Vraag & Antwoord
Help mijn PC is waarschijnlijk besmet
31 antwoorden
- Mijn laptop en desktop zijn waarschijnlijk besmet met malware en 1 of meerdere virussen. Ik heb het blad veiligheid gekocht, in de hoop daar wat informatie uit te halen. Nu heb ik in eerste instantie 2 problemen.
1: op Mijn laptop krijg ik housecall niet aan het draaien. Het programma blijft hangen in " Opening Trend Micro Housecall" Java heb ik geupdate. Het draait nu al zo 2 uur en er gebeurt verder nirets. Lijkt mij niet goed.
2: Op de desktop werden 7 problemen gevonden en bij het bekijken van 1 probleem , verdween alles incl. housecall van het scherm. Na het opnieuw opstarten van de computer en houesecall, heb ik het zelfde probleem als boven beschreven.
Wie weet hier meer van en kan mij helpen.
Rita - Je hebt toch -hoop ik- een goede uptodate virusscanner op je computer?
Verder het bekende rijtje voor spyware? AdAware, Spybot en als dat niet helpt, Xoftspy.
Deze laatste heeft mij al eens van een zeer hardnekkig virus afgeholpen.
Als alles niet helpt dan maar een Hijjackthis posten.
perloc - Ik heb op mijn computer webroot, antivirus en spam en gebruik regelmatig via internet scanners.
Dit is mijn Hijjackthis
Kan iemand mij helpen???
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:44, on 19-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bonaparte.nl
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnnKDvv - pmnnKDvv.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
–
End of file - 11705 bytes - Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:676ff8cc65]O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: pmnnKDvv - pmnnKDvv.dll (file missing) [/b:676ff8cc65]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
[b:676ff8cc65]@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\pmnnKDvv.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt[/b:676ff8cc65]
Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik op del.bat en post de inhoud van de logfile die opent.
Download [b:676ff8cc65] en sla het op je bureaublad op.
Dubbelklik op [b:676ff8cc65]mbam-setup.exe[/b:676ff8cc65] om het programma te installeren.
Zorg dat er na de installatie een vinkje is geplaatst bij:[list:676ff8cc65]
[*:676ff8cc65]Update MalwareBytes' Anti-Malware
[*:676ff8cc65]Start MalwareBytes' Anti-Malware
[/list:u:676ff8cc65]Klik daarna op "[b:676ff8cc65]Voltooien[/b:676ff8cc65]".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:676ff8cc65]
[*:676ff8cc65]Zodra het programma gestart is, ga dan naar het tabblad "[b:676ff8cc65]Instellingen[/b:676ff8cc65]".
[*:676ff8cc65]Vink hier aan: "[b:676ff8cc65]Sluit Internet Explorer tijdens verwijdering van malware[/b:676ff8cc65]".
[*:676ff8cc65]Ga daarna naar het tabblad "[b:676ff8cc65]Scanner[/b:676ff8cc65]", kies hier voor "[b:676ff8cc65]Snelle Scan[/b:676ff8cc65]".
[*:676ff8cc65]Druk vervolgens op "[b:676ff8cc65]Scannen[/b:676ff8cc65]" om de scan te starten.
[*:676ff8cc65]Het scannen kan een tijdje duren, dus wees geduldig.
[*:676ff8cc65]Wanneer de scan voltooid is, klik op [b:676ff8cc65]OK[/b:676ff8cc65], daarna "[b:676ff8cc65]Bekijk Resultaten[/b:676ff8cc65]" om de resultaten te zien.
[*:676ff8cc65]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:676ff8cc65]Verwijder geselecteerde[/b:676ff8cc65]".
[*:676ff8cc65]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[/list:u:676ff8cc65]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:676ff8cc65]Logs[/b:676ff8cc65]" tab te klikken in het programma.
Plaats dit logje samen met een nieuw logje van HijackThis - Ontzettend bedankt voor het meedenken en misschien een oplossing.
Uit komst de.bat is;
Deleting files
C:\WINDOWS\system32\pmnnKDvv.dll not found
Antimalware log is:
Malwarebytes' Anti-Malware 1.34
Database versie: 1782
Windows 5.1.2600 Service Pack 3
20-2-2009 21:18:19
mbam-log-2009-02-20 (21-18-19).txt
Scan type: Snelle Scan
Objecten gescand: 81579
Verstreken tijd: 6 minute(s), 50 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 16
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.
Bestanden geïnfecteerd:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\authz32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdm3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmlib32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\batmeter32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnvfat32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CABVIEW32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\camocx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CATSRVUT32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CERTCLI32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CLBCATEX32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CNBJMON32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv(2)(2)32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basesrv(2)(2)3232.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdfview32.dll (Worm.P2P) -> Quarantined and deleted successfully.
Hijackthis log is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:22, on 20-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bonaparte.nl
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
–
End of file - 11885 bytes - Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:08e347480c]O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:08e347480c]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download [b:08e347480c] naar je Bureaublad en gebruik het volgens deze handleiding.
[i:08e347480c] - Bij deze de log van cambofix. Ik vond het wel erg "spannend"je hebt eiegenlijk geen idee wat je doet. Weer ontzettend bedankt voor het meedenken.
ComboFix 09-02-19.01 - Compaq_Eigenaar 2009-02-21 10:31:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.436 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\alrsvc(3)32.dll
c:\windows\system32\alrsvc(6)32.dll
c:\windows\system32\alrsvc32.dll
c:\windows\system32\apcups32.dll
c:\windows\system32\apphelp32.dll
c:\windows\system32\asycfilt(2)32.dll
c:\windows\system32\asycfilt(5)32.dll
c:\windows\system32\asycfilt(7)32.dll
c:\windows\system32\athprxy32.dll
c:\windows\system32\ati2dvag32.dll
c:\windows\system32\ati2evxx32.dll
c:\windows\system32\ati3duag32.dll
c:\windows\system32\ATIDEMGR32.dll
c:\windows\system32\atioglx132.dll
c:\windows\system32\atipdlxx32.dll
c:\windows\system32\ativcoxx32.dll
c:\windows\system32\ativvaxx32.dll
c:\windows\system32\atl(3)32.dll
c:\windows\system32\atl(6)32.dll
c:\windows\system32\atl(8)32.dll
c:\windows\system32\ATL7032.dll
c:\windows\system32\atmfd(3)32.dll
c:\windows\system32\atmfd(6)32.dll
c:\windows\system32\atmfd(8)32.dll
c:\windows\system32\AudDesign32.dll
c:\windows\system32\AudFile32.dll
c:\windows\system32\AudioInfos32.dll
c:\windows\system32\AudioRecord32.dll
c:\windows\system32\audiosrv(2)(2)32.dll
c:\windows\system32\audiosrv(3)32.dll
c:\windows\system32\audiosrv(3)3232.dll
c:\windows\system32\audiosrv(6)32.dll
c:\windows\system32\audiosrv(7)32.dll
c:\windows\system32\audiosrv(7)3232.dll
c:\windows\system32\audiosrv32.dll
c:\windows\system32\audiosrv3232.dll
c:\windows\system32\AudPlayer32.dll
c:\windows\system32\authz(3)32.dll
c:\windows\system32\authz(6)32.dll
c:\windows\system32\authz(7)32.dll
c:\windows\system32\authz(8)32.dll
c:\windows\system32\authz3232.dll
c:\windows\system32\avifile32.dll
c:\windows\system32\avisynth32.dll
c:\windows\system32\avmeter32.dll
c:\windows\system32\AVSredirect32.dll
c:\windows\system32\AVSredirect3232.dll
c:\windows\system32\avwav32.dll
c:\windows\system32\AWDCXC3232.dll
c:\windows\system32\AWDCXC323232.dll
c:\windows\system32\AWRESX3232.dll
c:\windows\system32\AWVIEW3232.dll
c:\windows\system32\AWVIEW323232.dll
c:\windows\system32\azroles323232.dll
c:\windows\system32\azroles32323232.dll
c:\windows\system32\azroles3232323232.dll
c:\windows\system32\azroles323232323232.dll
c:\windows\system32\azroles32323232323232.dll
c:\windows\system32\azroles3232323232323232.dll
c:\windows\system32\batmeter(2)32.dll
c:\windows\system32\batmeter(2)3232.dll
c:\windows\system32\batmeter(2)323232.dll
c:\windows\system32\batmeter(2)32323232.dll
c:\windows\system32\batmeter(3)32.dll
c:\windows\system32\batmeter(4)32.dll
c:\windows\system32\batmeter(4)3232.dll
c:\windows\system32\batmeter(5)32.dll
c:\windows\system32\batmeter(6)32.dll
c:\windows\system32\batmeter(6)3232.dll
c:\windows\system32\batmeter3232.dll
c:\windows\system32\bcbmm32.dll
c:\windows\system32\bfc4232.dll
c:\windows\system32\bfc423232.dll
c:\windows\system32\bidispl32.dll
c:\windows\system32\bidispl3232.dll
c:\windows\system32\bitsprx332.dll
c:\windows\system32\blackbox32.dll
c:\windows\system32\borlndmm32.dll
c:\windows\system32\BrBidiIf32.dll
c:\windows\system32\BrBidiIf3232.dll
c:\windows\system32\brcoinst32.dll
c:\windows\system32\brcoinst3232.dll
c:\windows\system32\brcoinst323232.dll
c:\windows\system32\BrEvIF32.dll
c:\windows\system32\BrEvIF3232.dll
c:\windows\system32\BrfxD05a32.dll
c:\windows\system32\BrfxD05a3232.dll
c:\windows\system32\brinsstr32.dll
c:\windows\system32\brinsstr3232.dll
c:\windows\system32\brinsstr323232.dll
c:\windows\system32\BrmfLpt32.dll
c:\windows\system32\BrMfNt32.dll
c:\windows\system32\BrMfNt3232.dll
c:\windows\system32\BrmfUSB32.dll
c:\windows\system32\BrmfUSB3232.dll
c:\windows\system32\BrmfWia132.dll
c:\windows\system32\BrmfWia13232.dll
c:\windows\system32\BrNetSti32.dll
c:\windows\system32\BrNetSti3232.dll
c:\windows\system32\Brnsplg32.dll
c:\windows\system32\Brnsplg3232.dll
c:\windows\system32\browselc(2)32.dll
c:\windows\system32\browselc(2)3232.dll
c:\windows\system32\browselc(2)323232.dll
c:\windows\system32\browselc(2)32323232.dll
c:\windows\system32\browselc(2)3232323232.dll
c:\windows\system32\browselc(2)323232323232.dll
c:\windows\system32\browselc(3)32.dll
c:\windows\system32\browselc(3)3232.dll
c:\windows\system32\browselc3232.dll
c:\windows\system32\browselc323232.dll
c:\windows\system32\browselc32323232.dll
c:\windows\system32\browser(2)(2)32.dll
c:\windows\system32\browser(2)(2)3232.dll
c:\windows\system32\browser(2)(2)323232.dll
c:\windows\system32\browser(2)(2)3232323232.dll
c:\windows\system32\browser(2)(2)323232323232.dll
c:\windows\system32\browser(3)32.dll
c:\windows\system32\browser(3)3232.dll
c:\windows\system32\browser(3)323232.dll
c:\windows\system32\browser(5)32.dll
c:\windows\system32\browser(5)3232.dll
c:\windows\system32\browser(5)323232.dll
c:\windows\system32\browser(5)32323232.dll
c:\windows\system32\browser(5)3232323232.dll
c:\windows\system32\browser(5)323232323232.dll
c:\windows\system32\browser(6)32.dll
c:\windows\system32\browser(7)32.dll
c:\windows\system32\browser(7)3232.dll
c:\windows\system32\browser(7)323232.dll
c:\windows\system32\browser(7)32323232.dll
c:\windows\system32\browser(7)3232323232.dll
c:\windows\system32\browser(7)323232323232.dll
c:\windows\system32\browser(8)32.dll
c:\windows\system32\browser(8)3232.dll
c:\windows\system32\browser(8)323232.dll
c:\windows\system32\browser32.dll
c:\windows\system32\browser3232.dll
c:\windows\system32\browser323232.dll
c:\windows\system32\browser32323232.dll
c:\windows\system32\browser3232323232.dll
c:\windows\system32\browseui(2)32.dll
c:\windows\system32\browseui(2)323232.dll
c:\windows\system32\browseui(3)32.dll
c:\windows\system32\browseui(3)3232.dll
c:\windows\system32\browseui(3)323232.dll
c:\windows\system32\browseui(3)32323232.dll
c:\windows\system32\browseui(3)3232323232.dll
c:\windows\system32\browseui(4)32.dll
c:\windows\system32\browseui(4)3232.dll
c:\windows\system32\browseui(4)323232.dll
c:\windows\system32\browseui(4)32323232.dll
c:\windows\system32\browseui(4)3232323232.dll
c:\windows\system32\browseui(5)32.dll
c:\windows\system32\browseui(5)3232.dll
c:\windows\system32\browseui(5)323232.dll
c:\windows\system32\browseui(5)32323232.dll
c:\windows\system32\browseui(5)3232323232.dll
c:\windows\system32\browseui(5)323232323232.dll
c:\windows\system32\browseui(6)32.dll
c:\windows\system32\browseui(6)3232.dll
c:\windows\system32\browseui(6)323232.dll
c:\windows\system32\browseui(6)32323232.dll
c:\windows\system32\browseui(6)3232323232.dll
c:\windows\system32\browseui(7)32.dll
c:\windows\system32\browseui(7)3232.dll
c:\windows\system32\browseui(7)323232.dll
c:\windows\system32\browseui32.dll
c:\windows\system32\browseui3232.dll
c:\windows\system32\browseui323232.dll
c:\windows\system32\browseui32323232.dll
c:\windows\system32\browseui3232323232.dll
c:\windows\system32\browseui323232323232.dll
c:\windows\system32\browseui32323232323232.dll
c:\windows\system32\browseui3232323232323232.dll
c:\windows\system32\browsewm32.dll
c:\windows\system32\browsewm3232.dll
c:\windows\system32\browsewm323232.dll
c:\windows\system32\browsewm32323232.dll
c:\windows\system32\browsewm3232323232.dll
c:\windows\system32\browsewm323232323232.dll
c:\windows\system32\BrScnRsm32.dll
c:\windows\system32\BrScnRsm3232.dll
c:\windows\system32\BrScnRsm323232.dll
c:\windows\system32\BrSerIf32.dll
c:\windows\system32\BrSerIf3232.dll
c:\windows\system32\BrSerIf323232.dll
c:\windows\system32\BrSerIf32323232.dll
c:\windows\system32\BrSerIf3232323232.dll
c:\windows\system32\BrWebIns32.dll
c:\windows\system32\BrWebIns3232.dll
c:\windows\system32\BrWebIns323232.dll
c:\windows\system32\BrWebIns32323232.dll
c:\windows\system32\BrWebIns3232323232.dll
c:\windows\system32\BrWia06a32.dll
c:\windows\system32\BrWia06a3232.dll
c:\windows\system32\BrWia06a323232.dll
c:\windows\system32\BrWia06a32323232.dll
c:\windows\system32\BrWia06a3232323232.dll
c:\windows\system32\BrWiaNCp32.dll
c:\windows\system32\BrWiaNCp3232.dll
c:\windows\system32\BrWiaNCp323232.dll
c:\windows\system32\BrWiaNCp32323232.dll
c:\windows\system32\BrWiaNCp3232323232.dll
c:\windows\system32\bthci32.dll
c:\windows\system32\bthci3232.dll
c:\windows\system32\bthci323232.dll
c:\windows\system32\bthci32323232.dll
c:\windows\system32\bthci3232323232.dll
c:\windows\system32\bthserv32.dll
c:\windows\system32\bthserv3232.dll
c:\windows\system32\bthserv323232.dll
c:\windows\system32\bthserv32323232.dll
c:\windows\system32\btpanui32.dll
c:\windows\system32\btpanui3232.dll
c:\windows\system32\btpanui323232.dll
c:\windows\system32\btpanui32323232.dll
c:\windows\system32\btpanui3232323232.dll
c:\windows\system32\btpanui323232323232.dll
c:\windows\system32\cabinet(2)(2)32.dll
c:\windows\system32\cabinet(2)(2)3232.dll
c:\windows\system32\cabinet(2)(2)323232.dll
c:\windows\system32\cabinet(3)32.dll
c:\windows\system32\cabinet(3)3232.dll
c:\windows\system32\cabinet(3)32323232.dll
c:\windows\system32\cabinet(5)32.dll
c:\windows\system32\cabinet(5)3232.dll
c:\windows\system32\cabinet(5)323232.dll
c:\windows\system32\cabinet(5)32323232.dll
c:\windows\system32\cabinet(5)3232323232.dll
c:\windows\system32\cabinet(6)32.dll
c:\windows\system32\cabinet(6)3232.dll
c:\windows\system32\cabinet(7)32.dll
c:\windows\system32\cabinet(7)3232.dll
c:\windows\system32\cabinet(7)323232.dll
c:\windows\system32\cabinet(7)32323232.dll
c:\windows\system32\cabinet(8)32.dll
c:\windows\system32\cabinet(8)3232.dll
c:\windows\system32\cabinet(8)323232.dll
c:\windows\system32\cabinet(8)32323232.dll
c:\windows\system32\cabinet(8)3232323232.dll
c:\windows\system32\cabinet32.dll
c:\windows\system32\cabinet3232.dll
c:\windows\system32\cabinet323232.dll
c:\windows\system32\cabinet32323232.dll
c:\windows\system32\cabview3232.dll
c:\windows\system32\cabview323232.dll
c:\windows\system32\cabview32323232.dll
c:\windows\system32\Cachex32.dll
c:\windows\system32\Cachex3232.dll
c:\windows\system32\Cachex323232.dll
c:\windows\system32\Cachex32323232.dll
c:\windows\system32\camocx3232.dll
c:\windows\system32\camocx323232.dll
c:\windows\system32\camocx32323232.dll
c:\windows\system32\camocx3232323232.dll
c:\windows\system32\camocx323232323232.dll
c:\windows\system32\camocx32323232323232.dll
c:\windows\system32\camocx3232323232323232.dll
c:\windows\system32\capesnpn32.dll
c:\windows\system32\capesnpn3232.dll
c:\windows\system32\capesnpn323232.dll
c:\windows\system32\capesnpn32323232.dll
c:\windows\system32\capesnpn3232323232.dll
c:\windows\system32\capesnpn323232323232.dll
c:\windows\system32\capesnpn32323232323232.dll
c:\windows\system32\capesnpn3232323232323232.dll
c:\windows\system32\capicom32.dll
c:\windows\system32\capicom3232.dll
c:\windows\system32\capicom323232.dll
c:\windows\system32\capicom32323232.dll
c:\windows\system32\capicom3232323232.dll
c:\windows\system32\capicom323232323232.dll
c:\windows\system32\cards32.dll
c:\windows\system32\cards3232.dll
c:\windows\system32\cards323232.dll
c:\windows\system32\cards32323232.dll
c:\windows\system32\cards3232323232.dll
c:\windows\system32\cards323232323232.dll
c:\windows\system32\cards32323232323232.dll
c:\windows\system32\cards3232323232323232.dll
c:\windows\system32\catsrv(2)(2)32.dll
c:\windows\system32\catsrv(2)(2)3232.dll
c:\windows\system32\catsrv(2)(2)323232.dll
c:\windows\system32\catsrv(2)(2)32323232.dll
c:\windows\system32\catsrv(2)(2)3232323232.dll
c:\windows\system32\catsrv(2)(2)323232323232.dll
c:\windows\system32\catsrv(3)32.dll
c:\windows\system32\catsrv(3)3232.dll
c:\windows\system32\catsrv(5)32.dll
c:\windows\system32\catsrv(5)3232.dll
c:\windows\system32\catsrv(5)323232.dll
c:\windows\system32\catsrv(5)32323232.dll
c:\windows\system32\catsrv(5)3232323232.dll
c:\windows\system32\catsrv(5)323232323232.dll
c:\windows\system32\catsrv(5)32323232323232.dll
c:\windows\system32\catsrv(6)32.dll
c:\windows\system32\catsrv(6)3232.dll
c:\windows\system32\catsrv(6)323232.dll
c:\windows\system32\catsrv(6)32323232.dll
c:\windows\system32\catsrv(7)32.dll
c:\windows\system32\catsrv(7)3232.dll
c:\windows\system32\catsrv(7)323232.dll
c:\windows\system32\catsrv(7)32323232.dll
c:\windows\system32\catsrv(8)32.dll
c:\windows\system32\catsrv(8)3232.dll
c:\windows\system32\catsrv(8)323232.dll
c:\windows\system32\catsrv(8)32323232.dll
c:\windows\system32\catsrv(8)3232323232.dll
c:\windows\system32\catsrv32.dll
c:\windows\system32\catsrv3232.dll
c:\windows\system32\catsrv323232.dll
c:\windows\system32\catsrv32323232.dll
c:\windows\system32\catsrvps32.dll
c:\windows\system32\catsrvps3232.dll
c:\windows\system32\catsrvps323232.dll
c:\windows\system32\catsrvps32323232.dll
c:\windows\system32\catsrvut(2)(2)32.dll
c:\windows\system32\catsrvut(2)(2)3232.dll
c:\windows\system32\catsrvut(3)32.dll
c:\windows\system32\catsrvut(3)323232.dll
c:\windows\system32\catsrvut(5)32.dll
c:\windows\system32\catsrvut(5)323232.dll
c:\windows\system32\catsrvut(5)32323232.dll
c:\windows\system32\catsrvut(5)3232323232.dll
c:\windows\system32\catsrvut(6)32.dll
c:\windows\system32\catsrvut(6)3232.dll
c:\windows\system32\catsrvut(6)323232.dll
c:\windows\system32\catsrvut(6)32323232.dll
c:\windows\system32\catsrvut(7)32.dll
c:\windows\system32\catsrvut(7)3232.dll
c:\windows\system32\catsrvut(7)323232.dll
c:\windows\system32\catsrvut(8)32.dll
c:\windows\system32\catsrvut(8)3232.dll
c:\windows\system32\catsrvut(8)323232.dll
c:\windows\system32\cc325032.dll
c:\windows\system32\cc32503232.dll
c:\windows\system32\cc3250323232.dll
c:\windows\system32\cc3250mt32.dll
c:\windows\system32\cc3250mt3232.dll
c:\windows\system32\cc3250mt323232.dll
c:\windows\system32\ccfgnt32.dll
c:\windows\system32\ccfgnt3232.dll
c:\windows\system32\ccfgnt323232.dll
c:\windows\system32\cdfview3232.dll
c:\windows\system32\cdfview323232.dll
c:\windows\system32\cdm32.dll
c:\windows\system32\cdm323232.dll
c:\windows\system32\cdmodem32.dll
c:\windows\system32\cdmodem3232.dll
c:\windows\system32\cdmodem323232.dll
c:\windows\system32\cdosys32.dll
c:\windows\system32\certcli(2)(2)32.dll
c:\windows\system32\certcli(2)(2)3232.dll
c:\windows\system32\certcli(2)(2)323232.dll
c:\windows\system32\certcli(2)(2)32323232.dll
c:\windows\system32\certcli(2)(2)3232323232.dll
c:\windows\system32\certcli(3)32.dll
c:\windows\system32\certcli(3)3232.dll
c:\windows\system32\certcli(3)323232.dll
c:\windows\system32\certcli(5)32.dll
c:\windows\system32\certcli(5)3232.dll
c:\windows\system32\certcli(5)323232.dll
c:\windows\system32\certcli(6)32.dll
c:\windows\system32\certcli(6)3232.dll
c:\windows\system32\certcli(6)323232.dll
c:\windows\system32\certcli(6)32323232.dll
c:\windows\system32\certcli(7)32.dll
c:\windows\system32\certcli(7)3232.dll
c:\windows\system32\certcli(7)323232.dll
c:\windows\system32\certcli(8)32.dll
c:\windows\system32\certcli(8)3232.dll
c:\windows\system32\certcli(8)323232.dll
c:\windows\system32\certcli(8)32323232.dll
c:\windows\system32\certcli(8)3232323232.dll
c:\windows\system32\certcli(8)323232323232.dll
c:\windows\system32\certcli3232.dll
c:\windows\system32\certcli323232.dll
c:\windows\system32\certcli32323232.dll
c:\windows\system32\certmgr32.dll
c:\windows\system32\certmgr3232.dll
c:\windows\system32\certmgr323232.dll
c:\windows\system32\cfgbkend32.dll
c:\windows\system32\cfgmgr32(2)(2)32.dll
c:\windows\system32\cfgmgr32(2)(2)3232.dll
c:\windows\system32\cfgmgr32(2)(2)323232.dll
c:\windows\system32\cfgmgr32(5)32.dll
c:\windows\system32\cfgmgr32(7)32.dll
c:\windows\system32\ciadmin32.dll
c:\windows\system32\ciodm32.dll
c:\windows\system32\clbcatq(3)32.dll
c:\windows\system32\clbcatq(7)32.dll
c:\windows\system32\clbcatq32.dll
c:\windows\system32\clusapi(2)(2)32.dll
c:\windows\system32\clusapi(5)32.dll
c:\windows\system32\clusapi(8)32.dll
c:\windows\system32\CLWLang32.dll
c:\windows\system32\cmdial3232.dll
c:\windows\system32\cmpbk3232.dll
c:\windows\system32\cmutil32.dll
c:\windows\system32\cnbjmon(3)32.dll
c:\windows\system32\cnbjmon(5)32.dll
c:\windows\system32\colbact(3)32.dll
c:\windows\system32\colbact(6)32.dll
c:\windows\system32\colbact32.dll
c:\windows\system32\comcat32.dll
c:\windows\system32\comctl3232.dll
c:\windows\system32\comdlg3232.dll
c:\windows\system32\compobj32.dll
c:\windows\system32\comrepl32.dll
c:\windows\system32\comres(3)32.dll
c:\windows\system32\comres(6)32.dll
D:\Autorun.inf
—– BITS: Mogelijk geïnfecteerde sites —–
hxxp://childhe.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
.
