Mededeling

**cemmelih** · 25-03-08, 19:35

adware spyware trojan

als ik op internet zit komt hele tijd een nieuwe pagina en dat die soort van mij pc gaat scannnen en er komen paginas dat er staat uw pc is beschadigd dit dat. wie kan mij helpen om dit te verwijderen??

**cemmelih** · 25-03-08, 19:36

adware spyware maleware

als ik op internet zit komt hele tijd een nieuwe pagina en dat die soort van mij pc gaat scannnen en er komen paginas dat er staat uw pc is beschadigd dit dat. wie kan mij helpen om dit te verwijderen??

**smeenk** · 25-03-08, 19:41

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**cemmelih** · 25-03-08, 19:58

DIT IS DE MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Gungor on 2008-03-25 18:44:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
28: 2008-03-25 17:45:22 UTC - RP99 - Deckard's System Scanner Restore Point
27: 2008-03-25 16:59:40 UTC - RP98 - ComboFix created restore point
26: 2008-03-25 16:53:21 UTC - RP97 - ComboFix created restore point
25: 2008-03-25 16:40:36 UTC - RP96 - ComboFix created restore point
24: 2008-03-25 16:38:06 UTC - RP95 - ComboFix created restore point

-- First Restore Point --
1: 2008-03-25 15:10:51 UTC - RP72 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Gungor.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:28, on 25-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Gungor\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gungor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {10b54295-e313-e3ea-b6a4-60edbed22511} - {11522deb-de06-4a6b-ae3e-313e59245b01} - C:\WINDOWS\system32\gublhgtq.dll
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\qomjkih.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {C3FAC713-CC14-4EBE-979E-CBEAD66B18CD} - C:\WINDOWS\system32\pmnnm.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: qomjkih - C:\WINDOWS\SYSTEM32\qomjkih.dll
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 5682 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080316-174332-125 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.52 85.255.112.129
backup-20080316-174332-345 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.52 85.255.112.129
backup-20080316-174332-428 O17 - HKLM\System\CCS\Services\Tcpip\..\{EFAA3FE3-E9EB-43EB-9115-D4950A5FC8BC}: NameServer = 85.255.114.52,85.255.112.129
backup-20080316-174332-786 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.52 85.255.112.129
backup-20080325-164423-631 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
backup-20080325-164423-725 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
backup-20080325-164423-840 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
backup-20080325-164423-975 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 bdftdif - c:\program files\common files\bitdefender\bitdefender firewall\bdftdif.sys <Not Verified; BitDefender SRL; BitDefender 11>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>

S3 catchme - c:\docume~1\gungor\locals~1\temp\catchme.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 ZDBRGSYS (ZDBRGSYS NDIS Protocol Driver) - c:\windows\system32\zdbrgsys.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-15 21:03:25 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Gungor.job

