a,62,70,6e,64,00,f0
    "paalchjjpppefgcdechgpfilgjalffcp"=hex:65,61,6a,6d,69,61,6b,6a,61,61,00,64

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,fa,19,3a,aa,b5,
    11,c8,2d,e2,63,26,f1,3f,c8,ff,68,10,90,86,f7,ff,0a,7f,e1,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,d0,c9,38,38,4f,
    4b,2f,79,6a,9c,d6,61,af,45,84,18,bc,4f,e8,36,b4,eb,9f,4b,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,68,87,05,e2,f4,
    48,fd,8d,ff,7c,85,e0,43,d4,0e,fe,1c,34,81,c5,94,b2,c0,61,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,a9,7c,90,c8,e1,
    44,8b,0d,86,8c,21,01,be,91,eb,e7,bf,07,92,c0,42,1e,c0,63,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,8e,a6,9c,6e,fb,
    0a,c1,15,f5,1d,4d,73,a8,13,5c,05,47,72,7c,85,22,35,d5,11,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,ad,51,ce,48,c0,
    ef,05,c0,df,20,58,62,78,6b,cf,c8,33,81,92,fa,7b,2f,29,67,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,9d,0d,75,67,00,
    8b,cc,f0,fb,a7,78,e6,12,2f,9a,ea,26,e4,dc,92,01,f0,70,73,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f5,db,ff,57,18,
    9f,61,82,01,3a,48,fc,e8,04,4a,f1,63,b4,cc,a8,56,38,14,77,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,dd,b7,28,46,25,
    cb,65,5b,f6,0f,4e,58,98,5b,89,c9,ea,4d,ea,a5,d0,93,3b,68,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,20,05,d9,6f,10,
    ab,07,c7,3d,ce,ea,26,2d,45,aa,78,db,7d,2e,df,d0,d4,a1,d0,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,ae,73,7a,9d,e0,
    a2,5a,ea,2a,b7,cc,b5,b9,7f,41,e7,0c,83,51,3e,1d,92,ff,d5,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,83,bf,1e,62,cf,
    67,9b,d1,6c,43,2d,1e,aa,22,2f,9c,97,89,ea,b5,54,14,c9,3e,6c,43,2d,1e,aa,22,\
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(676)
    c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\TGTSoft\StyleXP\StyleXPService.exe
    c:\program files\Avast4.8\aswUpdSv.exe
    c:\program files\Avast4.8\ashServ.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32
    vsvc32.exe
    c:\windows\system32\PSIService.exe
    c:\windows\system32\searchindexer.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\searchprotocolhost.exe
    c:\windows\system32\searchfilterhost.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-14 18:22:09 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-14 17:22:06
    ComboFix2.txt 2009-02-14 16:22:42

    Pre-Run: 19.794.178.048 bytes beschikbaar
    Post-Run: 19,764,260,864 bytes beschikbaar

    400 — E O F — 2009-01-14 21:24:43





  • Hoe staat het met de problemen?
  • verholpen :lol:

    heel veel thanx
  • Graag gedaan,

    Doe nog even dit:

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:fa4cbae83f]ComboFix /U[/b:fa4cbae83f] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.