Vraag & Antwoord
Trojan Vundo =\
22 antwoorden
- Hallo,
Ik heb last van het Trojan Vundo virus.
Ik heb combofix al gedraaid, alleen als de pc opnieuw opgestart is krijg ik geen log. Weet iemand wat ik daaraan doen kan?
Nou heb ik net HijackThis geinstalleerd en daar heb ik wel een log van.
Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2007-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.memedia.com/advantage/moreinfo.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {3DA0F2D0-F0CD-425C-9323-B5A52203727F} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\cbxutqq.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196792601655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196857807765
O20 - Winlogon Notify: awtronk - awtronk.dll (file missing)
O20 - Winlogon Notify: cbxutqq - C:\WINDOWS\SYSTEM32\cbxutqq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
–
End of file - 5686 bytes - kick
- kan iemand mij plz helpen. Ik sta op het punt om windows er opnieuw op te zetten, want ik kan nu niets. Mijn bureaublad pictogrammen zijn weg en ik heb geen taakbalk.
- Rustig aan hé! Ik kijk even voor je
- Start Hijackthis, kies voor 'do a system scan only' en vink onderstaande regels aan:
[b:95b0138835]
O2 - BHO: (no name) - {3DA0F2D0-F0CD-425C-9323-B5A52203727F} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\cbxutqq.dll
O20 - Winlogon Notify: awtronk - awtronk.dll (file missing)
O20 - Winlogon Notify: cbxutqq - C:\WINDOWS\SYSTEM32\cbxutqq.dll
[/b:95b0138835]
Sluit alle openstaande vensters, behalve Hijackthis en klik op 'Fix checked'
Kun je de inhoud van C:\[b:95b0138835]Combofix.txt[/b:95b0138835] eens posten? Als je die niet kan vinden,
laat combofix opnieuw runnen en post het logje, samen met een nieuw Hijackthis logfile.
Pim - Ik krijg er volgens mij niet een te zien.
En als ik Combofix opnieuw run maakt het niet uit, want hij geeft geen log.
In C:\ComboFix staat dit: ComboFix 07-12-18.1 - Glenn 2007-12-18 19:31:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.207 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Glenn\Bureaublad\ComboFix.exe
.
[img:e106062430]http://img139.imageshack.us/img139/2731/lalzcc9.jpg[/img:e106062430] - Sla de regels die je niet kan vinden maar over, draai Combofix opnieuw en post die log :wink:
- Ik heb combofix al 3 keer opnieuw gerunned, maar dat helpt niets, want ik krijg geen log als windows opnieuw opgestart is.
- ComboFix 07-12-18.1 - Glenn 2007-12-18 20:08:04.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.238 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Glenn\Bureaublad\ComboFix.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))
.
2007-12-18 16:33 . 2007-12-18 16:33 <DIR> d—-c— C:\Program Files\Trend Micro
2007-12-18 16:12 . 2007-12-18 19:48 54,156 –ah-c— C:\WINDOWS\QTFont.qfn
2007-12-18 16:12 . 2007-12-18 16:12 1,409 –a–c— C:\WINDOWS\QTFont.for
2007-12-18 16:04 . 2007-12-18 20:03 <DIR> dr-h-c— C:\Documents and Settings\Glenn\Onlangs geopend
2007-12-18 13:44 . 2007-05-16 09:41 29,704 –a–c— C:\WINDOWS\system32\uxtuneup.dll
2007-12-18 13:43 . 2007-12-18 13:44 <DIR> d—-c— C:\Program Files\TuneUp Utilities 2007
2007-12-18 13:43 . 2007-12-18 13:43 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-17 16:14 . 2007-12-17 22:20 <DIR> d—-c— C:\Program Files\Winamp Remote
2007-12-17 16:12 . 2007-12-17 16:17 <DIR> d—-c— C:\Program Files\Winamp
2007-12-17 16:12 . 2007-12-17 16:20 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Winamp
2007-12-15 14:09 . 2007-12-15 14:10 <DIR> d—-c— C:\Program Files\Macromedia
2007-12-15 14:09 . 2007-12-15 14:13 <DIR> d—-c— C:\Program Files\Common Files\Macromedia
2007-12-15 14:08 . 2007-12-15 14:08 <DIR> d—-c— C:\WINDOWS\Downloaded Installations
2007-12-14 15:22 . 2007-12-14 15:22 <DIR> d—-c— C:\WINDOWS\Sun
2007-12-14 14:38 . 2007-12-14 14:42 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Hamachi
2007-12-14 14:37 . 2007-12-14 14:37 25,280 –a–c— C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-13 16:21 . 2007-12-16 15:42 <DIR> d—-c— C:\Program Files\TrackMania Nations ESWC
2007-12-12 17:11 . 2007-12-12 17:12 <DIR> d—-c— C:\Program Files\Pivot Stickfigure Animator
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 –a–c— C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 –a–c— C:\WINDOWS\system32\ssldivx.dll
