ramona83

Oke dank je wel voor de hulp alles lijkt weer prima te werken. groetjes

Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\atmtd.dll" not found! Deletion of file "C:\WINDOWS\system32\atmtd.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\atmtd.dll._" not found! Deletion of file "C:\WINDOWS\system32\atmtd.dll._" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\mrofinu1000106.0xe" not found! Deletion of file "C:\WINDOWS\mrofinu1000106.0xe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\mrofinu1188.0xe" not found! Deletion of file "C:\WINDOWS\mrofinu1188.0xe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\uninstall_nmon.vbs" not found! Deletion of file "C:\WINDOWS\uninstall_nmon.vbs" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "C:\WINDOWS\Fonts\x.rar\Setup.exe" Deletion of file "C:\WINDOWS\Fonts\x.rar\Setup.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "C:\WINDOWS\system32\cpmsky.dll" not found! Deletion of file "C:\WINDOWS\system32\cpmsky.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\MId2\bmv35gui.exe" not found! Deletion of file "C:\WINDOWS\system32\MId2\bmv35gui.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxvtu" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxvtu" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. ComboFix 08-04-20.2 - Ramona 2008-04-21 15:30:09.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.336 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Ramona\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt * Resident AV is active . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))) . 2008-04-19 21:19 . 2008-04-19 21:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-19 21:19 . 2008-04-19 21:19 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\Malwarebytes 2008-04-19 21:19 . 2008-04-19 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-19 18:27 . 2008-04-19 18:27 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-18 15:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-18 15:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-18 15:56 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-18 15:56 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-18 15:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-04-18 15:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-18 15:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-18 11:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-17 17:49 . 2007-11-01 13:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-04-17 17:49 . 2007-11-01 13:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-04-16 16:02 . 2008-04-16 17:57 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\LimeWire 2008-04-16 16:00 . 2008-04-16 16:01 <DIR> d-------- C:\Program Files\LimeWire 2008-04-15 21:37 . 2008-04-15 21:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-15 21:03 . 2008-04-15 21:04 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\ErrorSmart 2008-04-15 15:37 . 2008-04-21 15:21 <DIR> dr-h----- C:\Documents and Settings\Ramona\Onlangs geopend 2008-04-15 11:23 . 2008-04-15 11:23 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-15 10:46 . 2008-04-15 11:10 <DIR> d-------- C:\Program Files\Incomplete 2008-04-14 18:51 . 2008-04-14 18:51 <DIR> d---s---- C:\Documents and Settings\Richard\UserData 2008-04-14 18:37 . 2008-04-14 18:37 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\F-Secure 2008-04-14 18:11 . 2008-04-15 18:45 <DIR> d-------- C:\Documents and Settings\Richard\Contacts 2008-04-14 17:59 . 2008-03-04 19:42 <DIR> d-------- C:\Documents and Settings\Richard\WINDOWS 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> d--h----- C:\Documents and Settings\Richard\Sjablonen 2008-04-14 17:59 . 2008-04-16 15:55 <DIR> dr-h----- C:\Documents and Settings\Richard\Onlangs geopend 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> d--h----- C:\Documents and Settings\Richard\Netwerkprinteromgeving 2008-04-14 17:59 . 2008-04-16 17:16 <DIR> dr------- C:\Documents and Settings\Richard\Mijn documenten 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> dr------- C:\Documents and Settings\Richard\Menu Start 2008-04-14 17:59 . 2008-04-14 17:59 <DIR> dr------- C:\Documents and Settings\Richard\Favorieten 2008-04-14 17:59 . 2008-04-17 21:11 <DIR> dr------- C:\Documents and Settings\Richard\Bureaublad 2008-04-14 17:59 . 2008-03-04 19:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Symantec 2008-04-14 17:59 . 2008-04-17 21:16 <DIR> d-------- C:\Documents and Settings\Richard 2008-04-14 17:59 . 2008-04-21 15:41 1,024 --ah----- C:\Documents and Settings\Richard\ntuser.dat.LOG 2008-04-13 21:41 . 2008-04-20 20:29 <DIR> d--hs---- C:\WINDOWS\UmFtb25h 2008-04-13 21:40 . 2008-04-17 23:14 <DIR> d-------- C:\WINDOWS\system32\MId2 2008-04-13 21:40 . 2008-04-14 17:20 <DIR> d-------- C:\WINDOWS\system32\dtmp 2008-04-13 21:40 . 2008-04-13 21:40 <DIR> d-------- C:\WINDOWS\system32\BL 2008-04-13 21:40 . 2008-04-18 16:45 <DIR> d-------- C:\Temp 2008-04-10 18:35 . 2008-04-10 18:35 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\AdobeUM 2008-04-10 18:23 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-04-10 18:23 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-04-10 18:23 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-03-29 21:51 . 2008-04-14 17:07 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\F-Secure 2008-03-29 18:46 . 2008-04-17 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-29 18:45 . 2008-04-17 17:53 <DIR> d-------- C:\Program Files\PC Veilig 2008-03-29 18:45 . 2008-04-17 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-27 15:41 . 2008-03-27 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-24 18:28 . 2008-03-24 18:28 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 14:27 --------- d-----w C:\Program Files\FrostWire 2008-04-15 14:00 --------- d-----w C:\Documents and Settings\Ramona\Application Data\U3 2008-04-15 09:08 --------- d-----w C:\Documents and Settings\Ramona\Application Data\FrostWire 2008-04-14 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-13 11:07 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-11 08:19 --------- d-----w C:\Program Files\Logitech 2008-03-24 13:23 --------- d-----w C:\Program Files\Windows Live 2008-03-21 18:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-18 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-18 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-17 16:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-17 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-17 16:37 --------- d-----w C:\Program Files\epson 2008-03-17 15:54 --------- d-----w C:\Program Files\Java 2008-03-17 15:41 --------- d-----w C:\Program Files\Sun 2008-03-17 15:25 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Teleca 2008-03-17 15:23 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Sony Ericsson 2008-03-14 16:24 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-14 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2008-03-11 14:55 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-03-11 14:55 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Sonic 2008-03-11 14:55 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Leadertech 2008-03-08 18:16 --------- d-----w C:\Documents and Settings\Ramona\Application Data\GrabIt 2008-03-08 18:12 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-08 18:06 --------- d-----w C:\Program Files\MSN Messenger 2008-03-07 18:14 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Nero 2008-03-07 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-03-06 15:21 --------- d-----w C:\Program Files\FTDv3.8 2008-03-06 15:14 --------- d-----w C:\Program Files\GrabIt 2008-03-06 15:05 --------- d-----w C:\Program Files\QuickPar 2008-03-05 21:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-05 21:04 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-05 11:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 11:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-04 17:56 --------- d-----w C:\Program Files\Sonic 2008-03-04 17:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-03-04 17:55 --------- d-----w C:\Program Files\Microsoft Works 2008-03-04 17:54 --------- d-----w C:\Program Files\Real 2008-03-04 17:54 --------- d-----w C:\Program Files\Common Files\xing shared 2008-03-04 17:54 --------- d-----w C:\Program Files\Common Files\Real 2008-03-04 17:53 --------- d-----w C:\Program Files\QuickTime 2008-03-04 17:53 --------- d-----w C:\Program Files\CyberLink 2008-03-04 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-04 17:45 --------- d-----w C:\Program Files\Common Files\Java 2008-03-04 17:44 --------- d-----w C:\Program Files\S3Inc 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((( snapshot@2008-04-17_17.36.16.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-17 15:34:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-21 13:41:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-04-19 16:28:03 3,428,352 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-04-19 16:28:03 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-04-18 07:43:22 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-04-19 16:27:54 3,428,352 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-04-19 16:27:54 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2004-08-04 00:03:26 120,320 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2008-04-17 14:08:32 53,978 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-04-17 15:49:45 56,962 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-17 14:08:33 70,594 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-04-17 15:49:45 73,578 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-04-17 14:08:32 382,966 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-04-17 15:49:45 389,656 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-17 14:08:33 444,620 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-04-17 15:49:45 451,310 ----a-w C:\WINDOWS\system32\perfh013.dat - 2004-08-04 00:03:26 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-04-21 13:42:04 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_d8.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="C:\Program Files\PC Veilig\Common\FSM32.exe" [2007-11-01 13:42 182936] "F-Secure TNB"="C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" [2007-11-01 13:42 739936] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 13:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Veilig\HIPS\fshs.sys [2007-11-01 13:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2007-11-01 13:42] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Veilig\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 13:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Veilig\Anti-Virus\Win2K\FSrec.sys [2007-11-01 13:42] . Inhoud van de 'Gedeelde Taken' map "2008-04-15 19:03:43 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart.ex - C:\Program Files\ErrorSmart.Ramona+Runs ErrorSmart to optimize your registry. "2008-03-18 21:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-21 15:43:33 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files\PC Veilig\Common\FSMA32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsgk32.exe C:\Program Files\PC Veilig\Common\FSMB32.EXE C:\Program Files\PC Veilig\Common\FCH32.EXE C:\Program Files\PC Veilig\Common\FAMEH32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe C:\Program Files\PC Veilig\FSPC\fspc.exe C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files\PC Veilig\FWES\program\fsdfwd.exe C:\PROGRA~1\PCVEIL~1\ANTI-V~1\fsav32.exe C:\PROGRA~1\PCVEIL~1\Common\FSM32.EXE C:\PROGRA~1\PCVEIL~1\FSGUI\fsguidll.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Voltooingstijd: 2008-04-21 15:45:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-21 13:45:40 ComboFix2.txt 2008-04-18 14:52:45 ComboFix3.txt 2008-04-18 14:19:45 ComboFix4.txt 2008-04-17 15:36:29 Pre-Run: 189,549,215,744 bytes beschikbaar Post-Run: 189,573,926,912 bytes beschikbaar 209 --- E O F --- 2008-04-18 10:02:42

