trojan.vundo en malware.trace virus komt telkens terug

Nancy

23-11-2008 21:35

Hoi!
Sinds gisteren heb ik het vundo virus te pakken. Ik heb al diverse malen alle programma's laten lopen en zelfs vundofix. Na het opstarten en na de run van Malware schijnt het virus er toch nog te zitten, zie logje hieronder.
Jullie enig idee?
Malwarebytes' Anti-Malware 1.30
Database versie: 1419
Windows 5.1.2600 Service Pack 3
23-11-2008 20:53:30
mbam-log-2008-11-23 (20-53-30).txt
Scan type: Snelle Scan
Objecten gescand: 52138
Verstreken tijd: 5 minute(s), 23 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Logje van Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:40, on 23-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\windows\System32\svchost.exe
C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
C:\windows\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CS Engineering\Dtgw\dtgw.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: C:\Program Files\CS Engineering\Dtgw\dtgw.exe
O4 - HKLM\..\Run: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: AGRSMMSG.exe
O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: “E:\Program Files\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.intermediair.ingbank.nl/extranethyp/scripts/ScriptX.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167338595625
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O20 - AppInit_DLLs: rgbhbu.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: ssqOGaaA - ssqOGaaA.dll (file missing)
O20 - Winlogon Notify: vtUmNEVL - C:\windows\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
–
End of file - 11329 bytes
Argus

23-11-2008 21:46

Spybot S&D TeaTimer
1. Start Spybot Search and Destroy.
2. Ga naar ‘Mode’ > selecteer Advanced Mode
3. Ga naar ‘Tools’ en klik op het Resident-icoon in de lijst
4. Haal het vinkje weg bij Resident TeaTimer en klik OK
5. Download ResetTeatimer naar je bureaublad: http://downloads.subratam.org/ResetTeaTimer.bat
Dubbelklik daarna op ResetTeaTimer.bat.
Dit zal de voorgaande items die je toegelaten hebt of geblokkeerd hebt via teatimer resetten.
Start je pc opnieuw op
Niet voor Vista
Sluit alle vensters en start Hijack This
Klik: Do a Systemscan only
Zet een hekje in het hokje voor:
O20 - AppInit_DLLs: rgbhbu.dll
O20 - Winlogon Notify: ssqOGaaA - ssqOGaaA.dll (file missing)
O20 - Winlogon Notify: vtUmNEVL - C:\windows\
klik: Fix checked
Combofix
Download Combofix naar je Bureaublad.
Dubbelklik Combofix.exe
Volg de instructies, accepteer de disclaimer door 1 (continue) te typen gevolgd door een ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dan zal je pc gaan “hangen”.
NB Indien tijdens tijdens het gebruik van Combofix een melding komt van je Antivirus- of een andere realtime scanner, schakel deze scanner dan uit en download Combofix opnieuw. Sommige scanners zien onderdelen die Combofix gebruikt als verdacht en kunnen deze blokkeren of verwijderen! Hierdoor kan combofix niet naar behoren functioneren.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats deze log in je volgende post
samen met een nieuw HijackThis log even hier.
Nancy

