trojan horse verwijderen

[belom]

ComboFix opnieuw gedownload en laten scannen

ComboFix 10-04-12.01 - XP 12/04/2010 19:28:24.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.512.204 [GMT 2:00]

Gestart vanuit: c:\documents and settings\XP\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-12 to 2010-04-12 ))))))))))))))))))))))))))))))

.

2010-04-11 10:02 . 2010-04-11 10:02 -------- d-----w- c:\program files\CodeStuff

2010-04-09 19:26 . 2010-04-09 19:26 -------- d-----w- C:\$AVG

2010-04-09 19:19 . 2010-04-09 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-04-08 08:18 . 2010-04-08 08:18 -------- d-----w- c:\documents and settings\XP\Application Data\Malwarebytes

2010-04-08 08:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-08 08:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-08 08:16 . 2010-04-08 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-05 14:14 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-04-05 14:14 . 2010-04-05 14:14 -------- d-----w- c:\program files\Panda Security

2010-04-05 12:07 . 2010-04-09 19:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-03-28 10:43 . 2010-04-11 10:04 -------- d--h--r- c:\documents and settings\XP\Onlangs geopend

2010-03-28 09:13 . 2010-03-28 09:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-28 09:07 . 2010-03-28 09:09 -------- d-----w- c:\program files\Lavasoft

2010-03-28 08:33 . 2010-04-05 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-03-23 13:34 . 2010-03-23 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nevosoft

2010-03-22 14:06 . 2010-03-22 14:06 -------- d-----w- c:\documents and settings\XP\Application Data\Friday's games

2010-03-21 21:52 . 2010-03-21 21:52 -------- d-----w- c:\documents and settings\XP\Application Data\SerpentOfIsis

2010-03-17 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-03-17 07:59 . 2010-03-17 07:59 -------- d-----w- c:\program files\Giggles Computerpret voor Baby

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-12 17:25 . 2005-02-10 00:31 841 --sha-w- c:\windows\system32\mmf.sys

2010-04-12 17:02 . 2007-05-16 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-04-09 19:25 . 2008-06-06 10:42 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-09 19:25 . 2008-06-06 10:42 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-09 19:25 . 2007-11-12 14:40 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-04-09 19:25 . 2008-06-06 10:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-09 19:20 . 2008-06-06 10:42 -------- d-----w- c:\program files\AVG

2010-04-09 19:03 . 2006-01-08 08:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-09 19:01 . 2006-09-09 13:20 -------- d-----w- c:\program files\AIM Productions

2010-03-28 07:14 . 2010-03-28 07:14 4904 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2010-03-28 07:14 . 2003-04-08 12:00 93292 ----a-w- c:\windows\system32\perfc013.dat

2010-03-28 07:14 . 2003-04-08 12:00 515228 ----a-w- c:\windows\system32\perfh013.dat

2010-03-22 11:08 . 2006-01-08 08:33 -------- d-----w- c:\program files\Hitman Pro

2010-03-22 11:07 . 2004-11-12 20:02 -------- d-----w- c:\documents and settings\XP\Application Data\Lavasoft

2010-03-22 10:32 . 2009-10-21 12:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-03-14 12:58 . 2005-12-19 10:11 -------- d-----w- c:\program files\Google

2010-03-13 18:18 . 2010-03-13 12:18 -------- d-----w- c:\documents and settings\XP\Application Data\SprillRichiEng

2010-03-11 19:14 . 2010-03-11 19:14 -------- d-----w- c:\program files\TrendMicro

2010-03-11 17:44 . 2010-03-11 17:44 -------- d-----w- c:\documents and settings\XP\Application Data\YoudaGames

2010-03-11 12:38 . 2004-02-06 16:09 832512 ------w- c:\windows\system32\wininet.dll

2010-03-11 12:38 . 2009-07-26 09:58 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:38 . 2003-04-08 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-05 18:07 . 2003-12-18 12:19 -------- d-----w- c:\program files\Common Files\Adobe

2010-03-01 19:34 . 2010-03-01 19:34 -------- d-----w- c:\program files\Common Files\SWF Studio

2010-02-28 11:56 . 2007-07-29 05:53 -------- d-----w- c:\documents and settings\XP\Application Data\Big Fish Games

2010-02-28 08:24 . 2010-02-23 17:51 -------- d-----w- c:\documents and settings\XP\Application Data\ElementalsTheMagicKey

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-01-17 15:00 . 2003-12-21 18:53 53376 -c--a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-04-06 07:04 . 2008-04-06 07:04 0 -c--a-w- c:\program files\temp01

2006-08-11 13:21 . 2006-08-11 13:21 774144 -c--a-w- c:\program files\RngInterstitial.dll

2006-03-05 14:37 . 2006-03-05 14:37 4269636 -c--a-w- c:\program files\freaksroomescape.rar

2005-12-19 13:43 . 2005-12-19 13:43 560 -c--a-w- c:\program files\Global.sw

2004-09-20 16:44 . 2004-09-20 16:44 8044544 -c--a-w- c:\program files\virusscan7.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CloseDNF"="c:\windows\System32\Utility.exe \1008" [X]

"AME_CSA"="amecsa.cpl" [2002-10-03 782336]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-09-24 5033984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-04-09 19:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-04-03 22:29 165784 -c--a-w- c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 13:50 54576 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 15:31 80896 -c--a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2007-11-15 12:11 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2003-09-24 11:32 5033984 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2003-09-24 11:32 741376 ----a-r- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-11-14 22:43 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]

2002-10-11 17:26 98304 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-09-06 07:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:RSP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/04/2010 16:14 28552]

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6/12/2005 17:11 35328]

R1 as6eio;as6eio;c:\windows\system32\drivers\AS6EIO.SYS [14/01/2004 14:32 3616]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/06/2008 12:42 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/06/2008 12:42 242696]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/04/2010 21:22 308064]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/04/2007 19:07 682232]

S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]

S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [10/02/2005 2:31 2560]

S3 AmeAtmPc;AmeAtmPc;c:\windows\system32\drivers\ameatmpc.sys [18/12/2003 21:27 110179]

S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]

S3 AtmElan;ATM geëmuleerde LAN;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]

S3 AtmLane;ATM LAN-emulatie;c:\windows\system32\drivers\atmlane.sys [8/04/2003 14:00 55808]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

2010-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-04-12 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-16 18:42]

2010-04-10 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-12 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{111BC756-D160-42A8-A6EA-C96F9481B73C}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:58]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.skynet.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: dexia.be\directnet

Trusted Zone: vlimmerensport.be\www

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game16.zylomgames.com/activex/zylomgamesplayer.cab

DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - hxxp://game12.zylomgames.com/activex/zylomloader.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-12 19:41

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ea,1b,a7,57,2b,04,6f,50,0d,93,9a,4b,8a,15,2c,50,82,ea,00,e7,9a,66,33,

64,67,78,b9,07,28,ce,86,3f,dc,db,31,c7,ce,b8,0c,69,f4,5c,a9,f9,df,b5,8a,34,\

"??"=hex:8b,7d,b4,15,54,24,fb,d3,a1,e6,00,24,d0,34,c0,21

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:b6,d8,e2,e6,96,c8,b0,24,d2,67,5c,f5,cc,7d,f4,fe,ba,c8,7f,de,32,

84,7b,ec,39,8e,fb,e6,55,4f,c3,6f,f3,23,11,76,64,30,68,6f,db,17,cf,7f,88,a7,\

"rkeysecu"=hex:b3,a6,db,3c,87,0c,3e,99,24,5e,0d,1c,06,b7,47,de

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{308C9F45-2012-8D0B-DE68-966EB937DACD}*\InprocServer32]

"{308C9F45-2012-8D0B-DE68-966EB937DACD}"=hex:cc,84,9f,40,53,55,2e,2f,25,23,bc,

8f,22,53,1e,1e,b9,0b,e2,ae,89,89,be,eb,cc,84,9f,40,53,55,2e,2f,cc,84,9f,40,\

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}*\InprocServer32]

"{51604D3C-DD1A-E3C6-2D49-6AB6591D4A83}"=hex:5f,4b,58,2d,98,ad,2f,88,6b,d5,04,

68,69,6a,fd,30,44,d6,f5,e6,cd,7b,13,46,5f,4b,58,2d,98,ad,2f,88,5f,4b,58,2d,\

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{61CBBFD6-B177-3731-1119-E841875EA065}*\InprocServer32]

"{61CBBFD6-B177-3731-1119-E841875EA065}"=hex:05,f5,15,57,ec,e6,c9,b7,2f,eb,40,

60,5b,85,be,e5,43,a8,60,77,e2,48,c8,00,05,f5,15,57,ec,e6,c9,b7,05,f5,15,57,\

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}*\InprocServer32]

"{69D5F6E9-AB5E-B704-0A91-0BA78CDAAC8F}"=hex:de,b7,77,b3,43,61,c0,5c,33,eb,e9,

f3,61,4a,ad,20,53,da,34,a2,1e,e3,e6,4b,de,b7,77,b3,43,61,c0,5c,de,b7,77,b3,\

[HKEY_USERS\S-1-5-21-343818398-884357618-839522115-1004_Classes\Software\CLASSES\CLSID\{72D1E981-816B-B173-3CF1-2730930EC7EB}*\InprocServer32]

"{72D1E981-816B-B173-3CF1-2730930EC7EB}"=hex:18,63,a9,c1,bd,09,e9,dc,f1,c3,35,

36,44,05,f8,42,1b,af,f3,55,44,52,22,5b,18,63,a9,c1,bd,09,e9,dc,18,63,a9,c1,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]

"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,

d5,42,54,3b,7e,24,3e,19,f8

"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,

5e,d2,5e,7f,21,14,b5,b2,29

"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,

d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\BB6E5071F4E6B2769BD4E4FACC553A99]

"1"=hex:09,d8,ec,22,15,54,e7,37,3d,5b,59,2d,b7,79,05,2e,dc,0a,71,44,dc,37,80,

ce,24,ad,19,19,d6,bf,9e,2f

"2"=hex:69,46,da,08,bb,5c,f4,0f

"3"=hex:13,3f,04,2c,e8,c9,59,40,25,84,18,cb,a3,2c,48,87,59,7e,10,5d,79,73,18,

75,65,c3,f9,a4,2d,b9,b1,31,a6,9b,78,eb,ab,12,98,21,99,3c,ec,97,2a,00,fd,0c,\

"4"=hex:2f,ad,a2,e7,8a,bf,05,5e

"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,

1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\

"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,

51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20

"7"=hex:85,bb,69,ad,52,49,47,61,50,80,55,ef,fa,b4,14,9a,04,b7,d6,59,f0,23,46,

cc,d3,ec,dd,49,40,98,41,b7,16,93,15,99,41,9a,8d,78,4a,2e,fb,89,b2,3d,70,79,\

"8"=hex:08,da,72,0b,e8,9d,c2,95,b1,24,36,1f,c1,de,94,84,9f,45,57,c4,c7,bc,83,

c4

"9"=hex:81,20,8f,ab,28,6a,52,9c

"18"=hex:70,56,26,33,e3,20,f8,ab

"10"=hex:ef,01,3f,48,b8,d3,ab,86

"11"=hex:81,20,8f,ab,28,6a,52,9c

"12"=hex:81,20,8f,ab,28,6a,52,9c

"13"=hex:81,20,8f,ab,28,6a,52,9c

"14"=hex:81,20,8f,ab,28,6a,52,9c

"24"=hex:81,20,8f,ab,28,6a,52,9c

"26"=hex:81,20,8f,ab,28,6a,52,9c

"27"=hex:81,20,8f,ab,28,6a,52,9c

"19"=hex:81,20,8f,ab,28,6a,52,9c

"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Voltooingstijd: 2010-04-12 19:54:47

ComboFix-quarantined-files.txt 2010-04-12 17:54

ComboFix2.txt 2010-04-10 18:00

ComboFix3.txt 2010-04-10 11:49

Pre-Run: 24.727.420.928 bytes beschikbaar

Post-Run: 24.744.816.640 bytes beschikbaar

- - End Of File - - 9DA8887F651F87AA7BA985C7BD34C08D

[kape]

OK, nu zit Combofix weer op zijn plaats en zou het correct te verwijderen moeten zijn. Dus via ComboFix /Uninstall. Vergeet de spatie vóór de slash niet !

[belom]

ComboFix is nu zonder problemen verwijderd en heb Ccleaner zijn werk laten doen.

Bedankt voor al je hulp

[kape]

Graag gedaan xD