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-25 17:35:05 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-25 17:35:05 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-25 17:35:05 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-25 17:35:05 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-25 16:50:35 0 d-------- C:\ComboFix[1]
2008-03-25 16:16:49 94272 --a------ C:\WINDOWS\system32\gublhgtq.dll
2008-03-25 16:15:49 89152 --a------ C:\WINDOWS\system32\fcvwhhef.dll
2008-03-25 16:14:57 90688 --a------ C:\WINDOWS\system32\giayenaa.dll
2008-03-25 16:13:52 38400 --a------ C:\WINDOWS\system32\ssqnlii.dll
2008-03-25 16:10:26 179908 --ahs---- C:\WINDOWS\system32\mnnmp.ini2
2008-03-25 16:10:10 272896 --a------ C:\WINDOWS\system32\pmnnm.dll
2008-03-25 16:05:01 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-25 16:05:00 38400 --a------ C:\WINDOWS\system32\qomjkih.dll
2008-03-24 19:51:04 0 d-------- C:\Temp
2008-03-20 19:52:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-20 19:51:17 0 d-------- C:\Program Files\Apple Software Update
2008-03-20 19:51:16 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-20 18:40:30 0 d-------- C:\Documents and Settings\Gungor\Application Data\BitTorrent
2008-03-20 18:38:52 0 d-------- C:\Program Files\DNA
2008-03-20 18:38:52 0 d-------- C:\Documents and Settings\Gungor\Application Data\DNA
2008-03-20 18:38:51 0 d-------- C:\Program Files\BitTorrent
2008-03-20 18:28:14 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-20 18:28:04 0 d-------- C:\Documents and Settings\Gungor\Application Data\DAEMON Tools
2008-03-20 12:47:05 0 d-------- C:\Inetpub
2008-03-18 21:30:19 0 d-------- C:\Documents and Settings\Gungor\Application Data\RapidGet
2008-03-17 21:52:23 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-17 21:51:36 0 d-------- C:\Documents and Settings\Gungor\Application Data\BitDefender
2008-03-17 21:50:17 0 d-------- C:\Program Files\BitDefender
2008-03-17 21:50:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2008-03-17 21:48:41 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-17 21:30:38 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-17 21:27:38 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-17 21:27:38 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-17 19:19:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start
2008-03-17 19:18:01 0 d-------- C:\WINDOWS\Prefetch
2008-03-17 19:04:06 0 d-------- C:\WINDOWS\peernet
2008-03-17 19:04:05 0 d-------- C:\WINDOWS\provisioning
2008-03-17 18:58:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-03-17 18:49:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-17 18:42:00 0 d-------- C:\WINDOWS\EHome
2008-03-17 16:33:26 0 d-------- C:\Documents and Settings\Gungor\LimeWire Store Purchased
2008-03-17 16:33:26 0 d-------- C:\Documents and Settings\Gungor\LimeWire Shared
2008-03-17 16:33:00 0 d-------- C:\Documents and Settings\Gungor\Application Data\LimeWirePlus
2008-03-16 18:04:05 0 d-------- C:\Documents and Settings\Gungor\.SunDownloadManager
2008-03-16 15:55:37 247584 --a------ C:\cmldr
2008-03-16 15:55:30 0 d-------- C:\cmdcons
2008-03-16 00:14:33 0 d-------- C:\Documents and Settings\Gungor\Application Data\Malwarebytes
2008-03-16 00:13:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-15 23:41:09 0 d-------- C:\Program Files\Trend Micro
2008-03-15 22:09:48 0 d---s---- C:\Documents and Settings\5174\UserData
2008-03-15 22:07:29 0 d-------- C:\Documents and Settings\1778\VeriSign
2008-03-15 22:07:29 0 d--h----- C:\Documents and Settings\1778\Sjablonen
2008-03-15 22:07:28 0 dr-h----- C:\Documents and Settings\1778\SendTo
2008-03-15 22:07:28 0 dr-h----- C:\Documents and Settings\1778\Onlangs geopend
2008-03-15 22:07:28 0 d--h----- C:\Documents and Settings\1778\Netwerkprinteromgeving
2008-03-15 22:07:28 0 d--h----- C:\Documents and Settings\1778\NetHood
2008-03-15 22:07:28 0 dr------- C:\Documents and Settings\1778\Mijn documenten
2008-03-15 22:07:26 0 dr------- C:\Documents and Settings\1778\Menu Start
2008-03-15 22:07:24 0 d--h----- C:\Documents and Settings\1778\Local Settings
2008-03-15 22:07:24 0 dr------- C:\Documents and Settings\1778\Favorieten
2008-03-15 22:07:24 0 d---s---- C:\Documents and Settings\1778\Cookies
2008-03-15 22:07:23 0 d-------- C:\Documents and Settings\1778\Bureaublad
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Sjablonen
2008-03-15 22:07:22 0 dr-h----- C:\Documents and Settings\Nsadmin.sfg.net\SendTo
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Onlangs geopend
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Netwerkprinteromgeving
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\NetHood
2008-03-15 22:07:22 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Mijn documenten
2008-03-15 22:07:22 0 dr-h----- C:\Documents and Settings\1778\Application Data
2008-03-15 22:07:22 0 d---s---- C:\Documents and Settings\1778\Application Data\Microsoft
2008-03-15 22:07:22 0 d-------- C:\Documents and Settings\1778\Application Data\Identities
2008-03-15 22:07:21 0 d--h----- C:\Documents and Settings\jalema\Templates
2008-03-15 22:07:21 0 d-------- C:\Documents and Settings\jalema\_rpcs
2008-03-15 22:07:19 0 d-------- C:\Documents and Settings\8914\VeriSign
2008-03-15 22:07:19 0 d--h----- C:\Documents and Settings\8914\Sjablonen
2008-03-15 22:07:18 0 dr-h----- C:\Documents and Settings\8914\SendTo
2008-03-15 22:07:18 0 d-------- C:\Documents and Settings\4238\VeriSign
2008-03-15 22:07:18 0 d--h----- C:\Documents and Settings\4238\Sjablonen
2008-03-15 22:07:17 0 dr------- C:\Documents and Settings\Nsadmin.sfg.net\Menu Start
2008-03-15 22:07:17 0 dr-h----- C:\Documents and Settings\8914\Onlangs geopend
2008-03-15 22:07:17 0 d--h----- C:\Documents and Settings\8914\Netwerkprinteromgeving
2008-03-15 22:07:17 0 d--h----- C:\Documents and Settings\8914\NetHood
2008-03-15 22:07:17 0 dr-h----- C:\Documents and Settings\4238\SendTo
2008-03-15 22:07:17 0 d-------- C:\Documents and Settings\2811\VeriSign
2008-03-15 22:07:16 0 dr-h----- C:\Documents and Settings\4238\Onlangs geopend
2008-03-15 22:07:16 0 d--h----- C:\Documents and Settings\4238\Netwerkprinteromgeving
2008-03-15 22:07:16 0 d--h----- C:\Documents and Settings\2811\Sjablonen
2008-03-15 22:07:15 0 dr------- C:\Documents and Settings\8914\Mijn documenten
2008-03-15 22:07:15 0 d--h----- C:\Documents and Settings\4238\NetHood
2008-03-15 22:07:14 0 d-------- C:\Documents and Settings\jalema\Start Menu
2008-03-15 22:07:14 0 dr-h----- C:\Documents and Settings\2811\SendTo
2008-03-15 22:07:14 0 dr-h----- C:\Documents and Settings\2811\Onlangs geopend
2008-03-15 22:07:14 0 d--h----- C:\Documents and Settings\2811\Netwerkprinteromgeving
2008-03-15 22:07:14 0 d--h----- C:\Documents and Settings\2811\NetHood
2008-03-15 22:07:13 0 dr------- C:\Documents and Settings\4238\Mijn documenten
2008-03-15 22:07:12 0 d--h----- C:\Documents and Settings\jalema\SendTo
2008-03-15 22:07:12 0 dr------- C:\Documents and Settings\2811\Mijn documenten
2008-03-15 22:07:07 0 dr------- C:\Documents and Settings\8914\Menu Start
2008-03-15 22:07:02 0 dr------- C:\Documents and Settings\4238\Menu Start
2008-03-15 22:07:02 0 dr------- C:\Documents and Settings\2811\Menu Start
2008-03-15 22:06:54 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Local Settings
2008-03-15 22:06:54 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Favorieten
2008-03-15 22:06:53 0 d---s---- C:\Documents and Settings\Nsadmin.sfg.net\Cookies
2008-03-15 22:06:53 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Bureaublad
2008-03-15 22:06:52 0 d--h----- C:\Documents and Settings\2811\Local Settings
2008-03-15 22:06:51 0 d---s---- C:\Documents and Settings\Nsadmin.sfg.net\Application Data\Microsoft
2008-03-15 22:06:51 0 d--h----- C:\Documents and Settings\4238\Local Settings
2008-03-15 22:06:51 0 dr------- C:\Documents and Settings\4238\Favorieten
2008-03-15 22:06:51 0 dr------- C:\Documents and Settings\2811\Favorieten
2008-03-15 22:06:51 0 d---s---- C:\Documents and Settings\2811\Cookies
2008-03-15 22:06:51 0 d-------- C:\Documents and Settings\2811\Bureaublad
2008-03-15 22:06:50 0 dr-h----- C:\Documents and Settings\Nsadmin.sfg.net\Application Data
2008-03-15 22:06:50 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Application Data\Macromedia
2008-03-15 22:06:50 0 d---s---- C:\Documents and Settings\4238\Cookies
2008-03-15 22:06:50 0 d-------- C:\Documents and Settings\4238\Bureaublad
2008-03-15 22:06:49 0 d---s---- C:\Documents and Settings\4238\Application Data\Microsoft
2008-03-15 22:06:49 0 d---s---- C:\Documents and Settings\2811\Application Data\Microsoft
2008-03-15 22:06:48 0 dr-h----- C:\Documents and Settings\4238\Application Data
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\4238\Application Data\Identities
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\4238\Application Data\Adobe
2008-03-15 22:06:48 0 dr-h----- C:\Documents and Settings\2811\Application Data
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\2811\Application Data\Identities
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\2811\Application Data\Adobe
2008-03-15 22:06:47 0 d-------- C:\Documents and Settings\2529\VeriSign
2008-03-15 22:06:46 0 d---s---- C:\Documents and Settings\2529\UserData
2008-03-15 22:06:46 0 d--h----- C:\Documents and Settings\2529\Sjablonen
2008-03-15 22:06:45 0 dr-h----- C:\Documents and Settings\2529\SendTo
2008-03-15 22:06:45 0 d-------- C:\Documents and Settings\2529\SapWorkDir
2008-03-15 22:06:44 0 dr-h----- C:\Documents and Settings\2529\Onlangs geopend
2008-03-15 22:06:43 0 dr-h----- C:\Documents and Settings\jalema\Recent
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\jalema\PrintHood
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\2529\Netwerkprinteromgeving
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\2529\NetHood
2008-03-15 22:06:42 0 d--h----- C:\Documents and Settings\jalema\NetHood
2008-03-15 22:06:42 0 d-------- C:\Documents and Settings\23844\VeriSign
2008-03-15 22:06:42 0 d--h----- C:\Documents and Settings\23844\Sjablonen
2008-03-15 22:06:41 0 dr-h----- C:\Documents and Settings\23844\SendTo
2008-03-15 22:06:40 0 dr------- C:\Documents and Settings\2529\Menu Start
2008-03-15 22:06:40 0 dr-h----- C:\Documents and Settings\23844\Onlangs geopend
2008-03-15 22:06:40 0 d--h----- C:\Documents and Settings\23844\Netwerkprinteromgeving
2008-03-15 22:06:40 0 d--h----- C:\Documents and Settings\23844\NetHood
2008-03-15 22:06:39 0 dr------- C:\Documents and Settings\jalema\My Documents
2008-03-15 22:06:39 0 dr------- C:\Documents and Settings\23844\Mijn documenten
2008-03-15 22:06:37 0 d--h----- C:\Documents and Settings\2529\Local Settings
2008-03-15 22:06:37 0 dr------- C:\Documents and Settings\2529\Favorieten
2008-03-15 22:06:36 0 d---s---- C:\Documents and Settings\2529\Cookies
2008-03-15 22:06:36 0 d-------- C:\Documents and Settings\2529\Bureaublad
2008-03-15 22:06:35 0 dr------- C:\Documents and Settings\23844\Menu Start
2008-03-15 22:06:33 0 d--h----- C:\Documents and Settings\jalema\Local Settings
2008-03-15 22:06:33 0 d-------- C:\Documents and Settings\jalema\FrontPageTempDir
2008-03-15 22:06:32 0 dr------- C:\Documents and Settings\jalema\Favorites
2008-03-15 22:06:17 0 d-------- C:\Documents and Settings\jalema\Desktop
2008-03-15 22:06:17 0 d---s---- C:\Documents and Settings\jalema\Cookies
2008-03-15 22:06:17 0 d--h----- C:\Documents and Settings\23844\Local Settings
2008-03-15 22:06:16 0 d---s---- C:\Documents and Settings\2529\Application Data\Microsoft
2008-03-15 22:06:16 0 dr------- C:\Documents and Settings\23844\Favorieten
2008-03-15 22:06:16 0 d---s---- C:\Documents and Settings\23844\Cookies
2008-03-15 22:06:16 0 d-------- C:\Documents and Settings\23844\Bureaublad
2008-03-15 22:06:14 0 d---s---- C:\Documents and Settings\23844\Application Data\Microsoft
2008-03-15 22:06:14 0 d-------- C:\Documents and Settings\23844\Application Data\Identities
2008-03-15 22:06:13 0 dr-h----- C:\Documents and Settings\23844\Application Data
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Macromedia
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Identities
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Help
2008-03-15 22:06:11 0 d---s---- C:\Documents and Settings\jalema\Application Data\Microsoft
2008-03-15 22:06:11 0 dr-h----- C:\Documents and Settings\2529\Application Data
2008-03-15 22:06:11 0 d-------- C:\Documents and Settings\2529\Application Data\Adobe
2008-03-15 22:06:10 0 d--h----- C:\Documents and Settings\jalema\Application Data
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Macromedia
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Identities
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Help
2008-03-15 22:06:10 0 d--h----- C:\Documents and Settings\4091\Sjablonen
2008-03-15 22:06:09 0 dr-h----- C:\Documents and Settings\4091\SendTo
2008-03-15 22:06:09 0 dr-h----- C:\Documents and Settings\4091\Onlangs geopend
2008-03-15 22:06:09 0 d--h----- C:\Documents and Settings\4091\Netwerkprinteromgeving
2008-03-15 22:06:09 0 d--h----- C:\Documents and Settings\4091\NetHood
2008-03-15 22:06:09 0 dr------- C:\Documents and Settings\4091\Mijn documenten
2008-03-15 22:06:07 0 dr------- C:\Documents and Settings\4091\Menu Start
2008-03-15 22:06:03 0 d--h----- C:\Documents and Settings\8914\Local Settings
2008-03-15 22:06:03 0 dr------- C:\Documents and Settings\8914\Favorieten
2008-03-15 22:06:03 0 d---s---- C:\Documents and Settings\8914\Cookies
2008-03-15 22:06:03 0 d-------- C:\Documents and Settings\8914\Bureaublad
2008-03-15 22:06:02 0 d--h----- C:\Documents and Settings\4091\Local Settings
2008-03-15 22:06:02 0 dr------- C:\Documents and Settings\4091\Favorieten
2008-03-15 22:06:02 0 d---s---- C:\Documents and Settings\4091\Cookies
2008-03-15 22:06:02 0 d-------- C:\Documents and Settings\4091\Bureaublad
2008-03-15 22:06:01 0 d---s---- C:\Documents and Settings\8914\Application Data\Microsoft
2008-03-15 22:06:01 0 d---s---- C:\Documents and Settings\4091\Application Data\Microsoft
2008-03-15 22:06:00 0 dr-h----- C:\Documents and Settings\8914\Application Data
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\8914\Application Data\I-FourC Scan
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\8914\Application Data\Identities
2008-03-15 22:06:00 0 dr-h----- C:\Documents and Settings\4091\Application Data
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\4091\Application Data\Identities
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\4091\Application Data\Adobe
2008-03-15 22:05:59 0 dr------- C:\Documents and Settings\scanner\Mijn documenten
2008-03-15 22:05:59 0 d-------- C:\Documents and Settings\5174\VeriSign
2008-03-15 22:05:59 0 d--h----- C:\Documents and Settings\5174\Sjablonen
2008-03-15 22:05:58 0 dr-h----- C:\Documents and Settings\5174\SendTo
2008-03-15 22:05:58 0 dr-h----- C:\Documents and Settings\5174\Onlangs geopend
2008-03-15 22:05:58 0 d--h----- C:\Documents and Settings\5174\Netwerkprinteromgeving
2008-03-15 22:05:58 0 d--h----- C:\Documents and Settings\5174\NetHood
2008-03-15 22:05:57 0 dr------- C:\Documents and Settings\5174\Mijn documenten
2008-03-15 22:05:55 0 dr------- C:\Documents and Settings\5174\Menu Start
2008-03-15 22:05:47 0 d-------- C:\Documents and Settings\scanner\VeriSign
2008-03-15 22:05:47 0 d--h----- C:\Documents and Settings\scanner\Sjablonen
2008-03-15 22:05:47 0 dr-h----- C:\Documents and Settings\scanner\SendTo
2008-03-15 22:05:44 0 dr-h----- C:\Documents and Settings\scanner\Onlangs geopend
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\scanner\Netwerkprinteromgeving
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\scanner\NetHood
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\5174\Local Settings
2008-03-15 22:05:44 0 dr------- C:\Documents and Settings\5174\Favorieten
2008-03-15 22:05:44 0 d---s---- C:\Documents and Settings\5174\Cookies
2008-03-15 22:05:44 0 d-------- C:\Documents and Settings\5174\Bureaublad
2008-03-15 22:05:39 0 dr------- C:\Documents and Settings\scanner\Menu Start
2008-03-15 22:05:39 0 d---s---- C:\Documents and Settings\5174\Application Data\Microsoft
2008-03-15 22:05:38 0 d-------- C:\Documents and Settings\5174\Application Data\Macromedia
2008-03-15 22:05:38 0 d-------- C:\Documents and Settings\5174\Application Data\Identities
2008-03-15 22:05:37 0 dr-h----- C:\Documents and Settings\5174\Application Data
2008-03-15 22:05:37 0 d-------- C:\Documents and Settings\5174\Application Data\I-FourC Scan
2008-03-15 22:05:33 0 d--h----- C:\Documents and Settings\scanner\Local Settings
2008-03-15 22:05:32 0 dr------- C:\Documents and Settings\scanner\Favorieten
2008-03-15 22:05:32 0 d---s---- C:\Documents and Settings\scanner\Cookies
2008-03-15 22:05:32 0 d-------- C:\Documents and Settings\scanner\Bureaublad
2008-03-15 22:05:30 0 d---s---- C:\Documents and Settings\scanner\Application Data\Microsoft
2008-03-15 22:05:29 0 dr-h----- C:\Documents and Settings\scanner\Application Data
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\Macromedia
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\I-FourC Scan
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\I-FourC Document Organize
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\Identities
2008-03-15 20:36:30 0 d-------- C:\Program Files\Norton AntiVirus(2)
2008-03-15 20:31:44 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec(2)
2008-03-15 19:21:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-15 18:24:06 0 d-------- C:\Program Files\LimeWire Plus
2008-03-15 18:18:58 237568 --a------ C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat
2008-03-15 18:18:58 2097152 --a------ C:\Documents and Settings\Gungor\ntuser.dat
2008-03-15 18:18:58 1310720 --a------ C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\ntuser.dat
2008-03-15 18:18:57 237568 --a------ C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
2008-03-15 18:06:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 17:33:56 0 d-------- C:\Program Files\PokerRoom.com
2008-03-15 17:26:03 63 --a------ C:\WINDOWS\system32\a062906c
2008-03-15 16:18:26 0 d-------- C:\WINDOWS\Replay Media Catcher
2008-03-15 16:18:18 0 d-------- C:\Program Files\Replay Media Catcher
2008-03-14 13:43:31 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-12 13:33:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Absolutist
2008-03-03 17:01:28 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-03-25 15:01:27 0 d-------- C:\Program Files\Absolute Poker
2008-03-23 17:03:51 449178 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-23 17:03:51 73866 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-20 12:44:59 0 d-a-s---- C:\Program Files\Common Files
2008-03-18 20:07:42 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-03-17 19:04:33 0 d-------- C:\Program Files\Messenger
2008-03-17 18:57:41 0 d-------- C:\Program Files\Movie Maker
2008-03-17 18:57:13 0 d-------- C:\Program Files\windows nt
2008-02-25 15:29:12 0 d-------- C:\Documents and Settings\Gungor\Application Data\Adobe
2008-02-22 23:18:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-18 23:45:28 0 d-------- C:\Documents and Settings\Gungor\Application Data\Microgaming
2008-02-10 14:43:22 0 d-------- C:\Documents and Settings\Gungor\Application Data\vlc
2008-02-10 14:40:25 0 d-------- C:\Program Files\VideoLAN
2008-02-01 17:15:05 0 d-------- C:\Documents and Settings\Gungor\Application Data\Macromedia
2008-01-28 23:11:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-28 16:59:27 0 d-------- C:\Documents and Settings\Gungor\Application Data\WinRAR
2008-01-27 16:08:50 0 d-------- C:\Documents and Settings\Gungor\Application Data\Sun
2008-01-25 22:12:15 0 d-------- C:\Documents and Settings\Gungor\Application Data\Identities
2008-01-25 19:30:23 0 d-------- C:\Program Files\Lavasoft
2008-01-25 17:51:50 0 d-------- C:\Program Files\Universal
2008-01-21 13:52:21 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-21 13:52:17 40 --a----c- C:\WINDOWS\ujf635.bin
2008-01-15 19:56:14 62 --ahs---- C:\Documents and Settings\Gungor\Application Data\desktop.ini
2008-01-15 19:20:28 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-15 18:40:06 0 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11522deb-de06-4a6b-ae3e-313e59245b01}]
25-03-2008 16:16 94272 --a------ C:\WINDOWS\system32\gublhgtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}]
25-03-2008 16:05 38400 --a------ C:\WINDOWS\system32\qomjkih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3FAC713-CC14-4EBE-979E-CBEAD66B18CD}]
25-03-2008 16:10 272896 --a------ C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03-03-2008 17:01]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [18-03-2008 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 12:54]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [20-03-2008 18:38]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21-1-2000 10:15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}"= C:\WINDOWS\system32\qomjkih.dll [25-03-2008 16:05 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkih]
qomjkih.dll 25-03-2008 16:05 38400 C:\WINDOWS\system32\qomjkih.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

*Newly Created Service* - 674811CE
*Newly Created Service* - B9C450CA

-- End of Deckard's System Scanner: finished at 2008-03-25 18:55:15 ------------

**smeenk** · 25-03-08, 20:02

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Post ook een nieuw logje van Deckard's System Scanner

**cemmelih** · 25-03-08, 20:17

VBG>TXT

[03/25/2008, 19:12:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gungor\Bureaublad\VirtumundoBeGone.exe" )
[03/25/2008, 19:12:53] - Detected System Information:
[03/25/2008, 19:12:53] - Windows Version: 5.1.2600, Service Pack 2
[03/25/2008, 19:12:53] - Current Username: Gungor (Admin)
[03/25/2008, 19:12:53] - Windows is in NORMAL mode.
[03/25/2008, 19:12:54] - Searching for Browser Helper Objects:
[03/25/2008, 19:12:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/25/2008, 19:12:54] - BHO 2: {11522deb-de06-4a6b-ae3e-313e59245b01} ()
[03/25/2008, 19:12:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 19:12:54] - Checking for HKLM\...\Winlogon\Notify\gublhgtq
[03/25/2008, 19:12:54] - Key not found: HKLM\...\Winlogon\Notify\gublhgtq, continuing.
[03/25/2008, 19:12:54] - BHO 3: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} ()
[03/25/2008, 19:12:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 19:12:54] - Checking for HKLM\...\Winlogon\Notify\qomjkih
[03/25/2008, 19:12:54] - Found: HKLM\...\Winlogon\Notify\qomjkih - This is probably Virtumundo.
[03/25/2008, 19:12:54] - Assigning {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} MSEvents Object
[03/25/2008, 19:12:54] - BHO list has been changed! Starting over...
[03/25/2008, 19:12:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/25/2008, 19:12:56] - BHO 2: {11522deb-de06-4a6b-ae3e-313e59245b01} ()
[03/25/2008, 19:12:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 19:12:56] - Checking for HKLM\...\Winlogon\Notify\gublhgtq
[03/25/2008, 19:12:56] - Key not found: HKLM\...\Winlogon\Notify\gublhgtq, continuing.
[03/25/2008, 19:12:56] - BHO 3: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} (MSEvents Object)
[03/25/2008, 19:12:56] - ALERT: Found MSEvents Object!
[03/25/2008, 19:12:56] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2008, 19:12:56] - BHO 5: {C3FAC713-CC14-4EBE-979E-CBEAD66B18CD} ()
[03/25/2008, 19:12:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 19:12:56] - Checking for HKLM\...\Winlogon\Notify\pmnnm
[03/25/2008, 19:12:56] - Key not found: HKLM\...\Winlogon\Notify\pmnnm, continuing.
[03/25/2008, 19:12:56] - Finished Searching Browser Helper Objects
[03/25/2008, 19:12:56] - *** Detected MSEvents Object
[03/25/2008, 19:12:56] - Trying to remove MSEvents Object...
[03/25/2008, 19:12:57] - Terminating Process: IEXPLORE.EXE
[03/25/2008, 19:12:58] - Terminating Process: RUNDLL32.EXE
[03/25/2008, 19:12:59] - Disabling Automatic Shell Restart
[03/25/2008, 19:13:00] - Terminating Process: EXPLORER.EXE
[03/25/2008, 19:13:01] - Suspending the NT Session Manager System Service
[03/25/2008, 19:13:01] - Terminating Windows NT Logon/Logoff Manager
[03/25/2008, 19:13:02] - Re-enabling Automatic Shell Restart
[03/25/2008, 19:13:02] - File to disable: C:\WINDOWS\system32\qomjkih.dll
[03/25/2008, 19:13:02] - Renaming C:\WINDOWS\system32\qomjkih.dll -> C:\WINDOWS\system32\qomjkih.dll.vir
[03/25/2008, 19:13:03] - File successfully renamed!
[03/25/2008, 19:13:03] - Removing HKLM\...\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
[03/25/2008, 19:13:03] - Removing HKCR\CLSID\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
[03/25/2008, 19:13:03] - Adding Kill Bit for ActiveX for GUID: {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}
[03/25/2008, 19:13:04] - Deleting ATLEvents/MSEvents Registry entries
[03/25/2008, 19:13:04] - Removing HKLM\...\Winlogon\Notify\qomjkih
[03/25/2008, 19:13:05] - Searching for Browser Helper Objects:
[03/25/2008, 19:13:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/25/2008, 19:13:05] - BHO 2: {11522deb-de06-4a6b-ae3e-313e59245b01} ()
[03/25/2008, 19:13:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 19:13:05] - Checking for HKLM\...\Winlogon\Notify\gublhgtq
[03/25/2008, 19:13:05] - Key not found: HKLM\...\Winlogon\Notify\gublhgtq, continuing.
[03/25/2008, 19:13:05] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/25/2008, 19:13:05] - BHO 4: {C3FAC713-CC14-4EBE-979E-CBEAD66B18CD} ()
[03/25/2008, 19:13:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/25/2008, 19:13:05] - Checking for HKLM\...\Winlogon\Notify\pmnnm
[03/25/2008, 19:13:06] - Key not found: HKLM\...\Winlogon\Notify\pmnnm, continuing.
[03/25/2008, 19:13:06] - Finished Searching Browser Helper Objects
[03/25/2008, 19:13:06] - Finishing up...
[03/25/2008, 19:13:06] - A restart is needed.
[03/25/2008, 19:13:11] - Attempting to Restart via STOP error (Blue Screen!)

**cemmelih** · 25-03-08, 20:22

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Gungor on 2008-03-25 19:18:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Gungor.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:37, on 25-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gungor\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gungor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {10b54295-e313-e3ea-b6a4-60edbed22511} - {11522deb-de06-4a6b-ae3e-313e59245b01} - C:\WINDOWS\system32\gublhgtq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {784EF758-0485-4706-BD80-5AEA6A44609E} - C:\WINDOWS\system32\pmnnm.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 5557 bytes

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-25 17:35:05 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-25 17:35:05 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-25 17:35:05 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-25 17:35:05 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-25 16:50:35 0 d-------- C:\ComboFix[1]
2008-03-25 16:16:49 94272 --a------ C:\WINDOWS\system32\gublhgtq.dll
2008-03-25 16:15:49 89152 --a------ C:\WINDOWS\system32\fcvwhhef.dll
2008-03-25 16:14:57 90688 --a------ C:\WINDOWS\system32\giayenaa.dll
2008-03-25 16:13:52 38400 --a------ C:\WINDOWS\system32\ssqnlii.dll
2008-03-25 16:10:26 182855 --ahs---- C:\WINDOWS\system32\mnnmp.ini2
2008-03-25 16:10:10 272896 --a------ C:\WINDOWS\system32\pmnnm.dll
2008-03-25 16:05:01 0 d-------- C:\WINDOWS\system32\aqVreo01
2008-03-24 19:51:04 0 d-------- C:\Temp
2008-03-20 19:52:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-20 19:51:17 0 d-------- C:\Program Files\Apple Software Update
2008-03-20 19:51:16 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-20 18:40:30 0 d-------- C:\Documents and Settings\Gungor\Application Data\BitTorrent
2008-03-20 18:38:52 0 d-------- C:\Program Files\DNA
2008-03-20 18:38:52 0 d-------- C:\Documents and Settings\Gungor\Application Data\DNA
2008-03-20 18:38:51 0 d-------- C:\Program Files\BitTorrent
2008-03-20 18:28:14 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-20 18:28:04 0 d-------- C:\Documents and Settings\Gungor\Application Data\DAEMON Tools
2008-03-20 12:47:05 0 d-------- C:\Inetpub
2008-03-18 21:30:19 0 d-------- C:\Documents and Settings\Gungor\Application Data\RapidGet
2008-03-17 21:52:23 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-17 21:51:36 0 d-------- C:\Documents and Settings\Gungor\Application Data\BitDefender
2008-03-17 21:50:17 0 d-------- C:\Program Files\BitDefender
2008-03-17 21:50:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2008-03-17 21:48:41 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-17 21:30:38 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-17 21:27:38 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-17 21:27:38 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-17 19:19:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start
2008-03-17 19:18:01 0 d-------- C:\WINDOWS\Prefetch
2008-03-17 19:04:06 0 d-------- C:\WINDOWS\peernet
2008-03-17 19:04:05 0 d-------- C:\WINDOWS\provisioning
2008-03-17 18:58:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-03-17 18:49:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-17 18:42:00 0 d-------- C:\WINDOWS\EHome
2008-03-17 16:33:26 0 d-------- C:\Documents and Settings\Gungor\LimeWire Store Purchased
2008-03-17 16:33:26 0 d-------- C:\Documents and Settings\Gungor\LimeWire Shared
2008-03-17 16:33:00 0 d-------- C:\Documents and Settings\Gungor\Application Data\LimeWirePlus
2008-03-16 18:04:05 0 d-------- C:\Documents and Settings\Gungor\.SunDownloadManager
2008-03-16 15:55:37 247584 --a------ C:\cmldr
2008-03-16 15:55:30 0 d-------- C:\cmdcons
2008-03-16 00:14:33 0 d-------- C:\Documents and Settings\Gungor\Application Data\Malwarebytes
2008-03-16 00:13:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-15 23:41:09 0 d-------- C:\Program Files\Trend Micro
2008-03-15 22:09:48 0 d---s---- C:\Documents and Settings\5174\UserData
2008-03-15 22:07:29 0 d-------- C:\Documents and Settings\1778\VeriSign
2008-03-15 22:07:29 0 d--h----- C:\Documents and Settings\1778\Sjablonen
2008-03-15 22:07:28 0 dr-h----- C:\Documents and Settings\1778\SendTo
2008-03-15 22:07:28 0 dr-h----- C:\Documents and Settings\1778\Onlangs geopend
2008-03-15 22:07:28 0 d--h----- C:\Documents and Settings\1778\Netwerkprinteromgeving
2008-03-15 22:07:28 0 d--h----- C:\Documents and Settings\1778\NetHood
2008-03-15 22:07:28 0 dr------- C:\Documents and Settings\1778\Mijn documenten
2008-03-15 22:07:26 0 dr------- C:\Documents and Settings\1778\Menu Start
2008-03-15 22:07:24 0 d--h----- C:\Documents and Settings\1778\Local Settings
2008-03-15 22:07:24 0 dr------- C:\Documents and Settings\1778\Favorieten
2008-03-15 22:07:24 0 d---s---- C:\Documents and Settings\1778\Cookies
2008-03-15 22:07:23 0 d-------- C:\Documents and Settings\1778\Bureaublad
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Sjablonen
2008-03-15 22:07:22 0 dr-h----- C:\Documents and Settings\Nsadmin.sfg.net\SendTo
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Onlangs geopend
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Netwerkprinteromgeving
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\NetHood
2008-03-15 22:07:22 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Mijn documenten
2008-03-15 22:07:22 0 dr-h----- C:\Documents and Settings\1778\Application Data
2008-03-15 22:07:22 0 d---s---- C:\Documents and Settings\1778\Application Data\Microsoft
2008-03-15 22:07:22 0 d-------- C:\Documents and Settings\1778\Application Data\Identities
2008-03-15 22:07:21 0 d--h----- C:\Documents and Settings\jalema\Templates
2008-03-15 22:07:21 0 d-------- C:\Documents and Settings\jalema\_rpcs
2008-03-15 22:07:19 0 d-------- C:\Documents and Settings\8914\VeriSign
2008-03-15 22:07:19 0 d--h----- C:\Documents and Settings\8914\Sjablonen
2008-03-15 22:07:18 0 dr-h----- C:\Documents and Settings\8914\SendTo
2008-03-15 22:07:18 0 d-------- C:\Documents and Settings\4238\VeriSign
2008-03-15 22:07:18 0 d--h----- C:\Documents and Settings\4238\Sjablonen
2008-03-15 22:07:17 0 dr------- C:\Documents and Settings\Nsadmin.sfg.net\Menu Start
2008-03-15 22:07:17 0 dr-h----- C:\Documents and Settings\8914\Onlangs geopend
2008-03-15 22:07:17 0 d--h----- C:\Documents and Settings\8914\Netwerkprinteromgeving
2008-03-15 22:07:17 0 d--h----- C:\Documents and Settings\8914\NetHood
2008-03-15 22:07:17 0 dr-h----- C:\Documents and Settings\4238\SendTo
2008-03-15 22:07:17 0 d-------- C:\Documents and Settings\2811\VeriSign
2008-03-15 22:07:16 0 dr-h----- C:\Documents and Settings\4238\Onlangs geopend
2008-03-15 22:07:16 0 d--h----- C:\Documents and Settings\4238\Netwerkprinteromgeving
2008-03-15 22:07:16 0 d--h----- C:\Documents and Settings\2811\Sjablonen
2008-03-15 22:07:15 0 dr------- C:\Documents and Settings\8914\Mijn documenten
2008-03-15 22:07:15 0 d--h----- C:\Documents and Settings\4238\NetHood
2008-03-15 22:07:14 0 d-------- C:\Documents and Settings\jalema\Start Menu
2008-03-15 22:07:14 0 dr-h----- C:\Documents and Settings\2811\SendTo
2008-03-15 22:07:14 0 dr-h----- C:\Documents and Settings\2811\Onlangs geopend
2008-03-15 22:07:14 0 d--h----- C:\Documents and Settings\2811\Netwerkprinteromgeving
2008-03-15 22:07:14 0 d--h----- C:\Documents and Settings\2811\NetHood
2008-03-15 22:07:13 0 dr------- C:\Documents and Settings\4238\Mijn documenten
2008-03-15 22:07:12 0 d--h----- C:\Documents and Settings\jalema\SendTo
2008-03-15 22:07:12 0 dr------- C:\Documents and Settings\2811\Mijn documenten
2008-03-15 22:07:07 0 dr------- C:\Documents and Settings\8914\Menu Start
2008-03-15 22:07:02 0 dr------- C:\Documents and Settings\4238\Menu Start
2008-03-15 22:07:02 0 dr------- C:\Documents and Settings\2811\Menu Start
2008-03-15 22:06:54 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Local Settings
2008-03-15 22:06:54 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Favorieten
2008-03-15 22:06:53 0 d---s---- C:\Documents and Settings\Nsadmin.sfg.net\Cookies
2008-03-15 22:06:53 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Bureaublad
2008-03-15 22:06:52 0 d--h----- C:\Documents and Settings\2811\Local Settings
2008-03-15 22:06:51 0 d---s---- C:\Documents and Settings\Nsadmin.sfg.net\Application Data\Microsoft
2008-03-15 22:06:51 0 d--h----- C:\Documents and Settings\4238\Local Settings
2008-03-15 22:06:51 0 dr------- C:\Documents and Settings\4238\Favorieten
2008-03-15 22:06:51 0 dr------- C:\Documents and Settings\2811\Favorieten
2008-03-15 22:06:51 0 d---s---- C:\Documents and Settings\2811\Cookies
2008-03-15 22:06:51 0 d-------- C:\Documents and Settings\2811\Bureaublad
2008-03-15 22:06:50 0 dr-h----- C:\Documents and Settings\Nsadmin.sfg.net\Application Data
2008-03-15 22:06:50 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Application Data\Macromedia
2008-03-15 22:06:50 0 d---s---- C:\Documents and Settings\4238\Cookies
2008-03-15 22:06:50 0 d-------- C:\Documents and Settings\4238\Bureaublad
2008-03-15 22:06:49 0 d---s---- C:\Documents and Settings\4238\Application Data\Microsoft
2008-03-15 22:06:49 0 d---s---- C:\Documents and Settings\2811\Application Data\Microsoft
2008-03-15 22:06:48 0 dr-h----- C:\Documents and Settings\4238\Application Data
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\4238\Application Data\Identities
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\4238\Application Data\Adobe
2008-03-15 22:06:48 0 dr-h----- C:\Documents and Settings\2811\Application Data
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\2811\Application Data\Identities
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\2811\Application Data\Adobe
2008-03-15 22:06:47 0 d-------- C:\Documents and Settings\2529\VeriSign
2008-03-15 22:06:46 0 d---s---- C:\Documents and Settings\2529\UserData
2008-03-15 22:06:46 0 d--h----- C:\Documents and Settings\2529\Sjablonen
2008-03-15 22:06:45 0 dr-h----- C:\Documents and Settings\2529\SendTo
2008-03-15 22:06:45 0 d-------- C:\Documents and Settings\2529\SapWorkDir
2008-03-15 22:06:44 0 dr-h----- C:\Documents and Settings\2529\Onlangs geopend
2008-03-15 22:06:43 0 dr-h----- C:\Documents and Settings\jalema\Recent
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\jalema\PrintHood
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\2529\Netwerkprinteromgeving
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\2529\NetHood
2008-03-15 22:06:42 0 d--h----- C:\Documents and Settings\jalema\NetHood
2008-03-15 22:06:42 0 d-------- C:\Documents and Settings\23844\VeriSign
2008-03-15 22:06:42 0 d--h----- C:\Documents and Settings\23844\Sjablonen
2008-03-15 22:06:41 0 dr-h----- C:\Documents and Settings\23844\SendTo
2008-03-15 22:06:40 0 dr------- C:\Documents and Settings\2529\Menu Start
2008-03-15 22:06:40 0 dr-h----- C:\Documents and Settings\23844\Onlangs geopend
2008-03-15 22:06:40 0 d--h----- C:\Documents and Settings\23844\Netwerkprinteromgeving
2008-03-15 22:06:40 0 d--h----- C:\Documents and Settings\23844\NetHood
2008-03-15 22:06:39 0 dr------- C:\Documents and Settings\jalema\My Documents
2008-03-15 22:06:39 0 dr------- C:\Documents and Settings\23844\Mijn documenten
2008-03-15 22:06:37 0 d--h----- C:\Documents and Settings\2529\Local Settings
2008-03-15 22:06:37 0 dr------- C:\Documents and Settings\2529\Favorieten
2008-03-15 22:06:36 0 d---s---- C:\Documents and Settings\2529\Cookies
2008-03-15 22:06:36 0 d-------- C:\Documents and Settings\2529\Bureaublad
2008-03-15 22:06:35 0 dr------- C:\Documents and Settings\23844\Menu Start
2008-03-15 22:06:33 0 d--h----- C:\Documents and Settings\jalema\Local Settings
2008-03-15 22:06:33 0 d-------- C:\Documents and Settings\jalema\FrontPageTempDir
2008-03-15 22:06:32 0 dr------- C:\Documents and Settings\jalema\Favorites
2008-03-15 22:06:17 0 d-------- C:\Documents and Settings\jalema\Desktop
2008-03-15 22:06:17 0 d---s---- C:\Documents and Settings\jalema\Cookies
2008-03-15 22:06:17 0 d--h----- C:\Documents and Settings\23844\Local Settings
2008-03-15 22:06:16 0 d---s---- C:\Documents and Settings\2529\Application Data\Microsoft
2008-03-15 22:06:16 0 dr------- C:\Documents and Settings\23844\Favorieten
2008-03-15 22:06:16 0 d---s---- C:\Documents and Settings\23844\Cookies
2008-03-15 22:06:16 0 d-------- C:\Documents and Settings\23844\Bureaublad
2008-03-15 22:06:14 0 d---s---- C:\Documents and Settings\23844\Application Data\Microsoft
2008-03-15 22:06:14 0 d-------- C:\Documents and Settings\23844\Application Data\Identities
2008-03-15 22:06:13 0 dr-h----- C:\Documents and Settings\23844\Application Data
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Macromedia
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Identities
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Help
2008-03-15 22:06:11 0 d---s---- C:\Documents and Settings\jalema\Application Data\Microsoft
2008-03-15 22:06:11 0 dr-h----- C:\Documents and Settings\2529\Application Data
2008-03-15 22:06:11 0 d-------- C:\Documents and Settings\2529\Application Data\Adobe
2008-03-15 22:06:10 0 d--h----- C:\Documents and Settings\jalema\Application Data
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Macromedia
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Identities
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Help
2008-03-15 22:06:10 0 d--h----- C:\Documents and Settings\4091\Sjablonen
2008-03-15 22:06:09 0 dr-h----- C:\Documents and Settings\4091\SendTo
2008-03-15 22:06:09 0 dr-h----- C:\Documents and Settings\4091\Onlangs geopend
2008-03-15 22:06:09 0 d--h----- C:\Documents and Settings\4091\Netwerkprinteromgeving
2008-03-15 22:06:09 0 d--h----- C:\Documents and Settings\4091\NetHood
2008-03-15 22:06:09 0 dr------- C:\Documents and Settings\4091\Mijn documenten
2008-03-15 22:06:07 0 dr------- C:\Documents and Settings\4091\Menu Start
2008-03-15 22:06:03 0 d--h----- C:\Documents and Settings\8914\Local Settings
2008-03-15 22:06:03 0 dr------- C:\Documents and Settings\8914\Favorieten
2008-03-15 22:06:03 0 d---s---- C:\Documents and Settings\8914\Cookies
2008-03-15 22:06:03 0 d-------- C:\Documents and Settings\8914\Bureaublad
2008-03-15 22:06:02 0 d--h----- C:\Documents and Settings\4091\Local Settings
2008-03-15 22:06:02 0 dr------- C:\Documents and Settings\4091\Favorieten
2008-03-15 22:06:02 0 d---s---- C:\Documents and Settings\4091\Cookies
2008-03-15 22:06:02 0 d-------- C:\Documents and Settings\4091\Bureaublad
2008-03-15 22:06:01 0 d---s---- C:\Documents and Settings\8914\Application Data\Microsoft
2008-03-15 22:06:01 0 d---s---- C:\Documents and Settings\4091\Application Data\Microsoft
2008-03-15 22:06:00 0 dr-h----- C:\Documents and Settings\8914\Application Data
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\8914\Application Data\I-FourC Scan
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\8914\Application Data\Identities
2008-03-15 22:06:00 0 dr-h----- C:\Documents and Settings\4091\Application Data
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\4091\Application Data\Identities
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\4091\Application Data\Adobe
2008-03-15 22:05:59 0 dr------- C:\Documents and Settings\scanner\Mijn documenten
2008-03-15 22:05:59 0 d-------- C:\Documents and Settings\5174\VeriSign
2008-03-15 22:05:59 0 d--h----- C:\Documents and Settings\5174\Sjablonen
2008-03-15 22:05:58 0 dr-h----- C:\Documents and Settings\5174\SendTo
2008-03-15 22:05:58 0 dr-h----- C:\Documents and Settings\5174\Onlangs geopend
2008-03-15 22:05:58 0 d--h----- C:\Documents and Settings\5174\Netwerkprinteromgeving
2008-03-15 22:05:58 0 d--h----- C:\Documents and Settings\5174\NetHood
2008-03-15 22:05:57 0 dr------- C:\Documents and Settings\5174\Mijn documenten
2008-03-15 22:05:55 0 dr------- C:\Documents and Settings\5174\Menu Start
2008-03-15 22:05:47 0 d-------- C:\Documents and Settings\scanner\VeriSign
2008-03-15 22:05:47 0 d--h----- C:\Documents and Settings\scanner\Sjablonen
2008-03-15 22:05:47 0 dr-h----- C:\Documents and Settings\scanner\SendTo
2008-03-15 22:05:44 0 dr-h----- C:\Documents and Settings\scanner\Onlangs geopend
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\scanner\Netwerkprinteromgeving
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\scanner\NetHood
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\5174\Local Settings
2008-03-15 22:05:44 0 dr------- C:\Documents and Settings\5174\Favorieten
2008-03-15 22:05:44 0 d---s---- C:\Documents and Settings\5174\Cookies
2008-03-15 22:05:44 0 d-------- C:\Documents and Settings\5174\Bureaublad
2008-03-15 22:05:39 0 dr------- C:\Documents and Settings\scanner\Menu Start
2008-03-15 22:05:39 0 d---s---- C:\Documents and Settings\5174\Application Data\Microsoft
2008-03-15 22:05:38 0 d-------- C:\Documents and Settings\5174\Application Data\Macromedia
2008-03-15 22:05:38 0 d-------- C:\Documents and Settings\5174\Application Data\Identities
2008-03-15 22:05:37 0 dr-h----- C:\Documents and Settings\5174\Application Data
2008-03-15 22:05:37 0 d-------- C:\Documents and Settings\5174\Application Data\I-FourC Scan
2008-03-15 22:05:33 0 d--h----- C:\Documents and Settings\scanner\Local Settings
2008-03-15 22:05:32 0 dr------- C:\Documents and Settings\scanner\Favorieten
2008-03-15 22:05:32 0 d---s---- C:\Documents and Settings\scanner\Cookies
2008-03-15 22:05:32 0 d-------- C:\Documents and Settings\scanner\Bureaublad
2008-03-15 22:05:30 0 d---s---- C:\Documents and Settings\scanner\Application Data\Microsoft
2008-03-15 22:05:29 0 dr-h----- C:\Documents and Settings\scanner\Application Data
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\Macromedia
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\I-FourC Scan
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\I-FourC Document Organize
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\Identities
2008-03-15 20:36:30 0 d-------- C:\Program Files\Norton AntiVirus(2)
2008-03-15 20:31:44 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec(2)
2008-03-15 19:21:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-15 18:24:06 0 d-------- C:\Program Files\LimeWire Plus
2008-03-15 18:18:58 237568 --a------ C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat
2008-03-15 18:18:58 2097152 --a------ C:\Documents and Settings\Gungor\ntuser.dat
2008-03-15 18:18:58 1310720 --a------ C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\ntuser.dat
2008-03-15 18:18:57 237568 --a------ C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
2008-03-15 18:06:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 17:33:56 0 d-------- C:\Program Files\PokerRoom.com
2008-03-15 17:26:03 63 --a------ C:\WINDOWS\system32\a062906c
2008-03-15 16:18:26 0 d-------- C:\WINDOWS\Replay Media Catcher
2008-03-15 16:18:18 0 d-------- C:\Program Files\Replay Media Catcher
2008-03-14 13:43:31 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-12 13:33:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Absolutist
2008-03-03 17:01:28 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-03-25 15:01:27 0 d-------- C:\Program Files\Absolute Poker
2008-03-23 17:03:51 449178 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-23 17:03:51 73866 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-20 12:44:59 0 d-a-s---- C:\Program Files\Common Files
2008-03-18 20:07:42 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-03-17 19:04:33 0 d-------- C:\Program Files\Messenger
2008-03-17 18:57:41 0 d-------- C:\Program Files\Movie Maker
2008-03-17 18:57:13 0 d-------- C:\Program Files\windows nt
2008-02-25 15:29:12 0 d-------- C:\Documents and Settings\Gungor\Application Data\Adobe
2008-02-22 23:18:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-18 23:45:28 0 d-------- C:\Documents and Settings\Gungor\Application Data\Microgaming
2008-02-10 14:43:22 0 d-------- C:\Documents and Settings\Gungor\Application Data\vlc
2008-02-10 14:40:25 0 d-------- C:\Program Files\VideoLAN
2008-02-01 17:15:05 0 d-------- C:\Documents and Settings\Gungor\Application Data\Macromedia
2008-01-28 23:11:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-28 16:59:27 0 d-------- C:\Documents and Settings\Gungor\Application Data\WinRAR
2008-01-27 16:08:50 0 d-------- C:\Documents and Settings\Gungor\Application Data\Sun
2008-01-25 22:12:15 0 d-------- C:\Documents and Settings\Gungor\Application Data\Identities
2008-01-25 19:30:23 0 d-------- C:\Program Files\Lavasoft
2008-01-25 17:51:50 0 d-------- C:\Program Files\Universal
2008-01-21 13:52:21 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-21 13:52:17 40 --a----c- C:\WINDOWS\ujf635.bin
2008-01-15 19:56:14 62 --ahs---- C:\Documents and Settings\Gungor\Application Data\desktop.ini
2008-01-15 19:20:28 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-15 18:40:06 0 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11522deb-de06-4a6b-ae3e-313e59245b01}]
25-03-2008 16:16 94272 --a------ C:\WINDOWS\system32\gublhgtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{784EF758-0485-4706-BD80-5AEA6A44609E}]
25-03-2008 16:10 272896 --a------ C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03-03-2008 17:01]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [18-03-2008 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 12:54]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [20-03-2008 18:38]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21-1-2000 10:15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

-- End of Deckard's System Scanner: finished at 2008-03-25 19:21:42 ------------

**smeenk** · 25-03-08, 20:29

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
ren C:\WINDOWS\system32\gublhgtq.dll gublhgtq.bak
ren C:\WINDOWS\system32\pmnnm.dll pmnnm.bak
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\gublhgtq.dll
C:\WINDOWS\system32\gublhgtq.bak
C:\WINDOWS\system32\fcvwhhef.dll
C:\WINDOWS\system32\giayenaa.dll
C:\WINDOWS\system32\ssqnlii.dll
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\pmnnm.bak
C:\WINDOWS\system32\pmnnm.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
>>log.txt (
ECHO.
ECHO Deleting folders)
FOR %%I in (
C:\WINDOWS\system32\aqVreo01) DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**cemmelih** · 25-03-08, 20:33

Deleting files
C:\WINDOWS\system32\gublhgtq.dll not found
C:\WINDOWS\system32\gublhgtq.bak not deleted
C:\WINDOWS\system32\fcvwhhef.dll deleted
C:\WINDOWS\system32\giayenaa.dll deleted
C:\WINDOWS\system32\ssqnlii.dll deleted
C:\WINDOWS\system32\mnnmp.ini2 deleted
C:\WINDOWS\system32\pmnnm.bak not found
C:\WINDOWS\system32\pmnnm.dll not deleted

Deleting folders
C:\WINDOWS\system32\aqVreo01 deleted

**smeenk** · 25-03-08, 20:45

1) Open een kladblokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: fix.reg
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11522deb-de06-4a6b-ae3e-313e59245b01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{784EF758-0485-4706-BD80-5AEA6A44609E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11522deb-de06-4a6b-ae3e-313e59245b01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784EF758-0485-4706-BD80-5AEA6A44609E}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

Zou je daarna fix.reg en del.bat nog even in veilige modus willen uitvoeren.

Post daarna nog een nieuw logje van Deckard's System Scanner

**cemmelih** · 25-03-08, 20:58

Deckard's System Scanner v20071014.68
Run by Gungor on 2008-03-25 19:55:24
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- HijackThis (run as Gungor.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:33, on 25-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gungor\Bureaublad\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Gungor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9AE28C5B-7AFA-4944-BC30-B963C80BEC4F} - C:\WINDOWS\system32\pmnnm.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\Menu Start\Programma's\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WPT Casino - {AEA41B74-B7C9-42B7-A684-4CE687B6BA76} - http://online.worldpokertour.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 4861 bytes

-- Files created between 2008-02-25 and 2008-03-25 -----------------------------

2008-03-25 19:56:02 185646 --ahs---- C:\WINDOWS\system32\mnnmp.ini2
2008-03-25 19:52:03 0 d-------- C:\WINDOWS\CSC
2008-03-25 17:35:05 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-25 17:35:05 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-25 17:35:05 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-25 17:35:05 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-25 16:50:35 0 d-------- C:\ComboFix[1]
2008-03-25 16:10:10 272896 --a------ C:\WINDOWS\system32\pmnnm.dll
2008-03-24 19:51:04 0 d-------- C:\Temp
2008-03-20 19:52:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-20 19:51:17 0 d-------- C:\Program Files\Apple Software Update
2008-03-20 19:51:16 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-20 18:40:30 0 d-------- C:\Documents and Settings\Gungor\Application Data\BitTorrent
2008-03-20 18:38:52 0 d-------- C:\Program Files\DNA
2008-03-20 18:38:52 0 d-------- C:\Documents and Settings\Gungor\Application Data\DNA
2008-03-20 18:38:51 0 d-------- C:\Program Files\BitTorrent
2008-03-20 18:28:14 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-20 18:28:04 0 d-------- C:\Documents and Settings\Gungor\Application Data\DAEMON Tools
2008-03-20 12:47:05 0 d-------- C:\Inetpub
2008-03-18 21:30:19 0 d-------- C:\Documents and Settings\Gungor\Application Data\RapidGet
2008-03-17 21:52:23 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-17 21:51:36 0 d-------- C:\Documents and Settings\Gungor\Application Data\BitDefender
2008-03-17 21:50:17 0 d-------- C:\Program Files\BitDefender
2008-03-17 21:50:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2008-03-17 21:48:41 0 d-------- C:\Program Files\Common Files\BitDefender
2008-03-17 21:30:38 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-17 21:27:38 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-17 21:27:38 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-17 19:19:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Menu Start
2008-03-17 19:18:01 0 d-------- C:\WINDOWS\Prefetch
2008-03-17 19:04:06 0 d-------- C:\WINDOWS\peernet
2008-03-17 19:04:05 0 d-------- C:\WINDOWS\provisioning
2008-03-17 18:58:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-03-17 18:49:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-17 18:42:00 0 d-------- C:\WINDOWS\EHome
2008-03-17 16:33:26 0 d-------- C:\Documents and Settings\Gungor\LimeWire Store Purchased
2008-03-17 16:33:26 0 d-------- C:\Documents and Settings\Gungor\LimeWire Shared
2008-03-17 16:33:00 0 d-------- C:\Documents and Settings\Gungor\Application Data\LimeWirePlus
2008-03-16 18:04:05 0 d-------- C:\Documents and Settings\Gungor\.SunDownloadManager
2008-03-16 15:55:37 247584 --a------ C:\cmldr
2008-03-16 15:55:30 0 d-------- C:\cmdcons
2008-03-16 00:14:33 0 d-------- C:\Documents and Settings\Gungor\Application Data\Malwarebytes
2008-03-16 00:13:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-03-15 23:41:09 0 d-------- C:\Program Files\Trend Micro
2008-03-15 22:09:48 0 d---s---- C:\Documents and Settings\5174\UserData
2008-03-15 22:07:29 0 d-------- C:\Documents and Settings\1778\VeriSign
2008-03-15 22:07:29 0 d--h----- C:\Documents and Settings\1778\Sjablonen
2008-03-15 22:07:28 0 dr-h----- C:\Documents and Settings\1778\SendTo
2008-03-15 22:07:28 0 dr-h----- C:\Documents and Settings\1778\Onlangs geopend
2008-03-15 22:07:28 0 d--h----- C:\Documents and Settings\1778\Netwerkprinteromgeving
2008-03-15 22:07:28 0 d--h----- C:\Documents and Settings\1778\NetHood
2008-03-15 22:07:28 0 dr------- C:\Documents and Settings\1778\Mijn documenten
2008-03-15 22:07:26 0 dr------- C:\Documents and Settings\1778\Menu Start
2008-03-15 22:07:24 0 d--h----- C:\Documents and Settings\1778\Local Settings
2008-03-15 22:07:24 0 dr------- C:\Documents and Settings\1778\Favorieten
2008-03-15 22:07:24 0 d---s---- C:\Documents and Settings\1778\Cookies
2008-03-15 22:07:23 0 d-------- C:\Documents and Settings\1778\Bureaublad
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Sjablonen
2008-03-15 22:07:22 0 dr-h----- C:\Documents and Settings\Nsadmin.sfg.net\SendTo
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Onlangs geopend
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Netwerkprinteromgeving
2008-03-15 22:07:22 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\NetHood
2008-03-15 22:07:22 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Mijn documenten
2008-03-15 22:07:22 0 dr-h----- C:\Documents and Settings\1778\Application Data
2008-03-15 22:07:22 0 d---s---- C:\Documents and Settings\1778\Application Data\Microsoft
2008-03-15 22:07:22 0 d-------- C:\Documents and Settings\1778\Application Data\Identities
2008-03-15 22:07:21 0 d--h----- C:\Documents and Settings\jalema\Templates
2008-03-15 22:07:21 0 d-------- C:\Documents and Settings\jalema\_rpcs
2008-03-15 22:07:19 0 d-------- C:\Documents and Settings\8914\VeriSign
2008-03-15 22:07:19 0 d--h----- C:\Documents and Settings\8914\Sjablonen
2008-03-15 22:07:18 0 dr-h----- C:\Documents and Settings\8914\SendTo
2008-03-15 22:07:18 0 d-------- C:\Documents and Settings\4238\VeriSign
2008-03-15 22:07:18 0 d--h----- C:\Documents and Settings\4238\Sjablonen
2008-03-15 22:07:17 0 dr------- C:\Documents and Settings\Nsadmin.sfg.net\Menu Start
2008-03-15 22:07:17 0 dr-h----- C:\Documents and Settings\8914\Onlangs geopend
2008-03-15 22:07:17 0 d--h----- C:\Documents and Settings\8914\Netwerkprinteromgeving
2008-03-15 22:07:17 0 d--h----- C:\Documents and Settings\8914\NetHood
2008-03-15 22:07:17 0 dr-h----- C:\Documents and Settings\4238\SendTo
2008-03-15 22:07:17 0 d-------- C:\Documents and Settings\2811\VeriSign
2008-03-15 22:07:16 0 dr-h----- C:\Documents and Settings\4238\Onlangs geopend
2008-03-15 22:07:16 0 d--h----- C:\Documents and Settings\4238\Netwerkprinteromgeving
2008-03-15 22:07:16 0 d--h----- C:\Documents and Settings\2811\Sjablonen
2008-03-15 22:07:15 0 dr------- C:\Documents and Settings\8914\Mijn documenten
2008-03-15 22:07:15 0 d--h----- C:\Documents and Settings\4238\NetHood
2008-03-15 22:07:14 0 d-------- C:\Documents and Settings\jalema\Start Menu
2008-03-15 22:07:14 0 dr-h----- C:\Documents and Settings\2811\SendTo
2008-03-15 22:07:14 0 dr-h----- C:\Documents and Settings\2811\Onlangs geopend
2008-03-15 22:07:14 0 d--h----- C:\Documents and Settings\2811\Netwerkprinteromgeving
2008-03-15 22:07:14 0 d--h----- C:\Documents and Settings\2811\NetHood
2008-03-15 22:07:13 0 dr------- C:\Documents and Settings\4238\Mijn documenten
2008-03-15 22:07:12 0 d--h----- C:\Documents and Settings\jalema\SendTo
2008-03-15 22:07:12 0 dr------- C:\Documents and Settings\2811\Mijn documenten
2008-03-15 22:07:07 0 dr------- C:\Documents and Settings\8914\Menu Start
2008-03-15 22:07:02 0 dr------- C:\Documents and Settings\4238\Menu Start
2008-03-15 22:07:02 0 dr------- C:\Documents and Settings\2811\Menu Start
2008-03-15 22:06:54 0 d--h----- C:\Documents and Settings\Nsadmin.sfg.net\Local Settings
2008-03-15 22:06:54 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Favorieten
2008-03-15 22:06:53 0 d---s---- C:\Documents and Settings\Nsadmin.sfg.net\Cookies
2008-03-15 22:06:53 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Bureaublad
2008-03-15 22:06:52 0 d--h----- C:\Documents and Settings\2811\Local Settings
2008-03-15 22:06:51 0 d---s---- C:\Documents and Settings\Nsadmin.sfg.net\Application Data\Microsoft
2008-03-15 22:06:51 0 d--h----- C:\Documents and Settings\4238\Local Settings
2008-03-15 22:06:51 0 dr------- C:\Documents and Settings\4238\Favorieten
2008-03-15 22:06:51 0 dr------- C:\Documents and Settings\2811\Favorieten
2008-03-15 22:06:51 0 d---s---- C:\Documents and Settings\2811\Cookies
2008-03-15 22:06:51 0 d-------- C:\Documents and Settings\2811\Bureaublad
2008-03-15 22:06:50 0 dr-h----- C:\Documents and Settings\Nsadmin.sfg.net\Application Data
2008-03-15 22:06:50 0 d-------- C:\Documents and Settings\Nsadmin.sfg.net\Application Data\Macromedia
2008-03-15 22:06:50 0 d---s---- C:\Documents and Settings\4238\Cookies
2008-03-15 22:06:50 0 d-------- C:\Documents and Settings\4238\Bureaublad
2008-03-15 22:06:49 0 d---s---- C:\Documents and Settings\4238\Application Data\Microsoft
2008-03-15 22:06:49 0 d---s---- C:\Documents and Settings\2811\Application Data\Microsoft
2008-03-15 22:06:48 0 dr-h----- C:\Documents and Settings\4238\Application Data
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\4238\Application Data\Identities
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\4238\Application Data\Adobe
2008-03-15 22:06:48 0 dr-h----- C:\Documents and Settings\2811\Application Data
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\2811\Application Data\Identities
2008-03-15 22:06:48 0 d-------- C:\Documents and Settings\2811\Application Data\Adobe
2008-03-15 22:06:47 0 d-------- C:\Documents and Settings\2529\VeriSign
2008-03-15 22:06:46 0 d---s---- C:\Documents and Settings\2529\UserData
2008-03-15 22:06:46 0 d--h----- C:\Documents and Settings\2529\Sjablonen
2008-03-15 22:06:45 0 dr-h----- C:\Documents and Settings\2529\SendTo
2008-03-15 22:06:45 0 d-------- C:\Documents and Settings\2529\SapWorkDir
2008-03-15 22:06:44 0 dr-h----- C:\Documents and Settings\2529\Onlangs geopend
2008-03-15 22:06:43 0 dr-h----- C:\Documents and Settings\jalema\Recent
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\jalema\PrintHood
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\2529\Netwerkprinteromgeving
2008-03-15 22:06:43 0 d--h----- C:\Documents and Settings\2529\NetHood
2008-03-15 22:06:42 0 d--h----- C:\Documents and Settings\jalema\NetHood
2008-03-15 22:06:42 0 d-------- C:\Documents and Settings\23844\VeriSign
2008-03-15 22:06:42 0 d--h----- C:\Documents and Settings\23844\Sjablonen
2008-03-15 22:06:41 0 dr-h----- C:\Documents and Settings\23844\SendTo
2008-03-15 22:06:40 0 dr------- C:\Documents and Settings\2529\Menu Start
2008-03-15 22:06:40 0 dr-h----- C:\Documents and Settings\23844\Onlangs geopend
2008-03-15 22:06:40 0 d--h----- C:\Documents and Settings\23844\Netwerkprinteromgeving
2008-03-15 22:06:40 0 d--h----- C:\Documents and Settings\23844\NetHood
2008-03-15 22:06:39 0 dr------- C:\Documents and Settings\jalema\My Documents
2008-03-15 22:06:39 0 dr------- C:\Documents and Settings\23844\Mijn documenten
2008-03-15 22:06:37 0 d--h----- C:\Documents and Settings\2529\Local Settings
2008-03-15 22:06:37 0 dr------- C:\Documents and Settings\2529\Favorieten
2008-03-15 22:06:36 0 d---s---- C:\Documents and Settings\2529\Cookies
2008-03-15 22:06:36 0 d-------- C:\Documents and Settings\2529\Bureaublad
2008-03-15 22:06:35 0 dr------- C:\Documents and Settings\23844\Menu Start
2008-03-15 22:06:33 0 d--h----- C:\Documents and Settings\jalema\Local Settings
2008-03-15 22:06:33 0 d-------- C:\Documents and Settings\jalema\FrontPageTempDir
2008-03-15 22:06:32 0 dr------- C:\Documents and Settings\jalema\Favorites
2008-03-15 22:06:17 0 d-------- C:\Documents and Settings\jalema\Desktop
2008-03-15 22:06:17 0 d---s---- C:\Documents and Settings\jalema\Cookies
2008-03-15 22:06:17 0 d--h----- C:\Documents and Settings\23844\Local Settings
2008-03-15 22:06:16 0 d---s---- C:\Documents and Settings\2529\Application Data\Microsoft
2008-03-15 22:06:16 0 dr------- C:\Documents and Settings\23844\Favorieten
2008-03-15 22:06:16 0 d---s---- C:\Documents and Settings\23844\Cookies
2008-03-15 22:06:16 0 d-------- C:\Documents and Settings\23844\Bureaublad
2008-03-15 22:06:14 0 d---s---- C:\Documents and Settings\23844\Application Data\Microsoft
2008-03-15 22:06:14 0 d-------- C:\Documents and Settings\23844\Application Data\Identities
2008-03-15 22:06:13 0 dr-h----- C:\Documents and Settings\23844\Application Data
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Macromedia
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Identities
2008-03-15 22:06:12 0 d-------- C:\Documents and Settings\2529\Application Data\Help
2008-03-15 22:06:11 0 d---s---- C:\Documents and Settings\jalema\Application Data\Microsoft
2008-03-15 22:06:11 0 dr-h----- C:\Documents and Settings\2529\Application Data
2008-03-15 22:06:11 0 d-------- C:\Documents and Settings\2529\Application Data\Adobe
2008-03-15 22:06:10 0 d--h----- C:\Documents and Settings\jalema\Application Data
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Macromedia
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Identities
2008-03-15 22:06:10 0 d-------- C:\Documents and Settings\jalema\Application Data\Help
2008-03-15 22:06:10 0 d--h----- C:\Documents and Settings\4091\Sjablonen
2008-03-15 22:06:09 0 dr-h----- C:\Documents and Settings\4091\SendTo
2008-03-15 22:06:09 0 dr-h----- C:\Documents and Settings\4091\Onlangs geopend
2008-03-15 22:06:09 0 d--h----- C:\Documents and Settings\4091\Netwerkprinteromgeving
2008-03-15 22:06:09 0 d--h----- C:\Documents and Settings\4091\NetHood
2008-03-15 22:06:09 0 dr------- C:\Documents and Settings\4091\Mijn documenten
2008-03-15 22:06:07 0 dr------- C:\Documents and Settings\4091\Menu Start
2008-03-15 22:06:03 0 d--h----- C:\Documents and Settings\8914\Local Settings
2008-03-15 22:06:03 0 dr------- C:\Documents and Settings\8914\Favorieten
2008-03-15 22:06:03 0 d---s---- C:\Documents and Settings\8914\Cookies
2008-03-15 22:06:03 0 d-------- C:\Documents and Settings\8914\Bureaublad
2008-03-15 22:06:02 0 d--h----- C:\Documents and Settings\4091\Local Settings
2008-03-15 22:06:02 0 dr------- C:\Documents and Settings\4091\Favorieten
2008-03-15 22:06:02 0 d---s---- C:\Documents and Settings\4091\Cookies
2008-03-15 22:06:02 0 d-------- C:\Documents and Settings\4091\Bureaublad
2008-03-15 22:06:01 0 d---s---- C:\Documents and Settings\8914\Application Data\Microsoft
2008-03-15 22:06:01 0 d---s---- C:\Documents and Settings\4091\Application Data\Microsoft
2008-03-15 22:06:00 0 dr-h----- C:\Documents and Settings\8914\Application Data
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\8914\Application Data\I-FourC Scan
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\8914\Application Data\Identities
2008-03-15 22:06:00 0 dr-h----- C:\Documents and Settings\4091\Application Data
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\4091\Application Data\Identities
2008-03-15 22:06:00 0 d-------- C:\Documents and Settings\4091\Application Data\Adobe
2008-03-15 22:05:59 0 dr------- C:\Documents and Settings\scanner\Mijn documenten
2008-03-15 22:05:59 0 d-------- C:\Documents and Settings\5174\VeriSign
2008-03-15 22:05:59 0 d--h----- C:\Documents and Settings\5174\Sjablonen
2008-03-15 22:05:58 0 dr-h----- C:\Documents and Settings\5174\SendTo
2008-03-15 22:05:58 0 dr-h----- C:\Documents and Settings\5174\Onlangs geopend
2008-03-15 22:05:58 0 d--h----- C:\Documents and Settings\5174\Netwerkprinteromgeving
2008-03-15 22:05:58 0 d--h----- C:\Documents and Settings\5174\NetHood
2008-03-15 22:05:57 0 dr------- C:\Documents and Settings\5174\Mijn documenten
2008-03-15 22:05:55 0 dr------- C:\Documents and Settings\5174\Menu Start
2008-03-15 22:05:47 0 d-------- C:\Documents and Settings\scanner\VeriSign
2008-03-15 22:05:47 0 d--h----- C:\Documents and Settings\scanner\Sjablonen
2008-03-15 22:05:47 0 dr-h----- C:\Documents and Settings\scanner\SendTo
2008-03-15 22:05:44 0 dr-h----- C:\Documents and Settings\scanner\Onlangs geopend
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\scanner\Netwerkprinteromgeving
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\scanner\NetHood
2008-03-15 22:05:44 0 d--h----- C:\Documents and Settings\5174\Local Settings
2008-03-15 22:05:44 0 dr------- C:\Documents and Settings\5174\Favorieten
2008-03-15 22:05:44 0 d---s---- C:\Documents and Settings\5174\Cookies
2008-03-15 22:05:44 0 d-------- C:\Documents and Settings\5174\Bureaublad
2008-03-15 22:05:39 0 dr------- C:\Documents and Settings\scanner\Menu Start
2008-03-15 22:05:39 0 d---s---- C:\Documents and Settings\5174\Application Data\Microsoft
2008-03-15 22:05:38 0 d-------- C:\Documents and Settings\5174\Application Data\Macromedia
2008-03-15 22:05:38 0 d-------- C:\Documents and Settings\5174\Application Data\Identities
2008-03-15 22:05:37 0 dr-h----- C:\Documents and Settings\5174\Application Data
2008-03-15 22:05:37 0 d-------- C:\Documents and Settings\5174\Application Data\I-FourC Scan
2008-03-15 22:05:33 0 d--h----- C:\Documents and Settings\scanner\Local Settings
2008-03-15 22:05:32 0 dr------- C:\Documents and Settings\scanner\Favorieten
2008-03-15 22:05:32 0 d---s---- C:\Documents and Settings\scanner\Cookies
2008-03-15 22:05:32 0 d-------- C:\Documents and Settings\scanner\Bureaublad
2008-03-15 22:05:30 0 d---s---- C:\Documents and Settings\scanner\Application Data\Microsoft
2008-03-15 22:05:29 0 dr-h----- C:\Documents and Settings\scanner\Application Data
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\Macromedia
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\I-FourC Scan
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\I-FourC Document Organize
2008-03-15 22:05:29 0 d-------- C:\Documents and Settings\scanner\Application Data\Identities
2008-03-15 20:36:30 0 d-------- C:\Program Files\Norton AntiVirus(2)
2008-03-15 20:31:44 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec(2)
2008-03-15 19:21:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-15 18:24:06 0 d-------- C:\Program Files\LimeWire Plus
2008-03-15 18:18:58 237568 --a------ C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat
2008-03-15 18:18:58 2097152 --a------ C:\Documents and Settings\Gungor\ntuser.dat
2008-03-15 18:18:58 1310720 --a------ C:\Documents and Settings\Administrator.YILDIRIM-CNG8AX\ntuser.dat
2008-03-15 18:18:57 237568 --a------ C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
2008-03-15 18:06:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 17:33:56 0 d-------- C:\Program Files\PokerRoom.com
2008-03-15 17:26:03 63 --a------ C:\WINDOWS\system32\a062906c
2008-03-15 16:18:26 0 d-------- C:\WINDOWS\Replay Media Catcher
2008-03-15 16:18:18 0 d-------- C:\Program Files\Replay Media Catcher
2008-03-14 13:43:31 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-12 13:33:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Absolutist
2008-03-03 17:01:28 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-03-25 15:01:27 0 d-------- C:\Program Files\Absolute Poker
2008-03-23 17:03:51 449178 --a------ C:\WINDOWS\system32\perfh013.dat
2008-03-23 17:03:51 73866 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-20 12:44:59 0 d-a-s---- C:\Program Files\Common Files
2008-03-18 20:07:42 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-03-17 19:04:33 0 d-------- C:\Program Files\Messenger
2008-03-17 18:57:41 0 d-------- C:\Program Files\Movie Maker
2008-03-17 18:57:13 0 d-------- C:\Program Files\windows nt
2008-02-25 15:29:12 0 d-------- C:\Documents and Settings\Gungor\Application Data\Adobe
2008-02-22 23:18:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-18 23:45:28 0 d-------- C:\Documents and Settings\Gungor\Application Data\Microgaming
2008-02-10 14:43:22 0 d-------- C:\Documents and Settings\Gungor\Application Data\vlc
2008-02-10 14:40:25 0 d-------- C:\Program Files\VideoLAN
2008-02-01 17:15:05 0 d-------- C:\Documents and Settings\Gungor\Application Data\Macromedia
2008-01-28 23:11:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-28 16:59:27 0 d-------- C:\Documents and Settings\Gungor\Application Data\WinRAR
2008-01-27 16:08:50 0 d-------- C:\Documents and Settings\Gungor\Application Data\Sun
2008-01-25 22:12:15 0 d-------- C:\Documents and Settings\Gungor\Application Data\Identities
2008-01-25 19:30:23 0 d-------- C:\Program Files\Lavasoft
2008-01-25 17:51:50 0 d-------- C:\Program Files\Universal
2008-01-21 13:52:21 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-21 13:52:17 40 --a----c- C:\WINDOWS\ujf635.bin
2008-01-15 19:56:14 62 --ahs---- C:\Documents and Settings\Gungor\Application Data\desktop.ini
2008-01-15 19:20:28 21748 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-15 18:40:06 0 --a------ C:\AUTOEXEC.BAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AE28C5B-7AFA-4944-BC30-B963C80BEC4F}]
25-03-2008 16:10 272896 --a------ C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03-03-2008 17:01]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 22:16]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [18-03-2008 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 01:03]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19-01-2007 12:54]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [20-03-2008 18:38]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21-1-2000 10:15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

-- End of Deckard's System Scanner: finished at 2008-03-25 19:58:09 ------------

**smeenk** · 25-03-08, 21:05

We proberen wat anders.
Download KillAFile.exe en plaats het op je bureaublad: http://users.telenet.be/marcvn/tools/KillAFile.exe
Dubbelklik op KillAFile.exe om de tool te starten.
In het keuzemenu kies je voor optie 1:
1: Delete a file on reboot
Wanneer deze melding verschijnt

Code:

Insert full path and filename to delete.
and then press enter:

tik je dit in: C:\WINDOWS\system32\pmnnm.dll
Indien het bestandje aanwezig is, zal de computer vragen om te herstarten.
Sta dit toe.
Wanneer de computer opnieuw opgestart is, opent er een kladblokbestandje. Post de inhoud van dit bestand.

**cemmelih** · 25-03-08, 21:18

KILLAFILE - logfile

Running from: "C:\Documents and Settings\Gungor\Bureaublad"

Delete on reboot: C:\WINDOWS\system32\pmnnm.dll

--- Rebooting the computer ---

C:\WINDOWS\system32\pmnnm.dll deleted

Finished!

**smeenk** · 25-03-08, 21:30

Ik ga even offline.
Zou je dit nog willen doen:
Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

Mededeling

Wie kan mij helpen deze virus te verwijderen.

Wie kan mij helpen deze virus te verwijderen.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment