dll probleem

[Gast josee5]

Moet het nog ff afwachten, maar hij is in ieder geval een stuk sneller. Laat jullie nog iets weten! Alvast hartelijk bedankt.;-)

[kape]

OK, bekijk het nog enkele dagen ... en laat dan maar iets weten ?

[Gast josee5]

Nog steeds problemen. Bij het opstarten nog steeds een blauw scherm met witte letters. (niet altijd) En zeer regelmatig tijdens het surfen en zelfs tijdens Word springt hij zomaar af, en zit de cursor vast.

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

2 februari 2011 aangepast door kape

[Gast josee5]

Sorry voor de lange log:

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.767.562 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Mijn documenten\lol.exe

c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk

c:\program files\Downloaded Installers

c:\windows\system\winspool.drv

c:\windows\system32\_002676_.tmp.dll

c:\windows\system32\_002677_.tmp.dll

c:\windows\system32\_002678_.tmp.dll

c:\windows\system32\_002679_.tmp.dll

c:\windows\system32\_002686_.tmp.dll

c:\windows\system32\_002687_.tmp.dll

c:\windows\system32\_002688_.tmp.dll

c:\windows\system32\_002689_.tmp.dll

c:\windows\system32\_002691_.tmp.dll

c:\windows\system32\_002692_.tmp.dll

c:\windows\system32\_002694_.tmp.dll

c:\windows\system32\_002695_.tmp.dll

c:\windows\system32\_002698_.tmp.dll

c:\windows\system32\_002699_.tmp.dll

c:\windows\system32\_002701_.tmp.dll

c:\windows\system32\_002704_.tmp.dll

c:\windows\system32\_002705_.tmp.dll

c:\windows\system32\_002709_.tmp.dll

c:\windows\system32\_002711_.tmp.dll

c:\windows\system32\_002713_.tmp.dll

c:\windows\system32\_002715_.tmp.dll

c:\windows\system32\_002716_.tmp.dll

c:\windows\system32\_002717_.tmp.dll

c:\windows\system32\_002718_.tmp.dll

c:\windows\system32\_002719_.tmp.dll

c:\windows\system32\_002722_.tmp.dll

c:\windows\system32\_002723_.tmp.dll

c:\windows\system32\_002724_.tmp.dll

c:\windows\system32\_002725_.tmp.dll

c:\windows\system32\_002726_.tmp.dll

c:\windows\system32\_002731_.tmp.dll

c:\windows\system32\_002733_.tmp.dll

c:\windows\system32\msconfig.exe

c:\windows\system32\PINBALL.EXE

D:\AUTORUN.INF

c:\windows\regedit.exe . . . is geïnfecteerd!!

c:\windows\system32\srsvc.dll . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

c:\windows\notepad.exe . . . is geïnfecteerd!!

c:\windows\system32\ahui.exe . . . is geïnfecteerd!!

c:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!!

c:\windows\system32\cmd.exe . . . is geïnfecteerd!!

c:\windows\system32\logonui.exe . . . is geïnfecteerd!!

c:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!!

c:\windows\system32\taskmgr.exe . . . is geïnfecteerd!!

c:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!!

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-01 to 2011-02-01 ))))))))))))))))))))))))))))))

.

2011-02-01 11:16 . 2011-02-01 11:16 -------- d-sh--w- c:\documents and settings\Administrator\Onlangs geopend

2011-01-31 21:07 . 2011-01-31 21:09 -------- d-----w- c:\windows\system32\drivers\AVG

2011-01-30 11:05 . 2011-01-30 11:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixCleaner

2011-01-30 11:05 . 2011-01-30 11:09 -------- d-----w- c:\program files\FixCleaner

2011-01-30 10:56 . 2011-01-31 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-30 10:13 . 2011-01-30 10:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-01-30 10:13 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-30 10:13 . 2011-01-30 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-30 10:13 . 2011-01-30 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-30 10:13 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-30 10:05 . 2011-01-30 10:05 -------- d-----w- c:\program files\Common Files\Java

2011-01-30 10:05 . 2011-01-30 10:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-30 10:05 . 2011-01-30 10:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-29 11:26 . 2011-01-29 11:26 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-29 11:26 . 2011-01-29 11:26 -------- d-----w- c:\program files\Trend Micro

2011-01-27 14:02 . 2011-01-31 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-27 13:07 . 2011-01-27 13:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Registry Mechanic

2011-01-22 12:03 . 2011-01-22 12:03 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-01-22 12:03 . 2009-04-03 22:08 713344 ----a-w- c:\windows\system32\drivers\rt2870.sys

2011-01-22 12:03 . 2009-04-03 22:07 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2011-01-22 12:03 . 2008-06-16 13:57 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin

2011-01-22 11:34 . 2011-01-22 11:34 -------- d-----w- c:\program files\Sitecom

2011-01-22 11:34 . 2011-01-22 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sitecom Driver

2011-01-20 18:33 . 2011-01-22 17:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\GameInvest

2011-01-20 18:30 . 2011-01-20 18:30 -------- d-----w- c:\windows\Dream Mysteries - Case of the Red Fox

2011-01-20 18:29 . 2011-01-22 17:51 -------- d-----w- c:\program files\Dream Mysteries - Case of the Red Fox

2011-01-16 19:39 . 2011-01-18 21:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\funkitron

2011-01-16 19:39 . 2011-01-16 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

2011-01-16 19:37 . 2011-01-16 19:37 -------- d-----w- c:\windows\Slingo Mystery 2

2011-01-16 18:42 . 2011-01-16 18:42 -------- d-----w- c:\program files\MSECache

2011-01-13 17:55 . 2011-01-16 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\FlyWheelGames

2011-01-13 11:28 . 2011-01-13 11:28 -------- d-----w- c:\windows\The Curse of the Ring

2011-01-13 11:27 . 2011-01-16 19:35 -------- d-----w- c:\program files\The Curse of the Ring

2011-01-09 20:50 . 2011-01-09 20:50 -------- d-----w- c:\windows\Master Thief - Skyscraper Sting

2011-01-09 20:50 . 2011-01-13 10:09 -------- d-----w- c:\program files\Master Thief - Skyscraper Sting

2011-01-07 15:28 . 2011-01-09 19:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Color-Brush

2011-01-07 15:25 . 2011-01-07 15:25 -------- d-----w- c:\windows\Jewelry Secret - Mystery Stones

2011-01-07 15:24 . 2011-01-09 19:01 -------- d-----w- c:\program files\Jewelry Secret - Mystery Stones

2011-01-06 12:15 . 2011-01-06 12:15 -------- d-----w- c:\documents and settings\Administrator\Saved Games

2011-01-06 12:14 . 2011-01-07 15:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Oberon Games

2011-01-06 09:52 . 2011-01-06 09:52 -------- d-----w- c:\windows\Dream Day True Love

2011-01-05 17:55 . 2011-01-06 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\BLG

2011-01-05 17:55 . 2011-01-06 09:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\BLG

2011-01-05 13:47 . 2011-01-05 13:47 -------- d-----w- c:\windows\Club Paradise

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-03 15:04 . 2008-08-26 11:59 98304 ----a-w- c:\windows\DUMP9b65.tmp

.

------- Sigcheck -------

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\explorer.exe

[-] 2002-12-31 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\srsvc.dll

[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\srsvc.dll

[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\wscntfy.exe

[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\wscntfy.exe

[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\sfcfiles.dll

[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\sfcfiles.dll

[-] 2002-12-31 . 7EB24D378B01A8AB1B5231B2C305AD30 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\regsvc.dll

[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\regsvc.dll

[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\schedsvc.dll

[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\schedsvc.dll

c:\windows\System32\srsvc.dll ... is niet aanwezig !!

c:\windows\System32\wscntfy.exe ... is niet aanwezig !!

c:\windows\System32\regsvc.dll ... is niet aanwezig !!

c:\windows\System32\schedsvc.dll ... is niet aanwezig !!

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"nwiz"="nwiz.exe" [2007-09-17 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

"PackNoVs"="c:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2011-1-22 1630208]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= c:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [31-12-2002 13:00 110128]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-8-2008 11:28 717296]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 13:00 3584]

S3 EraserUtilDrv10822;EraserUtilDrv10822; [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp

NETSVCS VEREIST REPARATIES - huidige waarden worden getoond

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Netman

Nla

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

SENS

Sharedaccess

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

xmlprov

BITS

ShellHWDetection

wuauserv

WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-03 15:07 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-03 15:07 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://startpagina.nl/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Notify-NavLogon - (no file)

HKLM_ActiveSetup-{D58F39FF-953E-4F45-898F-59F243B9A523} - c:\windows\system32\hidec

AddRemove-Ares - c:\program files\Ares\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-01 22:18

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(896)

c:\windows\system32\sfc_os.dll

.

Voltooingstijd: 2011-02-01 22:21:42

ComboFix-quarantined-files.txt 2011-02-01 21:21

Pre-Run: 29.012.574.208 bytes beschikbaar

Post-Run: 29.102.235.648 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5FB1E4D3D7C3B390B519ED23C3338C70

[kape]

Ga via Start -> Uitvoeren/Zoekopdracht en typ: sfc /scannow. Dit zal je Windows controleren. Hou alvast de Windows-CD bij de hand, want die wordt onderweg gevraagd.

Indien dit achter de rug is, open je een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\DUMP9b65.tmp

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"=-

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Gast josee5]

Helaas heb ik geen windows cd. Heb deze computer ooit 2ehands gekocht, en toen stond er deze windows al op. Jammer!

[kape]

Dan zitten we met een probleem ... maar voer dan eerst de Combofix-opdracht uit.

[Gast josee5]

Een nieuwe combo scan!

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.767.515 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\regedit.exe . . . is geïnfecteerd!!

c:\windows\system32\srsvc.dll . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

c:\windows\notepad.exe . . . is geïnfecteerd!!

c:\windows\system32\ahui.exe . . . is geïnfecteerd!!

c:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!!

c:\windows\system32\cmd.exe . . . is geïnfecteerd!!

c:\windows\system32\logonui.exe . . . is geïnfecteerd!!

c:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!!

c:\windows\system32\taskmgr.exe . . . is geïnfecteerd!!

c:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!!

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))

.

2011-02-02 11:28 . 2011-02-02 11:28 -------- d-sh--w- c:\documents and settings\Administrator\Onlangs geopend

2011-01-31 21:07 . 2011-01-31 21:09 -------- d-----w- c:\windows\system32\drivers\AVG

2011-01-30 11:05 . 2011-01-30 11:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixCleaner

2011-01-30 11:05 . 2011-01-30 11:09 -------- d-----w- c:\program files\FixCleaner

2011-01-30 10:56 . 2011-01-31 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-30 10:13 . 2011-01-30 10:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-01-30 10:13 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-30 10:13 . 2011-01-30 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-30 10:13 . 2011-01-30 10:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-30 10:13 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-30 10:05 . 2011-01-30 10:05 -------- d-----w- c:\program files\Common Files\Java

2011-01-30 10:05 . 2011-01-30 10:05 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-30 10:05 . 2011-01-30 10:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-29 11:26 . 2011-01-29 11:26 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-01-29 11:26 . 2011-01-29 11:26 -------- d-----w- c:\program files\Trend Micro

2011-01-27 14:02 . 2011-01-31 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-01-27 13:07 . 2011-01-27 13:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Registry Mechanic

2011-01-22 12:03 . 2011-01-22 12:03 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2011-01-22 12:03 . 2009-04-03 22:08 713344 ----a-w- c:\windows\system32\drivers\rt2870.sys

2011-01-22 12:03 . 2009-04-03 22:07 221184 ----a-w- c:\windows\system32\RaCoInst.dll

2011-01-22 12:03 . 2008-06-16 13:57 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin

2011-01-22 11:34 . 2011-01-22 11:34 -------- d-----w- c:\program files\Sitecom

2011-01-22 11:34 . 2011-01-22 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Sitecom Driver

2011-01-20 18:33 . 2011-01-22 17:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\GameInvest

2011-01-20 18:30 . 2011-01-20 18:30 -------- d-----w- c:\windows\Dream Mysteries - Case of the Red Fox

2011-01-20 18:29 . 2011-01-22 17:51 -------- d-----w- c:\program files\Dream Mysteries - Case of the Red Fox

2011-01-16 19:39 . 2011-01-18 21:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\funkitron

2011-01-16 19:39 . 2011-01-16 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

2011-01-16 19:37 . 2011-01-16 19:37 -------- d-----w- c:\windows\Slingo Mystery 2

2011-01-16 18:42 . 2011-01-16 18:42 -------- d-----w- c:\program files\MSECache

2011-01-13 17:55 . 2011-01-16 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\FlyWheelGames

2011-01-13 11:28 . 2011-01-13 11:28 -------- d-----w- c:\windows\The Curse of the Ring

2011-01-13 11:27 . 2011-01-16 19:35 -------- d-----w- c:\program files\The Curse of the Ring

2011-01-09 20:50 . 2011-01-09 20:50 -------- d-----w- c:\windows\Master Thief - Skyscraper Sting

2011-01-09 20:50 . 2011-01-13 10:09 -------- d-----w- c:\program files\Master Thief - Skyscraper Sting

2011-01-07 15:28 . 2011-01-09 19:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Color-Brush

2011-01-07 15:25 . 2011-01-07 15:25 -------- d-----w- c:\windows\Jewelry Secret - Mystery Stones

2011-01-07 15:24 . 2011-01-09 19:01 -------- d-----w- c:\program files\Jewelry Secret - Mystery Stones

2011-01-06 12:15 . 2011-01-06 12:15 -------- d-----w- c:\documents and settings\Administrator\Saved Games

2011-01-06 12:14 . 2011-01-07 15:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Oberon Games

2011-01-06 09:52 . 2011-01-06 09:52 -------- d-----w- c:\windows\Dream Day True Love

2011-01-05 17:55 . 2011-01-06 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\BLG

2011-01-05 17:55 . 2011-01-06 09:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\BLG

2011-01-05 13:47 . 2011-01-05 13:47 -------- d-----w- c:\windows\Club Paradise

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-03 15:04 . 2008-08-26 11:59 98304 ----a-w- c:\windows\DUMP9b65.tmp

.

------- Sigcheck -------

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\explorer.exe

[-] 2002-12-31 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . c:\windows\explorer.exe

[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\srsvc.dll

[-] 2008-04-14 . 81CBF363C414620CAA61BD6843D8FDB9 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\srsvc.dll

[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\wscntfy.exe

[-] 2008-04-14 . 6F1E5DBA783B147536659395D7B15485 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\wscntfy.exe

[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\sfcfiles.dll

[-] 2008-04-14 . 328CBDD2445F5B3A047644567EEB557F . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\sfcfiles.dll

[-] 2002-12-31 . 7EB24D378B01A8AB1B5231B2C305AD30 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\regsvc.dll

[-] 2008-04-14 . 2FD5B89BF9289C774C5C730DEA96CD91 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\regsvc.dll

[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\schedsvc.dll

[-] 2008-04-14 . 7C288AE0F75CB18CFF1DF6179A67AD8F . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\52e37a490e891c02ec3dfa4c57672666\schedsvc.dll

c:\windows\System32\srsvc.dll ... is niet aanwezig !!

c:\windows\System32\wscntfy.exe ... is niet aanwezig !!

c:\windows\System32\regsvc.dll ... is niet aanwezig !!

c:\windows\System32\schedsvc.dll ... is niet aanwezig !!

.

((((((((((((((((((((((((((((( SnapShot@2011-02-01_21.18.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-02 14:08 . 2011-02-02 14:08 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]

"nwiz"="nwiz.exe" [2007-09-17 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]

"SkinClock"="c:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

"PackNoVs"="c:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Sitecom Wireless Utility.lnk - c:\program files\Sitecom\Common\RaUI.exe [2011-1-22 1630208]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= c:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"StartMenuLogoff"= 1 (0x1)

"NoSMMyDocs"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [31-12-2002 13:00 110128]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-8-2008 11:28 717296]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31-12-2002 13:00 3584]

S3 EraserUtilDrv10822;EraserUtilDrv10822; [x]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp

NETSVCS VEREIST REPARATIES - huidige waarden worden getoond

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Netman

Nla

NWCWorkstation

Nwsapagent

Rasauto

Rasman

Remoteaccess

SENS

Sharedaccess

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

xmlprov

BITS

ShellHWDetection

wuauserv

WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-03 15:07 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-03 15:07 11776 ----a-w- c:\program files\Windows Sidebar\regsvr32.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://startpagina.nl/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-02 19:49

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*–€|ÿÿÿÿ;•€|é•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\sfc_os.dll

- - - - - - - > 'explorer.exe'(2228)

c:\windows\system32\ntshrui.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

Voltooingstijd: 2011-02-02 19:52:06

ComboFix-quarantined-files.txt 2011-02-02 18:52

ComboFix2.txt 2011-02-01 21:21

Pre-Run: 29.018.361.856 bytes beschikbaar

Post-Run: 29.106.618.368 bytes beschikbaar

- - End Of File - - 99F503E78884100353D72299E94057F0

[kape]

Was misschien een beetje onduidelijk geweest, maar bedoeling was om dit uit te voeren met Combofix :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\DUMP9b65.tmp

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"=-

FCOPY::

c:\windows\ServicePackFiles\i386\regedit.exe|c:\windows\regedit.exe

c:\windows\ServicePackFiles\i386\srsvc.dll|c:\windows\System32\srsvc.dll

c:\windows\ServicePackFiles\i386\explorer.exe|c:\windows\explorer.exe

c:\windows\ServicePackFiles\i386\notepad.exe|c:\windows\notepad.exe

c:\windows\ServicePackFiles\i386\ahui.exe|c:\windows\System32\ahui.exe

c:\windows\ServicePackFiles\i386\cleanmgr.exe|c:\windows\System32\cleanmgr.exe

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

2 februari 2011 aangepast door kape