////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 2) Sun Apr 20 20:29:03 2008 20:28:36: Error: Invalid registry syntax in command: "[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxvtu]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) 20:28:46: Error: Invalid registry syntax in command: "[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) ////////////////////////////////////////// Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\atmtd.dll" not found! Deletion of file "C:\WINDOWS\system32\atmtd.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\atmtd.dll._" not found! Deletion of file "C:\WINDOWS\system32\atmtd.dll._" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\mrofinu1000106.0xe" not found! Deletion of file "C:\WINDOWS\mrofinu1000106.0xe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\mrofinu1188.0xe" not found! Deletion of file "C:\WINDOWS\mrofinu1188.0xe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\uninstall_nmon.vbs" not found! Deletion of file "C:\WINDOWS\uninstall_nmon.vbs" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\tmp.reg" deleted successfully. File "C:\WINDOWS\Fonts\rar.exe" deleted successfully. File "C:\Documents and Settings\Ramona\Application Data\setup_nl[1].exe" deleted successfully. File "C:\WINDOWS\UmFtb25h\oAIQvZc1.vbs" deleted successfully. Error: file "C:\WINDOWS\system32\cpmsky.dll" not found! Deletion of file "C:\WINDOWS\system32\cpmsky.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open file "C:\Documents and Settings\Ramona\Bureaublad\foon games\sony ericson jar games.zip\Setup.exe" Deletion of file "C:\Documents and Settings\Ramona\Bureaublad\foon games\sony ericson jar games.zip\Setup.exe" failed! Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not exist Error: file "C:\WINDOWS\system32\MId2\bmv35gui.exe" not found! Deletion of file "C:\WINDOWS\system32\MId2\bmv35gui.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Folder "C:\WINDOWS\Fonts\_" deleted successfully. Error: folder "C:\WINDOWS\system32\bharebio18" not found! Deletion of folder "C:\WINDOWS\system32\bharebio18" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:47:29, on 20-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Veilig\Common\FSM32.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files\PC Veilig\Common\FSMA32.EXE C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE C:\Program Files\PC Veilig\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Veilig\Common\FCH32.EXE C:\Program Files\PC Veilig\Common\FAMEH32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe C:\Program Files\PC Veilig\FSPC\fspc.exe C:\Program Files\PC Veilig\FSGUI\fsguidll.exe C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe C:\Program Files\PC Veilig\FSAUA\program\fsus.exe C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- End of file - 3711 bytes Scanrapport zondag 20 april 2008 20:46:57 - 22:00:27 Computernaam: SN039859520451 Scantype: Volledige controle pc uitvoeren Doel: C:\ + systeem + rootkits Resultaat: 2 malware aangetroffen Trojan.Win32.VB.cfl (virus) C:\WINDOWS\Fonts\x.rar\Setup.exe Windows (Vulnerability) REGDATA:HKCR\regfile\shell\open\command\ Actie: geïsoleerd Riskware gevonden RiskTool.Win32.Reboot (riskware) RiskTool.Win32.Reboot.f (riskware) C:\Documents and Settings\Ramona\Bureaublad\SmitfraudFix.zip\SmitfraudFix\Reboot.exe C:\Documents and Settings\Ramona\Bureaublad\SmitfraudFix\Reboot.exe Statistieken Gescand: Bestanden: 169499 Niet gescand: 34 Resultaat: Virussen: 1 Spyware: 1 Verdachte items: 0 Riskware: 3 Acties: Gedesinfecteerd: 0 Naam gewijzigd: 0 Verwijderd: 0 Geïsoleerd: 1 Mislukt: 0 Bootsectoren: Gescand: 1 Geïnfecteerd: 0 Verdachte items: 0 Gedesinfecteerd: 0 Bestanden niet gescand: Kan bestand (klik hier voor meer informatie) niet openen C:\HIBERFIL.SYS Kan bestand (klik hier voor meer informatie) niet openen C:\PAGEFILE.SYS Kan bestand (klik hier voor meer informatie) niet openen C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\BRANCHES.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\SPCUSTOM.DLL niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\SPMSG.DLL niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\SPUNINST.EXE niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATE.EXE niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATEBR.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATE_SP2GDR.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATE_SP2QFE.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDSPAPI.DLL niet openen Bestand C:\DRIVERS\OTHER.EXE\BIOSLOCK.PIF is gecodeerd Bestand C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE\BIOSLOCK.PIF is gecodeerd Bestand C:\DRIVERS\MCDBF\SOURCE1\TSADDON.EXE\UNISHHS.ARJ\UPDTAT.BAT is gecodeerd Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RICHARD\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI01PHL7.DEFAULT\CACHE\_CACHE_001_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RICHARD\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI01PHL7.DEFAULT\CACHE\_CACHE_002_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RICHARD\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI01PHL7.DEFAULT\CACHE\_CACHE_003_ niet openen Scannen van C:\Documents and Settings\Ramona\Mijn documenten\GrabIt Downloads\Nero 8[1][1].1.1.0 Lite NL\Nero 8.1.1.0 Lite NL\Nero 8.1.1.0 Lite NL\Nero-8.1.1.0_europe_lite.exe is afgebroken [F-Secure AVP] Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4OI9QLAM.DEFAULT\CACHE\_CACHE_001_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4OI9QLAM.DEFAULT\CACHE\_CACHE_002_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4OI9QLAM.DEFAULT\CACHE\_CACHE_003_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\HOTMAIL (RA FE2\POSTVAK IN\1EC778BF-00000071.EML niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\HOTMAIL (RA FE2\POSTVAK IN\779F6F37-00000070.EML niet openen Kan een bestand in archief Data/Fase22.map niet openen Kan een bestand in archief Data/Fase21.map niet openen Kan een bestand in archief Data/Fase22.map niet openen Kan een bestand in archief Data/Fase21.map niet openen Kan een bestand in archief Data/Fase22.map niet openen Kan een bestand in archief Data/Fase21.map niet openen Kan niet lezen uit bestand C:\Documents and Settings\Ramona\Bureaublad\Incomplete\T-149831840-1390 Sony Ericsson Spiele, Games, java W550i,W700i,K750i,W800i,W810i,W850i,W300i,K610i,W900i.rar\centipede.jar\META-INF\MANIFEST.MF [F-Secure Libra] Scannen van C:\Documents and Settings\Ramona\Bureaublad\Incomplete\T-149831840-1390 Sony Ericsson Spiele, Games, java W550i,W700i,K750i,W800i,W810i,W850i,W300i,K610i,W900i.rar is afgebroken [F-Secure AVP] Scannen van C:\Documents and Settings\Ramona\Bureaublad\Downloads\WindowsXP-KB835935-SP2-NLD.exe is afgebroken [F-Secure AVP] Bestand C:\Avenger\backup.zip\avenger/avenger.txt is gecodeerd Opties Versie definities: Virussen: 2008-04-20_01 Spyware: 2008-04-20_01 Scanengines: F-Secure AVP: 7.00.171, 2008-04-20 F-Secure Libra: 2.04.01, 2008-04-18 F-Secure Orion: 1.02.37, 2008-04-19 F-Secure Draco: 1.00.35, 2008-04-02 F-Secure BlackLight: 1.00.64 Scanopties: Opgegeven bestanden scannen: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Scannen binnen archieven Acties: Virussen: Vragen na scannen Spyware: Vragen na scannen Foutinformatie De fout 'Kan bestand niet openen' is opgetreden. Het foutbericht 'Kan bestand niet openen' betekent dat de scanner het bestand niet kon openen en dat het niet is gescand. U kunt dit foutbericht meestal negeren, omdat dit bericht vaak wordt weergegeven om andere redenen dan beveiligingsdreigingen, zoals: Het bestand was een systeembestand. Deze bestanden worden beschermd door het besturingssysteem. In dit geval kunt u dit bericht negeren. U hebt geen toestemming om het bestand te lezen. Als u het bestand wilt scannen. , moet u zich aanmelden met een gebruikersaccount met voldoende rechten (zoals de beheerdersaccount van de computer) en voert u de scan opnieuw uit. Het bestand was tijdens de scan in gebruik. Als u dit bestand wilt scannen, sluit u alle toepassingen en voert u de scan opnieuw uit. Copyright © 1998-2007 Productondersteuning | Virusvoorbeeld verzenden naar F-Secure F-Secure aanvaardt geen aansprakelijkheid voor materiaal dat is vervaardigd of gepubliceerd door derden die bereikbaar zijn vanaf de website van F-Secure. Tenzij u duidelijk anderszins verklaart, gaat u door het inzenden van materiaal naar een van onze servers, bijvoorbeeld via e-mail of de CGI e-mail van F-Secure, ermee akkoord dat het toegezonden materiaal mag worden gepubliceerd op de webpagina's van F-Secure of in gedrukte publicaties. U kunt de openbare website van F-Secure bereiken door te klikken op een van de onderstreepte koppelingen. Wanneer u dat doet, wordt uw bezoek geregistreerd in onze eigen toegangsstatistieken, inclusief uw domeinnaam. Deze informatie wordt niet doorgegeven aan derden. U stemt ermee in dat u geen actie tegen ons zult ondernemen in verband met door u ingezonden materiaal. Tenzij u duidelijk anderszins verklaart, machtigt u F-Secure door het inzenden van het materiaal om de beginselen die erin worden beschreven, zonder verdere verplichtingen o De pop ups enzo komen al niet meer voor dus schiet al op.... Alvast bedankt voor uw moeite.

SDFix: Version 1.172 Run by Ramona on za 19-04-2008 at 18:30 Microsoft Windows XP [versie 5.1.2600] Running From: C:\DOCUME~1\Ramona\BUREAU~1\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\csrss.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-19 18:36:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd502351] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd502351] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOCUME~1\Ramona\BUREAU~1\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 4 Mar 2008 193 A.SHR --- "C:\BOOT.BAK" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP122\A0049463.exe" Wed 5 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Ramona\Application Data\U3\temp\Launchpad Removal.exe" Finished! Malwarebytes' Anti-Malware 1.11 Database versie: 656 Scan type: Snelle Scan Objecten gescand: 31602 Verstreken tijd: 6 minute(s), 19 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 4 Registerwaarden geïnfecteerd: 0 Registerdata bestanden geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 3 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige items gevonden) Registerdata bestanden geïnfecteerd: (Geen kwaadaardige items gevonden) Mappen geïnfecteerd: C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: C:\Documents and Settings\Ramona\lsass.0xe (BackDoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bharebio18\bharebio182328.0xe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\svchost.0xe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:30:25, on 19-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files\PC Veilig\Common\FSMA32.EXE C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE C:\Program Files\PC Veilig\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Veilig\Common\FCH32.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\PC Veilig\Common\FAMEH32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe C:\Program Files\PC Veilig\FSPC\fspc.exe C:\Program Files\PC Veilig\Common\FSM32.EXE C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\PC Veilig\FSGUI\fsguidll.exe C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe C:\Program Files\PC Veilig\FSAUA\program\fsus.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O20 - Winlogon Notify: fccyxvtu - fccyxvtu.dll (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- End of file - 3820 bytes

ComboFix 08-04-16.5 - Ramona 2008-04-18 16:44:32.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.305 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Ramona\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Ramona\Bureaublad\CFScript.txt.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: C:\348.bat C:\Documents and Settings\Ramona\1409.bat C:\Documents and Settings\Ramona\services.exe C:\onoes.0xe C:\services.exe C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\WINDOWS\_delis32.ini C:\WINDOWS\mngui.INI C:\WINDOWS\mrofinu1000106.0xe C:\WINDOWS\mrofinu1188.0xe C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll-uninst.exe C:\WINDOWS\system32\amprmmcd.dll C:\WINDOWS\system32\ASKInstaller.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\cpmsky-uninst.exe C:\WINDOWS\system32\cpmsky.dll C:\WINDOWS\system32\fccyxvtu.0ll C:\WINDOWS\system32\fwsfslcr.dll C:\WINDOWS\system32\jdjatqvw.dll C:\WINDOWS\system32\jueesyfx.dll C:\WINDOWS\system32\kbceekbu.dll C:\WINDOWS\system32\ksublxuk.dll C:\WINDOWS\system32\msxml3a.dll C:\WINDOWS\system32\opnoljjg.dll C:\WINDOWS\system32\POInstaller.exe C:\WINDOWS\system32\qkkgwogm.dll C:\WINDOWS\system32\ubkeecbk.ini C:\WINDOWS\system32\weosinpk.dll C:\WINDOWS\uninstall_nmon.vbs . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\348.bat C:\Documents and Settings\Ramona\1409.bat C:\Documents and Settings\Ramona\services.exe C:\onoes.0xe C:\Program Files\VeiligheidsAgent C:\services.exe C:\sqmdata01.sqm C:\sqmdata02.sqm C:\sqmnoopt01.sqm C:\sqmnoopt02.sqm C:\Temp\wdlw14 C:\Temp\wdlw14\maxN1bo.log C:\VundoFix Backups C:\WINDOWS\_delis32.ini C:\WINDOWS\mngui.INI C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll-uninst.exe C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll C:\WINDOWS\system32\amprmmcd.dll C:\WINDOWS\system32\ASKInstaller.exe C:\WINDOWS\system32\cbbjmybs.ini C:\WINDOWS\system32\cgpgkkqs.dll C:\WINDOWS\system32\cpmsky-uninst.exe C:\WINDOWS\system32\fccyxvtu.0ll C:\WINDOWS\system32\fwsfslcr.dll C:\WINDOWS\system32\gjjlonpo.ini C:\WINDOWS\system32\gjjlonpo.ini2 C:\WINDOWS\system32\jdjatqvw.dll C:\WINDOWS\system32\jueesyfx.dll C:\WINDOWS\system32\kbceekbu.dll C:\WINDOWS\system32\ksublxuk.dll C:\WINDOWS\system32\msxml3a.dll C:\WINDOWS\system32\opnoljjg.dll C:\WINDOWS\system32\POInstaller.exe C:\WINDOWS\system32\qkkgwogm.dll C:\WINDOWS\system32\sbymjbbc.dll C:\WINDOWS\system32\ubkeecbk.ini C:\WINDOWS\system32\weosinpk.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))) . 2008-04-18 15:57 . 2008-04-18 15:57 958 --a------ C:\WINDOWS\system32\tmp.reg 2008-04-18 15:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-04-18 15:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-04-18 15:56 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-04-18 15:56 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-04-18 15:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-04-18 15:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-04-18 15:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-04-18 11:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-04-17 17:49 . 2007-11-01 13:42 57,824 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys 2008-04-17 17:49 . 2007-11-01 13:42 36,768 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys 2008-04-16 16:02 . 2008-04-16 17:57 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\LimeWire 2008-04-16 16:00 . 2008-04-16 16:01 <DIR> d-------- C:\Program Files\LimeWire 2008-04-15 21:37 . 2008-04-15 21:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-15 21:08 . 2008-04-15 21:08 260,384 --a------ C:\Documents and Settings\Ramona\Application Data\setup_nl[1].exe 2008-04-15 21:03 . 2008-04-15 21:04 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\ErrorSmart 2008-04-15 15:37 . 2008-04-18 16:41 <DIR> dr-h----- C:\Documents and Settings\Ramona\Onlangs geopend 2008-04-15 11:23 . 2008-04-15 11:23 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-15 10:46 . 2008-04-15 11:10 <DIR> d-------- C:\Program Files\Incomplete 2008-04-14 18:51 . 2008-04-14 18:51 <DIR> d---s---- C:\Documents and Settings\Richard\UserData 2008-04-14 18:37 . 2008-04-14 18:37 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\F-Secure 2008-04-14 18:11 . 2008-04-15 18:45 <DIR> d-------- C:\Documents and Settings\Richard\Contacts 2008-04-14 17:59 . 2008-03-04 19:42 <DIR> d-------- C:\Documents and Settings\Richard\WINDOWS 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> d--h----- C:\Documents and Settings\Richard\Sjablonen 2008-04-14 17:59 . 2008-04-16 15:55 <DIR> dr-h----- C:\Documents and Settings\Richard\Onlangs geopend 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> d--h----- C:\Documents and Settings\Richard\Netwerkprinteromgeving 2008-04-14 17:59 . 2008-04-16 17:16 <DIR> dr------- C:\Documents and Settings\Richard\Mijn documenten 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> dr------- C:\Documents and Settings\Richard\Menu Start 2008-04-14 17:59 . 2008-04-14 17:59 <DIR> dr------- C:\Documents and Settings\Richard\Favorieten 2008-04-14 17:59 . 2008-04-17 21:11 <DIR> dr------- C:\Documents and Settings\Richard\Bureaublad 2008-04-14 17:59 . 2008-03-04 19:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Symantec 2008-04-14 17:59 . 2008-04-17 21:16 <DIR> d-------- C:\Documents and Settings\Richard 2008-04-14 17:08 . 2008-04-14 17:08 128 --a------ C:\csrss.exe 2008-04-13 21:41 . 2008-04-13 21:49 <DIR> d--hs---- C:\WINDOWS\UmFtb25h 2008-04-13 21:40 . 2008-04-17 23:14 <DIR> d-------- C:\WINDOWS\system32\MId2 2008-04-13 21:40 . 2008-04-14 17:20 <DIR> d-------- C:\WINDOWS\system32\dtmp 2008-04-13 21:40 . 2008-04-13 21:40 <DIR> d-------- C:\WINDOWS\system32\BL 2008-04-13 21:40 . 2008-04-17 23:14 <DIR> d-------- C:\WINDOWS\system32\bharebio18 2008-04-13 21:40 . 2008-04-18 16:45 <DIR> d-------- C:\Temp 2008-04-10 18:35 . 2008-04-10 18:35 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\AdobeUM 2008-04-10 18:23 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-04-10 18:23 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-04-10 18:23 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-03-29 21:51 . 2008-04-14 17:07 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\F-Secure 2008-03-29 18:46 . 2008-04-17 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-29 18:45 . 2008-04-17 17:53 <DIR> d-------- C:\Program Files\PC Veilig 2008-03-29 18:45 . 2008-04-17 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-27 15:41 . 2008-03-27 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-24 18:28 . 2008-03-24 18:28 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12 2008-03-18 16:47 . 2008-03-18 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 14:27 --------- d-----w C:\Program Files\FrostWire 2008-04-15 14:00 --------- d-----w C:\Documents and Settings\Ramona\Application Data\U3 2008-04-15 09:08 --------- d-----w C:\Documents and Settings\Ramona\Application Data\FrostWire 2008-04-14 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-13 19:44 316,928 ----a-w C:\WINDOWS\Fonts\rar.exe 2008-04-13 11:07 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-11 08:19 --------- d-----w C:\Program Files\Logitech 2008-03-24 13:23 --------- d-----w C:\Program Files\Windows Live 2008-03-21 18:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-18 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-17 16:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-17 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-17 16:37 --------- d-----w C:\Program Files\epson 2008-03-17 15:54 --------- d-----w C:\Program Files\Java 2008-03-17 15:41 --------- d-----w C:\Program Files\Sun 2008-03-17 15:25 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Teleca 2008-03-17 15:23 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Sony Ericsson 2008-03-14 16:24 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-14 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2008-03-11 14:55 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-03-11 14:55 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Sonic 2008-03-11 14:55 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Leadertech 2008-03-08 18:16 --------- d-----w C:\Documents and Settings\Ramona\Application Data\GrabIt 2008-03-08 18:12 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-08 18:06 --------- d-----w C:\Program Files\MSN Messenger 2008-03-07 18:14 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Nero 2008-03-07 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-03-06 15:21 --------- d-----w C:\Program Files\FTDv3.8 2008-03-06 15:14 --------- d-----w C:\Program Files\GrabIt 2008-03-06 15:05 --------- d-----w C:\Program Files\QuickPar 2008-03-05 21:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-05 21:04 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-05 11:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 11:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-04 17:56 --------- d-----w C:\Program Files\Sonic 2008-03-04 17:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-03-04 17:55 --------- d-----w C:\Program Files\Microsoft Works 2008-03-04 17:54 --------- d-----w C:\Program Files\Real 2008-03-04 17:54 --------- d-----w C:\Program Files\Common Files\xing shared 2008-03-04 17:54 --------- d-----w C:\Program Files\Common Files\Real 2008-03-04 17:53 --------- d-----w C:\Program Files\QuickTime 2008-03-04 17:53 --------- d-----w C:\Program Files\CyberLink 2008-03-04 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-04 17:45 --------- d-----w C:\Program Files\Common Files\Java 2008-03-04 17:44 --------- d-----w C:\Program Files\S3Inc 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2005-07-29 14:24 472 --sha-r C:\WINDOWS\UmFtb25h\oAIQvZc1.vbs . ((((((((((((((((((((((((((((( snapshot@2008-04-17_17.36.16.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-17 15:34:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 14:49:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2004-08-04 00:03:26 120,320 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2008-04-17 14:08:32 53,978 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-04-17 15:49:45 56,962 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-17 14:08:33 70,594 ----a-w C:\WINDOWS\system32\perfc013.dat + 2008-04-17 15:49:45 73,578 ----a-w C:\WINDOWS\system32\perfc013.dat - 2008-04-17 14:08:32 382,966 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-04-17 15:49:45 389,656 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-17 14:08:33 444,620 ----a-w C:\WINDOWS\system32\perfh013.dat + 2008-04-17 15:49:45 451,310 ----a-w C:\WINDOWS\system32\perfh013.dat - 2004-08-04 00:03:26 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-04-18 14:49:18 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="C:\Program Files\PC Veilig\Common\FSM32.exe" [2007-11-01 13:42 182936] "F-Secure TNB"="C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" [2007-11-01 13:42 739936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxvtu] fccyxvtu.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnoljjg [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-11-01 13:42] R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\PC Veilig\HIPS\fshs.sys [2007-11-01 13:42] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2007-11-01 13:42] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\PC Veilig\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 13:42] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\PC Veilig\Anti-Virus\Win2K\FSrec.sys [2007-11-01 13:42] . Inhoud van de 'Gedeelde Taken' map "2008-04-15 19:03:43 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart.ex - C:\Program Files\ErrorSmart.Ramona+Runs ErrorSmart to optimize your registry. "2008-03-18 21:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 16:50:41 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files\PC Veilig\Common\FSMA32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsgk32.exe C:\Program Files\PC Veilig\Common\FSMB32.EXE C:\Program Files\PC Veilig\Common\FCH32.EXE C:\Program Files\PC Veilig\Common\FAMEH32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe C:\Program Files\PC Veilig\FSPC\fspc.exe C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files\PC Veilig\FWES\program\fsdfwd.exe C:\PROGRA~1\PCVEIL~1\ANTI-V~1\fsav32.exe C:\PROGRA~1\PCVEIL~1\Common\FSM32.EXE C:\PROGRA~1\PCVEIL~1\FSGUI\fsguidll.exe . ************************************************************************** . Voltooingstijd: 2008-04-18 16:52:44 - machine was rebooted [Ramona] ComboFix-quarantined-files.txt 2008-04-18 14:52:38 ComboFix2.txt 2008-04-18 14:19:45 ComboFix3.txt 2008-04-17 15:36:29 Pre-Run: 187,344,064,512 bytes beschikbaar Post-Run: 187,341,668,352 bytes beschikbaar . 2008-04-18 10:02:42 --- E O F --- SmitFraudFix v2.314 Scan done at 15:56:53,03, vr 18-04-2008 Run from C:\Documents and Settings\Ramona\Bureaublad\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E8269C6-E595-4D65-8ADF-94FC0B17BE9E}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E8269C6-E595-4D65-8ADF-94FC0B17BE9E}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6E8269C6-E595-4D65-8ADF-94FC0B17BE9E}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:11, on 18-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files\PC Veilig\Common\FSMA32.EXE C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE C:\Program Files\PC Veilig\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Veilig\Common\FCH32.EXE C:\Program Files\PC Veilig\Common\FAMEH32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe C:\Program Files\PC Veilig\FSPC\fspc.exe C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Veilig\Common\FSM32.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\PC Veilig\FSGUI\fsguidll.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Ouderlijk... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Veilig\FSPC\fspcmsie.dll O20 - Winlogon Notify: fccyxvtu - fccyxvtu.dll (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- End of file - 3798 bytes en ik weet niet of je heir iets aan hebt maar dit geeft mijn virus scan aan na t scannen van de gehele pc.. Scanrapport donderdag 17 april 2008 21:51:45 - 23:11:25 Computernaam: SN039859520451 Scantype: Volledige controle pc uitvoeren Doel: C:\ + systeem + rootkits Resultaat: 320 malware aangetroffen AdWare.Win32.TrafficSol.ah (adware) C:\WINDOWS\system32\cpmsky.dll Trojan.Win32.VB.cfl (virus) C:\WINDOWS\Fonts\x.rar\Setup.exe C:\WINDOWS\Fonts\_\1st Desktop Guard 2.3.rar\Setup.exe C:\WINDOWS\Fonts\_\1st Disk Drive Protector 2.3.rar\Setup.exe C:\WINDOWS\Fonts\_\1st Evidence Remover 2.4.rar\Setup.exe C:\WINDOWS\Fonts\_\1st Network Admin 2.3.rar\Setup.exe C:\WINDOWS\Fonts\_\321 Video Converter 1.2.14.rar\Setup.exe C:\WINDOWS\Fonts\_\5 Star Mail Server v3.0-PTZ.rar\Setup.exe C:\WINDOWS\Fonts\_\a-squared Anti-Malware 3.5.0.22.rar\Setup.exe C:\WINDOWS\Fonts\_\a-squared Command Line Scanner 3.5.0.6.rar\Setup.exe C:\WINDOWS\Fonts\_\a-squared Free 3.5.0.8.rar\Setup.exe C:\WINDOWS\Fonts\_\AcePlanner v1.2.34.rar\Setup.exe C:\WINDOWS\Fonts\_\Acronis True Image Echo Enterprise Server v9.5.8076.rar\Setup.exe C:\WINDOWS\Fonts\_\Active WebTraffic 8.1.5.rar\Setup.exe C:\WINDOWS\Fonts\_\Actysoft Global Downloader v1.4.2.1-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\AD Sound Recorder v3.7-MAZE.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced Contact Manager Personal 2.5.62.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced ID Creator Enterprise 7.13.49.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced ID Creator Personal 7.13.49.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced RSS Mixer Premier 3.5.65.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced RSS2Email Premier 3.9.58.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced RSS2Web Premier 3.9.58.rar\Setup.exe C:\WINDOWS\Fonts\_\Advanced Time Reports Web Premier 8.11.186.rar\Setup.exe C:\WINDOWS\Fonts\_\Agogo DVD to iPod Video Converter 7.00.rar\Setup.exe C:\WINDOWS\Fonts\_\Aimersoft MP4 Video Converter 1.1.53.rar\Setup.exe C:\WINDOWS\Fonts\_\Aimersoft Zune Video Converter 1.1.53.rar\Setup.exe C:\WINDOWS\Fonts\_\Akram Audio Editor 2.2.128.rar\Setup.exe C:\WINDOWS\Fonts\_\AKRAM Media Creator 1.11.128.rar\Setup.exe C:\WINDOWS\Fonts\_\Alchemy Mindworks Pagan Daybook 3 v5.0a23-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\ALO Video Converter 5.7.2.rar\Setup.exe C:\WINDOWS\Fonts\_\ALO Video to Audio Converter 2.3.43.rar\Setup.exe C:\WINDOWS\Fonts\_\AMS Software Photo Effects v1.41.rar\Setup.exe C:\WINDOWS\Fonts\_\Apple QuickTime Pro v7.4.5-DI.rar\Setup.exe C:\WINDOWS\Fonts\_\APT Golf v1.24.rar\Setup.exe C:\WINDOWS\Fonts\_\Aquadelic GT unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Aquarium Lab v2.3.rar\Setup.exe C:\WINDOWS\Fonts\_\Arc DVD Copy v1.5.28-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\ArmA Combat Operations cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Auto Power-on Shut-down 2.10.rar\Setup.exe C:\WINDOWS\Fonts\_\AutoScreen 1.22.rar\Setup.exe C:\WINDOWS\Fonts\_\Avanquest Ringtone Media Studio v3.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Avencast unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Azureus 3.0.5.3 B02.rar\Setup.exe C:\WINDOWS\Fonts\_\Become Happy 4.6.rar\Setup.exe C:\WINDOWS\Fonts\_\BinarySun Bubble Blitz v2.02 trainer plus 2.rar\Setup.exe C:\WINDOWS\Fonts\_\BinarySun Bubble Bomb v1.5 trainer plus 2.rar\Setup.exe C:\WINDOWS\Fonts\_\Biometric Handpunch Manager Enterprise 6.19.44.rar\Setup.exe C:\WINDOWS\Fonts\_\Bonampak v1.0 trainer plus 2.rar\Setup.exe C:\WINDOWS\Fonts\_\Bottle Buster v1.09 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Boutell Wusage v8.0 P52 Linux.rar\Setup.exe C:\WINDOWS\Fonts\_\Bowling Masters 1.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Brain trainer plus..trainer plus 1.rar\Setup.exe C:\WINDOWS\Fonts\_\BSQL 1.0.rar\Setup.exe C:\WINDOWS\Fonts\_\CAN Script 1.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Can You See What I See Curfuffle Collectables v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Capoeira Fighter 3 Ultimate World Tournament v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\CC File Transfer v2.98.rar\Setup.exe C:\WINDOWS\Fonts\_\Cell 1.1.rar\Setup.exe C:\WINDOWS\Fonts\_\cFos 7.52 Build 3065.rar\Setup.exe C:\WINDOWS\Fonts\_\ClipMate 7.3.09.rar\Setup.exe C:\WINDOWS\Fonts\_\Coffee Rush v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Coherent PDF Command Line Tools 1.0.rar\Setup.exe \\?\C:\WINDOWS\Fonts\_\Conflict Denied Ops trainer plus 3.rar\Setup.exe C:\WINDOWS\Fonts\_\Core FTP Pro v2.1.1522.rar\Setup.exe C:\WINDOWS\Fonts\_\Crazy Boomerang Screen Shot v2.01-MAZE.rar\Setup.exe C:\WINDOWS\Fonts\_\CryptoExpert 2008 Professional 7.5.8.rar\Setup.exe C:\WINDOWS\Fonts\_\Crysis v1.2.32Bit PLUS 11 TRAINER-BReWErS.rar\Setup.exe C:\WINDOWS\Fonts\_\Data Quik v4.12.rar\Setup.exe C:\WINDOWS\Fonts\_\Daylon Leveller 2.6.2.rar\Setup.exe C:\WINDOWS\Fonts\_\DELCAM FEATURECAM INCL SOLID PLUGIN V14.3.rar\Setup.exe C:\WINDOWS\Fonts\_\Desktop Layout Keeper v 2.2-PTZ.rar\Setup.exe C:\WINDOWS\Fonts\_\Digital Canal VersaFrame v3.1 Build 489.3.rar\Setup.exe C:\WINDOWS\Fonts\_\DigitByte AVI Joiner v1.2.rar\Setup.exe C:\WINDOWS\Fonts\_\DigitByte CD DVD Data Recovery v1.1.rar\Setup.exe C:\WINDOWS\Fonts\_\DigitByte Midi To WAV Maker v2.21.rar\Setup.exe C:\WINDOWS\Fonts\_\DirectX Happy Uninstall v3.97.rar\Setup.exe C:\WINDOWS\Fonts\_\Docking control 1.0.1.rar\Setup.exe C:\WINDOWS\Fonts\_\Downbeat v1.0.0 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\DSCdecoder v4.3.5-NeoX.rar\Setup.exe C:\WINDOWS\Fonts\_\Dylos Adventure v1.212 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\EarthTime v2.0.1-PTZ.rar\Setup.exe C:\WINDOWS\Fonts\_\Easy Disk Drive Safeguard 2.3.rar\Setup.exe C:\WINDOWS\Fonts\_\Easy DVD CD Burner v3.0.118-PALACE.rar\Setup.exe C:\WINDOWS\Fonts\_\Easy Music CD Burner v3.0.87-PALACE.rar\Setup.exe C:\WINDOWS\Fonts\_\Easy Vista Manager 1.7.2.rar\Setup.exe C:\WINDOWS\Fonts\_\EBgo Sniper v1.6.9-TE.rar\Setup.exe C:\WINDOWS\Fonts\_\EDGE Diagrammer 6.01.2013.rar\Setup.exe C:\WINDOWS\Fonts\_\Effective Journal v1.003.002.rar\Setup.exe C:\WINDOWS\Fonts\_\Effective Planner v1.002.001.rar\Setup.exe C:\WINDOWS\Fonts\_\Effective Slideshow v1.003.002.rar\Setup.exe C:\WINDOWS\Fonts\_\Effective Webpage v1.002.002.rar\Setup.exe C:\WINDOWS\Fonts\_\Effective Word v1.003.007.rar\Setup.exe C:\WINDOWS\Fonts\_\Egyptoid 2 v1.1.4 Plus 1 Trainer.rar\Setup.exe C:\WINDOWS\Fonts\_\ElectraSoft Multi Clipboard v08.04.01-EOF.rar\Setup.exe C:\WINDOWS\Fonts\_\Eragon cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Escape From Paradise City trainer plus 7.rar\Setup.exe C:\WINDOWS\Fonts\_\Ether Software My Video Converter v1.2.22 Serial-iMST.rar\Setup.exe C:\WINDOWS\Fonts\_\EZ Screen Recorder 3.99.rar\Setup.exe C:\WINDOWS\Fonts\_\Family Cyber Alert v4.11.rar\Setup.exe C:\WINDOWS\Fonts\_\Fantasy Wars trainer plus cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Farm Frenzy Deluxe v1.3.0.0 Multi2 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\FetchIt! 1.0.0.rar\Setup.exe C:\WINDOWS\Fonts\_\File Viewer v6.01.rar\Setup.exe C:\WINDOWS\Fonts\_\Fishing Craze v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Flash Player 1.0.1.rar\Setup.exe C:\WINDOWS\Fonts\_\Flex GIF Animator 8.53.rar\Setup.exe C:\WINDOWS\Fonts\_\FlexPDE Professional 3D v5.0.21 Linux x64.rar\Setup.exe C:\WINDOWS\Fonts\_\FlexPDE Professional 3D v5.0.21 x64.rar\Setup.exe C:\WINDOWS\Fonts\_\Fly Chaser PLUS 4 TRAINER.rar\Setup.exe C:\WINDOWS\Fonts\_\Folder Castle 2.1.rar\Setup.exe C:\WINDOWS\Fonts\_\Ford Racing Off Road RIP PLUS 3 TRAINER.rar\Setup.exe C:\WINDOWS\Fonts\_\Ford Racing Off Road RIP UNLOCKER-Unleashed.rar\Setup.exe C:\WINDOWS\Fonts\_\Fox Movie Manager 1.29.rar\Setup.exe C:\WINDOWS\Fonts\_\FRANTIC FILMS KRAKATOA V1.1.0.31453 FOR 3DS MAX.rar\Setup.exe C:\WINDOWS\Fonts\_\Free Hide Folder 2.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Free&Easy Font Viewer 2.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Front Line Attack War Over Europe cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Frontlines Fuel of War cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Frontlines Fuel of War PLUS 7 TRAINER-BReWErS.rar\Setup.exe C:\WINDOWS\Fonts\_\FTP Now v2.6.84-PALACE.rar\Setup.exe C:\WINDOWS\Fonts\_\Furball Frenzy v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Gears of War Unlocker With GiftudedSUX.rar\Setup.exe C:\WINDOWS\Fonts\_\GibbsCAM 2007 v8.7.13.rar\Setup.exe C:\WINDOWS\Fonts\_\Go Go Gourmet v1.0 trainer plus 3.rar\Setup.exe C:\WINDOWS\Fonts\_\Golden32 v5.7.456.rar\Setup.exe C:\WINDOWS\Fonts\_\GoldSolution PC Auto Shutdown v3.8-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\GoldView32 v2.1.191.rar\Setup.exe C:\WINDOWS\Fonts\_\Gradekeeper 6.4.rar\Setup.exe C:\WINDOWS\Fonts\_\Great Secrets Da Vinci v1.02 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Guitar Hero 3 Legends Of Rock cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Gunstorm II Starvixen v1.01 trainer plus 10.rar\Setup.exe C:\WINDOWS\Fonts\_\Gunstorm v1.03 trainer plus 2.rar\Setup.exe C:\WINDOWS\Fonts\_\Hard To Be A God Plus 3 Trainer.rar\Setup.exe C:\WINDOWS\Fonts\_\Hardware Sensors Monitor 4.4.1.1.rar\Setup.exe C:\WINDOWS\Fonts\_\HDRsoft Photomatix Pro v3.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Hellgate London v1.35.44.4020 DX9 trainer plus 5.rar\Setup.exe C:\WINDOWS\Fonts\_\HHD Software Hex Editor Neo Ultimate v4.21.03.1184.rar\Setup.exe C:\WINDOWS\Fonts\_\Hoyle Card Games 2008 unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\HunterSoft Magic Translator v8.01.6556.rar\Setup.exe C:\WINDOWS\Fonts\_\HunterSoft My BootDisk v2.95.3799.rar\Setup.exe C:\WINDOWS\Fonts\_\HWDIRECT v1.88.rar\Setup.exe C:\WINDOWS\Fonts\_\Ice Cream Mania v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Identity Finder Home Edition 3.4.rar\Setup.exe C:\WINDOWS\Fonts\_\Identity Finder Professional Edition 3.4.rar\Setup.exe C:\WINDOWS\Fonts\_\IIS Mod-Rewrite Pro 3.5.rar\Setup.exe C:\WINDOWS\Fonts\_\IIS Mod-Rewrite standard 3.5.rar\Setup.exe C:\WINDOWS\Fonts\_\Integrated Notification System 7.1.3.rar\Setup.exe C:\WINDOWS\Fonts\_\Internet Business Promoter (IBP) 10.1.1.rar\Setup.exe C:\WINDOWS\Fonts\_\IVS 3D Fledermaus Pro v6.7.0e 315 x64.rar\Setup.exe C:\WINDOWS\Fonts\_\IVS 3D Fledermaus Pro v6.7.0e 315.rar\Setup.exe C:\WINDOWS\Fonts\_\Jets N Guns cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\JimsQuest Woofpool 2007 v12.08.rar\Setup.exe C:\WINDOWS\Fonts\_\JLanguageLearn 0.8.6.rar\Setup.exe C:\WINDOWS\Fonts\_\KeePass Password Safe 1.11.rar\Setup.exe C:\WINDOWS\Fonts\_\King of Clubs trainer plus 4.rar\Setup.exe C:\WINDOWS\Fonts\_\Knights of the Temple 2 PLUS 10 TRAiNER-Unleashed.rar\Setup.exe C:\WINDOWS\Fonts\_\Koi Solitaire v1.3 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Koma-Mail 3.668.rar\Setup.exe C:\WINDOWS\Fonts\_\LangOver 5.0.rar\Setup.exe C:\WINDOWS\Fonts\_\LeaderTask Portable 5.5.9.rar\Setup.exe C:\WINDOWS\Fonts\_\Little Shop of Treasures 3 City Lights v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Little Shop of Treasures v1.0.1.1 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Lost Via Domus UNLOCKER.rar\Setup.exe C:\WINDOWS\Fonts\_\LUMONIX PUPPETSHOP V3.41 FOR 3DS MAX 2009.rar\Setup.exe C:\WINDOWS\Fonts\_\LUMONIX SHADER FX V2.07 FOR 3DS MAX 2009.rar\Setup.exe C:\WINDOWS\Fonts\_\LUMONIX SKIN FX V2.08 FOR 3DS MAX 2009.rar\Setup.exe C:\WINDOWS\Fonts\_\Magic DVD Copier v4.7.1 Build 9-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\Magic Tale v1.1 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Magic Tea v1.0 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Magic Video Converter 8.0.10.26.rar\Setup.exe C:\WINDOWS\Fonts\_\MagiName 1.2 build47.rar\Setup.exe C:\WINDOWS\Fonts\_\MahJong Suite 2008 v5.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Mamutu 1.6.0.11.rar\Setup.exe C:\WINDOWS\Fonts\_\Master Kick 1.3.3.rar\Setup.exe C:\WINDOWS\Fonts\_\McAfee VirusScan Definition 5272.rar\Setup.exe C:\WINDOWS\Fonts\_\MediaMan 2.71.2.rar\Setup.exe C:\WINDOWS\Fonts\_\Megastore Madness v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\MessenPass 1.18.rar\Setup.exe C:\WINDOWS\Fonts\_\Monkey Business PLUS 4 TRAINER.rar\Setup.exe C:\WINDOWS\Fonts\_\Monkey Business v1.01.38 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\MP3 Converter 4.2.77.rar\Setup.exe C:\WINDOWS\Fonts\_\MP3 Speed Changer v2.31-MAZE.rar\Setup.exe C:\WINDOWS\Fonts\_\MyLanViewer v1.0-MAZE.rar\Setup.exe C:\WINDOWS\Fonts\_\MyUSBonly 4.4.291.rar\Setup.exe C:\WINDOWS\Fonts\_\Mz Cpu Accelerator 2.2.rar\Setup.exe C:\WINDOWS\Fonts\_\NCSS with GESS 2007 v7.1.7.rar\Setup.exe C:\WINDOWS\Fonts\_\NDBfinder v2.1-NeoX.rar\Setup.exe C:\WINDOWS\Fonts\_\NETGATE FortKnox Personal Firewall 2008 v3.0.195-iMST.rar\Setup.exe C:\WINDOWS\Fonts\_\NetTransport v2.56a 396-BLADE.rar\Setup.exe C:\WINDOWS\Fonts\_\Nihuo Web Log Analyzer 3.22.rar\Setup.exe C:\WINDOWS\Fonts\_\Notepad++ 4.8.5.rar\Setup.exe C:\WINDOWS\Fonts\_\Nsasoft Product Key Explorer v2.0.3-PALACE.rar\Setup.exe C:\WINDOWS\Fonts\_\Nuance PDF Converter Professional Enterprise v5.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Nuance PDF Converter Professional Enterprise x64 v5.0.rar\Setup.exe C:\WINDOWS\Fonts\_\OfficeFIX 6.17.rar\Setup.exe C:\WINDOWS\Fonts\_\Painkiller Overdose cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Pano2Movie 2.0.2.rar\Setup.exe C:\WINDOWS\Fonts\_\Panzer Campaigns 3 Kharkov 42 v1.10 NoCD.rar\Setup.exe C:\WINDOWS\Fonts\_\Panzer Campaigns Stalingrad 42 v1.02 NoCD.rar\Setup.exe C:\WINDOWS\Fonts\_\PayPunch Enterprise 7.03.170.rar\Setup.exe C:\WINDOWS\Fonts\_\PayPunch Lite 7.2.170.rar\Setup.exe C:\WINDOWS\Fonts\_\PcTools File Recover v6.2.0.20.rar\Setup.exe C:\WINDOWS\Fonts\_\Photo Sorter Pro 3.74.rar\Setup.exe C:\WINDOWS\Fonts\_\Photomatix Pro v3.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Picture Viewer Max 6.rar\Setup.exe C:\WINDOWS\Fonts\_\Pirateville Plus 2 Trainer.rar\Setup.exe C:\WINDOWS\Fonts\_\Pirateville Unlocker DIRFIX-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Pixel Editor 2.21.rar\Setup.exe C:\WINDOWS\Fonts\_\PlanePlotter v4.6.5-NeoX.rar\Setup.exe C:\WINDOWS\Fonts\_\PLEdit32 v5.7.290.rar\Setup.exe C:\WINDOWS\Fonts\_\Port Royale 2 cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\PostgreSQL Maestro 8.3.0.2.rar\Setup.exe C:\WINDOWS\Fonts\_\PowerCmd v1.8.404-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\PrimaSoft Check In Out Organizer Pro v1.9.rar\Setup.exe C:\WINDOWS\Fonts\_\PrimaSoft Contact Organizer Pro v1.9.rar\Setup.exe C:\WINDOWS\Fonts\_\PrimaSoft Invoice Organizer Pro v1.9.rar\Setup.exe C:\WINDOWS\Fonts\_\PrimaSoft Personnel Organizer Pro v1.9.rar\Setup.exe C:\WINDOWS\Fonts\_\PrimaSoft Purchase Order Organizer Pro v1.9.rar\Setup.exe C:\WINDOWS\Fonts\_\PrimaSoft Small Library Organizer Pro v1.9.rar\Setup.exe C:\WINDOWS\Fonts\_\PTZ Controller v1.5-PM8.rar\Setup.exe C:\WINDOWS\Fonts\_\Purchase Order 3.2.05.rar\Setup.exe C:\WINDOWS\Fonts\_\Purrfect Pet Shop v01.01.0.038 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Race 07 trainer plus 1.rar\Setup.exe C:\WINDOWS\Fonts\_\Rainforest Cascade v1.0.0.55 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Red Ocean CHEATS.rar\Setup.exe C:\WINDOWS\Fonts\_\Red Ocean trainer plus 6.rar\Setup.exe C:\WINDOWS\Fonts\_\RegToy 0.6.2.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Repair Shop Calendar for Workgroup v1.6.rar\Setup.exe C:\WINDOWS\Fonts\_\Repair Shop Calendar v1.6.rar\Setup.exe C:\WINDOWS\Fonts\_\Requital trainer plus 11.rar\Setup.exe C:\WINDOWS\Fonts\_\ReSpatializer 1.1.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Ricochet Infinity RIP CHEAT CODES-Unleashed.rar\Setup.exe C:\WINDOWS\Fonts\_\Ricochet Infinity RIP UNLOCKER-Unleashed.rar\Setup.exe C:\WINDOWS\Fonts\_\RonyaSoft VirtGuard v2.02.13.rar\Setup.exe C:\WINDOWS\Fonts\_\RSS Content Generator Premier 3.3.58.rar\Setup.exe C:\WINDOWS\Fonts\_\Safe Software FME Desktop 2008 build 5197.rar\Setup.exe C:\WINDOWS\Fonts\_\SAKINA Privacy Protector 2.2.0.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Scarface unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\SE Drawing Extractor 3.14.53.rar\Setup.exe C:\WINDOWS\Fonts\_\Sega Rally 4.060 trainer plus 1.rar\Setup.exe C:\WINDOWS\Fonts\_\Serv-U File Server v7.0.0.1 Corporate Edition.rar\Setup.exe C:\WINDOWS\Fonts\_\SharedPlan Pro v4.1.3 Linux-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\SharedPlan Pro v4.1.3 Mac OSX-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\SharedPlan Pro v4.1.3-CRD.rar\Setup.exe C:\WINDOWS\Fonts\_\Sheeplings v1.11 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\ShipPlotter v12.2-NeoX.rar\Setup.exe C:\WINDOWS\Fonts\_\Shrek 2 Ogre Bowler unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Siberian Strike X unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Skater .NET Obfuscator 3.50.9.rar\Setup.exe C:\WINDOWS\Fonts\_\Slingo Quest Hawaii v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\SmartHide 2.1.121.rar\Setup.exe C:\WINDOWS\Fonts\_\Sniper Art of Victory unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\SolarWinds Orion Application Performance Monitor v8.5.rar\Setup.exe C:\WINDOWS\Fonts\_\Soldner X Himmelssturmer unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\SolSuite 2008 v8.3.rar\Setup.exe C:\WINDOWS\Fonts\_\Spaceforce Captains unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\Stack n Splash v1.0.3 trainer plus 1.rar\Setup.exe C:\WINDOWS\Fonts\_\Star Wars Battlefront 2 cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Steel Saviour cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\SunAge multilanguage unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\SunAge RIP5 UNLOCKER-Unleashed.rar\Setup.exe C:\WINDOWS\Fonts\_\SunAge2 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\SunAge6 Unlocker RIP.rar\Setup.exe C:\WINDOWS\Fonts\_\Super Utilities Standard Version 2008 8.0.1982.rar\Setup.exe C:\WINDOWS\Fonts\_\Supreme Commander Forged Alliance cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\SWF Scout 2.32.rar\Setup.exe C:\WINDOWS\Fonts\_\Syser Debugger v1.96.1900.0968.rar\Setup.exe C:\WINDOWS\Fonts\_\TBarCode - Barcode OCX 8.0.5.rar\Setup.exe C:\WINDOWS\Fonts\_\TekRADIUS 2.3.rar\Setup.exe C:\WINDOWS\Fonts\_\Telconi Terminal v1.01.rar\Setup.exe C:\WINDOWS\Fonts\_\textBEAST 1.8.5.rar\Setup.exe C:\WINDOWS\Fonts\_\The Club trainer plus 5 promo.rar\Setup.exe C:\WINDOWS\Fonts\_\The Quest for Aladdins Treasure trainer plus cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims 2 Bon Voyage v1.10.0.122 trainer plus 1.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims 2 Deluxe Plus 4 Trainer.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims 2 FreeTime trainer plus 3.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims Castaway Stories Cheat Codes.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims Castaway Stories Decensor Hack.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims Castaway Stories trainer plus 4.rar\Setup.exe C:\WINDOWS\Fonts\_\The Sims Castaway Stories unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\TimeShift v1.2 trainer plus 6.rar\Setup.exe C:\WINDOWS\Fonts\_\Toontown cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\TOP100Rank 1.4.rar\Setup.exe C:\WINDOWS\Fonts\_\Towers v4.1.1.4.rar\Setup.exe C:\WINDOWS\Fonts\_\Toy Golf Extreme CHEATS.rar\Setup.exe C:\WINDOWS\Fonts\_\Toy Golf Extreme RIP CHEAT CODES-Unleashed.rar\Setup.exe C:\WINDOWS\Fonts\_\Toy Golf Extreme RIP PLUS 1 TRAINER.rar\Setup.exe C:\WINDOWS\Fonts\_\Tumblebugs 2 v1.0 Unlocker-PGN.rar\Setup.exe C:\WINDOWS\Fonts\_\Unreal Tournament 3 v1.1 trainer plus 4.rar\Setup.exe C:\WINDOWS\Fonts\_\VidaOne Diet and Fitness v2.4.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Vocabulary Trainer 4.7.rar\Setup.exe C:\WINDOWS\Fonts\_\Watermark Software Visual Watermark v2.8.rar\Setup.exe C:\WINDOWS\Fonts\_\Windows ID3 Editor 1.10.7.rar\Setup.exe C:\WINDOWS\Fonts\_\WizFlow Flowcharter 6.01.2013.rar\Setup.exe C:\WINDOWS\Fonts\_\Wondershare 3GP Video Converter 3.2.50.rar\Setup.exe C:\WINDOWS\Fonts\_\Wondershare Pocket Video Converter 3.2.50.rar\Setup.exe C:\WINDOWS\Fonts\_\Wondershare Video To Flash Encoder v2.4.76.rar\Setup.exe C:\WINDOWS\Fonts\_\World Class Solitaire v1.04 Unlocker.rar\Setup.exe C:\WINDOWS\Fonts\_\XC Connect 3.3.rar\Setup.exe C:\WINDOWS\Fonts\_\XM Easy Personal FTP Server 5.5.0.rar\Setup.exe C:\WINDOWS\Fonts\_\Xpand Rally cheats.rar\Setup.exe C:\WINDOWS\Fonts\_\Zeemz LogicSim v3.3-iNViSiBLE.rar\Setup.exe C:\WINDOWS\Fonts\_\Zeemz WaveProbe v1.1-iNViSiBLE.rar\Setup.exe C:\WINDOWS\Fonts\_\Zend Studio Enterprise Edition v5.5.1.282 Linux.rar\Setup.exe C:\WINDOWS\Fonts\_\ziii555xxxtmmmzzz222.rar\Setup.exe C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP136\A0054636.exe Actie: naam gewijzigd C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052676.exe Actie: naam gewijzigd AdWare.Win32.Agent.zk (adware) C:\Documents and Settings\Ramona\Bureaublad\foon games\sony ericson jar games.zip\Setup.exe Trojan-Downloader.Win32.Small.buy (virus) C:\WINDOWS\system32\MId2\bmv35gui.exe Actie: naam gewijzigd Trojan-Downloader.Win32.VB.dsk (virus) C:\WINDOWS\system32\bharebio18\bharebio182328.exe Actie: naam gewijzigd Backdoor.Win32.VB.czs (virus) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052208.exe Actie: naam gewijzigd Backdoor.Win32.EggDrop.v (virus) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052634.exe Actie: naam gewijzigd Trojan-Downloader.Win32.Homles.bf (virus) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052677.exe Actie: naam gewijzigd C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052679.exe Actie: naam gewijzigd P2P-Worm.Win32.VB.dw (virus) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052680.exe Actie: naam gewijzigd AdWare.Win32.TrafficSol (adware) Actie: geïsoleerd AdWare.Win32.Agent (adware) Actie: geïsoleerd AdWare.Win32.CommAd (adware) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052211.dll Actie: geïsoleerd C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052212.exe Actie: geïsoleerd AdWare.Win32.ZenoSearch (adware) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052681.exe Actie: geïsoleerd Riskware gevonden Downloader.Win32.AdLoad.b (riskware) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP136\A0054637.dll C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP136\A0054638.dll FraudTool.Win32.SysKontroller.a (riskware) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP132\A0053922.exe Monitor.Win32.NetMon.a (riskware) C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP127\A0052724.exe Statistieken Gescand: Bestanden: 178596 Niet gescand: 42 Resultaat: Virussen: 313 Spyware: 7 Verdachte items: 0 Riskware: 4 Acties: Gedesinfecteerd: 0 Naam gewijzigd: 9 Verwijderd: 0 Geïsoleerd: 5 Mislukt: 0 Bootsectoren: Gescand: 1 Geïnfecteerd: 0 Verdachte items: 0 Gedesinfecteerd: 0 Bestanden niet gescand: Kan bestand (klik hier voor meer informatie) niet openen C:\HIBERFIL.SYS Kan bestand (klik hier voor meer informatie) niet openen C:\PAGEFILE.SYS Kan bestand (klik hier voor meer informatie) niet openen C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\BRANCHES.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\SPCUSTOM.DLL niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\SPMSG.DLL niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\SPUNINST.EXE niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATE.EXE niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATEBR.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATE_SP2GDR.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDATE_SP2QFE.INF niet openen Kan een bestand in archief C:\WINDOWS\$NTUNINSTALLKB917344_0$\UPDSPAPI.DLL niet openen Scannen van C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP77\A0009021.exe is afgebroken [F-Secure AVP] Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002635.INF niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002636.INF niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002637.EXE niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002638.DLL niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002639.DLL niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002641.EXE niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002642.DLL niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002644.INF niet openen Kan een bestand in archief C:\SYSTEM VOLUME INFORMATION\_RESTORE{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP31\A0002645.INF niet openen Bestand C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP1\A0000117.EXE\BIOSLOCK.PIF is gecodeerd Bestand C:\System Volume Information\_restore{5F659803-D010-40E3-B74B-CEA0AD034B53}\RP1\A0000128.EXE\UNISHHS.ARJ\UPDTAT.BAT is gecodeerd Bestand C:\DRIVERS\OTHER.EXE\BIOSLOCK.PIF is gecodeerd Bestand C:\DRIVERS\MCDBF\SOURCE1\OTHER.EXE\BIOSLOCK.PIF is gecodeerd Bestand C:\DRIVERS\MCDBF\SOURCE1\TSADDON.EXE\UNISHHS.ARJ\UPDTAT.BAT is gecodeerd Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RICHARD\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI01PHL7.DEFAULT\CACHE\_CACHE_001_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RICHARD\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI01PHL7.DEFAULT\CACHE\_CACHE_002_ niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RICHARD\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI01PHL7.DEFAULT\CACHE\_CACHE_003_ niet openen Scannen van C:\Documents and Settings\Ramona\Mijn documenten\GrabIt Downloads\Nero 8[1][1].1.1.0 Lite NL\Nero 8.1.1.0 Lite NL\Nero 8.1.1.0 Lite NL\Nero-8.1.1.0_europe_lite.exe is afgebroken [F-Secure AVP] Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\HOTMAIL (RA FE2\POSTVAK IN\1EC778BF-00000071.EML niet openen Kan een bestand in archief C:\DOCUMENTS AND SETTINGS\RAMONA\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS LIVE MAIL\HOTMAIL (RA FE2\POSTVAK IN\779F6F37-00000070.EML niet openen Kan een bestand in archief Data/Fase22.map niet openen Kan een bestand in archief Data/Fase21.map niet openen Kan een bestand in archief Data/Fase22.map niet openen Kan een bestand in archief Data/Fase21.map niet openen Kan een bestand in archief Data/Fase22.map niet openen Kan een bestand in archief Data/Fase21.map niet openen Kan niet lezen uit bestand C:\Documents and Settings\Ramona\Bureaublad\Incomplete\T-149831840-1390 Sony Ericsson Spiele, Games, java W550i,W700i,K750i,W800i,W810i,W850i,W300i,K610i,W900i.rar\centipede.jar\META-INF\MANIFEST.MF [F-Secure Libra] Scannen van C:\Documents and Settings\Ramona\Bureaublad\Incomplete\T-149831840-1390 Sony Ericsson Spiele, Games, java W550i,W700i,K750i,W800i,W810i,W850i,W300i,K610i,W900i.rar is afgebroken [F-Secure AVP] Scannen van C:\Documents and Settings\Ramona\Bureaublad\Downloads\WindowsXP-KB835935-SP2-NLD.exe is afgebroken [F-Secure AVP] Opties Versie definities: Virussen: 2008-04-17_06 Spyware: 2008-04-17_04 Scanengines: F-Secure AVP: 7.00.171, 2008-04-17 F-Secure Libra: 2.04.01, 2008-04-15 F-Secure Orion: 1.02.37, 2008-04-17 F-Secure Draco: 1.00.35, 2008-04-02 F-Secure BlackLight: 1.00.64 Scanopties: Opgegeven bestanden scannen: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD LSP MAP MHT MIF PHP POT WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Scannen binnen archieven Acties: Virussen: Vragen na scannen Spyware: Vragen na scannen Foutinformatie De fout 'Kan bestand niet openen' is opgetreden. Het foutbericht 'Kan bestand niet openen' betekent dat de scanner het bestand niet kon openen en dat het niet is gescand. U kunt dit foutbericht meestal negeren, omdat dit bericht vaak wordt weergegeven om andere redenen dan beveiligingsdreigingen, zoals: Het bestand was een systeembestand. Deze bestanden worden beschermd door het besturingssysteem. In dit geval kunt u dit bericht negeren. U hebt geen toestemming om het bestand te lezen. Als u het bestand wilt scannen. , moet u zich aanmelden met een gebruikersaccount met voldoende rechten (zoals de beheerdersaccount van de computer) en voert u de scan opnieuw uit. Het bestand was tijdens de scan in gebruik. Als u dit bestand wilt scannen, sluit u alle toepassingen en voert u de scan opnieuw uit. Copyright © 1998-2007 Productondersteuning | Virusvoorbeeld verzenden naar F-Secure F-Secure aanvaardt geen aansprakelijkheid voor materiaal dat is vervaardigd of gepubliceerd door derden die bereikbaar zijn vanaf de website van F-Secure. Tenzij u duidelijk anderszins verklaart, gaat u door het inzenden van materiaal naar een van onze servers, bijvoorbeeld via e-mail of de CGI e-mail van F-Secure, ermee akkoord dat het toegezonden materiaal mag worden gepubliceerd op de webpagina's van F-Secure of in gedrukte publicaties. U kunt de openbare website van F-Secure bereiken door te klikken op een van de onderstreepte koppelingen. Wanneer u dat doet, wordt uw bezoek geregistreerd in onze eigen toegangsstatistieken, inclusief uw domeinnaam. Deze informatie wordt niet doorgegeven aan derden. U stemt ermee in dat u geen actie tegen ons zult ondernemen in verband met door u ingezonden materiaal. Tenzij u duidelijk anderszins verklaart, machtigt u F-Secure door het inzenden van het materiaal om de beginselen die erin worden beschreven, zonder verdere verplichtingen op te nemen in producten en publicaties van F-Secure.

ComboFix 08-04-16.5 - Ramona 2008-04-17 17:31:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.471 [GMT 2:00] Gestart vanuit: C:\Documents and Settings\Ramona\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\network monitor C:\Program Files\outlook C:\Program Files\outlook\outlook.0xe C:\Program Files\outlook\p.0ip C:\Program Files\outlook\v.0mp C:\smss.exe C:\svchost.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\BM9fdf6cdc.xml C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\dtytgftr.ini C:\WINDOWS\system32\ehwgpxke.ini C:\WINDOWS\system32\ekxpgwhe.dll C:\WINDOWS\system32\gjjlonpo.ini C:\WINDOWS\system32\gjjlonpo.ini2 C:\WINDOWS\system32\jemyfnhn.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\nshBC5.dll C:\WINDOWS\system32\nsxAA0.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\regedit.com C:\WINDOWS\system32\rtfgtytd.dll C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com C:\WINDOWS\system32\wydahudj.ini C:\WINDOWS\system32\xfyseeuj.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_cmdService (((((((((((((((((((( Bestanden Gemaakt van 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))) . 2008-04-16 17:18 . 2008-04-17 16:03 1,528,613 ---hs---- C:\WINDOWS\system32\ubkeecbk.ini 2008-04-16 17:17 . 2008-04-16 17:17 95,808 --a------ C:\WINDOWS\system32\kbceekbu.dll 2008-04-16 17:11 . 2008-04-16 17:11 105,536 --a------ C:\WINDOWS\system32\fwsfslcr.dll 2008-04-16 17:09 . 2008-04-16 17:09 100,928 --a------ C:\WINDOWS\system32\ksublxuk.dll 2008-04-16 16:02 . 2008-04-16 17:57 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\LimeWire 2008-04-16 16:00 . 2008-04-16 16:01 <DIR> d-------- C:\Program Files\LimeWire 2008-04-15 21:37 . 2008-04-15 21:37 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-15 21:22 . 2008-04-15 21:22 <DIR> d-------- C:\VundoFix Backups 2008-04-15 21:08 . 2008-04-15 21:08 260,384 --a------ C:\Documents and Settings\Ramona\Application Data\setup_nl[1].exe 2008-04-15 21:03 . 2008-04-15 21:04 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\ErrorSmart 2008-04-15 17:18 . 2008-04-15 17:18 105,536 --a------ C:\WINDOWS\system32\weosinpk.dll 2008-04-15 17:12 . 2008-04-15 17:12 96,832 --a------ C:\WINDOWS\system32\jueesyfx.dll 2008-04-15 17:09 . 2008-04-15 17:09 100,416 --a------ C:\WINDOWS\system32\qkkgwogm.dll 2008-04-15 15:37 . 2008-04-15 15:37 <DIR> dr-h----- C:\Documents and Settings\Ramona\Onlangs geopend 2008-04-15 11:43 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-04-15 11:42 . 2008-04-15 11:43 <DIR> d-------- C:\Program Files\VeiligheidsAgent 2008-04-15 11:23 . 2008-04-15 11:23 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-15 10:56 . 2008-04-15 10:59 196,608 --a------ C:\WINDOWS\system32\POInstaller.exe 2008-04-15 10:55 . 2008-04-15 10:55 499,712 --a------ C:\WINDOWS\system32\ASKInstaller.exe 2008-04-15 10:54 . 2008-04-15 10:59 40,713 --a------ C:\WINDOWS\system32\cpmsky-uninst.exe 2008-04-15 10:46 . 2008-04-15 11:10 <DIR> d-------- C:\Program Files\Incomplete 2008-04-14 18:51 . 2008-04-14 18:51 <DIR> d---s---- C:\Documents and Settings\Richard\UserData 2008-04-14 18:37 . 2008-04-14 18:37 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\F-Secure 2008-04-14 18:11 . 2008-04-15 18:45 <DIR> d-------- C:\Documents and Settings\Richard\Contacts 2008-04-14 17:59 . 2008-03-04 19:42 <DIR> d-------- C:\Documents and Settings\Richard\WINDOWS 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> d--h----- C:\Documents and Settings\Richard\Sjablonen 2008-04-14 17:59 . 2008-04-16 15:55 <DIR> dr-h----- C:\Documents and Settings\Richard\Onlangs geopend 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> d--h----- C:\Documents and Settings\Richard\Netwerkprinteromgeving 2008-04-14 17:59 . 2008-04-16 17:16 <DIR> dr------- C:\Documents and Settings\Richard\Mijn documenten 2008-04-14 17:59 . 2003-06-28 01:36 <DIR> dr------- C:\Documents and Settings\Richard\Menu Start 2008-04-14 17:59 . 2008-04-14 17:59 <DIR> dr------- C:\Documents and Settings\Richard\Favorieten 2008-04-14 17:59 . 2008-04-16 17:57 <DIR> dr------- C:\Documents and Settings\Richard\Bureaublad 2008-04-14 17:59 . 2008-03-04 19:51 <DIR> d-------- C:\Documents and Settings\Richard\Application Data\Symantec 2008-04-14 17:59 . 2008-04-17 16:31 <DIR> d-------- C:\Documents and Settings\Richard 2008-04-14 17:18 . 2008-04-14 17:18 106,560 --a------ C:\WINDOWS\system32\amprmmcd.dll 2008-04-14 17:08 . 2008-04-14 17:08 101,952 --a------ C:\WINDOWS\system32\jdjatqvw.dll 2008-04-14 17:08 . 2008-04-14 17:08 297 --a------ C:\348.bat 2008-04-14 17:08 . 2008-04-14 17:08 128 --a------ C:\csrss.exe 2008-04-14 17:07 . 2008-04-14 17:07 10,240 --a------ C:\Documents and Settings\Ramona\services.exe 2008-04-14 17:07 . 2008-04-14 17:07 128 --a------ C:\services.exe 2008-04-14 17:07 . 2008-04-14 17:07 77 --a------ C:\Documents and Settings\Ramona\1409.bat 2008-04-13 21:45 . 2008-04-13 21:45 372,224 --a------ C:\WINDOWS\system32\opnoljjg.dll 2008-04-13 21:42 . 2008-04-14 17:05 175,104 --a------ C:\onoes.0xe 2008-04-13 21:41 . 2008-04-13 21:49 <DIR> d--hs---- C:\WINDOWS\UmFtb25h 2008-04-13 21:41 . 2008-04-13 21:41 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._ 2008-04-13 21:41 . 2008-04-13 21:41 687,592 --a------ C:\WINDOWS\system32\atmtd.dll 2008-04-13 21:41 . 2008-04-13 21:41 38,400 --------- C:\WINDOWS\mrofinu1188.0xe 2008-04-13 21:41 . 2008-04-13 21:41 38,400 --a------ C:\WINDOWS\mrofinu1000106.0xe 2008-04-13 21:41 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs 2008-04-13 21:40 . 2008-04-13 21:40 <DIR> d-------- C:\WINDOWS\system32\MId2 2008-04-13 21:40 . 2008-04-14 17:20 <DIR> d-------- C:\WINDOWS\system32\dtmp 2008-04-13 21:40 . 2008-04-13 21:40 <DIR> d-------- C:\WINDOWS\system32\BL 2008-04-13 21:40 . 2008-04-13 21:40 <DIR> d-------- C:\WINDOWS\system32\bharebio18 2008-04-13 21:40 . 2008-04-13 21:40 <DIR> d-------- C:\Temp\wdlw14 2008-04-13 21:40 . 2008-04-17 17:31 <DIR> d-------- C:\Temp 2008-04-13 21:40 . 2008-04-13 21:40 63,839 --a------ C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll-uninst.exe 2008-04-13 21:40 . 2008-04-13 21:40 31,232 --a------ C:\WINDOWS\system32\fccyxvtu.0ll 2008-04-13 13:06 . 2008-04-13 13:06 264 --a------ C:\WINDOWS\_delis32.ini 2008-04-10 18:35 . 2008-04-10 18:35 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\AdobeUM 2008-04-10 18:23 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2008-04-10 18:23 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2008-04-10 18:23 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2008-04-10 18:23 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2008-04-05 11:35 . 2008-04-05 11:35 268 --ah----- C:\sqmdata02.sqm 2008-04-05 11:35 . 2008-04-05 11:35 244 --ah----- C:\sqmnoopt02.sqm 2008-04-04 14:35 . 2008-04-04 14:35 329,728 --a------ C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll 2008-03-29 21:51 . 2008-04-14 17:07 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\F-Secure 2008-03-29 18:46 . 2008-04-17 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure 2008-03-29 18:45 . 2008-04-17 16:11 <DIR> d-------- C:\Program Files\PC Veilig 2008-03-29 18:45 . 2008-03-29 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg 2008-03-27 15:41 . 2008-03-27 15:41 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-03-24 18:28 . 2008-03-24 18:28 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12 2008-03-21 21:04 . 2008-03-21 21:04 268 --ah----- C:\sqmdata01.sqm 2008-03-21 21:04 . 2008-03-21 21:04 244 --ah----- C:\sqmnoopt01.sqm 2008-03-18 16:47 . 2008-03-18 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-03-17 17:42 . 2008-03-17 17:42 <DIR> d-------- C:\SonyEricsson 2008-03-17 17:41 . 2008-03-17 17:41 <DIR> d-------- C:\Program Files\Sun 2008-03-17 17:39 . 2008-03-17 17:39 0 --a------ C:\WINDOWS\mngui.INI 2008-03-17 17:25 . 2008-03-17 17:25 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\Teleca 2008-03-17 17:25 . 2008-03-17 17:37 <DIR> d-------- C:\Documents and Settings\Ramona\.SunDownloadManager 2008-03-17 17:23 . 2008-03-17 17:23 <DIR> d-------- C:\Documents and Settings\Ramona\Application Data\Sony Ericsson 2008-03-17 17:19 . 2008-03-17 18:43 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-03-17 14:57 . 2008-03-17 14:57 60,416 --a------ C:\WINDOWS\system32\cpmsky.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 14:27 --------- d-----w C:\Program Files\FrostWire 2008-04-15 14:00 --------- d-----w C:\Documents and Settings\Ramona\Application Data\U3 2008-04-15 09:08 --------- d-----w C:\Documents and Settings\Ramona\Application Data\FrostWire 2008-04-14 16:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-13 11:07 --------- d-----w C:\Program Files\Common Files\Logitech 2008-04-11 08:19 --------- d-----w C:\Program Files\Logitech 2008-03-24 13:23 --------- d-----w C:\Program Files\Windows Live 2008-03-21 18:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-18 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-17 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-17 16:37 --------- d-----w C:\Program Files\epson 2008-03-17 15:54 --------- d-----w C:\Program Files\Java 2008-03-14 16:24 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-14 16:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL 2008-03-11 14:55 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-03-11 14:55 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Sonic 2008-03-11 14:55 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Leadertech 2008-03-08 18:16 --------- d-----w C:\Documents and Settings\Ramona\Application Data\GrabIt 2008-03-08 18:12 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-08 18:06 --------- d-----w C:\Program Files\MSN Messenger 2008-03-07 18:14 --------- d-----w C:\Documents and Settings\Ramona\Application Data\Nero 2008-03-07 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-03-06 15:21 --------- d-----w C:\Program Files\FTDv3.8 2008-03-06 15:14 --------- d-----w C:\Program Files\GrabIt 2008-03-06 15:05 --------- d-----w C:\Program Files\QuickPar 2008-03-05 21:10 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-05 21:04 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-05 11:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-05 11:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-04 17:56 --------- d-----w C:\Program Files\Sonic 2008-03-04 17:56 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-03-04 17:55 --------- d-----w C:\Program Files\Microsoft Works 2008-03-04 17:54 --------- d-----w C:\Program Files\Real 2008-03-04 17:54 --------- d-----w C:\Program Files\Common Files\xing shared 2008-03-04 17:54 --------- d-----w C:\Program Files\Common Files\Real 2008-03-04 17:53 --------- d-----w C:\Program Files\QuickTime 2008-03-04 17:53 --------- d-----w C:\Program Files\CyberLink 2008-03-04 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-04 17:45 --------- d-----w C:\Program Files\Common Files\Java 2008-03-04 17:44 --------- d-----w C:\Program Files\S3Inc 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2005-07-29 14:24 472 --sha-r C:\WINDOWS\UmFtb25h\oAIQvZc1.vbs . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33EA10C2-8084-4632-92A2-6F4288FF9BD1}] 2008-04-13 21:45 372224 --a------ C:\WINDOWS\system32\opnoljjg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81eaf7f1-3e80-fc4d-d15e-d4e42e6607e0}] 2008-04-04 14:35 329728 --a------ C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxvtu] fccyxvtu.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= . Inhoud van de 'Gedeelde Taken' map "2008-04-15 19:03:43 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" - C:\Program Files\ErrorSmart\ErrorSmart.ex - C:\Program Files\ErrorSmart.Ramona+Runs ErrorSmart to optimize your registry. "2008-03-18 21:05:10 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 17:35:08 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2008-04-17 17:36:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-17 15:36:26 Pre-Run: 187,248,181,248 bytes beschikbaar Post-Run: 187,648,401,408 bytes beschikbaar . 2008-04-16 14:04:44 --- E O F --- ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:40:26, on 17-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search O4 - HKLM\..\Run: [9cec5f40] rundll32.exe "C:\WINDOWS\system32\bypjxpxt.dll",b O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll" DllInit O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- End of file - 1613 bytes Bij deze mijn log's. Ik heb een eigen virusscanner en die geeft niks aan enzodra ik op internet zit krijg ik allemaal popups van alles en nog wat en allemaal meldeingen van bufferrun over protected en systeem loopt gevaar geinfecteerd enz...

Hallo ik heb het zelfde probleem als hierboven plus ook nog de meldingen buffer overun protected, en uw pc is geinfecteerd enz. ook ik heb een log bij deze: P.S. ik heb een betaalde virus spyware scan van het net pc veilig.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:44:24, on 15-4-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe C:\Program Files\PC Veilig\Common\FSMA32.EXE C:\Program Files\PC Veilig\Anti-Virus\FSGK32.EXE C:\Program Files\PC Veilig\Common\FSMB32.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Veilig\Common\FCH32.EXE C:\Program Files\PC Veilig\Common\FAMEH32.EXE C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe C:\Program Files\PC Veilig\Anti-Virus\fssm32.exe C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe C:\Program Files\PC Veilig\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Veilig\FSAUA\program\fsus.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\PC Veilig\Common\FSM32.EXE C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PC Veilig\FSGUI\fsguidll.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\nl.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [VaCtrl] C:\Program Files\VoiceAge\Common\VaCtrl.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d32d5c7b-62d9-11c5-114e-63d5213538ae}.dll" DllInit O4 - HKLM\..\Run: [9cec5f40] rundll32.exe "C:\WINDOWS\system32\jueesyfx.dll",b O4 - HKLM\..\Run: [bM9fdf6cdc] Rundll32.exe "C:\WINDOWS\system32\qkkgwogm.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204664099765 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204664010578 O23 - Service: Command Service (cmdService) - CMD Technology, Inc. - (no file) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Veilig\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- End of file - 6250 bytes alvast bedankt..