23-11-2008 22:53

Hier zijn de logjes. Alvast bedankt!
ComboFix 08-11-22.02 - Administrator 2008-11-23 22:23:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.186
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hyuqelil.dll
c:\windows\system32\MSINET.oca
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rgbhbu.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\cxuqaljq.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_NPF
——-\Service_NPF
(((((((((((((((((((( Bestanden Gemaakt van 2008-10-23 to 2008-11-23 ))))))))))))))))))))))))))))))
.
2008-11-22 19:01 . 2008-11-22 19:01 d——– C:\VundoFix Backups
2008-11-22 18:58 . 2008-11-22 19:16 d——– c:\program files\Enigma Software Group
2008-11-12 13:27 . 2008-09-04 18:17 1,106,944 ——— c:\windows\system32\dllcache\msxml3.dll
2008-11-12 13:27 . 2008-10-24 12:21 455,296 ——— c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 22:58 . 2008-11-17 12:21 d——– c:\documents and settings\Administrator\Application Data\Belastingdienst
2008-10-29 20:23 . 2008-10-29 20:24 d——– c:\windows\ERUNT
2008-10-29 20:02 . 2008-10-29 20:52 d——– C:\SDFix
2008-10-25 13:03 . 2008-10-25 13:06 d——– c:\documents and settings\Administrator\Application Data\Super-Cow
2008-10-24 13:08 . 2008-10-15 17:37 337,408 ——— c:\windows\system32\dllcache\netapi32.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 07:52 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-22 18:39 378 —-a-w c:\program files\wijdnri.txt
2008-11-22 18:24 ——— d–h–w c:\program files\InstallShield Installation Information
2008-11-22 18:21 ——— d—–w c:\documents and settings\Administrator\Application Data\Azureus
2008-11-20 15:16 ——— d—–w c:\documents and settings\Administrator\Application Data\WordStartup
2008-11-17 11:19 ——— d—–w c:\program files\Belastingdienst
2008-11-16 19:51 ——— d—–w c:\program files\Real
2008-11-16 19:51 ——— d—–w c:\program files\Common Files\Real
2008-11-11 21:21 ——— d—–w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-11 21:21 ——— d—–w c:\documents and settings\Administrator\Application Data\PlayFirst
2008-11-05 08:48 ——— d–h–w c:\documents and settings\Administrator\Application Data\iWin
2008-10-29 17:27 ——— d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 07:03 ——— d—–w c:\program files\Malwarebytes' Anti-Malware
2008-10-26 14:09 ——— d—–w c:\program files\CleanUp!
2008-10-24 11:21 455,296 —-a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 —-a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 18:59 ——— d—–w c:\documents and settings\All Users\Application Data\InterAction studios
2008-10-13 19:20 ——— d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-13 19:20 ——— d—–w c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-13 15:23 ——— d—–w c:\program files\Poker Superstars III
2008-10-13 15:23 ——— d—–w c:\program files\Miss Management
2008-10-13 11:34 ——— d—–w c:\program files\Dream Day Wedding
2008-10-13 11:34 ——— d—–w c:\program files\Alice Greenfingers
2008-10-13 11:34 ——— d—–w c:\documents and settings\Administrator\Application Data\Download Manager
2008-10-13 11:04 ——— d—–w c:\program files\Trend Micro
2008-10-13 10:12 ——— d—–w c:\program files\ToniArts
2008-10-11 15:17 ——— d—–w c:\program files\Dora in Sprookjesland
2008-10-07 18:42 ——— d—–w c:\program files\Preclick
2008-10-06 18:02 ——— d—–w c:\program files\Davilex
2008-09-23 15:23 ——— d—–w c:\program files\WinNc
2008-09-23 15:23 ——— d—–w c:\documents and settings\All Users\Application Data\Tarma Installer
2008-04-23 07:09 0 —-a-w c:\program files\temp01
2006-07-03 18:40 0 -c–a-w c:\program files\error.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”
“SoundMAXPnP”=“c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe”
“UpdateManager”=“c:\program files\Common Files\Sonic\Update Manager\sgtray.exe”
“dla”=“c:\windows\system32\dla\tfswctrl.exe”
“SynTPLpr”=“c:\program files\Synaptics\SynTP\SynTPLpr.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“eabconfg.cpl”=“c:\program files\HPQ\Quick Launch Buttons\EabServr.exe”
“CognizanceTS”=“c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll”
“Cpqset”=“c:\program files\HPQ\Default Settings\cpqset.exe”
“hpWirelessAssistant”=“c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe”
“WatchDog”=“c:\program files\InterVideo\DVD Check\DVDCheck.exe”
“SSBkgdUpdate”=“c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe”
“PaperPort PTD”=“c:\program files\ScanSoft\PaperPort\pptd40nt.exe”
“IndexSearch”=“c:\program files\ScanSoft\PaperPort\IndexSearch.exe”
“CS Engineering Desktop Gateway (HDN)”=“c:\program files\CS Engineering\Dtgw\dtgw.exe”
“REGSHAVE”=“c:\program files\REGSHAVE\REGSHAVE.EXE”
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”
“PinnacleDriverCheck”=“c:\windows\system32\\PSDrvCheck.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
“AGRSMMSG”=“AGRSMMSG.exe”
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
“DWQueuedReporting”=“c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe”
2004-11-10 01:19 38912 c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
“VIDC.MJPG”= Pvmjpg30.dll
“VIDC.PIM1”= pclepim1.dll
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli AsWlnPkg
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Pinnacle\\Studio 10\\programs\\studio.exe”=
“c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance
R2 CSE Scheduler;CSE Scheduler Daemon;“c:\program files\CS Engineering\Scheduler\schedulerd.exe”
R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys
S3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\BT4501G.sys
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\WIFI\Sniffer\usft_sn4.sys
Cognizance REG_MULTI_SZ ASChannel
\Shell\AutoRun\command - D:\Setup.Now.exe
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Inhoud van de ‘Gedeelde Taken’ map
2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe
2008-11-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS VERWIJDERD - - - -
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-!AVG Anti-Spyware - e:\program files\AVG Anti-Spyware 7.5\avgas.exe
.
——- Bijkomende Scan ——-
.
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5q7r64k7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 22:45:53
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?1?1?1??????? ?d?B?????????????hLC? ??????
scannen van verborgen bestanden …
c:\windows\TEMP\TMP00000022B89AB00528CCA58E 524288 bytes executable
Scan succesvol afgerond
verborgen bestanden: 1
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > ‘winlogon.exe’(844)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\windows\system32\WgaLogon.dll
- - - - - - - > ‘lsass.exe’(900)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\ati2evxx.exe
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Voltooingstijd: 2008-11-23 22:51:24 - machine werd herstart
ComboFix-quarantined-files.txt 2008-11-23 21:50:56
Pre-Run: 29.386.944.512 bytes beschikbaar
Post-Run: 29,300,613,120 bytes beschikbaar
196 — E O F — 2008-11-21 16:09:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:27, on 23-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\windows\System32\svchost.exe
C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CS Engineering\Dtgw\dtgw.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: C:\Program Files\CS Engineering\Dtgw\dtgw.exe
O4 - HKLM\..\Run: C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: AGRSMMSG.exe
O4 - HKLM\..\Run: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\Run: “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.intermediair.ingbank.nl/extranethyp/scripts/ScriptX.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167338595625
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CSE Scheduler Daemon (CSE Scheduler) - CS Net - C:\Program Files\CS Engineering\Scheduler\schedulerd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
–
End of file - 10330 bytes
Argus

23-11-2008 23:13

Ga naar Start - Uitvoeren en geef het volgende in:
Combofix /u
Dit zal combofix deïnstalleren.
Daar je ook al Windows Defender gebruikt dien je Teatimer van Spybot niet meer activeren!
Download OTCleanIt naar je Bureaublad
Sluit alle Vensters
Dubbelklik OTCleanIt.
Klik CleanUp
Als er gevraagd word: “Do you want to reboot now?”klik “Yes”
De PC word nu opnieuw opgestart
Note: Vista gebruikers:rechtermuisklik en kies “Run as an Administrator”
Gebruik CleanUp zoals beschreven bij Lees dit eerst, voordat je een bericht plaats!!
Als het al even geleden dat je SDFix hebt gebruikt download het opnieuw en scan je PC noch een keer
Nancy

23-11-2008 23:20

Hoi cleanup heb ik al op mijn laptop staan.
Moet ik na je opgegeven acties nog een logje plaatsen?
Argus

24-11-2008 00:05

Nee,hoor meld alleen even hoe het met de pc is
In normaal Modus heeft SDFix nog vier Scanners
1.a-sqaured
2.Norman Malware scanner
3.Sophos Virusscanner
4.AVP van Kaspersky
Dus je hebt met SDFix heel wat in huis en dan ook nog AVG 7.5 Antispyware :-)
Dus scanners genoeg :-)
Nancy

24-11-2008 22:36

Hoi Argus,
Hartelijk dank voor je hulp. Na al die scans gisterenavond was mijn laptop zo warm geworden dat ie niet wilde opstarten binnen een paar minuten.
Vanmorgen ben ik verder gegaan met de SDFix. Deze trof geen virussen aan. AVG 8.0 heb ik opnieuw gedownload.
Ik heb er weer van geleerd om niet zomaar een spelletje met een crack te willen downloaden .
Thnx voor je hulp.
btw: de pc geeft bij het opstarten sinds dat Vundo wel aan: kan boot.ini niet vinden.
Windows wordt vanaf C: windows opgestart.
Is dat nog een probleem? Verder werkt alles wel prima.
Nancy
Nancy

25-11-2008 00:14

By the way. De PC werkt echt weer supersnel. Als nieuw!. Blijkbaar had ik meer troep opstaan dan alleen dat Vundo virus.
Ben zoooo blij met je !
Argus

25-11-2008 00:34

Kijk hier even voor boot.ini als je nog problemen hebt http://support.microsoft.com/kb/330184

trojan.vundo en malware.trace virus komt telkens terug

Nancy

Argus

Nancy

Argus

Nancy

Argus

Nancy

Nancy

Argus