Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

HijackThis report

None
15 antwoorden
  • Onderstaand rapport is van HijackThis. Kan iemand de resultaten voor mij vertalen. Ik vermoed dat de computer ondanks scans nog bedreigingen bevat. Bovendien staan er nog duizenden pos.tmp bestanden op de schijf, die ik er met geen mogelijkheid af krijg. Hoe verwijder ik deze?

    Willem

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:41:27, on 12-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\lxdicoms.exe
    C:\Program Files\Router\Router.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\HiJackThis.exe
    C:\WINDOWS\SoftwareDistribution\Download\49f9356de17faaef8b71e538a183c321\update\update.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin
    edirect/?country=NL&range=AD&phase=6&key=SEARCH
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiomarimanga.dk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline
    l.htm
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1043
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\System32\serbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\serbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-21-835208182-2548316670-3541621641-1013\..\Run: [Router] C:\Program Files\Router\Router.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_nl.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?f37d44ac492924dc063287e7256ff18ecfd47e0337570ba83184e71c504e963b95236c868425298f89b447183f619d26ee6674e426fe125aa66fafc22061bd61e2ef0b3c25:9aba7c18c9800e1f1bca9acc387e48ea
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00FD272.dat
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe


    End of file - 6462 bytes


  • Download [b:26c6a049d9]Combofix[/b:26c6a049d9] naar je [b:26c6a049d9]bureaublad[/b:26c6a049d9]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:26c6a049d9]download Combofix opnieuw[/b:26c6a049d9]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:26c6a049d9]combofix.exe[/u:26c6a049d9]
    Kies voor "Continue" door [b:26c6a049d9]1[/b:26c6a049d9] te typen gevolgd door [b:26c6a049d9]ENTER[/b:26c6a049d9].
    Tijdens het runnen van de fix, [b:26c6a049d9]NIET[/b:26c6a049d9] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:26c6a049d9]combofix.txt[/b:26c6a049d9] openen.
    [i:26c6a049d9]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:26c6a049d9]

    Succes!
    Pim
  • ComboFix gedraaid en meteen al een hele stap verder! Hieronder het rapport (drastisch ingekort, want het was ondoenlijk om die hele lap tekst hier in te voegen: weggelaten zijn de meldingen van alle pos.tmp en .dll bestanden die het programma verwijderd heeft). Verder ook een nieuwe HijackThis. In de map Mijn Documenten heb ik zelf nog duizenden pos.tmp bestanden handmatig verwijderd. Vreemd vind ik nog router.exe (nog steeds actief in lijst processen). Verder geen meldingen meer van systeemfouten en de twee icoontjes op het bureaublad die steeds terug kwamen zijn ook weg.

    ——————–
    ComboFix
    ——————–

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_DOMAINSERVICE
    ——-\DomainService


    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))
    .

    2008-01-13 10:59 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-13 10:53 . 2008-01-13 15:07 <DIR> dr-h—– C:\Documents and Settings\Luljetaa & Vjoletaa\Onlangs geopend
    2008-01-12 16:13 . 2008-01-13 10:52 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2008-01-12 16:01 . 2007-08-13 18:54 33,792 –a—— C:\WINDOWS\system32\dllcache\custsat.dll
    2008-01-12 15:37 . 2008-01-13 10:26 415 —hs—- C:\WINDOWS\system32\pocfwblj.ini
    2008-01-12 15:30 . 2006-08-21 10:14 128,896 ——— C:\WINDOWS\system32\dllcache\fltmgr.sys
    2008-01-12 15:30 . 2006-08-21 10:14 23,040 ——— C:\WINDOWS\system32\dllcache\fltmc.exe
    2008-01-12 15:30 . 2006-08-21 13:28 16,896 ——— C:\WINDOWS\system32\dllcache\fltlib.dll
    2008-01-12 15:20 . 2008-01-12 15:20 <DIR> d——– C:\Program Files\MSXML 4.0
    2008-01-12 15:00 . 2008-01-13 10:55 <DIR> d——– C:\VundoFix Backups
    2008-01-12 14:53 . 2007-07-09 14:11 584,192 ——— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-11 22:03 . 2007-12-04 15:51 42,912 –a—— C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-11 22:03 . 2007-12-04 15:49 26,624 –a—— C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-11 22:03 . 2007-12-04 15:53 23,152 –a—— C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-11 22:02 . 2007-12-04 13:54 95,608 –a—— C:\WINDOWS\system32\AvastSS.scr
    2008-01-11 22:01 . 2007-12-04 15:55 94,544 –a—— C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-11 22:01 . 2007-12-04 15:56 93,264 –a—— C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-11 22:00 . 2007-12-04 14:04 837,496 –a—— C:\WINDOWS\system32\aswBoot.exe
    2008-01-11 22:00 . 2004-01-09 10:13 380,928 –a—— C:\WINDOWS\system32\actskin4.ocx
    2008-01-11 21:59 . 2008-01-11 21:59 <DIR> d——– C:\Program Files\Alwil Software
    2008-01-11 21:43 . 2008-01-11 22:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-11 21:40 . 2008-01-11 21:42 <DIR> d–h—– C:\RD4B335D2AF9F44185AFC417F8D8D4B473DR
    2008-01-11 21:39 . 2008-01-11 21:39 <DIR> d——– C:\Program Files\AusLogics Registry Defrag
    2008-01-11 19:39 . 2008-01-11 22:49 128 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe
    2008-01-11 19:14 . 2008-01-11 19:14 <DIR> d——– C:\Documents and Settings\luljeta shala\Bureaublad
    2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d——– C:\Program Files\Avira
    2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d——– C:\WINDOWS\provisioning
    2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d——– C:\WINDOWS\peernet
    2008-01-11 18:58 . 2008-01-11 18:58 <DIR> d——– C:\WINDOWS\ServicePackFiles
    2008-01-11 18:51 . 2008-01-11 18:51 <DIR> d——– C:\WINDOWS\EHome
    2008-01-11 16:55 . 2008-01-11 19:20 <DIR> d——– C:\Program Files\CCleaner
    2008-01-11 16:34 . 2008-01-11 16:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-11 15:57 . 2008-01-11 15:57 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-11 15:25 . 2001-09-06 19:04 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-11 15:25 . 2001-09-06 19:04 12,288 –a—— C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-01-08 14:48 . 2008-01-09 20:19 1,049,629 —hs—- C:\WINDOWS\system32\aamamnll.ini
    2008-01-08 14:47 . 2008-01-08 14:47 37,888 –a—— C:\WINDOWS\system32\opnmnop.dll
    2008-01-07 18:14 . 2008-01-08 14:45 1,043,855 —hs—- C:\WINDOWS\system32\ryhgwvws.ini
    2008-01-07 18:14 . 2008-01-07 18:14 37,888 –a—— C:\WINDOWS\system32\awttust.dll
    2008-01-07 18:14 . 2008-01-07 18:14 260 –a—— C:\6589.bat
    2008-01-04 12:43 . 2008-01-05 13:09 1,043,920 —hs—- C:\WINDOWS\system32\ityvoajr.ini
    2008-01-04 11:40 . 2008-01-04 12:16 1,038,424 —hs—- C:\WINDOWS\system32\mnbqmmng.ini
    2008-01-03 19:01 . 2008-01-04 10:53 1,039,144 —hs—- C:\WINDOWS\system32\cteotmwq.ini
    2008-01-03 18:17 . 2008-01-03 18:56 1,039,024 —hs—- C:\WINDOWS\system32\yijnyvuk.ini
    2008-01-03 14:46 . 2008-01-03 18:13 1,036,702 —hs—- C:\WINDOWS\system32\qbxqekma.ini
    2008-01-03 14:46 . 2008-01-13 11:08 134,333 —hs—- C:\WINDOWS\system32\qqtwa.ini2
    2008-01-03 12:56 . 2008-01-03 14:42 1,032,113 —hs—- C:\WINDOWS\system32\xlglcyok.ini
    2008-01-02 18:30 . 2008-01-03 12:52 1,031,698 —hs—- C:\WINDOWS\system32\fbqnblyw.ini
    2008-01-02 17:31 . 2008-01-02 18:26 1,031,578 —hs—- C:\WINDOWS\system32\pwyuxdoo.ini
    2008-01-02 14:25 . 2008-01-02 17:27 1,031,458 —hs—- C:\WINDOWS\system32\luikxrju.ini
    2008-01-01 18:39 . 2008-01-02 10:11 1,031,559 —hs—- C:\WINDOWS\system32\ipiiwgvk.ini
    2007-12-30 14:23 . 2008-01-01 18:36 1,031,439 —hs—- C:\WINDOWS\system32\mrxsaeww.ini
    2007-12-30 11:39 . 2007-12-30 14:21 1,031,319 —hs—- C:\WINDOWS\system32\tdwhrtcr.ini
    2007-12-30 09:45 . 2007-12-30 11:38 1,031,199 —hs—- C:\WINDOWS\system32\hhjjoecg.ini
    2007-12-29 20:25 . 2007-12-30 09:25 1,031,199 —hs—- C:\WINDOWS\system32\byjhcnyv.ini
    2007-12-29 10:25 . 2007-12-29 16:29 1,031,559 —hs—- C:\WINDOWS\system32\xjwfwarh.ini
    2007-12-28 18:29 . 2007-12-29 10:23 1,031,439 —hs—- C:\WINDOWS\system32\wysufjyk.ini
    2007-12-28 15:39 . 2007-12-28 18:27 1,031,319 —hs—- C:\WINDOWS\system32\gmvtgevg.ini
    2007-12-28 15:00 . 2007-12-28 15:38 1,031,199 —hs—- C:\WINDOWS\system32\mkxomddn.ini
    2007-12-28 14:22 . 2007-12-28 14:39 1,031,439 —hs—- C:\WINDOWS\system32\puwqnvrh.ini
    2007-12-28 13:34 . 2007-12-28 14:21 1,031,319 —hs—- C:\WINDOWS\system32\kimjbtfn.ini
    2007-12-28 12:27 . 2007-12-28 13:31 1,031,199 —hs—- C:\WINDOWS\system32\hvpmfpek.ini
    2007-12-28 11:36 . 2007-12-28 12:03 1,031,559 —hs—- C:\WINDOWS\system32\llulfvxn.ini
    2007-12-28 11:22 . 2007-12-28 11:34 1,031,439 —hs—- C:\WINDOWS\system32\epqrryda.ini
    2007-12-28 11:01 . 2007-12-28 11:20 1,031,319 —hs—- C:\WINDOWS\system32\mwwoutqm.ini
    2007-12-28 10:33 . 2007-12-28 11:00 1,031,199 —hs—- C:\WINDOWS\system32\bpdwpkvg.ini
    2007-12-28 09:47 . 2007-12-28 10:11 1,031,499 —hs—- C:\WINDOWS\system32\lcdtsfvq.ini
    2007-12-28 09:12 . 2007-12-28 09:43 1,031,379 —hs—- C:\WINDOWS\system32\yfjvvppr.ini
    2007-12-27 20:54 . 2007-12-28 09:09 1,031,259 —hs—- C:\WINDOWS\system32\ofyaeuvr.ini
    2007-12-27 20:36 . 2007-12-27 20:51 1,031,199 —hs—- C:\WINDOWS\system32\aurysfmy.ini
    2007-12-27 20:21 . 2007-12-27 20:21 260 –a—— C:\7998.bat
    2007-12-27 20:21 . 2007-12-27 20:21 77 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat
    2007-12-27 20:08 . 2007-12-27 20:17 1,031,199 —hs—- C:\WINDOWS\system32\vxxvgwkq.ini
    2007-12-27 19:59 . 2007-12-27 19:59 77 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat
    2007-12-27 19:49 . 2007-12-27 19:59 982,994 —hs—- C:\WINDOWS\system32\keacldfb.ini
    2007-12-27 19:38 . 2007-12-27 19:46 1,031,439 —hs—- C:\WINDOWS\system32\bwsfkkqs.ini
    2007-12-27 19:28 . 2007-12-27 19:28 260 –a—— C:\9397.bat
    2007-12-27 19:02 . 2007-12-27 19:23 1,031,259 —hs—- C:\WINDOWS\system32\eexdaqmt.ini
    2007-12-27 17:03 . 2007-12-27 17:03 260 –a—— C:\2082.bat
    2007-12-27 17:00 . 2007-12-27 17:12 1,031,559 —hs—- C:\WINDOWS\system32\hwqejoli.ini
    2007-12-27 16:35 . 2007-12-27 16:59 1,031,439 —hs—- C:\WINDOWS\system32\gidafxgi.ini
    2007-12-27 14:29 . 2007-12-27 16:30 1,031,319 —hs—- C:\WINDOWS\system32\jqfpkpno.ini
    2007-12-27 14:07 . 2007-12-27 14:25 1,029,790 —hs—- C:\WINDOWS\system32\josohsrv.ini
    2007-12-27 10:28 . 2007-12-27 10:28 260 –a—— C:\2502.bat
    2007-12-27 10:27 . 2007-12-27 13:49 1,029,790 —hs—- C:\WINDOWS\system32\cphchufq.ini
    2007-12-26 19:54 . 2007-12-27 10:08 1,027,702 —hs—- C:\WINDOWS\system32\kaqmkicw.ini
    2007-12-26 19:25 . 2007-12-26 19:50 1,027,582 —hs—- C:\WINDOWS\system32\xhslvhuc.ini
    2007-12-26 18:43 . 2007-12-26 19:10 1,027,702 —hs—- C:\WINDOWS\system32\fbcljfbg.ini
    2007-12-26 18:24 . 2007-12-26 18:42 1,027,582 —hs—- C:\WINDOWS\system32\iitlkyfi.ini
    2007-12-26 12:41 . 2007-12-26 18:12 1,027,642 —hs—- C:\WINDOWS\system32
    gvxseaf.ini
    2007-12-26 10:38 . 2007-12-26 11:02 1,018,742 —hs—- C:\WINDOWS\system32\upfkmftc.ini
    2007-12-26 09:51 . 2007-12-26 10:34 1,018,622 —hs—- C:\WINDOWS\system32\wnbrdukj.ini
    2007-12-25 20:13 . 2007-12-26 09:14 1,018,862 —hs—- C:\WINDOWS\system32\vooasukf.ini
    2007-12-25 18:56 . 2007-12-25 20:10 1,018,742 —hs—- C:\WINDOWS\system32\odseduoh.ini
    2007-12-25 18:30 . 2007-12-25 18:55 1,018,622 —hs—- C:\WINDOWS\system32\bnefaykv.ini
    2007-12-25 17:08 . 2007-12-25 17:48 1,018,062 —hs—- C:\WINDOWS\system32\hqiglylo.ini
    2007-12-25 16:26 . 2007-12-25 16:46 1,017,967 —hs—- C:\WINDOWS\system32\wrnjdhrx.ini
    2007-12-25 15:56 . 2007-12-25 16:23 1,017,847 —hs—- C:\WINDOWS\system32\gpcycuwb.ini
    2007-12-25 15:22 . 2007-12-25 15:52 1,013,190 —hs—- C:\WINDOWS\system32\byhfjnji.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-11 20:34 ——— d—–w C:\Documents and Settings\All Users\Application Data\bowscopygplbias
    2008-01-11 18:14 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-01-11 15:53 ——— d—–w C:\Program Files\Logitech
    2008-01-11 15:52 ——— d—–w C:\Program Files\Java
    2008-01-11 15:34 ——— d—–w C:\Program Files\Lavasoft
    2008-01-11 14:54 ——— d—–w C:\Program Files\Sonic
    2007-12-23 09:44 134 —-a-w C:
    .bat
    2007-12-06 14:46 260 —-a-w C:\9512.bat
    2007-12-06 11:49 260 —-a-w C:\8232.bat
    2007-12-02 07:50 ——— d—–w C:\Program Files\Lexmark Fax Solutions
    2007-12-02 07:50 ——— d—–w C:\Program Files\Lexmark 3500-4500 Series
    2007-11-30 19:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
    2007-11-30 16:11 278,548 —-a-w C:\WINDOWS\Fonts\Setup.exe
    2007-11-25 08:07 ——— d—–w C:\Program Files\MSN Messenger
    2007-11-13 10:25 20,480 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280D88AE-CE64-4BE7-8E52-551B34657A15}]
    C:\WINDOWS\System32\kgsyksuy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5231DF7D-A750-42D9-A5E6-0D571C3A080d}]
    C:\WINDOWS\System32\kgsyksuy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598DD3A8-E10F-44B2-9253-EEEB07706F7D}]
    C:\WINDOWS\System32\awtqq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a}]
    C:\WINDOWS\System32\kgsyksuy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B818DDD6-F572-460D-BCA6-EAF1AB6B31E1}]
    C:\WINDOWS\System32\kgsyksuy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0AFA514-6CFB-3D29-8F5C-4FE6708709E4}]
    C:\WINDOWS\System32\kjjrtw.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Router"="C:\Program Files\Router\Router.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 10:33 249896]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "avnort"= C:\WINDOWS\System32\serbw.exe
    "ltwob"= C:\WINDOWS\System32\serbw.exe
    "serpe"= C:\WINDOWS\System32\formatsys.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\cbxxwwu]
    cbxxwwu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\mljgd]
    C:\WINDOWS\System32\mljgd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ssqnnnm]
    ssqnnnm.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare Software.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare Software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
    C:\Program Files\BullsEye Network\bin\bargains.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Date Army Wma Spam]
    C:\Documents and Settings\All Users\Application Data\Peak ooze date army\Book Idle.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    –a—— 2007-07-16 17:54 311984 C:\Program Files\\Lexmark Fax Solutions\fm3032.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
    C:\WINDOWS\Fonts\svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
    C:\Program Files\Internet Optimizer\optimize313.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
    –a—— 2007-04-18 15:49 7116352 C:\program files\internetcalls.com\internetcalls\internetcalls.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    ——— 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    ——— 2004-06-01 11:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    ——— 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    ——— 2004-06-01 10:03 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    –a—— 2004-05-21 18:11 221184 C:\WINDOWS\System32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    –a—— 2007-07-16 17:54 25264 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    –a—— 2007-07-16 17:54 434864 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
    C:\Program Files\Media Gateway\MediaGateway.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    –a—— 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    –a—— 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCompromaat]
    C:\Program Files\NoCompromaat\GDC.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    –a—— 2004-06-25 15:20 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    C:\WINDOWS\retadpu1000627.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalesMonitor]
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
    –a—— 2007-09-24 18:58 82964 C:\WINDOWS\System32\hcowxxly.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
    –a—— 2004-04-16 14:53 249856 C:\WINDOWS\System32\keyhook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector]
    C:\Program Files\StorageProtector\SysRep.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
    C:\Program Files\SurfAccuracy\SAcc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ucookw]
    C:\PROGRA~1\STORAG~1\ucookw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uerscw]
    C:\Program Files\ErrorSafe Free\uerscw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugdccw]
    C:\PROGRA~1\NOCOMP~1\UGDCcw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uwxlof]
    C:\Program Files\Dxmd\Vqhrbwc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTiFQgdch]
    C:\WINDOWS\erqyfrno.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
    C:\Program Files\webHancer\Programs\whagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
    C:\Program Files\WinPop\winpop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
    C:\Program Files\Words\Words.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\erqyfrno.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\erqyfrno.exe

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R2 lxdi_device;lxdi_device;C:\WINDOWS\System32\lxdicoms.exe [2007-06-11 15:14]
    R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 15:14]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-07 15:04:18 C:\WINDOWS\Tasks\A07799F291881936.job"
    - c:\docume~1\luljeta\applic~1\memopi~1\filmaudioteam.exe
    "2005-10-21 18:00:01 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-13 18:14:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-13 18:25:22 - machine was rebooted [Luljetaa & Vjoletaa]
    ComboFix-quarantined-files.txt 2008-01-13 17:25:16
    .
    2008-01-13 09:53:05 — E O F —


    ——————–
    Nieuwe HijackThis
    ——————–

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:46:12, on 13-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\WINDOWS\System32\lxdicoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radiomarimanga.dk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1043
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {280D88AE-CE64-4BE7-8E52-551B34657A15} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {5231DF7D-A750-42D9-A5E6-0D571C3A080d} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {598DD3A8-E10F-44B2-9253-EEEB07706F7D} - C:\WINDOWS\System32\awtqq.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {B818DDD6-F572-460D-BCA6-EAF1AB6B31E1} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {C0AFA514-6CFB-3D29-8F5C-4FE6708709E4} - C:\WINDOWS\System32\kjjrtw.dll (file missing)
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\System32\serbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\serbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?f37d44ac492924dc063287e7256ff18ecfd47e0337570ba83184e71c504e963b95236c868425298f89b447183f619d26ee6674e426fe125aa66fafc22061bd61e2ef0b3c25:9aba7c18c9800e1f1bca9acc387e48ea
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O20 - Winlogon Notify: cbxxwwu - cbxxwwu.dll (file missing)
    O20 - Winlogon Notify: mljgd - C:\WINDOWS\System32\mljgd.dll (file missing)
    O20 - Winlogon Notify: ssqnnnm - ssqnnnm.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe


    End of file - 7147 bytes






  • Prima dat je hem had ingekort, wil je volgende keer el het bovenste stukje met versie erbij plaatsen :)

    1. Ga naar start –> configuratiescherm –> software en verwijder daar, [b:f9d9fa85d0]indien aanwezig[/b:f9d9fa85d0]
    [b:f9d9fa85d0]
    BullsEye Network
    Internet Optimizer
    internetcalls.com
    Media Gateway
    WinAntiSpyware 2007
    StorageProtector
    SurfAccuracy
    ErrorSafe Free
    webHancer
    WinPop
    ISTsvc
    [/b:f9d9fa85d0]
    [i:f9d9fa85d0]*Note: het zou kunnen dat sommige programma's een iets wat andere benaming hebben. [/i:f9d9fa85d0]
    Na het verwijderen van deze programma's, herstart je PC.

    2. Start Hijackthis, kies voor [i:f9d9fa85d0]'Do a system scan only'[/i:f9d9fa85d0] en vink onderstaande regels aan:
    [b:f9d9fa85d0]
    O2 - BHO: (no name) - {280D88AE-CE64-4BE7-8E52-551B34657A15} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {5231DF7D-A750-42D9-A5E6-0D571C3A080d} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {598DD3A8-E10F-44B2-9253-EEEB07706F7D} - C:\WINDOWS\System32\awtqq.dll (file missing)
    O2 - BHO: (no name) - {AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {B818DDD6-F572-460D-BCA6-EAF1AB6B31E1} - C:\WINDOWS\System32\kgsyksuy.dll (file missing)
    O2 - BHO: (no name) - {C0AFA514-6CFB-3D29-8F5C-4FE6708709E4} - C:\WINDOWS\System32\kjjrtw.dll (file missing)
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKLM\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\System32\serbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\serbw.exe
    O4 - HKLM\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\formatsys.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline
    l.htm
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O20 - Winlogon Notify: cbxxwwu - cbxxwwu.dll (file missing)
    O20 - Winlogon Notify: mljgd - C:\WINDOWS\System32\mljgd.dll (file missing)
    O20 - Winlogon Notify: ssqnnnm - ssqnnnm.dll (file missing)
    [/b:f9d9fa85d0]
    Sluit nu [u:f9d9fa85d0]alle[/u:f9d9fa85d0] openstaande vensters, behalve Hijackthis en klik op [b:f9d9fa85d0]Fix Checked[/b:f9d9fa85d0].

    3. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:f9d9fa85d0]
    File::
    C:\WINDOWS\system32\pocfwblj.ini
    C:\WINDOWS\system32\aamamnll.ini
    C:\WINDOWS\system32\opnmnop.dll
    C:\WINDOWS\system32\awttust.dll
    C:\6589.bat
    C:\WINDOWS\system32\ityvoajr.ini
    C:\WINDOWS\system32\mnbqmmng.ini
    C:\WINDOWS\system32\cteotmwq.ini
    C:\WINDOWS\system32\yijnyvuk.ini
    C:\WINDOWS\system32\qbxqekma.ini
    C:\WINDOWS\system32\qqtwa.ini2
    C:\WINDOWS\system32\xlglcyok.ini
    C:\WINDOWS\system32\fbqnblyw.ini
    C:\WINDOWS\system32\pwyuxdoo.ini
    C:\WINDOWS\system32\luikxrju.ini
    C:\WINDOWS\system32\ipiiwgvk.ini
    C:\WINDOWS\system32\mrxsaeww.ini
    C:\WINDOWS\system32\tdwhrtcr.ini
    C:\WINDOWS\system32\hhjjoecg.ini
    C:\WINDOWS\system32\byjhcnyv.ini
    C:\WINDOWS\system32\xjwfwarh.ini
    C:\WINDOWS\system32\wysufjyk.ini
    C:\WINDOWS\system32\gmvtgevg.ini
    C:\WINDOWS\system32\mkxomddn.ini
    C:\WINDOWS\system32\puwqnvrh.ini
    C:\WINDOWS\system32\kimjbtfn.ini
    C:\WINDOWS\system32\hvpmfpek.ini
    C:\WINDOWS\system32\llulfvxn.ini
    C:\WINDOWS\system32\epqrryda.ini
    C:\WINDOWS\system32\mwwoutqm.ini
    C:\WINDOWS\system32\bpdwpkvg.ini
    C:\WINDOWS\system32\lcdtsfvq.ini
    C:\WINDOWS\system32\yfjvvppr.ini
    C:\WINDOWS\system32\ofyaeuvr.ini
    C:\WINDOWS\system32\aurysfmy.ini
    C:\7998.bat
    C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat
    C:\WINDOWS\system32\vxxvgwkq.ini
    C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat
    C:\WINDOWS\system32\keacldfb.ini
    C:\WINDOWS\system32\bwsfkkqs.ini
    C:\9397.bat
    C:\WINDOWS\system32\eexdaqmt.ini
    C:\2082.bat
    C:\WINDOWS\system32\hwqejoli.ini
    C:\WINDOWS\system32\gidafxgi.ini
    C:\WINDOWS\system32\jqfpkpno.ini
    C:\WINDOWS\system32\josohsrv.ini
    C:\2502.bat
    C:\WINDOWS\system32\cphchufq.ini
    C:\WINDOWS\system32\kaqmkicw.ini
    C:\WINDOWS\system32\xhslvhuc.ini
    C:\WINDOWS\system32\fbcljfbg.ini
    C:\WINDOWS\system32\iitlkyfi.ini
    C:\WINDOWS\system32
    gvxseaf.ini
    C:\WINDOWS\system32\upfkmftc.ini
    C:\WINDOWS\system32\wnbrdukj.ini
    C:\WINDOWS\system32\vooasukf.ini
    C:\WINDOWS\system32\odseduoh.ini
    C:\WINDOWS\system32\bnefaykv.ini
    C:\WINDOWS\system32\hqiglylo.ini
    C:\WINDOWS\system32\wrnjdhrx.ini
    C:\WINDOWS\system32\gpcycuwb.ini
    C:\WINDOWS\system32\byhfjnji.ini
    C:\WINDOWS\system32\aswBoot.exe
    C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe
    C:
    .bat
    C:\8232.bat
    C:\9512.bat
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\System32\serbw.exe
    C:\WINDOWS\System32\formatsys.exe
    C:\WINDOWS\retadpu1000627.exe
    C:\WINDOWS\System32\hcowxxly.dll
    C:\WINDOWS\erqyfrno.exe
    C:\WINDOWS\Tasks\A07799F291881936.job


    Folder::
    C:\VundoFix Backups
    C:\Documents and Settings\All Users\Application Data\bowscopygplbias
    C:\Program Files\BullsEye Network
    C:\Documents and Settings\All Users\Application Data\Peak ooze date army
    C:\Program Files\Internet Optimizer
    C:\program files\internetcalls.com
    C:\Program Files\Media Gateway
    C:\Program Files\Common Files\WinAntiSpyware 2007
    C:\Program Files\StorageProtector
    C:\Program Files\SurfAccuracy
    C:\Program Files\ErrorSafe Free
    C:\PROGRA~1\NOCOMP~1
    C:\Program Files\Dxmd
    C:\Program Files\webHancer
    C:\Program Files\WinPop
    C:\Program Files\ISTsvc

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{280D88AE-CE64-4BE7-8E52-551B34657A15}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5231DF7D-A750-42D9-A5E6-0D571C3A080d}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598DD3A8-E10F-44B2-9253-EEEB07706F7D}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEBACCFD-C4AE-4AB8-AC0B-1FF7CD9B094a}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B818DDD6-F572-460D-BCA6-EAF1AB6B31E1}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0AFA514-6CFB-3D29-8F5C-4FE6708709E4}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Router"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "avnort"=-
    "ltwob"=-
    "serpe"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\cbxxwwu]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\mljgd]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\ssqnnnm]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Date Army Wma Spam]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Gateway]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SalesMonitor]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uerscw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ugdccw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uwxlof]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTiFQgdch]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc\istsvc.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc\istsvc.exe]

    [/b:f9d9fa85d0]
    Sla dit op op je Bureaublad als [b:f9d9fa85d0]CFScript.txt[/b:f9d9fa85d0]

    Sleep [b:f9d9fa85d0]CFScript.txt[/b:f9d9fa85d0] in [b:f9d9fa85d0]ComboFix.exe[/b:f9d9fa85d0] zoals getoond in onderstaand voorbeeld :

    [img:f9d9fa85d0]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:f9d9fa85d0]

    Dit zal [b:f9d9fa85d0]ComboFix[/b:f9d9fa85d0] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt,
    en post de inhoud van de [b:f9d9fa85d0]Combofix.txt[/b:f9d9fa85d0] in je volgende antwoord samen met een nieuw HijackThislogje.

    Succes!
    Pim :)





  • ———————————
    Logbestand ComboFix
    ———————————

    ComboFix 08-01-13.1 - Luljetaa & Vjoletaa 2008-01-14 18:17:26.4 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.42 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\2082.bat
    C:\2502.bat
    C:\6589.bat
    C:\7998.bat
    C:\8232.bat
    C:\9397.bat
    C:\9512.bat
    C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat
    C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat
    C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe
    C:
    .bat
    C:\WINDOWS\erqyfrno.exe
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\retadpu1000627.exe
    C:\WINDOWS\system32\aamamnll.ini
    C:\WINDOWS\system32\aswBoot.exe
    C:\WINDOWS\system32\aurysfmy.ini
    C:\WINDOWS\system32\awttust.dll
    C:\WINDOWS\system32\bnefaykv.ini
    C:\WINDOWS\system32\bpdwpkvg.ini
    C:\WINDOWS\system32\bwsfkkqs.ini
    C:\WINDOWS\system32\byhfjnji.ini
    C:\WINDOWS\system32\byjhcnyv.ini
    C:\WINDOWS\system32\cphchufq.ini
    C:\WINDOWS\system32\cteotmwq.ini
    C:\WINDOWS\system32\eexdaqmt.ini
    C:\WINDOWS\system32\epqrryda.ini
    C:\WINDOWS\system32\fbcljfbg.ini
    C:\WINDOWS\system32\fbqnblyw.ini
    C:\WINDOWS\System32\formatsys.exe
    C:\WINDOWS\system32\gidafxgi.ini
    C:\WINDOWS\system32\gmvtgevg.ini
    C:\WINDOWS\system32\gpcycuwb.ini
    C:\WINDOWS\System32\hcowxxly.dll
    C:\WINDOWS\system32\hhjjoecg.ini
    C:\WINDOWS\system32\hqiglylo.ini
    C:\WINDOWS\system32\hvpmfpek.ini
    C:\WINDOWS\system32\hwqejoli.ini
    C:\WINDOWS\system32\iitlkyfi.ini
    C:\WINDOWS\system32\ipiiwgvk.ini
    C:\WINDOWS\system32\ityvoajr.ini
    C:\WINDOWS\system32\josohsrv.ini
    C:\WINDOWS\system32\jqfpkpno.ini
    C:\WINDOWS\system32\kaqmkicw.ini
    C:\WINDOWS\system32\keacldfb.ini
    C:\WINDOWS\system32\kimjbtfn.ini
    C:\WINDOWS\system32\lcdtsfvq.ini
    C:\WINDOWS\system32\llulfvxn.ini
    C:\WINDOWS\system32\luikxrju.ini
    C:\WINDOWS\system32\mkxomddn.ini
    C:\WINDOWS\system32\mnbqmmng.ini
    C:\WINDOWS\system32\mrxsaeww.ini
    C:\WINDOWS\system32\mwwoutqm.ini
    C:\WINDOWS\system32
    gvxseaf.ini
    C:\WINDOWS\system32\odseduoh.ini
    C:\WINDOWS\system32\ofyaeuvr.ini
    C:\WINDOWS\system32\opnmnop.dll
    C:\WINDOWS\system32\pocfwblj.ini
    C:\WINDOWS\system32\puwqnvrh.ini
    C:\WINDOWS\system32\pwyuxdoo.ini
    C:\WINDOWS\system32\qbxqekma.ini
    C:\WINDOWS\system32\qqtwa.ini2
    C:\WINDOWS\System32\serbw.exe
    C:\WINDOWS\system32\tdwhrtcr.ini
    C:\WINDOWS\system32\upfkmftc.ini
    C:\WINDOWS\system32\vooasukf.ini
    C:\WINDOWS\system32\vxxvgwkq.ini
    C:\WINDOWS\system32\wnbrdukj.ini
    C:\WINDOWS\system32\wrnjdhrx.ini
    C:\WINDOWS\system32\wysufjyk.ini
    C:\WINDOWS\system32\xhslvhuc.ini
    C:\WINDOWS\system32\xjwfwarh.ini
    C:\WINDOWS\system32\xlglcyok.ini
    C:\WINDOWS\system32\yfjvvppr.ini
    C:\WINDOWS\system32\yijnyvuk.ini
    C:\WINDOWS\Tasks\A07799F291881936.job
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\2082.bat
    C:\2502.bat
    C:\6589.bat
    C:\7998.bat
    C:\8232.bat
    C:\9397.bat
    C:\9512.bat
    C:\Documents and Settings\All Users\Application Data\bowscopygplbias
    C:\Documents and Settings\All Users\Application Data\bowscopygplbias\ballownsmulti
    C:\Documents and Settings\All Users\Application Data\bowscopygplbias\CopyNounMp3
    C:\Documents and Settings\All Users\Application Data\bowscopygplbias\media jugs wipe
    C:\Documents and Settings\All Users\Application Data\bowscopygplbias\Stupid rdr nurb
    C:
    .bat
    C:\VundoFix Backups
    C:\VundoFix Backups\__c0011E63.dat.bad
    C:\VundoFix Backups\__c00120CA.dat.bad
    C:\VundoFix Backups\__c00184CF.dat.bad
    C:\VundoFix Backups\__c00238DE.dat.bad
    C:\VundoFix Backups\__c0024402.dat.bad
    C:\VundoFix Backups\__c002ACA1.dat.bad
    C:\VundoFix Backups\__c00324CC.dat.bad
    C:\VundoFix Backups\__c00451AF.dat.bad
    C:\VundoFix Backups\__c0047686.dat.bad
    C:\VundoFix Backups\__c0048E90.dat.bad
    C:\VundoFix Backups\__c00498B1.dat.bad
    C:\VundoFix Backups\__c004EC80.dat.bad
    C:\VundoFix Backups\__c004F7D0.dat.bad
    C:\VundoFix Backups\__c0050999.dat.bad
    C:\VundoFix Backups\__c0050A24.dat.bad
    C:\VundoFix Backups\__c0057C73.dat.bad
    C:\VundoFix Backups\__c005C708.dat.bad
    C:\VundoFix Backups\__c005DD0A.dat.bad
    C:\VundoFix Backups\__c005DD2.dat.bad
    C:\VundoFix Backups\__c005F90.dat.bad
    C:\VundoFix Backups\__c00622A1.dat.bad
    C:\VundoFix Backups\__c0063A10.dat.bad
    C:\VundoFix Backups\__c006C1AF.dat.bad
    C:\VundoFix Backups\__c006F0D8.dat.bad
    C:\VundoFix Backups\__c0074832.dat.bad
    C:\VundoFix Backups\__c007B214.dat.bad
    C:\VundoFix Backups\__c007D900.dat.bad
    C:\VundoFix Backups\__c00816D0.dat.bad
    C:\VundoFix Backups\__c008276E.dat.bad
    C:\VundoFix Backups\__c00839B1.dat.bad
    C:\VundoFix Backups\__c0083DDC.dat.bad
    C:\VundoFix Backups\__c0087D48.dat.bad
    C:\VundoFix Backups\__c0088990.dat.bad
    C:\VundoFix Backups\__c008B1EA.dat.bad
    C:\VundoFix Backups\__c0092131.dat.bad
    C:\VundoFix Backups\__c009C04F.dat.bad
    C:\VundoFix Backups\__c009FF10.dat.bad
    C:\VundoFix Backups\__c00A3598.dat.bad
    C:\VundoFix Backups\__c00A5396.dat.bad
    C:\VundoFix Backups\__c00A6F68.dat.bad
    C:\VundoFix Backups\__c00BAE76.dat.bad
    C:\VundoFix Backups\__c00C2F0B.dat.bad
    C:\VundoFix Backups\__c00C5412.dat.bad
    C:\VundoFix Backups\__c00CD4C6.dat.bad
    C:\VundoFix Backups\__c00D1BF8.dat.bad
    C:\VundoFix Backups\__c00D2DE1.dat.bad
    C:\VundoFix Backups\__c00D3D44.dat.bad
    C:\VundoFix Backups\__c00D44B4.dat.bad
    C:\VundoFix Backups\__c00D9C71.dat.bad
    C:\VundoFix Backups\__c00DA817.dat.bad
    C:\VundoFix Backups\__c00E5B32.dat.bad
    C:\VundoFix Backups\__c00E93EE.dat.bad
    C:\VundoFix Backups\__c00EB8EA.dat.bad
    C:\VundoFix Backups\__c00F2369.dat.bad
    C:\VundoFix Backups\__c00F54F9.dat.bad
    C:\VundoFix Backups\__c00F5DE7.dat.bad
    C:\VundoFix Backups\__c00F65B9.dat.bad
    C:\VundoFix Backups\__c00F7825.dat.bad
    C:\VundoFix Backups\__c00F8FD9.dat.bad
    C:\VundoFix Backups\acsqgrbd.exe.bad
    C:\VundoFix Backups\aefbaqtt.dll.bad
    C:\VundoFix Backups\anrsaujg.exe.bad
    C:\VundoFix Backups\awtqoom.dll.bad
    C:\VundoFix Backups\awtqroo.dll.bad
    C:\VundoFix Backups\awtttrp.dll.bad
    C:\VundoFix Backups\ayskpkty.dll.bad
    C:\VundoFix Backups\biddxsik.dll.bad
    C:\VundoFix Backups\bligxdar.dll.bad
    C:\VundoFix Backups\brcgpnju.dll.bad
    C:\VundoFix Backups\bwyxwdjl.dll.bad
    C:\VundoFix Backups\byxutss.dll.bad
    C:\VundoFix Backups\byxvwwv.dll.bad
    C:\VundoFix Backups\byxwwvt.dll.bad
    C:\VundoFix Backups\byxxxvs.dll.bad
    C:\VundoFix Backups\byxyaby.dll.bad
    C:\VundoFix Backups\byxyxvv.dll.bad
    C:\VundoFix Backups\cbdbebfx.dll.bad
    C:\VundoFix Backups\cbxurpp.dll.bad
    C:\VundoFix Backups\cbxuvts.dll.bad
    C:\VundoFix Backups\cpmduwgr.dll.bad
    C:\VundoFix Backups\crobhwok.dll.bad
    C:\VundoFix Backups\ddcbbyw.dll.bad
    C:\VundoFix Backups\ddccbxv.dll.bad
    C:\VundoFix Backups\djiuwwyh.ini.bad
    C:\VundoFix Backups\djqekqed.dll.bad
    C:\VundoFix Backups\dwkakjsy.dll.bad
    C:\VundoFix Backups\dwprupfs.dll.bad
    C:\VundoFix Backups\edalkknx.dll.bad
    C:\VundoFix Backups\efcaxxx.dll.bad
    C:\VundoFix Backups\efcbbxu.dll.bad
    C:\VundoFix Backups\efcywvt.dll.bad
    C:\VundoFix Backups\efnvlgqv.dll.bad
    C:\VundoFix Backups\eiwvbepp.exe.bad
    C:\VundoFix Backups\eknwfble.ini.bad
    C:\VundoFix Backups\elbfwnke.dll.bad
    C:\VundoFix Backups\esrthxxe.dll.bad
    C:\VundoFix Backups\fbsvjaht.dll.bad
    C:\VundoFix Backups\fccabab.dll.bad
    C:\VundoFix Backups\fccyxyy.dll.bad
    C:\VundoFix Backups\fcuxqurv.dll.bad
    C:\VundoFix Backups\fehytvpt.dll.bad
    C:\VundoFix Backups\feqdrkdw.dll.bad
    C:\VundoFix Backups\ferqfivv.exe.bad
    C:\VundoFix Backups\fntycshj.dll.bad
    C:\VundoFix Backups\gbewwboj.dll.bad
    C:\VundoFix Backups\gccefoin.dll.bad
    C:\VundoFix Backups\gebbywx.dll.bad
    C:\VundoFix Backups\gebcaww.dll.bad
    C:\VundoFix Backups\gebyvwv.dll.bad
    C:\VundoFix Backups\gebyxxw.dll.bad
    C:\VundoFix Backups\ggxftera.exe.bad
    C:\VundoFix Backups\gmobnwjj.dll.bad
    C:\VundoFix Backups\gpqvjpiv.dll.bad
    C:\VundoFix Backups\gucsmsgu.dll.bad
    C:\VundoFix Backups\hextaujp.dll.bad
    C:\VundoFix Backups\hfnpskhw.dll.bad
    C:\VundoFix Backups\hggdaxy.dll.bad
    C:\VundoFix Backups\hggdayv.dll.bad
    C:\VundoFix Backups\hggdefg.dll.bad
    C:\VundoFix Backups\hggfgdd.dll.bad
    C:\VundoFix Backups\hgggdcy.dll.bad
    C:\VundoFix Backups\hguwanoo.dll.bad
    C:\VundoFix Backups\hitehfum.dll.bad
    C:\VundoFix Backups\hocoudkx.exe.bad
    C:\VundoFix Backups\hqmwfxrl.dll.bad
    C:\VundoFix Backups\hqtkowic.dll.bad
    C:\VundoFix Backups\hvhgmsbg.exe.bad
    C:\VundoFix Backups\hyhxwfud.dll.bad
    C:\VundoFix Backups\hywwuijd.dll.bad
    C:\VundoFix Backups\iakodymq.dll.bad
    C:\VundoFix Backups\iifcbxv.dll.bad
    C:\VundoFix Backups\iifddba.dll.bad
    C:\VundoFix Backups\iifgded.dll.bad
    C:\VundoFix Backups\ijsueqwr.dll.bad
    C:\VundoFix Backups\imebpxwc.dll.bad
    C:\VundoFix Backups\iqxxpipu.dll.bad
    C:\VundoFix Backups\irfqmmbs.dll.bad
    C:\VundoFix Backups\ixytjqxh.dll.bad
    C:\VundoFix Backups\jadgixew.dll.bad
    C:\VundoFix Backups\jcgpghpu.dll.bad
    C:\VundoFix Backups\jdphvvxb.dll.bad
    C:\VundoFix Backups\jhscytnf.ini.bad
    C:\VundoFix Backups\jimfrqwa.dll.bad
    C:\VundoFix Backups\jkkjihf.dll.bad
    C:\VundoFix Backups\jkkklmn.dll.bad
    C:\VundoFix Backups\jkklklj.dll.bad
    C:\VundoFix Backups\jkkllml.dll.bad
    C:\VundoFix Backups\jkklmlk.dll.bad
    C:\VundoFix Backups\joasvnjo.exe.bad
    C:\VundoFix Backups\jsrjbbuv.dll.bad
    C:\VundoFix Backups\jswatfgt.dll.bad
    C:\VundoFix Backups\jxyxqtpx.dll.bad
    C:\VundoFix Backups\khfddax.dll.bad
    C:\VundoFix Backups\khffday.dll.bad
    C:\VundoFix Backups\kkdqjmnc.dll.bad
    C:\VundoFix Backups\kmfciwim.exe.bad
    C:\VundoFix Backups\kregvpsx.exe.bad
    C:\VundoFix Backups\kryirprs.dll.bad
    C:\VundoFix Backups\kvcywmkl.dll.bad
    C:\VundoFix Backups\lehtgvga.dll.bad
    C:\VundoFix Backups\lgdtyrnw.dll.bad
    C:\VundoFix Backups\ljjgdcc.dll.bad
    C:\VundoFix Backups\ljjhghi.dll.bad
    C:\VundoFix Backups\ljjkiij.dll.bad
    C:\VundoFix Backups\lspklfmf.dll.bad
    C:\VundoFix Backups\mdpxhvnj.dll.bad
    C:\VundoFix Backups\mjaomxty.dll.bad
    C:\VundoFix Backups\mljklkk.dll.bad
    C:\VundoFix Backups\mpuahffl.dll.bad
    C:\VundoFix Backups\mtlblwmn.dll.bad
    C:\VundoFix Backups\mutthuwu.dll.bad
    C:\VundoFix Backups
    iofeccg.ini.bad
    C:\VundoFix Backups
    nnkhhg.dll.bad
    C:\VundoFix Backups
    nnmjih.dll.bad
    C:\VundoFix Backups
    nnmmlk.dll.bad
    C:\VundoFix Backups
    qpwwxll.dll.bad
    C:\VundoFix Backups\ogxoiejy.exe.bad
    C:\VundoFix Backups\oiupfdgf.exe.bad
    C:\VundoFix Backups\opnomnl.dll.bad
    C:\VundoFix Backups\opqfpqrf.dll.bad
    C:\VundoFix Backups\pfvjfapq.dll.bad
    C:\VundoFix Backups\pidjwenu.dll.bad
    C:\VundoFix Backups\pmfpwwah.exe.bad
    C:\VundoFix Backups\pmnmkih.dll.bad
    C:\VundoFix Backups\pmnnkjk.dll.bad
    C:\VundoFix Backups\psrtqusu.dll.bad
    C:\VundoFix Backups\qbdokftb.dll.bad
    C:\VundoFix Backups\qevpafpk.dll.bad
    C:\VundoFix Backups\qfikfhgn.dll.bad
    C:\VundoFix Backups\qfrqsdns.dll.bad
    C:\VundoFix Backups\qngqjfhw.dll.bad
    C:\VundoFix Backups\qomjghf.dll.bad
    C:\VundoFix Backups\qomnkij.dll.bad
    C:\VundoFix Backups\qpuxbafy.dll.bad
    C:\VundoFix Backups\qqhjifus.dll.bad
    C:\VundoFix Backups\qsppssri.dll.bad
    C:\VundoFix Backups\qtjwavso.dll.bad
    C:\VundoFix Backups\raluqfao.dll.bad
    C:\VundoFix Backups\rdexvqio.dll.bad
    C:\VundoFix Backups\reodcfwo.dll.bad
    C:\VundoFix Backups\rgcopefw.dll.bad
    C:\VundoFix Backups\ridepahp.dll.bad
    C:\VundoFix Backups\rjfeobew.dll.bad
    C:\VundoFix Backups\rooelnhr.dll.bad
    C:\VundoFix Backups\rqcejuyh.dll.bad
    C:\VundoFix Backups\rqrpopq.dll.bad
    C:\VundoFix Backups\rxdrkcxk.dll.bad
    C:\VundoFix Backups\sgkcqpvy.exe.bad
    C:\VundoFix Backups\sjqounss.dll.bad
    C:\VundoFix Backups\ssqonno.dll.bad
    C:\VundoFix Backups\ssqqron.dll.bad
    C:\VundoFix Backups\stirtcbe.exe.bad
    C:\VundoFix Backups\svfyjdnq.dll.bad
    C:\VundoFix Backups\tenwbdvd.dll.bad
    C:\VundoFix Backups\tfgwmnwn.dll.bad
    C:\VundoFix Backups\thfneguh.exe.bad
    C:\VundoFix Backups\tkokgovx.dll.bad
    C:\VundoFix Backups\tturanhl.dll.bad
    C:\VundoFix Backups\tuvvtro.dll.bad
    C:\VundoFix Backups\tuvwttu.dll.bad
    C:\VundoFix Backups\tyeqkskh.dll.bad
    C:\VundoFix Backups\ukeloglm.dll.bad
    C:\VundoFix Backups\unewjdip.ini.bad
    C:\VundoFix Backups\urqolii.dll.bad
    C:\VundoFix Backups\urqpqqp.dll.bad
    C:\VundoFix Backups\urqqnkl.dll.bad
    C:\VundoFix Backups\urqrqqr.dll.bad
    C:\VundoFix Backups\uwpkhmtf.exe.bad
    C:\VundoFix Backups\uwuhttum.ini.bad
    C:\VundoFix Backups\vbnscfae.dll.bad
    C:\VundoFix Backups\vdhprebl.dll.bad
    C:\VundoFix Backups\vhwjicou.dll.bad
    C:\VundoFix Backups\vmqsrldy.exe.bad
    C:\VundoFix Backups\vqglvnfe.ini.bad
    C:\VundoFix Backups\vrmaabth.dll.bad
    C:\VundoFix Backups\whfjqgnq.ini.bad
    C:\VundoFix Backups\wjdwrspy.dll.bad
    C:\VundoFix Backups\wmxlhnxm.exe.bad
    C:\VundoFix Backups\wvurrrq.dll.bad
    C:\VundoFix Backups\wvusrpn.dll.bad
    C:\VundoFix Backups\xcesdfxs.exe.bad
    C:\VundoFix Backups\xdcppdbb.dll.bad
    C:\VundoFix Backups\xdcppdbb.dllbox.bad
    C:\VundoFix Backups\xfbebdbc.ini.bad
    C:\VundoFix Backups\xgrswkoe.exe.bad
    C:\VundoFix Backups\xsaxsyim.dll.bad
    C:\VundoFix Backups\xuyfsnpu.dll.bad
    C:\VundoFix Backups\xxyywvt.dll.bad
    C:\VundoFix Backups\xxyyyax.dll.bad
    C:\VundoFix Backups\ycxkwtdf.dll.bad
    C:\VundoFix Backups\yjhfdjch.dll.bad
    C:\VundoFix Backups\ypsrwdjw.ini.bad
    C:\VundoFix Backups\ywumtgsu.dll.bad
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\system32\aamamnll.ini
    C:\WINDOWS\system32\abjnwnku.ini
    C:\WINDOWS\system32\acuymatv.ini
    C:\WINDOWS\system32\adpvoecc.ini
    C:\WINDOWS\system32\agvugwop.ini
    C:\WINDOWS\system32\ashfovss.ini
    C:\WINDOWS\system32\atpseulj.ini
    C:\WINDOWS\system32\aurysfmy.ini
    C:\WINDOWS\system32\awttust.dll
    C:\WINDOWS\system32\ayacpsxj.ini
    C:\WINDOWS\system32\ayjsefus.ini
    C:\WINDOWS\system32\bbqrqojm.ini
    C:\WINDOWS\system32\bfrxfbef.ini
    C:\WINDOWS\system32\bgdlnuxt.ini
    C:\WINDOWS\system32\bgylcxpo.ini
    C:\WINDOWS\system32\bimahrcs.ini
    C:\WINDOWS\system32\bnefaykv.ini
    C:\WINDOWS\system32\bpdwpkvg.ini
    C:\WINDOWS\system32\bplgcyla.ini
    C:\WINDOWS\system32\bsgqjwew.ini
    C:\WINDOWS\system32\bvhpteti.ini
    C:\WINDOWS\system32\bwsfkkqs.ini
    C:\WINDOWS\system32\byhfjnji.ini
    C:\WINDOWS\system32\byjhcnyv.ini
    C:\WINDOWS\system32\chllirsd.ini
    C:\WINDOWS\system32\cjjroikg.ini
    C:\WINDOWS\system32\cphchufq.ini
    C:\WINDOWS\system32\cpudvuyp.ini
    C:\WINDOWS\system32\crokoyfb.ini
    C:\WINDOWS\system32\cteotmwq.ini
    C:\WINDOWS\system32\cvbyjxtw.ini
    C:\WINDOWS\system32\cvtweyvt.ini
    C:\WINDOWS\system32\dbkjetuk.ini
    C:\WINDOWS\system32\dcgjdhwm.ini
    C:\WINDOWS\system32\dgjlm.bak1
    C:\WINDOWS\system32\dgjlm.bak2
    C:\WINDOWS\system32\dgjlm.ini
    C:\WINDOWS\system32\dgjlm.ini2
    C:\WINDOWS\system32\dgjlm.tmp
    C:\WINDOWS\system32\djfgiplv.ini
    C:\WINDOWS\system32\dkmpieqx.ini
    C:\WINDOWS\system32\dmgajktv.ini
    C:\WINDOWS\system32\dthqfldf.ini
    C:\WINDOWS\system32\dweeakrs.ini
    C:\WINDOWS\system32\earkawbc.ini
    C:\WINDOWS\system32\eexdaqmt.ini
    C:\WINDOWS\system32\ejwwxwxu.ini
    C:\WINDOWS\system32\ekfbppqa.ini
    C:\WINDOWS\system32\ellnqhlm.ini
    C:\WINDOWS\system32\enyuihqq.ini
    C:\WINDOWS\system32\epqrryda.ini
    C:\WINDOWS\system32\eqasdywa.ini
    C:\WINDOWS\system32\esqfopdl.ini
    C:\WINDOWS\system32\fbcljfbg.ini
    C:\WINDOWS\system32\fbkbxqfl.ini
    C:\WINDOWS\system32\fbqnblyw.ini
    C:\WINDOWS\system32\fqcuugkt.ini
    C:\WINDOWS\system32\fuwcrvta.ini
    C:\WINDOWS\system32\gajsekgg.ini
    C:\WINDOWS\system32\gejritpt.ini
    C:\WINDOWS\system32\gfdvniqc.ini
    C:\WINDOWS\system32\gidafxgi.ini
    C:\WINDOWS\system32\gmjyxdgx.ini
    C:\WINDOWS\system32\gmvtgevg.ini
    C:\WINDOWS\system32\gmvyyhag.ini
    C:\WINDOWS\system32\gpcycuwb.ini
    C:\WINDOWS\system32\gsubasoo.ini
    C:\WINDOWS\system32\hasaocsc.ini
    C:\WINDOWS\system32\hbkloebh.ini
    C:\WINDOWS\System32\hcowxxly.dll
    C:\WINDOWS\system32\hehbleui.ini
    C:\WINDOWS\system32\hfcebbcv.ini
    C:\WINDOWS\system32\hhjjoecg.ini
    C:\WINDOWS\system32\hkbqtutw.ini
    C:\WINDOWS\system32\hmxyliqq.ini
    C:\WINDOWS\system32\hqiglylo.ini
    C:\WINDOWS\system32\hseeyghm.ini
    C:\WINDOWS\system32\hvpmfpek.ini
    C:\WINDOWS\system32\hwqejoli.ini
    C:\WINDOWS\system32\ifwmfjpn.ini
    C:\WINDOWS\system32\igoiikbb.ini
    C:\WINDOWS\system32\iitlkyfi.ini
    C:\WINDOWS\system32\ipdbkhhx.ini
    C:\WINDOWS\system32\ipiiwgvk.ini
    C:\WINDOWS\system32\irkdhuop.ini
    C:\WINDOWS\system32\ityvoajr.ini
    C:\WINDOWS\system32\jbrmermy.ini
    C:\WINDOWS\system32\jfphcsuw.ini
    C:\WINDOWS\system32\jmafqhsd.ini
    C:\WINDOWS\system32\josohsrv.ini
    C:\WINDOWS\system32\jqfpkpno.ini
    C:\WINDOWS\system32\kaqmkicw.ini
    C:\WINDOWS\system32\kbclshvn.ini
    C:\WINDOWS\system32\keacldfb.ini
    C:\WINDOWS\system32\kektacrs.ini
    C:\WINDOWS\system32\khvxiwkm.ini
    C:\WINDOWS\system32\kimjbtfn.ini
    C:\WINDOWS\system32\koljkgte.ini
    C:\WINDOWS\system32\kpikknqw.ini
    C:\WINDOWS\system32\kryxmyyk.ini
    C:\WINDOWS\system32\ksqrycxf.ini
    C:\WINDOWS\system32\kuffhugm.ini
    C:\WINDOWS\system32\kyvulgdf.ini
    C:\WINDOWS\system32\lcdtsfvq.ini
    C:\WINDOWS\system32\ldoohteu.ini
    C:\WINDOWS\system32\llulfvxn.ini
    C:\WINDOWS\system32\lskjctug.ini
    C:\WINDOWS\system32\ltdmplne.ini
    C:\WINDOWS\system32\luikxrju.ini
    C:\WINDOWS\system32\mautcsol.ini
    C:\WINDOWS\system32\melqhmct.ini
    C:\WINDOWS\system32\mjqmkgqf.ini
    C:\WINDOWS\system32\mkxomddn.ini
    C:\WINDOWS\system32\mnbqmmng.ini
    C:\WINDOWS\system32\mpbvdavc.ini
    C:\WINDOWS\system32\mrxsaeww.ini
    C:\WINDOWS\system32\msqndffr.ini
    C:\WINDOWS\system32\mthnsywi.ini
    C:\WINDOWS\system32\mtmcmvmo.ini
    C:\WINDOWS\system32\mwjidgro.ini
    C:\WINDOWS\system32\mwwoutqm.ini
    C:\WINDOWS\system32\myjsvmjm.ini
    C:\WINDOWS\system32\myvyqsxo.ini
    C:\WINDOWS\system32
    cqgveok.ini
    C:\WINDOWS\system32
    gvxseaf.ini
    C:\WINDOWS\system32
    oubeggk.ini
    C:\WINDOWS\system32
    rxyxggn.ini
    C:\WINDOWS\system32\odseduoh.ini
    C:\WINDOWS\system32\ofyaeuvr.ini
    C:\WINDOWS\system32\ogbndlqn.ini
    C:\WINDOWS\system32\ogmwasno.ini
    C:\WINDOWS\system32\omwlerch.ini
    C:\WINDOWS\system32\onmrpytf.ini
    C:\WINDOWS\system32\oooilrod.ini
    C:\WINDOWS\system32\opnmnop.dll
    C:\WINDOWS\system32\ovrjwqll.ini
    C:\WINDOWS\system32\owdmuhgq.ini
    C:\WINDOWS\system32\pakybsse.ini
    C:\WINDOWS\system32\peieqnur.ini
    C:\WINDOWS\system32\pgvcsnev.ini
    C:\WINDOWS\system32\piojdkms.ini
    C:\WINDOWS\system32\pjwaikbn.ini
    C:\WINDOWS\system32\pknilfho.ini
    C:\WINDOWS\system32\pocfwblj.ini
    C:\WINDOWS\system32\prsabvns.ini
    C:\WINDOWS\system32\ptvtgoeg.ini
    C:\WINDOWS\system32\puwqnvrh.ini
    C:\WINDOWS\system32\pvmbivie.ini
    C:\WINDOWS\system32\pwyuxdoo.ini
    C:\WINDOWS\system32\pxvdekxn.ini
    C:\WINDOWS\system32\pywbaivx.ini
    C:\WINDOWS\system32\qbxqekma.ini
    C:\WINDOWS\system32\qgrojsnu.ini
    C:\WINDOWS\system32\qgyqtycx.ini
    C:\WINDOWS\system32\qhmrhclx.ini
    C:\WINDOWS\system32\qjeccwox.ini
    C:\WINDOWS\system32\qovsbjep.ini
    C:\WINDOWS\system32\qpdlqteb.ini
    C:\WINDOWS\system32\qpilnmnr.ini
    C:\WINDOWS\system32\qqodyjsb.ini
    C:\WINDOWS\system32\qqtwa.bak1
    C:\WINDOWS\system32\qqtwa.bak2
    C:\WINDOWS\system32\qqtwa.ini
    C:\WINDOWS\system32\qqtwa.ini2
    C:\WINDOWS\system32\qqtwa.tmp
    C:\WINDOWS\system32\qxnkhbnl.ini
    C:\WINDOWS\system32\rcscbkpo.ini
    C:\WINDOWS\system32\rdksifcv.ini
    C:\WINDOWS\system32\rjdhvcxg.ini
    C:\WINDOWS\system32\rnwhtldj.ini
    C:\WINDOWS\system32\roaiceus.ini
    C:\WINDOWS\system32\ryhgwvws.ini
    C:\WINDOWS\system32\scrgptuh.ini
    C:\WINDOWS\system32\sdsxrcnn.ini
    C:\WINDOWS\system32\sibawqyq.ini
    C:\WINDOWS\system32\slharorh.ini
    C:\WINDOWS\system32\smhgblsd.ini
    C:\WINDOWS\system32\stoihqmk.ini
    C:\WINDOWS\system32\sujggitd.ini
    C:\WINDOWS\system32\tdwhrtcr.ini
    C:\WINDOWS\system32\tfyyudtv.ini
    C:\WINDOWS\system32\tipmdgsp.ini
    C:\WINDOWS\system32\tnnyxvfk.ini
    C:\WINDOWS\system32\ttwaaswr.ini
    C:\WINDOWS\system32\ublegjcx.ini
    C:\WINDOWS\system32\ugqokqkd.ini
    C:\WINDOWS\system32\uhhdwbax.ini
    C:\WINDOWS\system32\umfnuntt.ini
    C:\WINDOWS\system32\unomyvcb.ini
    C:\WINDOWS\system32\unoqvtpv.ini
    C:\WINDOWS\system32\upfkmftc.ini
    C:\WINDOWS\system32\urwifnyb.ini
    C:\WINDOWS\system32\utwkwjep.ini
    C:\WINDOWS\system32\uvffuadt.ini
    C:\WINDOWS\system32\uyafyksv.ini
    C:\WINDOWS\system32\vdvdgiec.ini
    C:\WINDOWS\system32\vnxerqol.ini
    C:\WINDOWS\system32\vooasukf.ini
    C:\WINDOWS\system32\vskdhhbs.ini
    C:\WINDOWS\system32\vxxvgwkq.ini
    C:\WINDOWS\system32\weayufmr.ini
    C:\WINDOWS\system32\whuynaix.ini
    C:\WINDOWS\system32\wlehiqpm.ini
    C:\WINDOWS\system32\wloahafg.ini
    C:\WINDOWS\system32\wnbrdukj.ini
    C:\WINDOWS\system32\wrnjdhrx.ini
    C:\WINDOWS\system32\wurkjxjh.ini
    C:\WINDOWS\system32\wysufjyk.ini
    C:\WINDOWS\system32\xbbqesxt.ini
    C:\WINDOWS\system32\xfcsgusb.ini
    C:\WINDOWS\system32\xhjqayhy.ini
    C:\WINDOWS\system32\xhslvhuc.ini
    C:\WINDOWS\system32\xjwfwarh.ini
    C:\WINDOWS\system32\xlglcyok.ini
    C:\WINDOWS\system32\xnsxfuol.ini
    C:\WINDOWS\system32\xrvduuhd.ini
    C:\WINDOWS\system32\ybyyqkph.ini
    C:\WINDOWS\system32\yfjvvppr.ini
    C:\WINDOWS\system32\yijnyvuk.ini
    C:\WINDOWS\system32\yjspxflw.ini
    C:\WINDOWS\system32\ymealjuk.ini
    C:\WINDOWS\system32\ymusqphe.ini
    C:\WINDOWS\system32\yoaplpep.ini
    C:\WINDOWS\system32\yqnbbtgi.ini
    C:\WINDOWS\system32\yucnsisq.ini
    C:\WINDOWS\system32\yumriexg.ini
    C:\WINDOWS\system32\ywegsxtc.ini
    C:\WINDOWS\Tasks\A07799F291881936.job

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-14 to 2008-01-14 ))))))))))))))))))))))))))))))
    .

    2008-01-14 18:02 . 2007-07-30 19:19 92,504 –a—— C:\WINDOWS\system32\dllcache\cdm.dll
    2008-01-14 18:02 . 2007-07-30 19:19 92,504 –a—— C:\WINDOWS\system32\cdm.dll
    2008-01-14 18:00 . 2008-01-14 18:16 <DIR> dr-h—– C:\Documents and Settings\Luljetaa & Vjoletaa\Onlangs geopend
    2008-01-13 20:48 . 2008-01-13 20:48 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2008-01-13 20:48 . 2007-09-04 17:56 164,352 –a—— C:\WINDOWS\system32\unrar.dll
    2008-01-13 20:48 . 2007-12-24 13:49 7,680 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2008-01-13 20:48 . 2007-07-10 17:10 547 –a—— C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-01-13 20:39 . 2008-01-13 20:39 122 –ah—– C:\IPH.PH
    2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Leadertech
    2008-01-13 20:37 . 2008-01-13 20:37 54,156 –ah—– C:\WINDOWS\QTFont.qfn
    2008-01-13 20:37 . 2008-01-13 20:37 1,409 –a—— C:\WINDOWS\QTFont.for
    2008-01-13 20:12 . 2008-01-13 20:12 <DIR> d——– C:\Documents and Settings\All Users\Application Data\QuickTime
    2008-01-13 20:09 . 2008-01-13 20:09 <DIR> d——– C:\Program Files\microsoft frontpage
    2008-01-13 20:02 . 2008-01-13 20:02 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Template
    2008-01-13 19:54 . 2008-01-13 19:54 141,824 –a—— C:\WINDOWS\system32\sfc_os.dll.tmp
    2008-01-13 19:54 . 2004-08-04 09:03 141,824 –a—— C:\WINDOWS\system32\sfc_os.dll.orig
    2008-01-13 10:59 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-12 16:13 . 2008-01-13 10:52 <DIR> d——– C:\WINDOWS\system32
    l-nl
    2008-01-12 16:01 . 2007-08-13 18:54 33,792 –a—— C:\WINDOWS\system32\dllcache\custsat.dll
    2008-01-12 15:30 . 2006-08-21 10:14 128,896 ——— C:\WINDOWS\system32\dllcache\fltmgr.sys
    2008-01-12 15:30 . 2006-08-21 10:14 23,040 ——— C:\WINDOWS\system32\dllcache\fltmc.exe
    2008-01-12 15:30 . 2006-08-21 13:28 16,896 ——— C:\WINDOWS\system32\dllcache\fltlib.dll
    2008-01-12 15:20 . 2008-01-12 15:20 <DIR> d——– C:\Program Files\MSXML 4.0
    2008-01-12 14:53 . 2007-07-09 14:11 584,192 ——— C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2008-01-11 21:43 . 2008-01-11 22:58 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-11 21:40 . 2008-01-11 21:42 <DIR> d–h—– C:\RD4B335D2AF9F44185AFC417F8D8D4B473DR
    2008-01-11 21:39 . 2008-01-11 21:39 <DIR> d——– C:\Program Files\AusLogics Registry Defrag
    2008-01-11 19:39 . 2008-01-11 22:49 128 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\services.exe
    2008-01-11 19:14 . 2008-01-11 19:14 <DIR> d——– C:\Documents and Settings\luljeta shala\Bureaublad
    2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d——– C:\Program Files\Avira
    2008-01-11 19:05 . 2008-01-11 19:05 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d——– C:\WINDOWS\provisioning
    2008-01-11 19:02 . 2008-01-11 19:02 <DIR> d——– C:\WINDOWS\peernet
    2008-01-11 18:58 . 2008-01-11 18:58 <DIR> d——– C:\WINDOWS\ServicePackFiles
    2008-01-11 18:51 . 2008-01-11 18:51 <DIR> d——– C:\WINDOWS\EHome
    2008-01-11 16:55 . 2008-01-11 19:20 <DIR> d——– C:\Program Files\CCleaner
    2008-01-11 16:34 . 2008-01-11 16:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-11 15:57 . 2008-01-11 15:57 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-11 15:25 . 2001-09-06 19:04 12,288 –a—— C:\WINDOWS\system32\drivers\mouhid.sys
    2008-01-11 15:25 . 2001-09-06 19:04 12,288 –a—— C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-12-27 20:21 . 2007-12-27 20:21 77 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\9551.bat
    2007-12-27 19:59 . 2007-12-27 19:59 77 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\6205.bat
    2007-12-25 15:07 . 2007-12-25 15:07 77 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\3568.bat
    2007-12-25 11:01 . 2007-12-25 11:01 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NoCompromaat
    2007-12-24 13:52 . 2007-12-24 13:52 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Talkback
    2007-12-24 13:15 . 2007-12-24 21:12 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\InternetCalls
    2007-12-24 10:22 . 2008-01-11 16:45 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Shared
    2007-12-23 12:21 . 2007-12-23 12:21 <DIR> d—s—- C:\Documents and Settings\Luljetaa & Vjoletaa\UserData
    2007-12-23 11:26 . 2007-12-23 11:26 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Contacts
    2007-12-23 11:23 . 2007-12-23 11:23 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Incomplete
    2007-12-23 10:44 . 2007-12-23 10:44 40,960 –a—— C:\Documents and Settings\Luljetaa & Vjoletaa\f.exe
    2007-12-23 10:39 . 2008-01-02 10:33 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\FaxCtr
    2007-12-23 10:34 . 2004-09-30 16:14 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\WINDOWS
    2007-12-23 10:34 . 2003-06-27 23:36 <DIR> d–h—– C:\Documents and Settings\Luljetaa & Vjoletaa\Sjablonen
    2007-12-23 10:34 . 2003-06-27 23:36 <DIR> d–h—– C:\Documents and Settings\Luljetaa & Vjoletaa\Netwerkprinteromgeving
    2007-12-23 10:34 . 2008-01-13 20:37 <DIR> dr——- C:\Documents and Settings\Luljetaa & Vjoletaa\Mijn documenten
    2007-12-23 10:34 . 2003-06-27 23:36 <DIR> dr——- C:\Documents and Settings\Luljetaa & Vjoletaa\Menu Start
    2007-12-23 10:34 . 2008-01-12 16:19 <DIR> dr——- C:\Documents and Settings\Luljetaa & Vjoletaa\Favorieten
    2007-12-23 10:34 . 2008-01-14 18:27 <DIR> dr——- C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad
    2007-12-23 10:34 . 2004-09-30 16:25 <DIR> d——– C:\Documents and Settings\Luljetaa & Vjoletaa\Application Data\Symantec
    2007-12-22 15:27 . 2007-12-22 15:27 87,104 –a—— C:\WINDOWS\system32\itetphvb.dll
    2007-12-22 15:24 . 2007-12-22 15:24 78,400 –a—— C:\WINDOWS\system32\agpfqrgc.dll
    2007-12-22 15:21 . 2007-12-22 15:21 74,304 –a—— C:\WINDOWS\system32\rhggbpbp.exe
    2007-12-22 11:43 . 2004-09-30 16:14 <DIR> d——– C:\Documents and Settings\Gast\WINDOWS
    2007-12-22 11:43 . 2003-06-27 23:36 <DIR> d–h—– C:\Documents and Settings\Gast\Sjablonen
    2007-12-22 11:43 . 2003-06-27 23:49 <DIR> dr-h—– C:\Documents and Settings\Gast\Onlangs geopend
    2007-12-22 11:43 . 2003-06-27 23:36 <DIR> d–h—– C:\Documents and Settings\Gast\Netwerkprinteromgeving
    2007-12-22 11:43 . 2003-06-27 23:49 <DIR> dr——- C:\Documents and Settings\Gast\Mijn documenten
    2007-12-22 11:43 . 2003-06-27 23:36 <DIR> dr——- C:\Documents and Settings\Gast\Menu Start
    2007-12-22 11:43 . 2003-06-27 23:49 <DIR> dr——- C:\Documents and Settings\Gast\Favorieten
    2007-12-22 11:43 . 2003-06-27 23:36 <DIR> dr——- C:\Documents and Settings\Gast\Bureaublad
    2007-12-22 11:43 . 2004-09-30 16:25 <DIR> d——– C:\Documents and Settings\Gast\Application Data\Symantec
    2007-12-22 11:29 . 2007-12-22 11:29 85,568 –a—— C:\WINDOWS\system32\rffdnqsm.dll
    2007-12-22 11:29 . 2007-12-22 11:29 80,448 –a—— C:\WINDOWS\system32
    disfxrr.dll
    2007-12-22 11:26 . 2007-12-22 11:26 74,304 –a—— C:\WINDOWS\system32\fskohoaa.exe
    2007-12-21 19:46 . 2007-12-21 19:46 80,448 –a—— C:\WINDOWS\system32\hvwldgcj.dll
    2007-12-21 19:06 . 2007-12-21 19:06 74,304 –a—— C:\WINDOWS\system32\obbvdyai.exe
    2007-12-21 18:05 . 2007-12-21 18:05 80,448 –a—— C:\WINDOWS\system32\ebcuxxtf.dll
    2007-12-21 18:02 . 2007-12-21 18:02 74,304 –a—— C:\WINDOWS\system32\csgfvjlf.exe
    2007-12-21 15:23 . 2007-12-21 15:23 80,448 –a—— C:\WINDOWS\system32\luwwriak.dll
    2007-12-21 15:20 . 2007-12-21 15:20 85,568 –a—— C:\WINDOWS\system32\opxclygb.dll
    2007-12-21 15:18 . 2007-12-21 15:18 74,304 –a—— C:\WINDOWS\system32\tbkpwiln.exe
    2007-12-21 14:37 . 2007-12-21 14:37 80,448 –a—— C:\WINDOWS\system32\qvypegye.dll
    2007-12-21 14:31 . 2007-12-21 14:31 74,304 –a—— C:\WINDOWS\system32\xkhfppot.exe
    2007-12-21 12:59 . 2007-12-21 12:59 80,448 –a—— C:\WINDOWS\system32\yscjfvfx.dll
    2007-12-21 12:54 . 2007-12-21 12:54 74,304 –a—— C:\WINDOWS\system32\wilcbwce.exe
    2007-12-21 10:58 . 2007-12-21 10:58 80,448 –a—— C:\WINDOWS\system32\cwnncfpm.dll
    2007-12-21 10:52 . 2007-12-21 10:52 74,304 –a—— C:\WINDOWS\system32\wogjgxev.exe
    2007-12-21 09:20 . 2007-12-21 09:20 80,448 –a—— C:\WINDOWS\system32\gctnxwee.dll
    2007-12-21 09:17 . 2007-12-21 09:17 74,304 –a—— C:\WINDOWS\system32\aifmwhmr.exe
    2007-12-20 16:14 . 2007-12-20 16:14 80,448 –a—— C:\WINDOWS\system32\sunbprex.dll
    2007-12-20 16:11 . 2007-12-20 16:11 85,568 –a—— C:\WINDOWS\system32\vskyfayu.dll
    2007-12-20 16:08 . 2007-12-20 16:08 74,304 –a—— C:\WINDOWS\system32\krlcxlpg.exe
    2007-12-20 15:25 . 2007-12-20 15:25 85,568 –a—— C:\WINDOWS\system32\tptirjeg.dll
    2007-12-20 15:22 . 2007-12-20 15:22 80,448 –a—— C:\WINDOWS\system32\dutufbda.dll
    2007-12-20 15:19 . 2007-12-20 15:19 74,304 –a—— C:\WINDOWS\system32\rojeeonf.exe
    2007-12-20 15:08 . 2007-12-20 15:08 80,448 –a—— C:\WINDOWS\system32\wvuunfcd.dll
    2007-12-20 15:05 . 2007-12-20 15:05 74,304 –a—— C:\WINDOWS\system32\jxvfltce.exe
    2007-12-20 15:03 . 2007-12-20 15:03 80,448 –a—— C:\WINDOWS\system32\qkgnywqm.dll
    2007-12-20 15:00 . 2007-12-20 15:00 74,304 –a—— C:\WINDOWS\system32\mnumwnuf.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-13 19:34 ——— d—–w C:\Program Files\Belastingdienst
    2008-01-13 19:25 ——— d—–w C:\Program Files\Common Files\Adobe
    2008-01-13 19:13 ——— d—–w C:\Program Files\MSN Messenger
    2008-01-13 19:11 ——— d—–w C:\Program Files\Java
    2008-01-11 18:14 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-01-11 15:53 ——— d—–w C:\Program Files\Logitech
    2008-01-11 15:34 ——— d—–w C:\Program Files\Lavasoft
    2007-12-02 07:50 ——— d—–w C:\Program Files\Lexmark Fax Solutions
    2007-12-02 07:50 ——— d—–w C:\Program Files\Lexmark 3500-4500 Series
    2007-11-30 19:01 ——— d—–w C:\Documents and Settings\All Users\Application Data\FaxCtr
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-13_18.20.31.48 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-03-06 01:58:28 216,800 —-a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
    - 2007-03-06 01:58:46 725,728 —-a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
    - 2007-03-06 01:59:37 389,856 —-a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
    - 2008-01-13 10:03:01 233,472 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000001\NTUSER.DAT
    + 2008-01-14 17:17:01 233,472 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000001\NTUSER.DAT
    - 2008-01-13 10:03:02 8,192 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000002\UsrClass.dat
    + 2008-01-14 17:17:01 8,192 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000002\UsrClass.dat
    - 2008-01-13 10:03:03 233,472 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000003\NTUSER.DAT
    + 2008-01-14 17:17:01 233,472 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000003\NTUSER.DAT
    - 2008-01-13 10:03:04 8,192 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000004\UsrClass.dat
    + 2008-01-14 17:17:01 8,192 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000004\UsrClass.dat
    - 2008-01-13 10:03:10 1,937,408 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000005\NTUSER.DAT
    + 2008-01-14 17:17:01 1,953,792 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000005\NTUSER.DAT
    - 2008-01-13 10:03:15 147,456 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000006\UsrClass.dat
    + 2008-01-14 17:17:01 147,456 —-a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u:d4bb0f1f58]0[/u:d4bb0f1f58]0000006\UsrClass.dat
    + 2008-01-13 19:28:42 295,606 —-a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1043-7B44-A81000000003}\SC_Reader.exe
    - 2008-01-12 15:16:58 219,248 —-a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-01-13 19:08:53 218,448 —-a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-10-30 23:27:15 3,590,656 —-a-w C:\WINDOWS\system32\mshtml.dll
    + 2007-10-31 03:57:16 3,590,656 —-a-w C:\WINDOWS\system32\mshtml.dll
    - 2008-01-11 16:21:48 67,786 —-a-w C:\WINDOWS\system32\perfc013.dat
    + 2008-01-13 17:17:33 67,786 —-a-w C:\WINDOWS\system32\perfc013.dat
    - 2008-01-11 16:21:48 393,542 —-a-w C:\WINDOWS\system32\perfh013.dat
    + 2008-01-13 17:17:33 393,542 —-a-w C:\WINDOWS\system32\perfh013.dat
    - 2005-06-28 09:21:58 22,752 —-a-w C:\WINDOWS\system32\spupdsvc.exe
    + 2006-09-06 16:43:46 22,752 —-a-w C:\WINDOWS\system32\spupdsvc.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
    "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-13 10:33 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "NoInternetIcon"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk
    backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare Software.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare Software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare Software.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
    –a—— 2007-07-16 17:54 311984 C:\Program Files\\Lexmark Fax Solutions\fm3032.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    ——— 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    ——— 2004-06-01 11:46 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    ——— 2004-06-01 10:09 458752 C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    ——— 2004-06-01 10:03 217088 C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    –a—— 2004-05-21 18:11 221184 C:\WINDOWS\System32\LVCOMSX.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon]
    –a—— 2007-07-16 17:54 25264 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe]
    –a—— 2007-07-16 17:54 434864 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    –a—— 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoCompromaat]
    C:\Program Files\NoCompromaat\GDC.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    –a—— 2004-06-25 15:20 81920 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
    –a—— 2004-04-16 14:53 249856 C:\WINDOWS\System32\keyhook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    C:\PROGRA~1\SYMNET~1\SNDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ucookw]
    C:\PROGRA~1\STORAG~1\ucookw.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
    C:\Program Files\Norton Internet Security\UrlLstCk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Words]
    C:\Program Files\Words\Words.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰»1÷C:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\erqyfrno.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]­úü‰üžiC:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\erqyfrno.exe

    R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2005-10-21 18:00:01 C:\WINDOWS\Tasks\HDReg.job"
    - c:\Apps\HDReg\HDRegRem.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-14 18:28:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-01-14 18:37:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-14 17:37:35
    ComboFix2.txt 2008-01-13 17:25:22
    .
    2008-01-13 19:30:25 — E O F —

    ———————————
    Logbestand HijackThis
    ———————————

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:46:32, on 14-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
    C:\WINDOWS\System32\lxdicoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Luljetaa & Vjoletaa\Bureaublad\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1043
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
    O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.loudcash.com/UCITest/Cabs/4484.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab?f37d44ac492924dc063287e7256ff18ecfd47e0337570ba83184e71c504e963b95236c868425298f89b447183f619d26ee6674e426fe125aa66fafc22061bd61e2ef0b3c25:9aba7c18c9800e1f1bca9acc387e48ea
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://www.driveragent.com/files/driveragent.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\WINDOWS\System32\lxdicoms.exe


    End of file - 5305 bytes













  • De laatste stap schijnt niet helemaal goed gegaan te zijn, kan je die nogmaals uitvoeren. Sla de regels die je niet in Hijackthis kan vinden over :wink:
  • Wat bedoel je precies?

    Het tekstbestand met ComboFix openen?

    Ik heb het precies gedaan zoals het er staat…
  • Het tekstbestand moet je in Combofix slepen, aan de verwijderingen te zien kan het goed gegaan zijn, maar veel staat er nog. Daarom zou ik het graag nogmaals zien, want ik mis namelijk de switch van CFscript die er normaal onder hoort te staan, dat is bij jou niet het geval.
  • Excuus voor de late reactie…had internetproblemen. Maar alles is opgelost nu wat de problemen van bovenstaande computer betreft. Wel heb ik nu een ander probleem. Mijn eigen computer doet…vreemd. Echt vreemd. Eerst dacht ik dat het toevallig een verkeerd geïnstalleerd programma was. Dit is er tot nu toe gebeurd:

    - Windows Defender startte niet meer op (ook niet na nieuwe installatie)
    - AntiVir wil nu ook niet meer (nieuwe installatie lukt helemaal niet)
    - Van Spybot kan de .exe niet worden gevonden (ook niet na nieuwe installatie)
    - CCleaner kan wel worden geïnstalleerd, maar start niet meer op.
    - AdWare werkt nog wel, maar voor hoe lang…?

    Ik vermoed dat ik een virus heb. Heb al iets gezien van flec006.exe (kan ik niet verwijderen uit taaklijst. Wat te doen?

    Dit is het HijackThis rapportje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:58:18, on 19-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Administrator\Application Data\m\flec006.exe
    C:\Program Files\HD Tune\HDTune.exe
    C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\PureText.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Downloads\stinger.exe
    E:\Downloads\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: (no name) - {661294F7-1833-46B3-99EA-7AF25A41FC33} - (no file)
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    O4 - Startup: PureText.exe
    O4 - Global Startup: HD Tune.lnk = C:\Program Files\HD Tune\HDTune.exe
    O8 - Extra context menu item: Add to AMV Convert Tool… - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164649022593
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AB635358-8E4B-44FB-811D-E782E4398782}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B3CE5D56-F1A1-47AE-9C3C-93678EE6E0C2}: NameServer = 10.0.0.138
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: 22 - C:\WINDOWS\system32\22.tmp (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe (file missing)
    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe


    End of file - 5245 bytes
  • ComboFix uitgevoerd. Ik kan nu AntiVir weer installeren. Ook CCleaner werkt weer. Ik hoop dat ik er nu van af ben. Hieronder het rapport van ComboFix en daaronder een nieuwe HijackThis. Kam iemand mij zeggen dat alles nu goed is? Of moet ik nog een paar andere handelingen uitvoeren?

    —————————-
    ComboFix
    —————————-

    ComboFix 08-01-18.5 - Administrator 2008-01-19 11:42:55.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1696 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe

  • Start Hijackthis, kies voor [i:e52719e710]'Do a system scan only'[/i:e52719e710] en vink onderstaande regels aan:
    [b:e52719e710]
    O3 - Toolbar: (no name) - {661294F7-1833-46B3-99EA-7AF25A41FC33} - (no file)
    O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrator\Application Data\m\flec006.exe
    O20 - Winlogon Notify: 22 - C:\WINDOWS\system32\22.tmp (file missing)
    [/b:e52719e710]
    Sluit nu [u:e52719e710]alle[/u:e52719e710] openstaande vensters, behalve Hijackthis en klik op [b:e52719e710]Fix Checked[/b:e52719e710].

    Download de [b:e52719e710] en sla het op je buraublad op.
    Dubbelklik [b:e52719e710]SafeBootKeyRepair.exe[/b:e52719e710] om de tool te starten.

    Er wordt een log opgeslagen in C:\SafeBoot_Repair.txt.
    Post dat logje in je volgende reactie.

    Maak vervolgens een nieuwe log met Combofix en post die.
  • ——————–
    Safeboot-repair
    ——————–

    Reg export of SafeBoot key after repair:
    ========================

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
    @="Universal Serial Bus controllers"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @="CD-ROM Drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @="Standard floppy disk controller"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @="PCMCIA Adapters"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @="SCSIAdapter"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @="Floppy disk drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @="Human Interface Devices"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
    @="FSFilter System Recovery"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
    @="Driver Group"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
    @="Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
    @="Universal Serial Bus controllers"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
    @="CD-ROM Drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
    @="Standard floppy disk controller"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
    @="Hdc"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
    @="Keyboard"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
    @="Mouse"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
    @="Net"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
    @="NetClient"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
    @="NetService"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
    @="NetTrans"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
    @="PCMCIA Adapters"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
    @="SCSIAdapter"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
    @="System"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
    @="Floppy disk drive"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
    @="Volume"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
    @="Human Interface Devices"

    ========================

    ———————
    ComboFix
    ———————

    ComboFix 08-01-18.5 - Administrator 2008-01-19 16:51:38.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1451 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe

  • Ziet er goed uit!
    Hoe is het met je problemen? :)
  • Computer is weer even snel als voorheen en alle software die op de een of andere manier met beveiliging te maken heeft doet het ook weer. Ik zelf ervaar geen problemen meer, maar dat er 'onderhuids' nog iets speelt, weet ik niet. Ik denk van niet.

    Wat nog wel lastig is, is dat de regels die ik typ op het forum wel erg lang zijn. Ik moet veel horizontaal scrollen om de tekst te lezen. Maar dat heeft waarschijnlijk niets met het virus te maken…
  • Dat heb ik ook, dat komt door de forumsoftware.

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:2e39a761b8]combofix /u[/b:2e39a761b8]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:2e39a761b8]Select All[/b:2e39a761b8].
    Klik op de knop [b:2e39a761b8]Empty Selected[/b:2e39a761b8].

    Het volgende doen als je ook [u:2e39a761b8]FireFox[/u:2e39a761b8] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:2e39a761b8]Select All[/b:2e39a761b8].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:2e39a761b8]Empty Selected.[/b:2e39a761b8]

    Het volgende doen als je ook [u:2e39a761b8]Opera[/u:2e39a761b8] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:2e39a761b8]Select All[/b:2e39a761b8].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:2e39a761b8]Empty Selected[/b:2e39a761b8].
    Ga naar het tabblad "Main" en klik op de knop [b:2e39a761b8]Exit[/b:2e39a761b8] om het programma af te sluiten.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.