2009-02-20 22:13 . 2009-02-20 22:29 <DIR> d——– c:\program files\Microsoft Bootvis
2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\program files\Karen's Power Tools
2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Karen's Power Tools
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 21:06 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 21:06 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-02-20 17:52 . 2009-02-20 20:19 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\.housecall6.6
2009-02-19 13:00 . 2009-02-19 13:00 <DIR> d——– c:\program files\Trend Micro
2009-02-18 23:03 . 2009-02-18 23:03 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
2009-02-18 23:01 . 2009-02-18 23:01 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 20:24 . 2009-02-18 20:27 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-02-18 20:24 . 2009-02-18 22:01 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 10:59 . 2006-01-17 01:03 126,976 ——— c:\windows\system32\BrfxD05a.dll
2009-02-17 10:59 . 2001-11-15 01:00 6,224 ——— c:\windows\CVRPAGE.bmp
2009-02-17 10:59 . 2003-11-28 18:57 0 –a—— c:\windows\brdfxspd.dat
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\program files\SUPERAntiSpyware
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\SUPERAntiSpyware.com
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 18:12 . 2009-02-15 18:12 80 –a—— C:\bootdelete.lst
2009-02-15 16:40 . 2009-02-15 18:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro 3
2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-15 13:48 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft(2)
2009-02-10 20:49 . 2009-02-15 15:24 <DIR> d——– c:\program files\Drive Rescue
2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\program files\Auslogics
2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Auslogics
2009-01-26 20:25 . 2009-01-26 20:25 <DIR> d——– c:\program files\Hitman Pro 3
2009-01-26 20:25 . 2009-01-26 22:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro
2009-01-26 19:32 . 2009-01-26 20:05 16,827 –a—— c:\windows\system32\drivers\hosts
2009-01-25 21:36 . 2009-01-26 16:36 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire
2009-01-25 10:40 . 2009-01-25 10:40 <DIR> d——– c:\program files\Notepad++
2009-01-25 10:40 . 2009-01-25 11:11 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Notepad++
2009-01-24 22:42 . 2009-01-24 22:45 <DIR> d——– C:\VBScript maker
2009-01-24 19:33 . 2009-01-24 19:36 <DIR> d——– c:\windows\system32\XPSViewer
2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\Reference Assemblies
2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\MSBuild
2009-01-24 19:32 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 11:58 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Skype
2009-02-20 20:11 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-19 17:52 410,984 —-a-w c:\windows\system32\deploytk.dll
2009-02-19 17:52 ——— d—–w c:\program files\Java
2009-02-18 22:03 15,688 —-a-w c:\windows\system32\lsdelete.exe
2009-02-18 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-17 10:00 ——— d—–w c:\program files\Brother
2009-02-17 09:59 ——— d–h–w c:\program files\InstallShield Installation Information
2009-02-15 17:25 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 14:52 ——— d—–w c:\program files\ScanSoft
2009-02-15 14:52 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\ScanSoft
2009-02-09 20:25 ——— d—–w c:\program files\Computerservice SSHSBV
2009-01-30 17:02 ——— d—–w c:\program files\Dymo Label
2009-01-29 12:42 ——— d—–w c:\program files\MSECache
2009-01-26 08:41 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-12 19:14 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\DVD Flick
2009-01-12 12:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Nero
2009-01-12 11:54 ——— d—–w c:\program files\Skype
2009-01-12 11:54 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2009-01-12 11:53 ——— d—–w c:\program files\Common Files\Skype
2009-01-09 15:40 ——— d—–w c:\program files\Common Files\BIL
2009-01-09 15:39 18,944 —-a-w c:\windows\system32\drivers\busbcrw.sys
2009-01-06 22:33 ——— d—–w c:\program files\BankingTools
2009-01-06 22:33 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\BankingTools
2008-12-27 21:32 ——— d—–w c:\program files\Pre-Design Studio
2008-12-21 14:20 ——— d—–w c:\program files\Pinnacle
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
2008-04-10 11:01 14,960 —-a-w c:\program files\settings.dat
2008-04-08 10:08 5,632 -csha-w c:\program files\Thumbs.db
2008-03-20 12:27 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-02-07 21:54 6,772 -csh–r c:\windows\system\DM150437.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2006-09-15 2048000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-10-15 14864384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-18 509784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-14 5418864]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Systeemvak van ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-02 57344]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
–a—— 2005-03-18 11:53 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
–a—— 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
–a—— 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
–a—— 2007-02-27 15:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
——— 2006-09-15 13:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a—— 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
——— 2004-04-20 17:33 61440 c:\program files\Pinnacle\PCTV USB2\Remote\remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
–a—— 2008-10-22 09:49 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
–a—— 2007-10-03 08:33 1206600 c:\program files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"btwdins"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ahead\\Nero\\nero.exe"=
"c:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\imloader.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=
"c:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-18 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-09-09 598856]
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2007-02-08 18944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS –> c:\pcdr5\ATIXPGAA.SYS [?]
S3 brfilt;MFC-filterstuurprogramma van Brother;c:\windows\system32\drivers\BrFilt.sys [2007-02-07 2944]
S3 BrSerWDM;Serieel stuurprogramma van Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-02-07 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-02-07 11008]
S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;c:\windows\system32\drivers\BrUsbScn.sys [2007-02-07 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-13 29744]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
.
Inhoud van de 'Gedeelde Taken' map
2009-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-18 23:02]
2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-02-11 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]
2009-02-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
.
- - - - ORPHANS VERWIJDERD - - - -
Notify-pmnnKDvv - (no file)
SafeBoot-Lavasoft Ad-Aware Service
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bonaparte.nl\www
Trusted Zone: msn.com\groups
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 12:54:07
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,f0,19,05,d3,
e5,33,54,e2,63,26,f1,3f,c8,ff,68,33,23,01,1f,20,b4,8e,35,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ca,31,71,4e,9b,
ff,1d,ef,6a,9c,d6,61,af,45,84,18,79,a2,05,80,51,ab,58,f3,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,9a,ec,2c,5c,
a1,33,6d,ff,7c,85,e0,43,d4,0e,fe,1d,48,57,c1,33,cf,39,b6,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,24,dc,6f,28,
a9,d4,f9,86,8c,21,01,be,91,eb,e7,bb,a0,27,56,4d,aa,a5,60,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3d,6b,ac,52,78,
63,98,b1,f5,1d,4d,73,a8,13,5c,05,7f,50,33,64,2f,b2,d7,3a,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2b,7f,b9,eb,cb,
81,50,8d,df,20,58,62,78,6b,cf,c8,ce,77,10,20,81,05,c4,07,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,68,33,45,b8,98,
c2,ef,31,fb,a7,78,e6,12,2f,9a,ea,26,82,75,8a,53,b0,76,69,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,28,84,9f,79,
75,62,bf,01,3a,48,fc,e8,04,4a,f1,0c,e5,9d,ed,60,89,c2,01,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,44,ff,42,b1,33,
aa,2a,60,f6,0f,4e,58,98,5b,89,c9,4b,0c,00,e9,57,ca,3f,de,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5f,fd,13,ee,99,
b9,bf,77,3d,ce,ea,26,2d,45,aa,78,26,2c,91,53,42,a3,3a,54,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,f9,ad,7e,23,
80,77,65,2a,b7,cc,b5,b9,7f,41,e7,ab,d1,04,db,e7,a9,ab,5e,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0d,9d,3a,dc,32,
52,5d,b3,6c,43,2d,1e,aa,22,2f,9c,6a,2b,66,76,b5,d7,60,dd,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3304)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Andere Aktieve Processen ————————
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2009-02-21 13:31:11 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-21 12:30:14
Pre-Run: 190.972.633.088 bytes beschikbaar
Post-Run: 190,999,568,384 bytes beschikbaar
754 — E O F — 2009-01-23 19:41:58 - Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:55edfec27e]O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\[/b:55edfec27e]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
Dubbelklik op Flash_Disinfector.exe om de tool te starten.
Als de tool klaar is, zal de computer opnieuw starten.
Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - Ik heb niet de 020 die vermeld wordt.
O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS
Wel heb ik:
020-Winlogon Notify: !SASWinlogon-C\ProgramFiles\SUPERAntispyware\SASWINLO.dll
Moet die ook eruit met Fis checked??
Weder bedankt voor de hulp - Nee die moet er niet uit.
Zou je de andere stappen op willen volgen? - combofix staat niet op de goede plaats.
[b:5902ba72bf]Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe [/b:5902ba72bf]
deze dient op het bureaublad te staan, verplaats het programma naar het bureaublad en laat het van daar starten. - mijn hijackthis log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:46, on 21-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bonaparte.nl
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
–
End of file - 11541 bytes
De nieuwe combofix log is:
ComboFix 09-02-19.01 - Compaq_Eigenaar 2009-02-21 18:23:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.408 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Compaq_Eigenaar\Bureaublad\logs\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system\DM150437.sys
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\DM150437.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
.
2009-02-21 18:08 . 2009-02-21 18:08 399,872 –a—— c:\windows\system32\cmd.execf
2009-02-20 22:13 . 2009-02-20 22:29 <DIR> d——– c:\program files\Microsoft Bootvis
2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\program files\Karen's Power Tools
2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Karen's Power Tools
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 21:06 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 21:06 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-02-20 17:52 . 2009-02-20 20:19 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\.housecall6.6
2009-02-19 13:00 . 2009-02-19 13:00 <DIR> d——– c:\program files\Trend Micro
2009-02-18 23:03 . 2009-02-18 23:03 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
2009-02-18 23:01 . 2009-02-18 23:01 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 20:24 . 2009-02-18 20:27 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-02-18 20:24 . 2009-02-18 22:01 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 10:59 . 2006-01-17 01:03 126,976 ——— c:\windows\system32\BrfxD05a.dll
2009-02-17 10:59 . 2001-11-15 01:00 6,224 ——— c:\windows\CVRPAGE.bmp
2009-02-17 10:59 . 2003-11-28 18:57 0 –a—— c:\windows\brdfxspd.dat
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\program files\SUPERAntiSpyware
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\SUPERAntiSpyware.com
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 18:12 . 2009-02-15 18:12 80 –a—— C:\bootdelete.lst
2009-02-15 16:40 . 2009-02-15 18:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro 3
2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-15 13:48 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft(2)
2009-02-10 20:49 . 2009-02-15 15:24 <DIR> d——– c:\program files\Drive Rescue
2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\program files\Auslogics
2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Auslogics
2009-01-26 20:25 . 2009-01-26 20:25 <DIR> d——– c:\program files\Hitman Pro 3
2009-01-26 20:25 . 2009-01-26 22:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro
2009-01-26 19:32 . 2009-01-26 20:05 16,827 –a—— c:\windows\system32\drivers\hosts
2009-01-25 21:36 . 2009-01-26 16:36 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire
2009-01-25 10:40 . 2009-01-25 10:40 <DIR> d——– c:\program files\Notepad++
2009-01-25 10:40 . 2009-01-25 11:11 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Notepad++
2009-01-24 22:42 . 2009-01-24 22:45 <DIR> d——– C:\VBScript maker
2009-01-24 19:33 . 2009-01-24 19:36 <DIR> d——– c:\windows\system32\XPSViewer
2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\Reference Assemblies
2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\MSBuild
2009-01-24 19:32 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 15:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Skype
2009-02-20 20:11 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-19 17:52 410,984 —-a-w c:\windows\system32\deploytk.dll
2009-02-19 17:52 ——— d—–w c:\program files\Java
2009-02-18 22:03 15,688 —-a-w c:\windows\system32\lsdelete.exe
2009-02-18 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-17 10:00 ——— d—–w c:\program files\Brother
2009-02-17 09:59 ——— d–h–w c:\program files\InstallShield Installation Information
2009-02-15 17:25 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 14:52 ——— d—–w c:\program files\ScanSoft
2009-02-15 14:52 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\ScanSoft
2009-02-09 20:25 ——— d—–w c:\program files\Computerservice SSHSBV
2009-01-30 17:02 ——— d—–w c:\program files\Dymo Label
2009-01-29 12:42 ——— d—–w c:\program files\MSECache
2009-01-26 08:41 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-12 19:14 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\DVD Flick
2009-01-12 12:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Nero
2009-01-12 11:54 ——— d—–w c:\program files\Skype
2009-01-12 11:54 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2009-01-12 11:53 ——— d—–w c:\program files\Common Files\Skype
2009-01-09 15:40 ——— d—–w c:\program files\Common Files\BIL
2009-01-09 15:39 18,944 —-a-w c:\windows\system32\drivers\busbcrw.sys
2009-01-06 22:33 ——— d—–w c:\program files\BankingTools
2009-01-06 22:33 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\BankingTools
2008-12-27 21:32 ——— d—–w c:\program files\Pre-Design Studio
2008-12-21 14:20 ——— d—–w c:\program files\Pinnacle
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
2008-04-10 11:01 14,960 —-a-w c:\program files\settings.dat
2008-04-08 10:08 5,632 -csha-w c:\program files\Thumbs.db
2008-03-20 12:27 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2006-09-15 2048000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-10-15 14864384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-18 509784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-14 5418864]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Systeemvak van ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-02 57344]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
–a—— 2005-03-18 11:53 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
–a—— 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
–a—— 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
–a—— 2007-02-27 15:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
——— 2006-09-15 13:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a—— 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
——— 2004-04-20 17:33 61440 c:\program files\Pinnacle\PCTV USB2\Remote\remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
–a—— 2008-10-22 09:49 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
–a—— 2007-10-03 08:33 1206600 c:\program files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"btwdins"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ahead\\Nero\\nero.exe"=
"c:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\imloader.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=
"c:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-18 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-09-09 598856]
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2007-02-08 18944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS –> c:\pcdr5\ATIXPGAA.SYS [?]
S3 brfilt;MFC-filterstuurprogramma van Brother;c:\windows\system32\drivers\BrFilt.sys [2007-02-07 2944]
S3 BrSerWDM;Serieel stuurprogramma van Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-02-07 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-02-07 11008]
S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;c:\windows\system32\drivers\BrUsbScn.sys [2007-02-07 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-13 29744]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Inhoud van de 'Gedeelde Taken' map
2009-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-18 23:02]
2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-02-11 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]
2009-02-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bonaparte.nl\www
Trusted Zone: msn.com\groups
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 19:25:23
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,f0,19,05,d3,
e5,33,54,e2,63,26,f1,3f,c8,ff,68,33,23,01,1f,20,b4,8e,35,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ca,31,71,4e,9b,
ff,1d,ef,6a,9c,d6,61,af,45,84,18,79,a2,05,80,51,ab,58,f3,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,9a,ec,2c,5c,
a1,33,6d,ff,7c,85,e0,43,d4,0e,fe,1d,48,57,c1,33,cf,39,b6,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,24,dc,6f,28,
a9,d4,f9,86,8c,21,01,be,91,eb,e7,bb,a0,27,56,4d,aa,a5,60,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3d,6b,ac,52,78,
63,98,b1,f5,1d,4d,73,a8,13,5c,05,7f,50,33,64,2f,b2,d7,3a,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2b,7f,b9,eb,cb,
81,50,8d,df,20,58,62,78,6b,cf,c8,ce,77,10,20,81,05,c4,07,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,68,33,45,b8,98,
c2,ef,31,fb,a7,78,e6,12,2f,9a,ea,26,82,75,8a,53,b0,76,69,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,28,84,9f,79,
75,62,bf,01,3a,48,fc,e8,04,4a,f1,0c,e5,9d,ed,60,89,c2,01,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,44,ff,42,b1,33,
aa,2a,60,f6,0f,4e,58,98,5b,89,c9,4b,0c,00,e9,57,ca,3f,de,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5f,fd,13,ee,99,
b9,bf,77,3d,ce,ea,26,2d,45,aa,78,26,2c,91,53,42,a3,3a,54,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,f9,ad,7e,23,
80,77,65,2a,b7,cc,b5,b9,7f,41,e7,ab,d1,04,db,e7,a9,ab,5e,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0d,9d,3a,dc,32,
52,5d,b3,6c,43,2d,1e,aa,22,2f,9c,6a,2b,66,76,b5,d7,60,dd,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2009-02-21 19:56:13
ComboFix-quarantined-files.txt 2009-02-21 18:55:28
ComboFix2.txt 2009-02-21 12:32:05
Pre-Run: 190.989.119.488 bytes beschikbaar
Post-Run: 190,975,193,088 bytes beschikbaar
310 — E O F — 2009-01-23 19:41:58 - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:46, on 21-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bonaparte.nl
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Ik ook, maar ik heb, samen met mijn man gekeken en er was toen heel echt maar 1 020, met de melding die ik gemeld heb. Wat nu , de hele sessie opnieuw doen, vanaf het verwijderen van deze Winlogon?
Sorry voor het schijnbaar op het verkeerde been zetten, maar hoe gek het ook klinkt, snappen doe ik het zowiezo niet, er was maar 1 020 mededeling. - Ik heb een nieuwe comfix log gemaalt en een hijackthis log, nadat ik Winlogo notify, alsnog heb weggehaald met fix checked.
ComboFix 09-02-19.01 - Compaq_Eigenaar 2009-02-21 22:25:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.477 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Compaq_Eigenaar\Bureaublad\logs\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
* Nieuw herstelpunt werd aangemaakt
FILE ::
c:\windows\system\DM150437.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
.
2009-02-20 22:13 . 2009-02-20 22:29 <DIR> d——– c:\program files\Microsoft Bootvis
2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\program files\Karen's Power Tools
2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Karen's Power Tools
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes
2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 21:06 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 21:06 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
2009-02-20 17:52 . 2009-02-20 20:19 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\.housecall6.6
2009-02-19 13:00 . 2009-02-19 13:00 <DIR> d——– c:\program files\Trend Micro
2009-02-18 23:03 . 2009-02-18 23:03 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
2009-02-18 23:01 . 2009-02-18 23:01 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 20:24 . 2009-02-18 20:27 <DIR> d——– c:\program files\Spybot - Search & Destroy
2009-02-18 20:24 . 2009-02-18 22:01 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-17 10:59 . 2006-01-17 01:03 126,976 ——— c:\windows\system32\BrfxD05a.dll
2009-02-17 10:59 . 2001-11-15 01:00 6,224 ——— c:\windows\CVRPAGE.bmp
2009-02-17 10:59 . 2003-11-28 18:57 0 –a—— c:\windows\brdfxspd.dat
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\program files\SUPERAntiSpyware
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\SUPERAntiSpyware.com
2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-15 18:12 . 2009-02-15 18:12 80 –a—— C:\bootdelete.lst
2009-02-15 16:40 . 2009-02-15 18:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro 3
2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft
2009-02-15 13:48 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft(2)
2009-02-10 20:49 . 2009-02-15 15:24 <DIR> d——– c:\program files\Drive Rescue
2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\program files\Auslogics
2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Auslogics
2009-01-26 20:25 . 2009-01-26 20:25 <DIR> d——– c:\program files\Hitman Pro 3
2009-01-26 20:25 . 2009-01-26 22:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro
2009-01-26 19:32 . 2009-01-26 20:05 16,827 –a—— c:\windows\system32\drivers\hosts
2009-01-25 21:36 . 2009-01-26 16:36 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire
2009-01-25 10:40 . 2009-01-25 10:40 <DIR> d——– c:\program files\Notepad++
2009-01-25 10:40 . 2009-01-25 11:11 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Notepad++
2009-01-24 22:42 . 2009-01-24 22:45 <DIR> d——– C:\VBScript maker
2009-01-24 19:33 . 2009-01-24 19:36 <DIR> d——– c:\windows\system32\XPSViewer
2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\Reference Assemblies
2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\MSBuild
2009-01-24 19:32 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 22:26 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Skype
2009-02-21 21:11 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-19 17:52 410,984 —-a-w c:\windows\system32\deploytk.dll
2009-02-19 17:52 ——— d—–w c:\program files\Java
2009-02-18 22:03 15,688 —-a-w c:\windows\system32\lsdelete.exe
2009-02-18 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-17 10:00 ——— d—–w c:\program files\Brother
2009-02-17 09:59 ——— d–h–w c:\program files\InstallShield Installation Information
2009-02-15 17:25 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 14:52 ——— d—–w c:\program files\ScanSoft
2009-02-15 14:52 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\ScanSoft
2009-02-09 20:25 ——— d—–w c:\program files\Computerservice SSHSBV
2009-01-30 17:02 ——— d—–w c:\program files\Dymo Label
2009-01-29 12:42 ——— d—–w c:\program files\MSECache
2009-01-26 08:41 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-12 19:14 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\DVD Flick
2009-01-12 12:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Nero
2009-01-12 11:54 ——— d—–w c:\program files\Skype
2009-01-12 11:54 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
2009-01-12 11:53 ——— d—–w c:\program files\Common Files\Skype
2009-01-09 15:40 ——— d—–w c:\program files\Common Files\BIL
2009-01-09 15:39 18,944 —-a-w c:\windows\system32\drivers\busbcrw.sys
2009-01-06 22:33 ——— d—–w c:\program files\BankingTools
2009-01-06 22:33 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\BankingTools
2008-12-27 21:32 ——— d—–w c:\program files\Pre-Design Studio
2008-12-21 14:20 ——— d—–w c:\program files\Pinnacle
2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
2008-04-10 11:01 14,960 —-a-w c:\program files\settings.dat
2008-04-08 10:08 5,632 -csha-w c:\program files\Thumbs.db
2008-03-20 12:27 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-21_13.10.41.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-21 19:06:06 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2006-09-15 2048000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-10-15 14864384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-18 509784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-14 5418864]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Systeemvak van ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-02 57344]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= PCLEPIM1.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Pinnacle Scheduler.lnk
backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
–a—— 2005-03-18 11:53 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
–a—— 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
–a—— 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
–a—— 2007-02-27 15:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
——— 2006-09-15 13:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a—— 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
——— 2004-04-20 17:33 61440 c:\program files\Pinnacle\PCTV USB2\Remote\remoterm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
–a—— 2008-10-22 09:49 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
–a—— 2007-10-03 08:33 1206600 c:\program files\Webroot\Washer\wwDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"btwdins"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ahead\\Nero\\nero.exe"=
"c:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\imloader.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=
"c:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-18 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-09-09 598856]
R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2007-02-08 18944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS –> c:\pcdr5\ATIXPGAA.SYS [?]
S3 brfilt;MFC-filterstuurprogramma van Brother;c:\windows\system32\drivers\BrFilt.sys [2007-02-07 2944]
S3 BrSerWDM;Serieel stuurprogramma van Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-02-07 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-02-07 11008]
S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;c:\windows\system32\drivers\BrUsbScn.sys [2007-02-07 10368]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-13 29744]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]
— Andere Services/Drivers In Geheugen —
*NewlyCreated* - GTNDIS5
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Inhoud van de 'Gedeelde Taken' map
2009-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-18 23:02]
2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2009-02-11 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]
2009-02-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]
2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
- A:\ []
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: bonaparte.nl\www
Trusted Zone: msn.com\groups
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 23:26:40
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,f0,19,05,d3,
e5,33,54,e2,63,26,f1,3f,c8,ff,68,33,23,01,1f,20,b4,8e,35,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ca,31,71,4e,9b,
ff,1d,ef,6a,9c,d6,61,af,45,84,18,79,a2,05,80,51,ab,58,f3,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,9a,ec,2c,5c,
a1,33,6d,ff,7c,85,e0,43,d4,0e,fe,1d,48,57,c1,33,cf,39,b6,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,24,dc,6f,28,
a9,d4,f9,86,8c,21,01,be,91,eb,e7,bb,a0,27,56,4d,aa,a5,60,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3d,6b,ac,52,78,
63,98,b1,f5,1d,4d,73,a8,13,5c,05,7f,50,33,64,2f,b2,d7,3a,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2b,7f,b9,eb,cb,
81,50,8d,df,20,58,62,78,6b,cf,c8,ce,77,10,20,81,05,c4,07,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,68,33,45,b8,98,
c2,ef,31,fb,a7,78,e6,12,2f,9a,ea,26,82,75,8a,53,b0,76,69,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,28,84,9f,79,
75,62,bf,01,3a,48,fc,e8,04,4a,f1,0c,e5,9d,ed,60,89,c2,01,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,44,ff,42,b1,33,
aa,2a,60,f6,0f,4e,58,98,5b,89,c9,4b,0c,00,e9,57,ca,3f,de,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5f,fd,13,ee,99,
b9,bf,77,3d,ce,ea,26,2d,45,aa,78,26,2c,91,53,42,a3,3a,54,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,f9,ad,7e,23,
80,77,65,2a,b7,cc,b5,b9,7f,41,e7,ab,d1,04,db,e7,a9,ab,5e,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0d,9d,3a,dc,32,
52,5d,b3,6c,43,2d,1e,aa,22,2f,9c,6a,2b,66,76,b5,d7,60,dd,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
——————— DLLs Geladen Onder Lopende Processen ———————
- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1820)
c:\progra~1\EMBIRD32\EMBIRDCP.DLL
c:\progra~1\EMBIRD32\LVKRN14N.DLL
c:\progra~1\EMBIRD32\ltfil14n.DLL
c:\progra~1\EMBIRD32\LTKRN14N.dll
c:\progra~1\EMBIRD32\LTIMG14N.dll
c:\progra~1\EMBIRD32\LTDIS14n.dll
c:\progra~1\EMBIRD32\ux32w.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
c:\program files\Illustrate\dBpoweramp\dBShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2009-02-21 23:57:58
ComboFix-quarantined-files.txt 2009-02-21 22:57:08
ComboFix2.txt 2009-02-21 18:57:08
ComboFix3.txt 2009-02-21 12:32:05
Pre-Run: 190.953.725.952 bytes beschikbaar
Post-Run: 190,940,622,848 bytes beschikbaar
328 — E O F — 2009-01-23 19:41:58
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:15:33, on 22-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.bonaparte.nl
O15 - Trusted Zone: http://groups.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
–
End of file - 11488 bytes
Ondanks, dat ik Winlogo verwijderd heb met Fix checked, zie ik dat het er nu nog/weer in zit
Toch hhop ik dat u in staat bent mij verder te helpen, als het nodig mocht zijn. In ieder geval ror zover bedankt voor de genomen moeite. - Zelfs op Zondag antwoord. geweldig. Bij deze de log van de zoek exe
======C:\WINDOWS====
—-a-w 0 2009-02-22 09:59:09 C:\WINDOWS\0.log
–s-a-w 2,048 2009-02-22 09:58:39 C:\WINDOWS\bootstat.dat
—-a-w 93 2009-02-17 10:01:00 C:\WINDOWS\brpcfx.ini
—-a-w 789 2009-02-17 10:01:00 C:\WINDOWS\Brpfx04a.ini
—-a-w 27 2009-02-17 10:01:43 C:\WINDOWS\BRPP2KA.INI
—-a-w 434 2009-02-17 10:01:43 C:\WINDOWS\BRWMARK.INI
—-a-w 59 2009-02-07 21:22:39 C:\WINDOWS\C@shFlowApp.INI
—-a-w 149 2009-01-24 18:23:37 C:\WINDOWS\cdplayer.ini
—-a-w 16,382 2009-01-24 18:37:06 C:\WINDOWS\comsetup.log
—-a-w 23,006 2008-11-29 09:43:21 C:\WINDOWS\easyc.ini
—-a-w 40 2009-01-25 18:13:57 C:\WINDOWS\Embedit.INI
—-a-w 49,277 2009-01-24 18:37:06 C:\WINDOWS\FaxSetup.log
—-a-w 7,857 2009-01-24 18:37:06 C:\WINDOWS\iis6.log
—-a-w 36 2009-01-30 17:02:55 C:\WINDOWS\iltwain.ini
—-a-w 1,374 2009-01-19 07:46:42 C:\WINDOWS\imsins.BAK
—-a-w 1,374 2009-01-24 18:37:06 C:\WINDOWS\imsins.log
—-a-w 21,386 2009-01-19 07:46:31 C:\WINDOWS\KB952069.log
—-a-w 7,936 2009-01-19 07:41:40 C:\WINDOWS\KB954600.log
—-a-w 35,506 2009-01-19 07:45:07 C:\WINDOWS\KB955839.log
—-a-w 13,242 2009-01-19 07:41:52 C:\WINDOWS\KB956802.log
—-a-w 22,346 2009-01-19 07:42:51 C:\WINDOWS\KB958215-IE7.log
—-a-w 16,884 2009-01-19 07:46:42 C:\WINDOWS\KB958687.log
—-a-w 17,687 2009-01-19 07:45:22 C:\WINDOWS\KB960714-IE7.log
—-a-w 186 2009-02-15 17:20:06 C:\WINDOWS\KRAMERS_YESNETNOLOCK.INI
—-a-w 2,472 2009-01-24 18:37:06 C:\WINDOWS\msgsocm.log
—-a-w 229 2009-02-17 20:03:39 C:\WINDOWS\NeroDigital.ini
—-a-w 921,540 2009-02-20 09:43:11 C:\WINDOWS\ntbtlog.txt
—-a-w 9,940 2009-01-24 18:37:06 C:\WINDOWS\ntdtcsetup.log
—-a-w 23,648 2009-01-24 18:37:06 C:\WINDOWS\ocgen.log
—-a-w 3,088 2009-01-24 18:37:06 C:\WINDOWS\ocmsn.log
—-a-w 395 2008-09-29 13:56:08 C:\WINDOWS\ODBC.INI
—-a-w 818 2008-12-21 12:50:43 C:\WINDOWS\orun32.ini
—-a-w 216 2009-02-09 09:37:35 C:\WINDOWS\password.klc
—-a-w 63 2008-12-21 14:27:12 C:\WINDOWS\PixieTool.INI
—-a-w 32,540 2009-02-22 01:08:31 C:\WINDOWS\SchedLgU.Txt
—-a-w 120 2009-02-09 10:51:42 C:\WINDOWS\setupact.log
—-a-w 117,846 2009-02-18 22:10:10 C:\WINDOWS\setupapi.log
—-a-w 0 2009-01-19 07:41:38 C:\WINDOWS\setuperr.log
—-a-w 199 2009-01-26 08:31:29 C:\WINDOWS\Snelkoppeling naar Cd-rom-station.lnk
—-a-w 348 2009-01-24 18:37:06 C:\WINDOWS\spupdsvc.log
—-a-w 227 2009-02-21 22:28:08 C:\WINDOWS\system.ini
—-a-w 18,875 2009-01-24 18:37:06 C:\WINDOWS\tsoc.log
—-a-w 7,037 2009-01-19 07:45:16 C:\WINDOWS\updspapi.log
—-a-w 259 2009-02-22 10:01:33 C:\WINDOWS\wiadebug.log
—-a-w 49 2009-02-22 09:58:49 C:\WINDOWS\wiaservc.log
—-a-w 789 2009-02-14 21:28:36 C:\WINDOWS\win.ini
—-a-w 117 2008-10-02 17:17:02 C:\WINDOWS\wincmd.ini
—-a-w 1,395,604 2009-02-22 10:11:15 C:\WINDOWS\WindowsUpdate.log
—-a-w 938 2009-02-10 13:31:28 C:\WINDOWS\wmsetup.log
Entries: 49 (48)
Directories: 0 Files: 49
Bytes: 2,775,475 Blocks: 5,444
======C:\WINDOWS\system32=====
—-a-w 224 2009-02-13 15:29:53 C:\WINDOWS\System32\9B13A86D.plf
—-a-w 124,928 2008-10-16 20:33:22 C:\WINDOWS\System32\advpack.dll
—-a-w 50 2009-02-17 10:00:59 C:\WINDOWS\System32\bridf06a.dat
—-a-w 92,696 2008-10-16 13:09:44 C:\WINDOWS\System32\cdm.dll
—-a-w 410,984 2009-02-19 17:52:23 C:\WINDOWS\System32\deploytk.dll
—-a-w 347,136 2008-10-16 20:33:22 C:\WINDOWS\System32\dxtmsft.dll
—-a-w 214,528 2008-10-16 20:33:22 C:\WINDOWS\System32\dxtrans.dll
—-a-w 133,120 2008-10-16 20:33:22 C:\WINDOWS\System32\extmgr.dll
—-a-w 0 2009-01-26 18:32:19 C:\WINDOWS\System32\ff03872f-.txt
—-a-w 861,616 2009-01-24 21:03:18 C:\WINDOWS\System32\FNTCACHE.DAT
—-a-w 286,720 2008-10-23 12:43:45 C:\WINDOWS\System32\gdi32.dll
—-a-w 63,488 2008-10-16 20:33:22 C:\WINDOWS\System32\icardie.dll
—-a-w 70,656 2008-10-16 13:14:32 C:\WINDOWS\System32\ie4uinit.exe
—-a-w 153,088 2008-10-16 20:33:22 C:\WINDOWS\System32\ieakeng.dll
—-a-w 230,400 2008-10-16 20:33:22 C:\WINDOWS\System32\ieaksie.dll
—-a-w 161,792 2008-10-15 07:04:53 C:\WINDOWS\System32\ieakui.dll
—-a-w 383,488 2008-10-16 20:33:23 C:\WINDOWS\System32\ieapfltr.dll
—-a-w 384,512 2008-10-16 20:33:23 C:\WINDOWS\System32\iedkcs32.dll
—-a-w 6,066,176 2008-10-16 20:33:25 C:\WINDOWS\System32\ieframe.dll
—-a-w 44,544 2008-10-16 20:33:25 C:\WINDOWS\System32\iernonce.dll
—-a-w 267,776 2008-10-16 20:33:25 C:\WINDOWS\System32\iertutil.dll
—-a-w 13,824 2008-10-16 13:11:09 C:\WINDOWS\System32\ieudinit.exe
—-a-w 1,831,424 2008-10-16 20:33:26 C:\WINDOWS\System32\inetcpl.cpl
—-a-w 144,792 2009-02-19 17:52:23 C:\WINDOWS\System32\java.exe
—-a-w 73,728 2009-02-19 17:52:23 C:\WINDOWS\System32\javacpl.cpl
—-a-w 144,792 2009-02-19 17:52:23 C:\WINDOWS\System32\javaw.exe
—-a-w 148,888 2009-02-19 17:52:23 C:\WINDOWS\System32\javaws.exe
—-a-w 27,648 2008-10-16 20:33:26 C:\WINDOWS\System32\jsproxy.dll
—-a-w 15,688 2009-02-18 22:03:03 C:\WINDOWS\System32\lsdelete.exe
—-a-w 1,205 2008-12-14 15:32:27 C:\WINDOWS\System32\lvcoinst.log
—-a-w 20,853,704 2009-01-09 16:35:30 C:\WINDOWS\System32\MRT.exe
—-a-w 459,264 2008-10-16 20:33:26 C:\WINDOWS\System32\msfeeds.dll
—-a-w 52,224 2008-10-16 20:33:26 C:\WINDOWS\System32\msfeedsbs.dll
—-a-w 3,593,216 2008-12-13 06:39:18 C:\WINDOWS\System32\mshtml.dll
—-a-w 477,696 2008-10-16 20:33:29 C:\WINDOWS\System32\mshtmled.dll
—-a-w 193,024 2008-10-16 20:33:29 C:\WINDOWS\System32\msrating.dll
—-a-w 671,232 2008-10-16 20:33:30 C:\WINDOWS\System32\mstime.dll
—-a-w 1,106,944 2008-09-04 17:17:14 C:\WINDOWS\System32\msxml3.dll
—-a-w 1,286,152 2008-09-30 15:43:34 C:\WINDOWS\System32\msxml4.dll
——w 1,307,648 2008-09-10 01:16:18 C:\WINDOWS\System32\msxml6.dll
—-a-w 268,648 2008-10-16 13:06:48 C:\WINDOWS\System32\mucltui.dll
—-a-w 27,496 2008-10-16 13:06:34 C:\WINDOWS\System32\mucltui.dll.mui
—-a-w 208,744 2008-10-16 13:07:48 C:\WINDOWS\System32\muweb.dll
—-a-w 337,408 2008-10-15 16:37:40 C:\WINDOWS\System32\netapi32.dll
—-a-w 102,912 2008-10-16 20:33:30 C:\WINDOWS\System32\occache.dll
—-a-w 72,940 2009-02-15 15:33:38 C:\WINDOWS\System32\perfc009.dat
—-a-w 93,144 2009-02-15 15:33:38 C:\WINDOWS\System32\perfc013.dat
—-a-w 446,178 2009-02-15 15:33:38 C:\WINDOWS\System32\perfh009.dat
—-a-w 514,356 2009-02-15 15:33:38 C:\WINDOWS\System32\perfh013.dat
—-a-w 1,141,758 2009-02-15 15:33:38 C:\WINDOWS\System32\PerfStringBackup.INI
—-a-w 278,528 2008-10-22 08:49:37 C:\WINDOWS\System32\pncrt.dll
—-a-w 6,656 2008-10-22 08:49:45 C:\WINDOWS\System32\pndx5016.dll
—-a-w 5,632 2008-10-22 08:49:45 C:\WINDOWS\System32\pndx5032.dll
—-a-w 44,544 2008-10-16 20:33:30 C:\WINDOWS\System32\pngfilt.dll
——w 551,672 2009-01-12 19:22:24 C:\WINDOWS\System32\Px.dll
——w 531,192 2009-01-12 19:22:24 C:\WINDOWS\System32\pxdrv.dll
——w 72,440 2009-01-12 19:22:33 C:\WINDOWS\System32\pxhpinst.exe
——w 187,128 2009-01-12 19:22:23 C:\WINDOWS\System32\PxMas.dll
——w 1,628,920 2009-01-12 19:22:26 C:\WINDOWS\System32\PxSFS.DLL
——w 379,640 2009-01-12 19:22:24 C:\WINDOWS\System32\PxWave.dll
—-a-w 185,944 2008-10-22 08:50:01 C:\WINDOWS\System32\rmoc3260.dll
—-a-w 247,326 2008-10-03 10:05:08 C:\WINDOWS\System32\strmdll.dll
——w 62,976 2008-10-23 10:06:59 C:\WINDOWS\System32\tzchange.exe
—-a-w 960,766 2009-01-19 07:45:02 C:\WINDOWS\System32\TZLog.log
—-a-w 105,984 2008-10-16 20:33:30 C:\WINDOWS\System32\url.dll
—-a-w 1,160,192 2008-10-16 20:33:31 C:\WINDOWS\System32\urlmon.dll
——w 39,672 2009-01-12 19:22:19 C:\WINDOWS\System32\VXBLOCK.dll
—-a-w 233,472 2008-10-16 20:33:32 C:\WINDOWS\System32\webcheck.dll
—-a-w 1,846,528 2008-09-15 15:28:42 C:\WINDOWS\System32\win32k.sys
—-a-w 826,368 2008-10-16 20:33:32 C:\WINDOWS\System32\wininet.dll
—-a-w 1,158 2009-02-22 09:59:15 C:\WINDOWS\System32\wpa.dbl
—-a-w 561,688 2008-10-16 13:12:20 C:\WINDOWS\System32\wuapi.dll
—-a-w 27,672 2008-10-16 13:08:10 C:\WINDOWS\System32\wuapi.dll.mui
—-a-w 51,224 2008-10-16 13:09:44 C:\WINDOWS\System32\wuauclt.exe
—-a-w 213,528 2008-10-16 13:12:20 C:\WINDOWS\System32\wuaucpl.cpl
—-a-w 27,672 2008-10-16 13:08:10 C:\WINDOWS\System32\wuaucpl.cpl.mui
—-a-w 1,809,944 2008-10-16 13:13:40 C:\WINDOWS\System32\wuaueng.dll
—-a-w 18,968 2008-10-16 13:07:30 C:\WINDOWS\System32\wuaueng.dll.mui
—-a-w 323,608 2008-10-16 13:12:22 C:\WINDOWS\System32\wucltui.dll
—-a-w 35,864 2008-10-16 13:09:40 C:\WINDOWS\System32\wucltui.dll.mui
—-a-w 34,328 2008-10-16 13:08:58 C:\WINDOWS\System32\wups.dll
—-a-w 43,544 2008-10-16 13:09:44 C:\WINDOWS\System32\wups2.dll
—-a-w 202,776 2008-10-16 13:12:24 C:\WINDOWS\System32\wuweb.dll
Entries: 83 (83)
Directories: 0 Files: 83
Bytes: 58,622,153 Blocks: 114,523
======C:\WINDOWS\system32\drivers=====
—-a-w 18,944 2009-01-09 15:39:43 C:\WINDOWS\System32\drivers\busbcrw.sys
—-a-w 16,827 2009-01-26 19:05:41 C:\WINDOWS\System32\drivers\hosts
—-a-w 64,160 2009-02-18 22:03:00 C:\WINDOWS\System32\drivers\Lbd.sys
—-a-w 15,504 2009-02-11 09:19:34 C:\WINDOWS\System32\drivers\mbam.sys
—-a-w 38,496 2009-02-11 09:19:42 C:\WINDOWS\System32\drivers\mbamswissarmy.sys
—-a-w 455,296 2008-10-24 11:21:09 C:\WINDOWS\System32\drivers\mrxsmb.sys
—-a-w 333,952 2008-12-11 10:57:09 C:\WINDOWS\System32\drivers\srv.sys
Entries: 7 (7)
Directories: 0 Files: 7
Bytes: 943,179 Blocks: 1,846
======C:\WINDOWS\Tasks======
—-a-w 472 2009-02-18 22:07:03 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
—-a-w 284 2008-09-30 06:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
—-a-w 326 2009-02-11 20:47:09 C:\WINDOWS\Tasks\HPCeeSchedule.job
—-a-w 462 2009-02-21 17:00:18 C:\WINDOWS\Tasks\ParetoLogic Registration.job
—ha-w 6 2009-02-22 09:58:42 C:\WINDOWS\Tasks\SA.DAT
—-a-w 1,596 2009-02-20 01:00:46 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
Entries: 6 (5)
Directories: 0 Files: 6
Bytes: 3,146 Blocks: 9
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
—-a-w 2,460 2009-02-22 09:58:28 C:\aaw7boot.log
—-a-w 3,072 2008-12-01 11:29:08 C:\ads_err.adi
—-a-w 21,166 2008-12-01 11:30:26 C:\ads_err.adt
—-a-w 192 2009-01-12 11:47:15 C:\BcBtRmv.log
–sha-r 282 2009-01-04 13:49:03 C:\boot.ini
—-a-w 80 2009-02-15 17:12:51 C:\bootdelete.lst
—-a-w 23,033 2009-02-21 22:58:44 C:\ComboFix.txt
—-a-w 0 2009-02-13 15:29:46 C:\FileRecovery.log
–sha-w 1,072,152,576 2009-02-22 09:58:36 C:\hiberfil.sys
—-a-w 164 2008-09-08 07:38:33 C:\install.dat
—-a-w 90 2008-12-04 13:10:16 C:\LogiSetup.log
–sha-w 1,610,612,736 2009-02-22 09:58:29 C:\pagefile.sys
—-a-w 216 2008-12-20 10:48:44 C:\password.klc
—-a-w 11,048,322 2009-01-15 08:21:15 C:\PctvMobileChannelScan.log
—-a-w 13,030 2008-12-30 14:12:40 C:\PDOXUSRS.NET
—ha-w 232 2008-12-23 22:20:47 C:\sqmdata00.sqm
—ha-w 232 2008-12-23 22:23:12 C:\sqmdata01.sqm
—ha-w 232 2008-12-23 22:29:12 C:\sqmdata02.sqm
—ha-w 232 2008-12-23 22:32:31 C:\sqmdata03.sqm
—ha-w 232 2008-12-24 18:42:52 C:\sqmdata04.sqm
—ha-w 232 2008-12-24 19:25:29 C:\sqmdata05.sqm
—ha-w 268 2009-01-06 13:24:19 C:\sqmdata06.sqm
—ha-w 268 2009-01-06 15:35:55 C:\sqmdata07.sqm
—ha-w 232 2009-01-24 18:18:08 C:\sqmdata08.sqm
—ha-w 232 2009-01-24 21:10:14 C:\sqmdata09.sqm
—ha-w 232 2009-01-25 09:45:21 C:\sqmdata10.sqm
—ha-w 232 2009-01-25 09:47:15 C:\sqmdata11.sqm
—ha-w 268 2009-01-25 15:36:16 C:\sqmdata12.sqm
—ha-w 232 2009-01-26 08:41:45 C:\sqmdata13.sqm
—ha-w 268 2009-02-08 16:49:12 C:\sqmdata14.sqm
—ha-w 232 2008-12-23 22:15:14 C:\sqmdata15.sqm
—ha-w 232 2008-12-23 22:15:19 C:\sqmdata16.sqm
—ha-w 232 2008-12-23 22:20:10 C:\sqmdata17.sqm
—ha-w 232 2008-12-23 22:20:19 C:\sqmdata18.sqm
—ha-w 232 2008-12-23 22:20:33 C:\sqmdata19.sqm
—ha-w 244 2008-12-23 22:20:47 C:\sqmnoopt00.sqm
—ha-w 244 2008-12-23 22:23:12 C:\sqmnoopt01.sqm
—ha-w 244 2008-12-23 22:29:12 C:\sqmnoopt02.sqm
—ha-w 244 2008-12-23 22:32:31 C:\sqmnoopt03.sqm
—ha-w 244 2008-12-24 18:42:52 C:\sqmnoopt04.sqm
—ha-w 244 2008-12-24 19:25:29 C:\sqmnoopt05.sqm
—ha-w 244 2009-01-06 13:24:10 C:\sqmnoopt06.sqm
—ha-w 244 2009-01-06 15:35:55 C:\sqmnoopt07.sqm
—ha-w 244 2009-01-24 18:18:08 C:\sqmnoopt08.sqm
—ha-w 244 2009-01-24 21:10:14 C:\sqmnoopt09.sqm
—ha-w 244 2009-01-25 09:45:21 C:\sqmnoopt10.sqm
—ha-w 244 2009-01-25 09:47:15 C:\sqmnoopt11.sqm
—ha-w 244 2009-01-25 15:36:15 C:\sqmnoopt12.sqm
—ha-w 244 2009-01-26 08:41:44 C:\sqmnoopt13.sqm
—ha-w 244 2009-02-08 16:49:12 C:\sqmnoopt14.sqm
—ha-w 244 2008-12-23 22:15:14 C:\sqmnoopt15.sqm
—ha-w 244 2008-12-23 22:15:19 C:\sqmnoopt16.sqm
—ha-w 244 2008-12-23 22:20:10 C:\sqmnoopt17.sqm
—ha-w 244 2008-12-23 22:20:19 C:\sqmnoopt18.sqm
—ha-w 244 2008-12-23 22:20:33 C:\sqmnoopt19.sqm
—-a-w 199 2008-09-08 07:06:01 C:\yousendit.log
Entries: 56 (13)
Directories: 0 Files: 56
Bytes: 2,693,887,282 Blocks: 5,261,526
======C:\Documents and Settings\Compaq_Eigenaar\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\Compaq_Eigenaar======
—-a-w 74 2009-02-14 21:32:51 C:\Documents and Settings\Compaq_Eigenaar\default.pls
—-a-w 1,486 2009-02-21 15:22:19 C:\Documents and Settings\Compaq_Eigenaar\intlname.ols
—-a-w 15,179,776 2009-02-22 01:08:51 C:\Documents and Settings\Compaq_Eigenaar\ntuser.dat
—ha-w 1,024 2009-02-22 10:16:20 C:\Documents and Settings\Compaq_Eigenaar\ntuser.dat.LOG
–sh–w 288 2009-02-22 01:08:22 C:\Documents and Settings\Compaq_Eigenaar\ntuser.ini
Entries: 5 (3)
Directories: 0 Files: 5
Bytes: 15,182,648 Blocks: 29,655
======C:\WINDOWS\Downloaded Program Files====
—-a-w 386,048 2008-12-24 14:38:24 C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
—-a-w 295 2008-10-16 13:16:04 C:\WINDOWS\Downloaded Program Files\muweb.inf
—-a-w 293 2008-10-16 13:16:04 C:\WINDOWS\Downloaded Program Files\wuweb.inf
Entries: 3 (3)
Directories: 0 Files: 3
Bytes: 386,636 Blocks: 756
============= - Download en bewaar SDFix
op je bureaublad.
Dubbelklik op [b:9a0b3cf810]SDFix.exe[/b:9a0b3cf810] en kies voor [b:9a0b3cf810]Install[/b:9a0b3cf810] om het tooltje uit te pakken in een eigen map op je bureaublad.
Start de computer opnieuw op, maar dan in veilige modus.
[list:9a0b3cf810][*:9a0b3cf810] In veilige modus, open de SDFix map op je bureaublad en dubbelklik op [b:9a0b3cf810]RunThis.bat[/b:9a0b3cf810] om het tooltje te starten.
[*:9a0b3cf810] Typ [b:9a0b3cf810]Y[/b:9a0b3cf810] om het clean proces te starten.
[*:9a0b3cf810] het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
[*:9a0b3cf810] Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding [b:9a0b3cf810]Finished[/b:9a0b3cf810] tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
[*:9a0b3cf810] Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam [b:9a0b3cf810]Report.txt[/b:9a0b3cf810].[/list:u:9a0b3cf810] - Mijn report.txt log
[b:c71f1cc9fc]SDFix: Version 1.240 [/b:c71f1cc9fc]
Run by Compaq_Eigenaar on zo 22-02-2009 at 12:11
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\SDFix
[b:c71f1cc9fc]Checking Services [/b:c71f1cc9fc]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b:c71f1cc9fc]Checking Files [/b:c71f1cc9fc]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\hosts - Deleted
Removing Temp Files
[b:c71f1cc9fc]ADS Check [/b:c71f1cc9fc]:
[b:c71f1cc9fc]Final Check [/b:c71f1cc9fc]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 13:04:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden services & system hive …
scanning hidden registry entries …
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b:c71f1cc9fc]Remaining Services [/b:c71f1cc9fc]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"="C:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe:*:Enabled:C:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Ahead\\Nero\\nero.exe"="C:\\Program Files\\Ahead\\Nero\\nero.exe:*:Enabled:Nero Burning ROM"
"C:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"="C:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe:*:Enabled:Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Downloaded Program Files\\imloader.exe"="C:\\WINDOWS\\Downloaded Program Files\\imloader.exe:*isabled:IncrediMail Installer"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*isabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*isabled:Windows Messenger"
"C:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"="C:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe:*:Enabled:C@shFlowApp"
"C:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"="C:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe:*:Enabled:C@shFlowApp"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b:c71f1cc9fc]Remaining Files [/b:c71f1cc9fc]:
File Backups: - C:\DOCUME~1\COMPAQ~1\BUREAU~1\SDFix\backups\backups.zip
[b:c71f1cc9fc]Files with Hidden Attributes [/b:c71f1cc9fc]:
Wed 7 Feb 2007 213 A.SHR — "C:\BOOT.BAK"
Tue 11 Jan 2005 68,608 A..H. — "C:\DK7\Autoplay CD Augustus 2004\~WRL3313.tmp"
Sun 2 Feb 2003 47,104 A..H. — "C:\DK7\lessen\~WRL1369.tmp"
Sat 4 Oct 2008 6,108,728 A..H. — "C:\Program Files\Picasa2\setup.exe"
Mon 26 Jan 2009 1,740,632 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009 2,144,088 A.SHR — "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 18 Feb 2006 32 A.SH. — "C:\WINDOWS\SMINST\HPCD.SYS"
Mon 17 Jan 2005 188,928 A..H. — "C:\DK7\lessen\makkelijke lessen\~WRL3653.tmp"
Thu 8 Feb 2007 0 A.SH. — "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS016C5A33-587F-4A4D-879E-072C8E30E3DF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0489282A-FE53-4DA6-8DBB-01CC5FF01118.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS06DC6519-8941-4C05-B359-FBE0E997BC9C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS076EEA32-3A21-4C21-BF02-F98C59A99DF6.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS09894D2F-84DE-451E-8227-65B474F58309.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BC3E71D-0C65-47CD-9034-C62FA1E07BCE.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FA2A7DB-BCEF-43AE-AEFA-FA95A6673333.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS10CF0D4C-C9D1-45C9-AC34-4D065F18C4EC.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS132C64AC-E453-46E9-943B-1686AA3E6018.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS15B16814-D23F-4D4B-B615-A38481B4A374.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS162D4F3B-F908-4F96-9CF8-B084FFFD0346.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS17713FC2-9BFA-4E3F-9462-30C63F3A4A4E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A2E9B7A-3A0C-43A8-B375-E36FFD8066F9.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A73F193-1BCC-4017-85E9-F1F012D0A21A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BFF16C1-594B-4BD0-954A-2AC23B991904.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DAA31EA-DCEF-48C6-AF2E-B029C72CF38B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2006BC2C-35EC-4F37-91D8-F1516BB1A993.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS213B2E98-8DEF-4764-A842-6CC1A7F2B29F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS22F2BA0E-559A-464B-991A-0E8DDDC0078F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2937A060-55C5-4C97-B501-786B0C72D0F2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2BEECCF5-D227-4EEC-A89A-64961362BC5C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D95F33E-1C28-46F6-8DA0-991418F15E63.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS30C72D40-F2FD-48BC-BB92-5A6C168A649C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33EDC69E-1C71-49AC-ADED-E8FC00820C37.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS341E00FE-4898-4BFD-BFBE-CF40EA67FC6E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34B8A6C1-15B9-4D4B-8C0E-38F785061DD1.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS37D8A65A-B9EC-4B7D-80D0-C741EDE8A7EA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BC5638F-1B88-4E96-9A34-2AE946A9C71B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BC3BF36-C487-4AC1-A278-F4CDDF240A5D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E2CF8BE-568E-4232-AB47-6423A0A07E32.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E6AE9ED-5FB8-4C25-A98A-3F70E38F95FA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS407C6C52-CBAC-4924-91D1-C1D99CFD59FB.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42365D8C-F3E3-433D-8B69-5185BB058E4C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS433B732F-B9E2-4431-BD40-4B91369A330C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS44FBE0AF-43A8-44C4-9FAD-F72749D27C0A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4483CCBD-96C5-4532-86E2-C474B4FA1FD2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS496BE45F-9DDA-4B2B-9ED8-30CC92CA4EF9.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C795AC9-DB2F-4CE4-89CC-9CDAD45975AD.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54415B87-A7E2-4C5B-9EB8-5FA19499A91D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55881B4E-5EFE-4B9B-BC7C-FA4F15AB4BD7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5644E99A-4719-4BD0-86FF-548991012E11.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57D53C6C-A623-4C8A-887C-D57152B1CCCC.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5BBC3A29-2296-4034-BF2C-B9B0030A9034.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5FC42547-1AAA-4DD3-8815-255D39506847.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS60211F58-C9A7-4906-B727-96B898697ECB.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D0AB840-2B4D-4306-BBAD-F18444351D7B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FBF263F-537B-4B5A-9D24-96FB334E3E56.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7014F99B-F97A-40D7-9725-965236546CD3.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS72E3D5F7-7A76-45E5-83F5-6FFD0973C27F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7664FA1C-6141-4BD6-8EF2-DA246EAF553C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A0F40AF-9986-4DD4-BFF5-3703A5234225.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7BD0BC06-E6B6-4E3D-9CB5-4CF99EED792A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7DBB7BBF-9417-4216-A5FC-E2937C1C1DA3.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7EB363B0-C1CA-46F4-AA84-33AD6F2FC6AD.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS82142910-67D0-47E0-A19E-D5E792565A7A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS867512D0-0763-4625-BCAD-AE6BF73D938D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86688816-6181-4459-AA5F-C77A7995B995.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8AD09760-DDC2-4383-9034-3DEFB6010FC6.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8CCDB24D-D18F-4D1A-AB53-B9FF9E07DFFE.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9597208D-B20E-4091-B42C-5277EB5117CF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS98B53232-AD04-4C5C-B5A1-8062AF6A217C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E05C75B-31A3-437E-8054-25C300B596C7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1479AD0-956B-461F-A41C-07DD7254EFE0.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA35D3B8D-0B75-4357-A75A-C2058B5E54BA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA6B6FAC9-F931-449D-9E1D-7759B0F9B677.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAED18E8A-EB2F-44C0-B842-F09ECBDED1E7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB5D50227-CAAA-4DD0-AD8A-6B2A0CB8D13D.tmp"
Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB603E016-6389-4477-B823-D16F30F0C925.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB8848DDC-19E8-4E1F-8F51-0FA3F600036C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB8806BEA-829E-476A-B0BA-A0A9BE4FE321.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB4D53D5-981F-4086-8EDD-527B8E6AAD78.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBCDB0FB0-DB32-449E-95BD-46D7A33FCBEA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF9A075C-3E4C-4187-BC16-B21EC38F26CE.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0A4E113-F0F4-4123-8AD0-553D170CEFDA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC12A34EA-41DC-4909-BB88-E47B093ED8DC.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC214C1C1-AB32-4147-9BFD-E8475D797B1A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC5F67F39-FF75-4B83-AEDB-B83437B277A1.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD1E04F4-7D02-4F3B-A5C8-25BCDB094770.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD658554B-5C81-4C93-A701-AEF743E2C9E2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD6E6DA82-ACA9-47A7-A869-A3E12886A03F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD730B216-BE8A-4632-8A76-5A5B4F950AA8.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8C144A0-8B89-41B6-9336-5F48A7F0E5A8.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD9CDDE84-760D-4E86-8430-FB15681C85F6.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDB0E6E88-EC3B-41B5-B279-4A080D7974DF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDABD51E-636B-443D-B848-AEBB7185B594.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDEC98F10-D683-4B43-B78D-83FBC204D1A1.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE20A864F-AE0E-4944-B25F-F0F930A8B957.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3C2865B-7C1E-4508-B37C-D98517E1659C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6D94CE4-5C64-4F5B-BFDF-992B7CB2D9E7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE678B38E-DC11-4777-8997-26F405370CA5.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE9756037-0DC0-4C2B-9B2D-147C27B05FB5.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEA84EE7A-4E63-4826-93FE-6BAFDE12CD32.tmp"
Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC85E4B3-C3FA-4EDC-A638-7074205B51D2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC2C54E7-FE70-43C6-977F-DF6C324A2BE9.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEE4B1780-B941-4D15-8768-E2A2BAD7535B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFFC1C74-B811-4C7C-B5EA-DCD0B348AC7E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFA39AC1-8CA3-44C2-85AA-0DCA88F55620.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF50A6A36-CAFA-44DF-BE98-BA87A46523B9.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6D52045-9ED1-4CDF-8416-5CF3E9CC72F9.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF783F69B-FDAF-4673-8B66-F2549ABDF7F5.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF8A7AF93-FA59-41B1-9DAA-3B3025C99EA4.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC7594FC-AA24-42A5-910D-EB8464E6AA1B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC8330B1-053B-4742-9875-34CAAD8DCD24.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE4A6FBE-CD52-4107-BFDE-7742816977ED.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS01ECE980-F2F6-4108-AAE0-2675C569D3F7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS02EFB277-3158-4C25-B02F-849654AA9C3E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS038620C9-4597-4538-AFAF-AC7F96FACC34.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS039A2695-DBD9-4FD1-A4DC-42FE4267C2D2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS054959EE-4FC5-4881-AFEB-C2D0D77B4B4F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0618EAF2-30FC-4868-8326-C715F0182FA7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS08EEB2B3-4E36-403E-B5B4-A61D4F56C3E2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0A751D6D-490B-41C5-BB63-CCE75748D6B8.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BC283BB-4F71-4F68-BF2D-AD0221DC876A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FD98D5B-56DC-46B1-AD5D-38D4B4B8D07C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12AA8A75-7C77-449C-BF3E-38CEA6AD88E2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS14B918FE-94B0-42C4-88E6-1EB6A719179E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS173CD804-814E-413E-BBAE-2CC6B112DC03.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1769E9BE-7CE1-4B07-B2C4-FB8EE1B695B6.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A77C467-9B9F-4C19-BE35-AEE3A3B6304F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A7583F4-2BB5-4072-BF0B-DCCA3D2181E5.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C04C41D-10FA-475E-99A6-9B55D61B6FBB.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DBAF6D3-3191-425E-82FC-4429C1FBC013.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D05AA08-682C-412F-8CA1-9E8BCF852AD6.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DB7B254-9F8B-408F-BE5F-DBBC9521B26A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1FC791F8-B8A6-4245-957C-1674FD746B18.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2096128A-AA30-42E5-9246-FC49FC16B1A1.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS24BFED0F-07B3-47A6-B086-E6079044513C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS26990AD1-80B4-4E4A-B1FB-1F5D1602F977.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2719EE17-554C-46AB-B9EB-A3788087BB4D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS278D3C23-A12C-4002-9ED1-E5313734F938.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS297FDA33-A551-40C6-B8D4-C25F630C9C0F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2EF3C817-C6BD-484D-9672-944C273DE728.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS30E684B4-C5A7-45F1-B2BD-B9CCBF3C79C4.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS304EC783-E567-4184-9C84-306561951ECF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS318A5117-C026-41BD-BEA2-F590A722091B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34FDCC8B-1C22-420F-A56D-6484291C0962.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3426E2F0-3032-45FC-AFFB-D40DA6DD0827.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS36641A66-3CBA-4B6B-9F12-B52F093C27B7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39960DAE-E1A8-4947-A4BE-B74CB89DC232.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3ACD8080-1BCC-4D95-A610-42D2C8C8D667.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D62AB6E-F644-4792-90C0-C4C7843C45BF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40D4AAFC-AA66-42BA-A560-A5F43BB12782.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40659536-463B-4629-9A7F-10D3B318B9B6.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS441BAAB1-2DB8-42E8-9193-3454CCC47D0E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS445DBEE6-1A52-4860-A548-8297FA94703C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS48F99363-977A-49A2-89EB-02286FADDDCA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EF33CDC-D144-4605-9CDF-A3CE99BDC2BD.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EB63AB5-2CAB-4F39-87AA-85DB20353AA0.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS522DDF07-E66E-49AE-8E99-D4791910B371.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS522B2980-F6F8-45EB-9F97-50D94C161073.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5354B207-B8F5-466B-883C-3AF491530B3C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5BAFC125-ABB1-40C1-9657-A038C663548A.tmp"
Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CD36160-869B-42F9-B820-DFE4488AFD92.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6382C50E-3B42-4C95-91FA-3B38D65D606F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66BD7417-BA7C-4D3E-B187-C2B75B29096C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67C32D79-FE32-4A80-8B87-A316C0B79CC3.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS68CB3DE7-C501-41B5-AA99-C84DB4C80CBE.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AA4F2D9-61A3-4707-9808-CDF5EB020C9B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D738B86-828E-4DDD-A857-7560D7B6FAA7.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7099B2C6-E9A5-47AF-BAEA-EDD97859AFDF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS70382FBF-3363-407A-A75C-3021BE398356.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS71957731-249C-4FBE-B44B-0EFC875F3F59.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS731E2770-6F93-43F5-94CA-2EDFA637B210.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS74AFF66F-1726-4B6D-85C3-EA91D3341460.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS766604A1-8840-4B0A-8999-0A4957B3B20C.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS770597EA-457C-42A0-83E2-894E47E88BE2.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS78AAA455-796A-4750-B526-D3C2E96F042B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8732D257-C121-453C-AA7F-5E21B85C65C9.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B8AA3FE-9D7C-40B8-99FA-FC5FDF077CEF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F2C4E85-8AEA-49EB-9DDB-B972E3D62E20.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS913EA1DD-6CBA-4BA8-A3FA-75DD22989E89.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A8CC78E-13AC-4B42-8659-C2667B66F0BF.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B85334F-047D-4351-8B96-515979095DC8.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C905D24-ED90-468C-9E46-B45106125C55.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9CF68234-6E02-4E9B-8D8D-E6E4E620F2B1.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D47F822-EE14-40FF-9424-489F9879014D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9F6E62B1-9728-4F59-BDA5-E12122241060.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA103B7E6-A960-41D6-9F29-94CF41AECD85.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3C13C58-1F91-4404-9B20-6D2FD7C0155D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA421A908-8779-46AC-A87B-5F8AAE5CFD40.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA46F7CBD-792E-45E8-BA8A-48E2BE22B93F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA904B900-F350-4DAF-89BB-5DBF19BE47D0.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABF981AC-3CD8-45CC-BA8E-68BCB95A7E5D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABDAD950-CF92-4109-817F-DE782787120D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAECD87CE-7860-44E6-AF0D-43EB64FA9803.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF53237B-7B25-4B42-84CC-4DD1CE0EE17E.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC7367AD-D19C-41D0-A353-E3EA66D046C0.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE9AAD7F-2FB6-47CD-93BF-F741AAA11DEA.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC7B7344C-E18F-4467-BAA3-A307B523817B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD4ADA4E7-9F3C-4988-892B-55776D314BB4.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5C04DE2-B6FE-49F1-AC00-EBBB60E09844.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD67F3E81-8BE0-4486-A3DA-EEAEE5B9244F.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD84037C8-44D2-4A76-90E6-6FB80830EA86.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD89F9DE0-A09E-4C35-A1F5-595C4D247494.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8A688D5-C4E2-42DE-B40D-EEC50291D6FE.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDD3E6C9C-2B2D-4E57-AFE0-AFF811E217FC.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE76EF8DC-A8B4-4759-B80A-92F2828F4967.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE71BF117-DE43-46DD-AC8D-3E7CAA6F349A.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE85D839C-FBAC-43B3-83D8-305226F30F71.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE8DA9667-979A-4880-A54C-2272A80BA1A1.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE92510BF-6B98-4F2C-80AF-9884C1395458.tmp"
Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSED45FE08-D82F-4D55-B932-49BE09EF4D80.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF5058D7F-ACF7-40AF-BEAE-4BEF117E7392.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9F74721-872F-42CA-81F4-B8E6F9C14973.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFAE5295E-4530-4B9B-A371-3CDC63F9E7C4.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC5B607C-68D3-4489-ACAB-A98CCED6516B.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFD538727-BA73-4F28-A794-0EA507EBEA5D.tmp"
Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFEEEC30B-C3C0-42B0-9141-4AB0F20ED018.tmp"
Thu 24 Apr 2003 19,456 A..H. — "C:\Documents and Settings\Compaq_Eigenaar\Mijn documenten\Borduren\borduurprogrammas\balarad cd\01 BELANGRIJK Lees dit eerst\~WRL0409.tmp"
Sun 3 Oct 2004 778,240 A.SH. — "C:\Documents and Settings\Compaq_Eigenaar\Mijn documenten\fotos\oostenrijk vakantie\oostenrijk\donderdag\SIV2.tmp"
[b:c71f1cc9fc]Finished![/b:c71f1cc9fc] - Download [b:e13b7d5a14] naar je Bureaublad:[list:e13b7d5a14][*:e13b7d5a14]Dubbelklik [b:e13b7d5a14]drweb-cureit.exe[/b:e13b7d5a14] Klik op udate
[*:e13b7d5a14]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
[*:e13b7d5a14]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
klik de [b:e13b7d5a14]Yes to all[/b:e13b7d5a14] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
[*:e13b7d5a14]Eenmaal de korte scan is beëindigd, kan je de drives selecteren die je wilt laten scannen.
[*:e13b7d5a14]Selecteer hier [b:e13b7d5a14]alle drives[/b:e13b7d5a14]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
[*:e13b7d5a14]Klik daarna de [b:e13b7d5a14]groene pijl[/b:e13b7d5a14] rechts om de scan te starten.
[*:e13b7d5a14]Klik [b:e13b7d5a14]Yes to all[/b:e13b7d5a14] wanneer er gevraagd wordt om cure of move uit te voeren.
[*:e13b7d5a14]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:e13b7d5a14]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:e13b7d5a14]
[*:e13b7d5a14]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:e13b7d5a14]Move incurable[/b:e13b7d5a14] zoals je hier ziet:
[img:e13b7d5a14]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:e13b7d5a14]
Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
[*:e13b7d5a14]Nadat de scan gedaan is, in het menu bovenaan, klik [b:e13b7d5a14]File[/b:e13b7d5a14] en kies [b:e13b7d5a14]Save report List[/b:e13b7d5a14]. Bewaar het op je Bureaublad.
[*:e13b7d5a14]Sluit daarna Dr.Web Cureit.
[*:e13b7d5a14][b:e13b7d5a14]Herstart[/b:e13b7d5a14] je computer!! [i:e13b7d5a14]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:e13b7d5a14].
[*:e13b7d5a14]Na het herstarten, [b:e13b7d5a14]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:e13b7d5a14].
[/list:u:e13b7d5a14]
Negeer popups over Buy of 50% korting
Plaats ook een nieuw HJT logje.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
Gerelateerde vragen
- URL zonder extensie wil niet helemaal lukken
- https verbinding met ssl in owncloud
- afspelen met audacity werkt niet goed
- Computer!Totaal-forum maakt plaats voor v&a-module
- computer start soms niet op
- Pro show gold 4 overgangen tussen tekstdia's
- wie kan mij meer vertellen over een Gigabyte GA-B85M-HD3
- Windows Tijdelijke bestanden