2007-12-11 21:07 . 2007-12-11 21:07 121 –a–c— C:\WINDOWS\bdagent.INI
2007-12-11 14:08 . 2007-12-11 16:16 6,144 –ahsc— C:\WINDOWS\Thumbs.db
2007-12-11 13:30 . 2007-12-11 13:30 <DIR> d—-c— C:\Program Files\Rockstar Games
2007-12-09 19:17 . 2007-12-09 19:17 <DIR> d—-c— C:\Program Files\MSXML 4.0
2007-12-08 23:45 . 2004-07-09 08:43 364,544 —–c— C:\WINDOWS\system32\TwnLib4.dll
2007-12-08 23:15 . 2005-03-03 20:32 86,094 –a–c— C:\WINDOWS\system32\ImageDrive.cpl
2007-12-08 23:01 . 2007-12-18 19:49 116 –a–c— C:\WINDOWS\NeroDigital.ini
2007-12-08 21:34 . 2005-09-01 11:03 127,488 —–c— C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-08 21:34 . 2005-09-01 11:03 5,888 —–c— C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-08 21:33 . 2004-07-26 17:16 1,568,768 —–c— C:\WINDOWS\system32\ImagX7.dll
2007-12-08 21:33 . 2004-07-26 17:16 476,320 —–c— C:\WINDOWS\system32\ImagXpr7.dll
2007-12-08 21:33 . 2004-07-26 17:16 471,040 —–c— C:\WINDOWS\system32\ImagXRA7.dll
2007-12-08 21:33 . 2004-07-26 17:16 262,144 —–c— C:\WINDOWS\system32\ImagXR7.dll
2007-12-08 21:33 . 2000-06-26 10:45 106,496 –a–c— C:\WINDOWS\system32\TwnLib20.dll
2007-12-08 21:32 . 2007-12-08 21:32 <DIR> d—-c— C:\Program Files\Common Files\Ahead
2007-12-08 21:32 . 2007-12-08 21:33 <DIR> d—-c— C:\Program Files\Ahead
2007-12-08 21:32 . 2006-01-12 15:40 155,648 –a–c— C:\WINDOWS\system32\NeroCheck.exe
2007-12-08 19:41 . 2007-12-08 19:41 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\BitDefender
2007-12-08 19:41 . 2007-12-08 21:19 81,984 –a–c— C:\WINDOWS\system32\bdod.bin
2007-12-08 19:39 . 2007-12-08 19:39 <DIR> d—-c— C:\Program Files\BitDefender
2007-12-08 19:39 . 2007-12-08 19:45 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-08 19:38 . 2007-12-08 19:38 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-08 19:35 . 2007-12-08 19:39 <DIR> d—-c— C:\Program Files\Common Files\BitDefender
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Program Files\Webroot
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Program Files\Common Files\Webroot Shared
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Webroot
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-08 18:48 . 2007-11-26 14:47 194,888 –a–c— C:\WINDOWS\Unwash6.exe
2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d—-c— C:\WINDOWS\system32\XPSViewer
2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d—-c— C:\Program Files\Reference Assemblies
2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d—-c— C:\Program Files\MSBuild
2007-12-07 23:02 . 2006-06-29 13:07 14,048 —–c— C:\WINDOWS\system32\spmsg2.dll
2007-12-07 18:35 . 2007-12-07 18:35 287 –a–c— C:\WINDOWS\game.ini
2007-12-07 18:24 . 2007-12-07 18:26 <DIR> d—-c— C:\WINDOWS\system32\NtmsData
2007-12-07 18:05 . 2007-12-07 18:05 <DIR> d—-c— C:\Program Files\Activision
2007-12-07 17:37 . 2007-12-07 17:37 <DIR> d–hsc— C:\WINDOWS\ftpcache
2007-12-07 17:25 . 2007-12-07 17:25 <DIR> d—-c— C:\Program Files\MagicDisc
2007-12-07 17:25 . 2007-09-05 01:46 92,544 –a–c— C:\WINDOWS\system32\drivers\mcdbus.sys
2007-12-07 16:41 . 2007-12-08 23:20 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Ahead
2007-12-06 23:01 . 2007-12-06 23:01 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-05 21:51 . 2007-12-05 21:51 <DIR> d—-c— C:\Program Files\Webteh
2007-12-05 21:51 . 2007-12-05 22:02 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\BSplayer PRO
2007-12-05 21:41 . 2007-12-05 21:41 <DIR> d—-c— C:\Program Files\MSXML 6.0
2007-12-05 21:25 . 2007-12-05 21:25 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\vlc
2007-12-05 21:22 . 2007-12-05 21:22 <DIR> d—-c— C:\Program Files\VideoLAN
2007-12-05 21:18 . 2007-12-05 21:18 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Thinstall
2007-12-05 17:36 . 2007-07-09 14:20 582,656 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-05 16:48 . 2007-07-30 19:19 271,224 –a–c— C:\WINDOWS\system32\mucltui.dll
2007-12-05 16:48 . 2007-07-30 19:18 30,072 –a–c— C:\WINDOWS\system32\mucltui.dll.mui
2007-12-05 14:55 . 2007-12-05 14:56 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\MSN6
2007-12-05 14:55 . 2007-12-05 14:55 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\MSN6
2007-12-05 14:41 . 2007-12-05 14:41 395 –a–c— C:\WINDOWS\ODBC.INI
2007-12-05 14:40 . 2007-04-09 13:23 28,040 –a—— C:\WINDOWS\system32\mdimon.dll
2007-12-05 14:35 . 2007-12-13 20:34 <DIR> d—-c— C:\Program Files\DivX
2007-12-05 14:30 . 2007-12-05 14:32 <DIR> d—-c— C:\WINDOWS\SHELLNEW
2007-12-05 14:30 . 2007-12-05 14:30 <DIR> d—-c— C:\Program Files\Microsoft.NET
2007-12-05 14:23 . 2007-12-05 14:23 <DIR> dr-h-c— C:\MSOCache
2007-12-05 13:52 . 2007-12-13 12:23 <DIR> d—-c— C:\Documents and Settings\Glenn\Contacts
2007-12-05 13:43 . 2007-12-18 13:37 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\uTorrent
2007-12-05 13:41 . 2007-12-05 13:41 <DIR> d—-c— C:\Program Files\Lx_cats
2007-12-05 13:41 . 2007-12-05 13:41 9,531 –a–c— C:\WINDOWS\system32\LexFiles.ulf
2007-12-05 13:40 . 2004-11-09 15:29 65,536 -ra–c— C:\WINDOWS\system32\lxbycfg.dll
2007-12-05 13:40 . 2005-01-20 18:43 1,385 -ra–c— C:\WINDOWS\system32\lxby.loc
2007-12-05 13:39 . 2007-12-05 19:04 <DIR> d—-c— C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-12-05 13:39 . 2007-12-05 13:41 <DIR> d—-c— C:\Program Files\Lexmark P910 Series
2007-12-05 13:34 . 2007-12-05 13:34 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\TuneUp Software
2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d—-c— C:\Program Files\Windows Live
2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-04 22:00 . 2007-12-05 19:08 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 21:56 . 2007-12-04 21:57 <DIR> d—-c— C:\WINDOWS\system32\nl-nl
2007-12-04 21:51 . 2007-12-12 17:14 <DIR> d–h-c— C:\WINDOWS\$hf_mig$
2007-12-04 21:50 . 2007-10-11 00:53 6,065,664 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-04 21:50 . 2007-04-17 10:32 2,455,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-04 21:50 . 2007-03-08 06:11 1,032,192 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-04 21:50 . 2007-10-11 00:53 459,264 —–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-04 21:50 . 2007-10-11 00:53 383,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-04 21:50 . 2007-10-11 00:53 267,776 —–c— C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-04 21:50 . 2007-10-11 00:53 63,488 —–c— C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-04 21:50 . 2007-10-11 00:53 52,224 —–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-04 21:50 . 2007-10-10 11:59 13,824 —–c— C:\WINDOWS\system32\dllcache\ieudinit.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 13:08 ——— dc—-w C:\Program Files\QuickTime
2007-12-07 16:42 ——— dc—-w C:\Program Files\Common Files\InstallShield
2007-12-04 17:57 ——— dc—-w C:\Program Files\iTunes
2007-12-04 17:57 ——— dc—-w C:\Program Files\iPod
2007-12-04 17:57 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-04 17:57 ——— dc—-w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-04 17:56 ——— dc—-w C:\Program Files\Apple Software Update
2007-12-04 17:56 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-04 17:52 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-04 17:47 ——— dc—-w C:\Program Files\CCleaner
2007-12-04 16:59 ——— dc—-w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 -c–a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 -c–a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 -c–a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 00:47 96,760 -c–a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 -c–a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 -c–a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 -c–a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 02:39 267,272 -c–a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 66,056 -c–a-w C:\WINDOWS\system32\dxdllreg.exe
2007-10-22 02:37 17,928 -c–a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 10:31 51,224 —-a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-12 14:14 3,734,536 -c–a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 -c–a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-11 08:55 88,576 -c–a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 08:55 579,584 -c–a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 08:55 11,776 -c–a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 12:03 779,800 -c–a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 12:03 73,752 -c–a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 12:03 493,080 -c–a-w C:\WINDOWS\system32\evr.dll
2007-10-09 12:03 350,744 -c–a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 12:03 33,304 -c–a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 12:03 161,304 -c–a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 12:03 106,520 -c–a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 12:03 1,986,072 -c–a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 11:58 16,896 -c–a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-10-04 17:16 356,352 -c–a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 -c–a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 —-a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 -c–a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 -c–a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 -c–a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 —-a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 -c–a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 -c–a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 -c–a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 —-a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 -c–a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 -c–a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 -c–a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 -c–a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 -c–a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 -c–a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 -c–a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 -c–a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 -c–a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 -c–a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 -c–a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 -c–a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 -c–a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 -c–a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 -c–a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 -c–a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 -c–a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 -c–a-w C:\WINDOWS\system32\d3dx10_36.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
"LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 16:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-10 14:47]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-07-10 14:47]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-07-12 16:28]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-07-02 16:29]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 12:44:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-18 16:01:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 20:10:12
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Voltooingstijd: 2007-12-18 20:12:09
.
2007-12-17 14:24:44 — E O F — - even opnieuw gedaan en nu wel een logje
- Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:c913298aa2]
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"381FFDE8-2394-4F90-B10D-FC6124A40F8C"=-
[-HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[/b:c913298aa2]
Sla dit op op je Bureaublad als [b:c913298aa2]CFScript.txt[/b:c913298aa2]
Sleep [b:c913298aa2]CFScript.txt[/b:c913298aa2] in [b:c913298aa2]ComboFix.exe[/b:c913298aa2] zoals getoond in onderstaand voorbeeld :
[img:c913298aa2]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:c913298aa2]
Dit zal [b:c913298aa2]ComboFix[/b:c913298aa2] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:c913298aa2]Combofix.txt[/b:c913298aa2] in je volgende antwoord samen met een nieuw HijackThislogje.
Hoe is het inmiddels met je problemen?
Pim - [quote:23a064ce42="pimvandenderen"]Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
[b:23a064ce42]
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"381FFDE8-2394-4F90-B10D-FC6124A40F8C"=-
[-HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[/b:23a064ce42]
Sla dit op op je Bureaublad als [b:23a064ce42]CFScript.txt[/b:23a064ce42]
Sleep [b:23a064ce42]CFScript.txt[/b:23a064ce42] in [b:23a064ce42]ComboFix.exe[/b:23a064ce42] zoals getoond in onderstaand voorbeeld :
[img:23a064ce42]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:23a064ce42]
Dit zal [b:23a064ce42]ComboFix[/b:23a064ce42] doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de [b:23a064ce42]Combofix.txt[/b:23a064ce42] in je volgende antwoord samen met een nieuw HijackThislogje.
Hoe is het inmiddels met je problemen?
Pim[/quote:23a064ce42]Bedankt, het gaat nu goed met mijn pc. Ik heb nu tenminste een taakbalk en bureuabladachterpictogrammen.
. Eerst moest ik alles vanuit taakbeheer doen en nu kan ik m'n pc weer normaal gebruiken. Ik ga nu doen dat kladblokbestandje in Combofix doen.
- ComboFix 07-12-18.1 - Glenn 2007-12-19 16:12:29.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.264 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Glenn\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Glenn\Bureaublad\CFScript.txt.txt
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
.
2007-12-19 14:56 . 2007-12-19 14:56 54,156 –ah-c— C:\WINDOWS\QTFont.qfn
2007-12-19 14:56 . 2007-12-19 14:56 1,409 –a–c— C:\WINDOWS\QTFont.for
2007-12-18 16:33 . 2007-12-18 16:33 <DIR> d—-c— C:\Program Files\Trend Micro
2007-12-18 16:04 . 2007-12-19 15:10 <DIR> dr-h-c— C:\Documents and Settings\Glenn\Onlangs geopend
2007-12-18 13:44 . 2007-05-16 09:41 29,704 –a–c— C:\WINDOWS\system32\uxtuneup.dll
2007-12-18 13:43 . 2007-12-18 13:44 <DIR> d—-c— C:\Program Files\TuneUp Utilities 2007
2007-12-18 13:43 . 2007-12-18 13:43 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-17 16:14 . 2007-12-17 22:20 <DIR> d—-c— C:\Program Files\Winamp Remote
2007-12-17 16:12 . 2007-12-17 16:17 <DIR> d—-c— C:\Program Files\Winamp
2007-12-17 16:12 . 2007-12-17 16:20 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Winamp
2007-12-15 14:09 . 2007-12-15 14:10 <DIR> d—-c— C:\Program Files\Macromedia
2007-12-15 14:09 . 2007-12-15 14:13 <DIR> d—-c— C:\Program Files\Common Files\Macromedia
2007-12-15 14:08 . 2007-12-15 14:08 <DIR> d—-c— C:\WINDOWS\Downloaded Installations
2007-12-14 15:22 . 2007-12-14 15:22 <DIR> d—-c— C:\WINDOWS\Sun
2007-12-14 14:38 . 2007-12-14 14:42 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Hamachi
2007-12-14 14:37 . 2007-12-14 14:37 25,280 –a–c— C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-13 16:21 . 2007-12-16 15:42 <DIR> d—-c— C:\Program Files\TrackMania Nations ESWC
2007-12-12 17:11 . 2007-12-12 17:12 <DIR> d—-c— C:\Program Files\Pivot Stickfigure Animator
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 –a–c— C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 –a–c— C:\WINDOWS\system32\ssldivx.dll
2007-12-11 21:07 . 2007-12-11 21:07 121 –a–c— C:\WINDOWS\bdagent.INI
2007-12-11 14:08 . 2007-12-11 16:16 6,144 –ahsc— C:\WINDOWS\Thumbs.db
2007-12-11 13:30 . 2007-12-11 13:30 <DIR> d—-c— C:\Program Files\Rockstar Games
2007-12-09 19:17 . 2007-12-09 19:17 <DIR> d—-c— C:\Program Files\MSXML 4.0
2007-12-08 23:45 . 2004-07-09 08:43 364,544 —–c— C:\WINDOWS\system32\TwnLib4.dll
2007-12-08 23:15 . 2005-03-03 20:32 86,094 –a–c— C:\WINDOWS\system32\ImageDrive.cpl
2007-12-08 23:01 . 2007-12-18 19:49 116 –a–c— C:\WINDOWS\NeroDigital.ini
2007-12-08 21:34 . 2005-09-01 11:03 127,488 —–c— C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-08 21:34 . 2005-09-01 11:03 5,888 —–c— C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-08 21:33 . 2004-07-26 17:16 1,568,768 —–c— C:\WINDOWS\system32\ImagX7.dll
2007-12-08 21:33 . 2004-07-26 17:16 476,320 —–c— C:\WINDOWS\system32\ImagXpr7.dll
2007-12-08 21:33 . 2004-07-26 17:16 471,040 —–c— C:\WINDOWS\system32\ImagXRA7.dll
2007-12-08 21:33 . 2004-07-26 17:16 262,144 —–c— C:\WINDOWS\system32\ImagXR7.dll
2007-12-08 21:33 . 2000-06-26 10:45 106,496 –a–c— C:\WINDOWS\system32\TwnLib20.dll
2007-12-08 21:32 . 2007-12-08 21:32 <DIR> d—-c— C:\Program Files\Common Files\Ahead
2007-12-08 21:32 . 2007-12-08 21:33 <DIR> d—-c— C:\Program Files\Ahead
2007-12-08 21:32 . 2006-01-12 15:40 155,648 –a–c— C:\WINDOWS\system32\NeroCheck.exe
2007-12-08 19:41 . 2007-12-08 19:41 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\BitDefender
2007-12-08 19:41 . 2007-12-08 21:19 81,984 –a–c— C:\WINDOWS\system32\bdod.bin
2007-12-08 19:39 . 2007-12-08 19:39 <DIR> d—-c— C:\Program Files\BitDefender
2007-12-08 19:39 . 2007-12-08 19:45 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\BitDefender
2007-12-08 19:38 . 2007-12-08 19:38 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-08 19:35 . 2007-12-08 19:39 <DIR> d—-c— C:\Program Files\Common Files\BitDefender
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Program Files\Webroot
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Program Files\Common Files\Webroot Shared
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Webroot
2007-12-08 18:48 . 2007-12-08 18:48 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-08 18:48 . 2007-11-26 14:47 194,888 –a–c— C:\WINDOWS\Unwash6.exe
2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d—-c— C:\WINDOWS\system32\XPSViewer
2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d—-c— C:\Program Files\Reference Assemblies
2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d—-c— C:\Program Files\MSBuild
2007-12-07 23:02 . 2006-06-29 13:07 14,048 —–c— C:\WINDOWS\system32\spmsg2.dll
2007-12-07 18:35 . 2007-12-07 18:35 287 –a–c— C:\WINDOWS\game.ini
2007-12-07 18:24 . 2007-12-07 18:26 <DIR> d—-c— C:\WINDOWS\system32\NtmsData
2007-12-07 18:05 . 2007-12-07 18:05 <DIR> d—-c— C:\Program Files\Activision
2007-12-07 17:37 . 2007-12-07 17:37 <DIR> d–hsc— C:\WINDOWS\ftpcache
2007-12-07 17:25 . 2007-12-07 17:25 <DIR> d—-c— C:\Program Files\MagicDisc
2007-12-07 17:25 . 2007-09-05 01:46 92,544 –a–c— C:\WINDOWS\system32\drivers\mcdbus.sys
2007-12-07 16:41 . 2007-12-08 23:20 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Ahead
2007-12-06 23:01 . 2007-12-06 23:01 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-05 21:51 . 2007-12-05 21:51 <DIR> d—-c— C:\Program Files\Webteh
2007-12-05 21:51 . 2007-12-05 22:02 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\BSplayer PRO
2007-12-05 21:41 . 2007-12-05 21:41 <DIR> d—-c— C:\Program Files\MSXML 6.0
2007-12-05 21:25 . 2007-12-05 21:25 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\vlc
2007-12-05 21:22 . 2007-12-05 21:22 <DIR> d—-c— C:\Program Files\VideoLAN
2007-12-05 21:18 . 2007-12-05 21:18 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\Thinstall
2007-12-05 17:36 . 2007-07-09 14:20 582,656 —–c— C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-05 16:48 . 2007-07-30 19:19 271,224 –a–c— C:\WINDOWS\system32\mucltui.dll
2007-12-05 16:48 . 2007-07-30 19:18 30,072 –a–c— C:\WINDOWS\system32\mucltui.dll.mui
2007-12-05 14:55 . 2007-12-05 14:56 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\MSN6
2007-12-05 14:55 . 2007-12-05 14:55 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\MSN6
2007-12-05 14:41 . 2007-12-05 14:41 395 –a–c— C:\WINDOWS\ODBC.INI
2007-12-05 14:40 . 2007-04-09 13:23 28,040 –a—— C:\WINDOWS\system32\mdimon.dll
2007-12-05 14:35 . 2007-12-13 20:34 <DIR> d—-c— C:\Program Files\DivX
2007-12-05 14:30 . 2007-12-05 14:32 <DIR> d—-c— C:\WINDOWS\SHELLNEW
2007-12-05 14:30 . 2007-12-05 14:30 <DIR> d—-c— C:\Program Files\Microsoft.NET
2007-12-05 14:23 . 2007-12-05 14:23 <DIR> dr-h-c— C:\MSOCache
2007-12-05 13:52 . 2007-12-13 12:23 <DIR> d—-c— C:\Documents and Settings\Glenn\Contacts
2007-12-05 13:43 . 2007-12-18 13:37 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\uTorrent
2007-12-05 13:41 . 2007-12-05 13:41 <DIR> d—-c— C:\Program Files\Lx_cats
2007-12-05 13:41 . 2007-12-05 13:41 9,531 –a–c— C:\WINDOWS\system32\LexFiles.ulf
2007-12-05 13:40 . 2004-11-09 15:29 65,536 -ra–c— C:\WINDOWS\system32\lxbycfg.dll
2007-12-05 13:40 . 2005-01-20 18:43 1,385 -ra–c— C:\WINDOWS\system32\lxby.loc
2007-12-05 13:39 . 2007-12-05 19:04 <DIR> d—-c— C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-12-05 13:39 . 2007-12-05 13:41 <DIR> d—-c— C:\Program Files\Lexmark P910 Series
2007-12-05 13:34 . 2007-12-05 13:34 <DIR> d—-c— C:\Documents and Settings\Glenn\Application Data\TuneUp Software
2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d—-c— C:\Program Files\Windows Live
2007-12-04 22:01 . 2007-12-05 13:50 <DIR> d–hsc— C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-04 22:00 . 2007-12-05 19:08 <DIR> d—-c— C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-04 21:56 . 2007-12-04 21:57 <DIR> d—-c— C:\WINDOWS\system32\nl-nl
2007-12-04 21:51 . 2007-12-12 17:14 <DIR> d–h-c— C:\WINDOWS\$hf_mig$
2007-12-04 21:50 . 2007-10-11 00:53 6,065,664 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-04 21:50 . 2007-04-17 10:32 2,455,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-04 21:50 . 2007-03-08 06:11 1,032,192 —–c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-04 21:50 . 2007-10-11 00:53 459,264 —–c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-04 21:50 . 2007-10-11 00:53 383,488 —–c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-04 21:50 . 2007-10-11 00:53 267,776 —–c— C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-04 21:50 . 2007-10-11 00:53 63,488 —–c— C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-04 21:50 . 2007-10-11 00:53 52,224 —–c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-04 21:50 . 2007-10-10 11:59 13,824 —–c— C:\WINDOWS\system32\dllcache\ieudinit.exe
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 13:08 ——— dc—-w C:\Program Files\QuickTime
2007-12-07 16:42 ——— dc—-w C:\Program Files\Common Files\InstallShield
2007-12-04 17:57 ——— dc—-w C:\Program Files\iTunes
2007-12-04 17:57 ——— dc—-w C:\Program Files\iPod
2007-12-04 17:57 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-04 17:57 ——— dc—-w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-12-04 17:56 ——— dc—-w C:\Program Files\Apple Software Update
2007-12-04 17:56 ——— dc—-w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-04 17:52 685,816 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-04 17:47 ——— dc—-w C:\Program Files\CCleaner
2007-12-04 16:59 ——— dc—-w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 -c–a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:45 1,291,776 -c–a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 -c–a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 00:47 96,760 -c–a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 -c–a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 -c–a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 -c–a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 02:39 267,272 -c–a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 66,056 -c–a-w C:\WINDOWS\system32\dxdllreg.exe
2007-10-22 02:37 17,928 -c–a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 10:31 51,224 —-a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-12 14:14 3,734,536 -c–a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 -c–a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-11 08:55 88,576 -c–a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 08:55 579,584 -c–a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 08:55 11,776 -c–a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 12:03 779,800 -c–a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 12:03 73,752 -c–a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 12:03 493,080 -c–a-w C:\WINDOWS\system32\evr.dll
2007-10-09 12:03 350,744 -c–a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 12:03 33,304 -c–a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 12:03 161,304 -c–a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 12:03 106,520 -c–a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 12:03 1,986,072 -c–a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 11:58 16,896 -c–a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-10-04 17:16 356,352 -c–a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-10-04 16:14 81,920 -c–a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 —-a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 -c–a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,750,208 -c–a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 -c–a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 —-a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 -c–a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 -c–a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 -c–a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 —-a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 -c–a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 -c–a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 356,352 -c–a-w C:\WINDOWS\system32\nvudisp.exe
2007-10-04 16:14 307,200 -c–a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 -c–a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 -c–a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 -c–a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 -c–a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 -c–a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 -c–a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 -c–a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 -c–a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 -c–a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 -c–a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 -c–a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 -c–a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 -c–a-w C:\WINDOWS\system32\nvwimg.dll
2007-10-02 08:56 444,776 -c–a-w C:\WINDOWS\system32\d3dx10_36.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 01:03 C:\WINDOWS\system32\rundll32.exe]
"LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 16:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-07-10 14:47]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe -k netsvcs []
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-07-10 14:47]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-07-12 16:28]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-07-02 16:29]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe -kbdx []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
"2007-12-18 12:44:25 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-18 16:01:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-14 16:15:00 C:\WINDOWS\Tasks\Easy Onderhoud.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 16:15:18
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Voltooingstijd: 2007-12-19 16:16:21
C:\ComboFix2.txt … 2007-12-18 20:12
.
2007-12-17 14:24:44 — E O F — - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:47, on 19-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.memedia.com/advantage/moreinfo.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196792601655
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196857807765
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
–
End of file - 5353 bytes - Onderstaande regel mag je aanvinken en daarna klikken op 'Fix Checked'
[b:b50b456fcd]O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) [/b:b50b456fcd]
Deinstalleer Combofix, ga naar start –> uitvoeren en typ daar: [b:b50b456fcd]Combofix /u[/b:b50b456fcd].
Hoe is het met je problemen?
Pim - [quote:b4690c7c43="pimvandenderen"]Onderstaande regel mag je aanvinken en daarna klikken op 'Fix Checked'
[b:b4690c7c43]O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file) [/b:b4690c7c43]
Deinstalleer Combofix, ga naar start –> uitvoeren en typ daar: [b:b4690c7c43]Combofix /u[/b:b4690c7c43].
Hoe is het met je problemen?
Pim[/quote:b4690c7c43]Thnx. Het gaat goed met m'n problemen, heb nergens last van. - Kan ik Hijackthis en de logjes nu verwijderen, of moet er nog iets gebeuren?
- Download ATF Cleaner (by Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij [b:0680dbd8f6]Select All[/b:0680dbd8f6].
Klik op de knop [b:0680dbd8f6]Empty Selected[/b:0680dbd8f6].
Het volgende doen als je ook [u:0680dbd8f6]FireFox[/u:0680dbd8f6] als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij [b:0680dbd8f6]Select All[/b:0680dbd8f6].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:0680dbd8f6]Empty Selected.[/b:0680dbd8f6]
Het volgende doen als je ook [u:0680dbd8f6]Opera[/u:0680dbd8f6] als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij [b:0680dbd8f6]Select All[/b:0680dbd8f6].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:0680dbd8f6]Empty Selected[/b:0680dbd8f6].
Ga naar het tabblad "Main" en klik op de knop [b:0680dbd8f6]Exit[/b:0680dbd8f6] om het programma af te sluiten.
Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html
Voor de rest is het goed
Pim - Bedankt, serieus.
Ik heb geen indee hoe dit virus zomaar op mijn computer kon komen, want ik heb een hele goeie virusscanner namelijk bitdefender. En een firewall heb ik ook aan staan. Maarja, het is nu tenminste weer goed zoals het hoort. - En dat ATF cleaner.. is dat zoiets als ccleaner, want dat heb ik namlelijk wel.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden