Vraag & Antwoord

Beveiliging & privacy

Help mijn PC is waarschijnlijk besmet

Anoniem
None
31 antwoorden
  • Mijn laptop en desktop zijn waarschijnlijk besmet met malware en 1 of meerdere virussen. Ik heb het blad veiligheid gekocht, in de hoop daar wat informatie uit te halen. Nu heb ik in eerste instantie 2 problemen.
    1: op Mijn laptop krijg ik housecall niet aan het draaien. Het programma blijft hangen in " Opening Trend Micro Housecall" Java heb ik geupdate. Het draait nu al zo 2 uur en er gebeurt verder nirets. Lijkt mij niet goed.
    2: Op de desktop werden 7 problemen gevonden en bij het bekijken van 1 probleem , verdween alles incl. housecall van het scherm. Na het opnieuw opstarten van de computer en houesecall, heb ik het zelfde probleem als boven beschreven.
    Wie weet hier meer van en kan mij helpen.
    Rita
  • Je hebt toch -hoop ik- een goede uptodate virusscanner op je computer?
    Verder het bekende rijtje voor spyware? AdAware, Spybot en als dat niet helpt, Xoftspy.
    Deze laatste heeft mij al eens van een zeer hardnekkig virus afgeholpen.
    Als alles niet helpt dan maar een Hijjackthis posten.
    perloc
  • Ik heb op mijn computer webroot, antivirus en spam en gebruik regelmatig via internet scanners.
    Dit is mijn Hijjackthis
    Kan iemand mij helpen???



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:00:44, on 19-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
    O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.bonaparte.nl
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: pmnnKDvv - pmnnKDvv.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


    End of file - 11705 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:676ff8cc65]O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - Winlogon Notify: pmnnKDvv - pmnnKDvv.dll (file missing) [/b:676ff8cc65]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:676ff8cc65]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\WINDOWS\system32\pmnnKDvv.dll) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:676ff8cc65]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.



    Download [b:676ff8cc65] en sla het op je bureaublad op.
    Dubbelklik op [b:676ff8cc65]mbam-setup.exe[/b:676ff8cc65] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:676ff8cc65]
    [*:676ff8cc65]Update MalwareBytes' Anti-Malware
    [*:676ff8cc65]Start MalwareBytes' Anti-Malware
    [/list:u:676ff8cc65]Klik daarna op "[b:676ff8cc65]Voltooien[/b:676ff8cc65]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:676ff8cc65]
    [*:676ff8cc65]Zodra het programma gestart is, ga dan naar het tabblad "[b:676ff8cc65]Instellingen[/b:676ff8cc65]".
    [*:676ff8cc65]Vink hier aan: "[b:676ff8cc65]Sluit Internet Explorer tijdens verwijdering van malware[/b:676ff8cc65]".
    [*:676ff8cc65]Ga daarna naar het tabblad "[b:676ff8cc65]Scanner[/b:676ff8cc65]", kies hier voor "[b:676ff8cc65]Snelle Scan[/b:676ff8cc65]".
    [*:676ff8cc65]Druk vervolgens op "[b:676ff8cc65]Scannen[/b:676ff8cc65]" om de scan te starten.
    [*:676ff8cc65]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:676ff8cc65]Wanneer de scan voltooid is, klik op [b:676ff8cc65]OK[/b:676ff8cc65], daarna "[b:676ff8cc65]Bekijk Resultaten[/b:676ff8cc65]" om de resultaten te zien.
    [*:676ff8cc65]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:676ff8cc65]Verwijder geselecteerde[/b:676ff8cc65]".
    [*:676ff8cc65]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:676ff8cc65]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:676ff8cc65]Logs[/b:676ff8cc65]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Ontzettend bedankt voor het meedenken en misschien een oplossing.

    Uit komst de.bat is;
    Deleting files
    C:\WINDOWS\system32\pmnnKDvv.dll not found

    Antimalware log is:
    Malwarebytes' Anti-Malware 1.34
    Database versie: 1782
    Windows 5.1.2600 Service Pack 3

    20-2-2009 21:18:19
    mbam-log-2009-02-20 (21-18-19).txt

    Scan type: Snelle Scan
    Objecten gescand: 81579
    Verstreken tijd: 6 minute(s), 50 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 16

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\authz32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cdm3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmlib32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\batmeter32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cnvfat32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CABVIEW32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\camocx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CATSRVUT32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CERTCLI32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CLBCATEX32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\CNBJMON32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\basesrv(2)(2)32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\basesrv(2)(2)3232.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cdfview32.dll (Worm.P2P) -> Quarantined and deleted successfully.

    Hijackthis log is

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:36:22, on 20-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
    O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.bonaparte.nl
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


    End of file - 11885 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:08e347480c]O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [/b:08e347480c]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:08e347480c] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:08e347480c]
  • Bij deze de log van cambofix. Ik vond het wel erg "spannend"je hebt eiegenlijk geen idee wat je doet. Weer ontzettend bedankt voor het meedenken.

    ComboFix 09-02-19.01 - Compaq_Eigenaar 2009-02-21 10:31:57.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.436 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe
    AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\alrsvc(3)32.dll
    c:\windows\system32\alrsvc(6)32.dll
    c:\windows\system32\alrsvc32.dll
    c:\windows\system32\apcups32.dll
    c:\windows\system32\apphelp32.dll
    c:\windows\system32\asycfilt(2)32.dll
    c:\windows\system32\asycfilt(5)32.dll
    c:\windows\system32\asycfilt(7)32.dll
    c:\windows\system32\athprxy32.dll
    c:\windows\system32\ati2dvag32.dll
    c:\windows\system32\ati2evxx32.dll
    c:\windows\system32\ati3duag32.dll
    c:\windows\system32\ATIDEMGR32.dll
    c:\windows\system32\atioglx132.dll
    c:\windows\system32\atipdlxx32.dll
    c:\windows\system32\ativcoxx32.dll
    c:\windows\system32\ativvaxx32.dll
    c:\windows\system32\atl(3)32.dll
    c:\windows\system32\atl(6)32.dll
    c:\windows\system32\atl(8)32.dll
    c:\windows\system32\ATL7032.dll
    c:\windows\system32\atmfd(3)32.dll
    c:\windows\system32\atmfd(6)32.dll
    c:\windows\system32\atmfd(8)32.dll
    c:\windows\system32\AudDesign32.dll
    c:\windows\system32\AudFile32.dll
    c:\windows\system32\AudioInfos32.dll
    c:\windows\system32\AudioRecord32.dll
    c:\windows\system32\audiosrv(2)(2)32.dll
    c:\windows\system32\audiosrv(3)32.dll
    c:\windows\system32\audiosrv(3)3232.dll
    c:\windows\system32\audiosrv(6)32.dll
    c:\windows\system32\audiosrv(7)32.dll
    c:\windows\system32\audiosrv(7)3232.dll
    c:\windows\system32\audiosrv32.dll
    c:\windows\system32\audiosrv3232.dll
    c:\windows\system32\AudPlayer32.dll
    c:\windows\system32\authz(3)32.dll
    c:\windows\system32\authz(6)32.dll
    c:\windows\system32\authz(7)32.dll
    c:\windows\system32\authz(8)32.dll
    c:\windows\system32\authz3232.dll
    c:\windows\system32\avifile32.dll
    c:\windows\system32\avisynth32.dll
    c:\windows\system32\avmeter32.dll
    c:\windows\system32\AVSredirect32.dll
    c:\windows\system32\AVSredirect3232.dll
    c:\windows\system32\avwav32.dll
    c:\windows\system32\AWDCXC3232.dll
    c:\windows\system32\AWDCXC323232.dll
    c:\windows\system32\AWRESX3232.dll
    c:\windows\system32\AWVIEW3232.dll
    c:\windows\system32\AWVIEW323232.dll
    c:\windows\system32\azroles323232.dll
    c:\windows\system32\azroles32323232.dll
    c:\windows\system32\azroles3232323232.dll
    c:\windows\system32\azroles323232323232.dll
    c:\windows\system32\azroles32323232323232.dll
    c:\windows\system32\azroles3232323232323232.dll
    c:\windows\system32\batmeter(2)32.dll
    c:\windows\system32\batmeter(2)3232.dll
    c:\windows\system32\batmeter(2)323232.dll
    c:\windows\system32\batmeter(2)32323232.dll
    c:\windows\system32\batmeter(3)32.dll
    c:\windows\system32\batmeter(4)32.dll
    c:\windows\system32\batmeter(4)3232.dll
    c:\windows\system32\batmeter(5)32.dll
    c:\windows\system32\batmeter(6)32.dll
    c:\windows\system32\batmeter(6)3232.dll
    c:\windows\system32\batmeter3232.dll
    c:\windows\system32\bcbmm32.dll
    c:\windows\system32\bfc4232.dll
    c:\windows\system32\bfc423232.dll
    c:\windows\system32\bidispl32.dll
    c:\windows\system32\bidispl3232.dll
    c:\windows\system32\bitsprx332.dll
    c:\windows\system32\blackbox32.dll
    c:\windows\system32\borlndmm32.dll
    c:\windows\system32\BrBidiIf32.dll
    c:\windows\system32\BrBidiIf3232.dll
    c:\windows\system32\brcoinst32.dll
    c:\windows\system32\brcoinst3232.dll
    c:\windows\system32\brcoinst323232.dll
    c:\windows\system32\BrEvIF32.dll
    c:\windows\system32\BrEvIF3232.dll
    c:\windows\system32\BrfxD05a32.dll
    c:\windows\system32\BrfxD05a3232.dll
    c:\windows\system32\brinsstr32.dll
    c:\windows\system32\brinsstr3232.dll
    c:\windows\system32\brinsstr323232.dll
    c:\windows\system32\BrmfLpt32.dll
    c:\windows\system32\BrMfNt32.dll
    c:\windows\system32\BrMfNt3232.dll
    c:\windows\system32\BrmfUSB32.dll
    c:\windows\system32\BrmfUSB3232.dll
    c:\windows\system32\BrmfWia132.dll
    c:\windows\system32\BrmfWia13232.dll
    c:\windows\system32\BrNetSti32.dll
    c:\windows\system32\BrNetSti3232.dll
    c:\windows\system32\Brnsplg32.dll
    c:\windows\system32\Brnsplg3232.dll
    c:\windows\system32\browselc(2)32.dll
    c:\windows\system32\browselc(2)3232.dll
    c:\windows\system32\browselc(2)323232.dll
    c:\windows\system32\browselc(2)32323232.dll
    c:\windows\system32\browselc(2)3232323232.dll
    c:\windows\system32\browselc(2)323232323232.dll
    c:\windows\system32\browselc(3)32.dll
    c:\windows\system32\browselc(3)3232.dll
    c:\windows\system32\browselc3232.dll
    c:\windows\system32\browselc323232.dll
    c:\windows\system32\browselc32323232.dll
    c:\windows\system32\browser(2)(2)32.dll
    c:\windows\system32\browser(2)(2)3232.dll
    c:\windows\system32\browser(2)(2)323232.dll
    c:\windows\system32\browser(2)(2)3232323232.dll
    c:\windows\system32\browser(2)(2)323232323232.dll
    c:\windows\system32\browser(3)32.dll
    c:\windows\system32\browser(3)3232.dll
    c:\windows\system32\browser(3)323232.dll
    c:\windows\system32\browser(5)32.dll
    c:\windows\system32\browser(5)3232.dll
    c:\windows\system32\browser(5)323232.dll
    c:\windows\system32\browser(5)32323232.dll
    c:\windows\system32\browser(5)3232323232.dll
    c:\windows\system32\browser(5)323232323232.dll
    c:\windows\system32\browser(6)32.dll
    c:\windows\system32\browser(7)32.dll
    c:\windows\system32\browser(7)3232.dll
    c:\windows\system32\browser(7)323232.dll
    c:\windows\system32\browser(7)32323232.dll
    c:\windows\system32\browser(7)3232323232.dll
    c:\windows\system32\browser(7)323232323232.dll
    c:\windows\system32\browser(8)32.dll
    c:\windows\system32\browser(8)3232.dll
    c:\windows\system32\browser(8)323232.dll
    c:\windows\system32\browser32.dll
    c:\windows\system32\browser3232.dll
    c:\windows\system32\browser323232.dll
    c:\windows\system32\browser32323232.dll
    c:\windows\system32\browser3232323232.dll
    c:\windows\system32\browseui(2)32.dll
    c:\windows\system32\browseui(2)323232.dll
    c:\windows\system32\browseui(3)32.dll
    c:\windows\system32\browseui(3)3232.dll
    c:\windows\system32\browseui(3)323232.dll
    c:\windows\system32\browseui(3)32323232.dll
    c:\windows\system32\browseui(3)3232323232.dll
    c:\windows\system32\browseui(4)32.dll
    c:\windows\system32\browseui(4)3232.dll
    c:\windows\system32\browseui(4)323232.dll
    c:\windows\system32\browseui(4)32323232.dll
    c:\windows\system32\browseui(4)3232323232.dll
    c:\windows\system32\browseui(5)32.dll
    c:\windows\system32\browseui(5)3232.dll
    c:\windows\system32\browseui(5)323232.dll
    c:\windows\system32\browseui(5)32323232.dll
    c:\windows\system32\browseui(5)3232323232.dll
    c:\windows\system32\browseui(5)323232323232.dll
    c:\windows\system32\browseui(6)32.dll
    c:\windows\system32\browseui(6)3232.dll
    c:\windows\system32\browseui(6)323232.dll
    c:\windows\system32\browseui(6)32323232.dll
    c:\windows\system32\browseui(6)3232323232.dll
    c:\windows\system32\browseui(7)32.dll
    c:\windows\system32\browseui(7)3232.dll
    c:\windows\system32\browseui(7)323232.dll
    c:\windows\system32\browseui32.dll
    c:\windows\system32\browseui3232.dll
    c:\windows\system32\browseui323232.dll
    c:\windows\system32\browseui32323232.dll
    c:\windows\system32\browseui3232323232.dll
    c:\windows\system32\browseui323232323232.dll
    c:\windows\system32\browseui32323232323232.dll
    c:\windows\system32\browseui3232323232323232.dll
    c:\windows\system32\browsewm32.dll
    c:\windows\system32\browsewm3232.dll
    c:\windows\system32\browsewm323232.dll
    c:\windows\system32\browsewm32323232.dll
    c:\windows\system32\browsewm3232323232.dll
    c:\windows\system32\browsewm323232323232.dll
    c:\windows\system32\BrScnRsm32.dll
    c:\windows\system32\BrScnRsm3232.dll
    c:\windows\system32\BrScnRsm323232.dll
    c:\windows\system32\BrSerIf32.dll
    c:\windows\system32\BrSerIf3232.dll
    c:\windows\system32\BrSerIf323232.dll
    c:\windows\system32\BrSerIf32323232.dll
    c:\windows\system32\BrSerIf3232323232.dll
    c:\windows\system32\BrWebIns32.dll
    c:\windows\system32\BrWebIns3232.dll
    c:\windows\system32\BrWebIns323232.dll
    c:\windows\system32\BrWebIns32323232.dll
    c:\windows\system32\BrWebIns3232323232.dll
    c:\windows\system32\BrWia06a32.dll
    c:\windows\system32\BrWia06a3232.dll
    c:\windows\system32\BrWia06a323232.dll
    c:\windows\system32\BrWia06a32323232.dll
    c:\windows\system32\BrWia06a3232323232.dll
    c:\windows\system32\BrWiaNCp32.dll
    c:\windows\system32\BrWiaNCp3232.dll
    c:\windows\system32\BrWiaNCp323232.dll
    c:\windows\system32\BrWiaNCp32323232.dll
    c:\windows\system32\BrWiaNCp3232323232.dll
    c:\windows\system32\bthci32.dll
    c:\windows\system32\bthci3232.dll
    c:\windows\system32\bthci323232.dll
    c:\windows\system32\bthci32323232.dll
    c:\windows\system32\bthci3232323232.dll
    c:\windows\system32\bthserv32.dll
    c:\windows\system32\bthserv3232.dll
    c:\windows\system32\bthserv323232.dll
    c:\windows\system32\bthserv32323232.dll
    c:\windows\system32\btpanui32.dll
    c:\windows\system32\btpanui3232.dll
    c:\windows\system32\btpanui323232.dll
    c:\windows\system32\btpanui32323232.dll
    c:\windows\system32\btpanui3232323232.dll
    c:\windows\system32\btpanui323232323232.dll
    c:\windows\system32\cabinet(2)(2)32.dll
    c:\windows\system32\cabinet(2)(2)3232.dll
    c:\windows\system32\cabinet(2)(2)323232.dll
    c:\windows\system32\cabinet(3)32.dll
    c:\windows\system32\cabinet(3)3232.dll
    c:\windows\system32\cabinet(3)32323232.dll
    c:\windows\system32\cabinet(5)32.dll
    c:\windows\system32\cabinet(5)3232.dll
    c:\windows\system32\cabinet(5)323232.dll
    c:\windows\system32\cabinet(5)32323232.dll
    c:\windows\system32\cabinet(5)3232323232.dll
    c:\windows\system32\cabinet(6)32.dll
    c:\windows\system32\cabinet(6)3232.dll
    c:\windows\system32\cabinet(7)32.dll
    c:\windows\system32\cabinet(7)3232.dll
    c:\windows\system32\cabinet(7)323232.dll
    c:\windows\system32\cabinet(7)32323232.dll
    c:\windows\system32\cabinet(8)32.dll
    c:\windows\system32\cabinet(8)3232.dll
    c:\windows\system32\cabinet(8)323232.dll
    c:\windows\system32\cabinet(8)32323232.dll
    c:\windows\system32\cabinet(8)3232323232.dll
    c:\windows\system32\cabinet32.dll
    c:\windows\system32\cabinet3232.dll
    c:\windows\system32\cabinet323232.dll
    c:\windows\system32\cabinet32323232.dll
    c:\windows\system32\cabview3232.dll
    c:\windows\system32\cabview323232.dll
    c:\windows\system32\cabview32323232.dll
    c:\windows\system32\Cachex32.dll
    c:\windows\system32\Cachex3232.dll
    c:\windows\system32\Cachex323232.dll
    c:\windows\system32\Cachex32323232.dll
    c:\windows\system32\camocx3232.dll
    c:\windows\system32\camocx323232.dll
    c:\windows\system32\camocx32323232.dll
    c:\windows\system32\camocx3232323232.dll
    c:\windows\system32\camocx323232323232.dll
    c:\windows\system32\camocx32323232323232.dll
    c:\windows\system32\camocx3232323232323232.dll
    c:\windows\system32\capesnpn32.dll
    c:\windows\system32\capesnpn3232.dll
    c:\windows\system32\capesnpn323232.dll
    c:\windows\system32\capesnpn32323232.dll
    c:\windows\system32\capesnpn3232323232.dll
    c:\windows\system32\capesnpn323232323232.dll
    c:\windows\system32\capesnpn32323232323232.dll
    c:\windows\system32\capesnpn3232323232323232.dll
    c:\windows\system32\capicom32.dll
    c:\windows\system32\capicom3232.dll
    c:\windows\system32\capicom323232.dll
    c:\windows\system32\capicom32323232.dll
    c:\windows\system32\capicom3232323232.dll
    c:\windows\system32\capicom323232323232.dll
    c:\windows\system32\cards32.dll
    c:\windows\system32\cards3232.dll
    c:\windows\system32\cards323232.dll
    c:\windows\system32\cards32323232.dll
    c:\windows\system32\cards3232323232.dll
    c:\windows\system32\cards323232323232.dll
    c:\windows\system32\cards32323232323232.dll
    c:\windows\system32\cards3232323232323232.dll
    c:\windows\system32\catsrv(2)(2)32.dll
    c:\windows\system32\catsrv(2)(2)3232.dll
    c:\windows\system32\catsrv(2)(2)323232.dll
    c:\windows\system32\catsrv(2)(2)32323232.dll
    c:\windows\system32\catsrv(2)(2)3232323232.dll
    c:\windows\system32\catsrv(2)(2)323232323232.dll
    c:\windows\system32\catsrv(3)32.dll
    c:\windows\system32\catsrv(3)3232.dll
    c:\windows\system32\catsrv(5)32.dll
    c:\windows\system32\catsrv(5)3232.dll
    c:\windows\system32\catsrv(5)323232.dll
    c:\windows\system32\catsrv(5)32323232.dll
    c:\windows\system32\catsrv(5)3232323232.dll
    c:\windows\system32\catsrv(5)323232323232.dll
    c:\windows\system32\catsrv(5)32323232323232.dll
    c:\windows\system32\catsrv(6)32.dll
    c:\windows\system32\catsrv(6)3232.dll
    c:\windows\system32\catsrv(6)323232.dll
    c:\windows\system32\catsrv(6)32323232.dll
    c:\windows\system32\catsrv(7)32.dll
    c:\windows\system32\catsrv(7)3232.dll
    c:\windows\system32\catsrv(7)323232.dll
    c:\windows\system32\catsrv(7)32323232.dll
    c:\windows\system32\catsrv(8)32.dll
    c:\windows\system32\catsrv(8)3232.dll
    c:\windows\system32\catsrv(8)323232.dll
    c:\windows\system32\catsrv(8)32323232.dll
    c:\windows\system32\catsrv(8)3232323232.dll
    c:\windows\system32\catsrv32.dll
    c:\windows\system32\catsrv3232.dll
    c:\windows\system32\catsrv323232.dll
    c:\windows\system32\catsrv32323232.dll
    c:\windows\system32\catsrvps32.dll
    c:\windows\system32\catsrvps3232.dll
    c:\windows\system32\catsrvps323232.dll
    c:\windows\system32\catsrvps32323232.dll
    c:\windows\system32\catsrvut(2)(2)32.dll
    c:\windows\system32\catsrvut(2)(2)3232.dll
    c:\windows\system32\catsrvut(3)32.dll
    c:\windows\system32\catsrvut(3)323232.dll
    c:\windows\system32\catsrvut(5)32.dll
    c:\windows\system32\catsrvut(5)323232.dll
    c:\windows\system32\catsrvut(5)32323232.dll
    c:\windows\system32\catsrvut(5)3232323232.dll
    c:\windows\system32\catsrvut(6)32.dll
    c:\windows\system32\catsrvut(6)3232.dll
    c:\windows\system32\catsrvut(6)323232.dll
    c:\windows\system32\catsrvut(6)32323232.dll
    c:\windows\system32\catsrvut(7)32.dll
    c:\windows\system32\catsrvut(7)3232.dll
    c:\windows\system32\catsrvut(7)323232.dll
    c:\windows\system32\catsrvut(8)32.dll
    c:\windows\system32\catsrvut(8)3232.dll
    c:\windows\system32\catsrvut(8)323232.dll
    c:\windows\system32\cc325032.dll
    c:\windows\system32\cc32503232.dll
    c:\windows\system32\cc3250323232.dll
    c:\windows\system32\cc3250mt32.dll
    c:\windows\system32\cc3250mt3232.dll
    c:\windows\system32\cc3250mt323232.dll
    c:\windows\system32\ccfgnt32.dll
    c:\windows\system32\ccfgnt3232.dll
    c:\windows\system32\ccfgnt323232.dll
    c:\windows\system32\cdfview3232.dll
    c:\windows\system32\cdfview323232.dll
    c:\windows\system32\cdm32.dll
    c:\windows\system32\cdm323232.dll
    c:\windows\system32\cdmodem32.dll
    c:\windows\system32\cdmodem3232.dll
    c:\windows\system32\cdmodem323232.dll
    c:\windows\system32\cdosys32.dll
    c:\windows\system32\certcli(2)(2)32.dll
    c:\windows\system32\certcli(2)(2)3232.dll
    c:\windows\system32\certcli(2)(2)323232.dll
    c:\windows\system32\certcli(2)(2)32323232.dll
    c:\windows\system32\certcli(2)(2)3232323232.dll
    c:\windows\system32\certcli(3)32.dll
    c:\windows\system32\certcli(3)3232.dll
    c:\windows\system32\certcli(3)323232.dll
    c:\windows\system32\certcli(5)32.dll
    c:\windows\system32\certcli(5)3232.dll
    c:\windows\system32\certcli(5)323232.dll
    c:\windows\system32\certcli(6)32.dll
    c:\windows\system32\certcli(6)3232.dll
    c:\windows\system32\certcli(6)323232.dll
    c:\windows\system32\certcli(6)32323232.dll
    c:\windows\system32\certcli(7)32.dll
    c:\windows\system32\certcli(7)3232.dll
    c:\windows\system32\certcli(7)323232.dll
    c:\windows\system32\certcli(8)32.dll
    c:\windows\system32\certcli(8)3232.dll
    c:\windows\system32\certcli(8)323232.dll
    c:\windows\system32\certcli(8)32323232.dll
    c:\windows\system32\certcli(8)3232323232.dll
    c:\windows\system32\certcli(8)323232323232.dll
    c:\windows\system32\certcli3232.dll
    c:\windows\system32\certcli323232.dll
    c:\windows\system32\certcli32323232.dll
    c:\windows\system32\certmgr32.dll
    c:\windows\system32\certmgr3232.dll
    c:\windows\system32\certmgr323232.dll
    c:\windows\system32\cfgbkend32.dll
    c:\windows\system32\cfgmgr32(2)(2)32.dll
    c:\windows\system32\cfgmgr32(2)(2)3232.dll
    c:\windows\system32\cfgmgr32(2)(2)323232.dll
    c:\windows\system32\cfgmgr32(5)32.dll
    c:\windows\system32\cfgmgr32(7)32.dll
    c:\windows\system32\ciadmin32.dll
    c:\windows\system32\ciodm32.dll
    c:\windows\system32\clbcatq(3)32.dll
    c:\windows\system32\clbcatq(7)32.dll
    c:\windows\system32\clbcatq32.dll
    c:\windows\system32\clusapi(2)(2)32.dll
    c:\windows\system32\clusapi(5)32.dll
    c:\windows\system32\clusapi(8)32.dll
    c:\windows\system32\CLWLang32.dll
    c:\windows\system32\cmdial3232.dll
    c:\windows\system32\cmpbk3232.dll
    c:\windows\system32\cmutil32.dll
    c:\windows\system32\cnbjmon(3)32.dll
    c:\windows\system32\cnbjmon(5)32.dll
    c:\windows\system32\colbact(3)32.dll
    c:\windows\system32\colbact(6)32.dll
    c:\windows\system32\colbact32.dll
    c:\windows\system32\comcat32.dll
    c:\windows\system32\comctl3232.dll
    c:\windows\system32\comdlg3232.dll
    c:\windows\system32\compobj32.dll
    c:\windows\system32\comrepl32.dll
    c:\windows\system32\comres(3)32.dll
    c:\windows\system32\comres(6)32.dll
    D:\Autorun.inf

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://childhe.com
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
    .

    2009-02-20 22:13 . 2009-02-20 22:29 <DIR> d——– c:\program files\Microsoft Bootvis
    2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\program files\Karen's Power Tools
    2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Karen's Power Tools
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-20 21:06 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-20 21:06 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-20 17:52 . 2009-02-20 20:19 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\.housecall6.6
    2009-02-19 13:00 . 2009-02-19 13:00 <DIR> d——– c:\program files\Trend Micro
    2009-02-18 23:03 . 2009-02-18 23:03 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
    2009-02-18 23:01 . 2009-02-18 23:01 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-18 20:24 . 2009-02-18 20:27 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-02-18 20:24 . 2009-02-18 22:01 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-17 10:59 . 2006-01-17 01:03 126,976 ——— c:\windows\system32\BrfxD05a.dll
    2009-02-17 10:59 . 2001-11-15 01:00 6,224 ——— c:\windows\CVRPAGE.bmp
    2009-02-17 10:59 . 2003-11-28 18:57 0 –a—— c:\windows\brdfxspd.dat
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\program files\SUPERAntiSpyware
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\SUPERAntiSpyware.com
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-02-15 18:12 . 2009-02-15 18:12 80 –a—— C:\bootdelete.lst
    2009-02-15 16:40 . 2009-02-15 18:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro 3
    2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
    2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft
    2009-02-15 13:48 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft(2)
    2009-02-10 20:49 . 2009-02-15 15:24 <DIR> d——– c:\program files\Drive Rescue
    2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\program files\Auslogics
    2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Auslogics
    2009-01-26 20:25 . 2009-01-26 20:25 <DIR> d——– c:\program files\Hitman Pro 3
    2009-01-26 20:25 . 2009-01-26 22:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro
    2009-01-26 19:32 . 2009-01-26 20:05 16,827 –a—— c:\windows\system32\drivers\hosts
    2009-01-25 21:36 . 2009-01-26 16:36 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire
    2009-01-25 10:40 . 2009-01-25 10:40 <DIR> d——– c:\program files\Notepad++
    2009-01-25 10:40 . 2009-01-25 11:11 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Notepad++
    2009-01-24 22:42 . 2009-01-24 22:45 <DIR> d——– C:\VBScript maker
    2009-01-24 19:33 . 2009-01-24 19:36 <DIR> d——– c:\windows\system32\XPSViewer
    2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\Reference Assemblies
    2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\MSBuild
    2009-01-24 19:32 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-21 11:58 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Skype
    2009-02-20 20:11 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-02-19 17:52 410,984 —-a-w c:\windows\system32\deploytk.dll
    2009-02-19 17:52 ——— d—–w c:\program files\Java
    2009-02-18 22:03 15,688 —-a-w c:\windows\system32\lsdelete.exe
    2009-02-18 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-17 10:00 ——— d—–w c:\program files\Brother
    2009-02-17 09:59 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-15 17:25 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-15 14:52 ——— d—–w c:\program files\ScanSoft
    2009-02-15 14:52 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\ScanSoft
    2009-02-09 20:25 ——— d—–w c:\program files\Computerservice SSHSBV
    2009-01-30 17:02 ——— d—–w c:\program files\Dymo Label
    2009-01-29 12:42 ——— d—–w c:\program files\MSECache
    2009-01-26 08:41 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-12 19:14 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\DVD Flick
    2009-01-12 12:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Nero
    2009-01-12 11:54 ——— d—–w c:\program files\Skype
    2009-01-12 11:54 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
    2009-01-12 11:53 ——— d—–w c:\program files\Common Files\Skype
    2009-01-09 15:40 ——— d—–w c:\program files\Common Files\BIL
    2009-01-09 15:39 18,944 —-a-w c:\windows\system32\drivers\busbcrw.sys
    2009-01-06 22:33 ——— d—–w c:\program files\BankingTools
    2009-01-06 22:33 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\BankingTools
    2008-12-27 21:32 ——— d—–w c:\program files\Pre-Design Studio
    2008-12-21 14:20 ——— d—–w c:\program files\Pinnacle
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
    2008-04-10 11:01 14,960 —-a-w c:\program files\settings.dat
    2008-04-08 10:08 5,632 -csha-w c:\program files\Thumbs.db
    2008-03-20 12:27 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2007-02-07 21:54 6,772 -csh–r c:\windows\system\DM150437.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
    "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2006-09-15 2048000]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 29744]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-10-15 14864384]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-18 509784]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-14 5418864]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Systeemvak van ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-02 57344]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    –a—— 2005-03-18 11:53 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    –a—— 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    –a—— 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
    –a—— 2007-02-27 15:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    ——— 2006-09-15 13:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
    ——— 2004-04-20 17:33 61440 c:\program files\Pinnacle\PCTV USB2\Remote\remoterm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2008-10-22 09:49 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
    –a—— 2007-10-03 08:33 1206600 c:\program files\Webroot\Washer\wwDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ose"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "btwdins"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Ahead\\Nero\\nero.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Downloaded Program Files\\imloader.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-18 64160]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-09-09 598856]
    R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2007-02-08 18944]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS –> c:\pcdr5\ATIXPGAA.SYS [?]
    S3 brfilt;MFC-filterstuurprogramma van Brother;c:\windows\system32\drivers\BrFilt.sys [2007-02-07 2944]
    S3 BrSerWDM;Serieel stuurprogramma van Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-02-07 60416]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-02-07 11008]
    S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;c:\windows\system32\drivers\BrUsbScn.sys [2007-02-07 10368]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-13 29744]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-18 23:02]

    2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    2009-02-11 c:\windows\Tasks\HPCeeSchedule.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]

    2009-02-20 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - A:\ []
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Notify-pmnnKDvv - (no file)
    SafeBoot-Lavasoft Ad-Aware Service


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearch Bar = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: bonaparte.nl\www
    Trusted Zone: msn.com\groups
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-21 12:54:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,f0,19,05,d3,
    e5,33,54,e2,63,26,f1,3f,c8,ff,68,33,23,01,1f,20,b4,8e,35,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ca,31,71,4e,9b,
    ff,1d,ef,6a,9c,d6,61,af,45,84,18,79,a2,05,80,51,ab,58,f3,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,9a,ec,2c,5c,
    a1,33,6d,ff,7c,85,e0,43,d4,0e,fe,1d,48,57,c1,33,cf,39,b6,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,24,dc,6f,28,
    a9,d4,f9,86,8c,21,01,be,91,eb,e7,bb,a0,27,56,4d,aa,a5,60,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3d,6b,ac,52,78,
    63,98,b1,f5,1d,4d,73,a8,13,5c,05,7f,50,33,64,2f,b2,d7,3a,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2b,7f,b9,eb,cb,
    81,50,8d,df,20,58,62,78,6b,cf,c8,ce,77,10,20,81,05,c4,07,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,68,33,45,b8,98,
    c2,ef,31,fb,a7,78,e6,12,2f,9a,ea,26,82,75,8a,53,b0,76,69,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,28,84,9f,79,
    75,62,bf,01,3a,48,fc,e8,04,4a,f1,0c,e5,9d,ed,60,89,c2,01,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,44,ff,42,b1,33,
    aa,2a,60,f6,0f,4e,58,98,5b,89,c9,4b,0c,00,e9,57,ca,3f,de,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5f,fd,13,ee,99,
    b9,bf,77,3d,ce,ea,26,2d,45,aa,78,26,2c,91,53,42,a3,3a,54,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,f9,ad,7e,23,
    80,77,65,2a,b7,cc,b5,b9,7f,41,e7,ab,d1,04,db,e7,a9,ab,5e,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0d,9d,3a,dc,32,
    52,5d,b3,6c,43,2d,1e,aa,22,2f,9c,6a,2b,66,76,b5,d7,60,dd,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(940)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3304)
    c:\progra~1\WINDOW~1\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WS_FTP Pro\nsftpch.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\AAWService.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Brother\Brmfcmon\BrMfimon.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-02-21 13:31:11 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-02-21 12:30:14

    Pre-Run: 190.972.633.088 bytes beschikbaar
    Post-Run: 190,999,568,384 bytes beschikbaar

    754 — E O F — 2009-01-23 19:41:58
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:55edfec27e]O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\[/b:55edfec27e]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.




    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Ik heb niet de 020 die vermeld wordt.
    O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS

    Wel heb ik:
    020-Winlogon Notify: !SASWinlogon-C\ProgramFiles\SUPERAntispyware\SASWINLO.dll

    Moet die ook eruit met Fis checked??

    Weder bedankt voor de hulp
  • Nee die moet er niet uit.

    Zou je de andere stappen op willen volgen?
  • combofix staat niet op de goede plaats.

    [b:5902ba72bf]Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe [/b:5902ba72bf]


    deze dient op het bureaublad te staan, verplaats het programma naar het bureaublad en laat het van daar starten.

  • mijn hijackthis log is:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:13:46, on 21-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
    O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.bonaparte.nl
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


    End of file - 11541 bytes

    De nieuwe combofix log is:
    ComboFix 09-02-19.01 - Compaq_Eigenaar 2009-02-21 18:23:56.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.408 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Compaq_Eigenaar\Bureaublad\logs\CFScript.txt
    AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\system\DM150437.sys
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system\DM150437.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
    .

    2009-02-21 18:08 . 2009-02-21 18:08 399,872 –a—— c:\windows\system32\cmd.execf
    2009-02-20 22:13 . 2009-02-20 22:29 <DIR> d——– c:\program files\Microsoft Bootvis
    2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\program files\Karen's Power Tools
    2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Karen's Power Tools
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-20 21:06 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-20 21:06 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-20 17:52 . 2009-02-20 20:19 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\.housecall6.6
    2009-02-19 13:00 . 2009-02-19 13:00 <DIR> d——– c:\program files\Trend Micro
    2009-02-18 23:03 . 2009-02-18 23:03 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
    2009-02-18 23:01 . 2009-02-18 23:01 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-18 20:24 . 2009-02-18 20:27 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-02-18 20:24 . 2009-02-18 22:01 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-17 10:59 . 2006-01-17 01:03 126,976 ——— c:\windows\system32\BrfxD05a.dll
    2009-02-17 10:59 . 2001-11-15 01:00 6,224 ——— c:\windows\CVRPAGE.bmp
    2009-02-17 10:59 . 2003-11-28 18:57 0 –a—— c:\windows\brdfxspd.dat
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\program files\SUPERAntiSpyware
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\SUPERAntiSpyware.com
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-02-15 18:12 . 2009-02-15 18:12 80 –a—— C:\bootdelete.lst
    2009-02-15 16:40 . 2009-02-15 18:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro 3
    2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
    2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft
    2009-02-15 13:48 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft(2)
    2009-02-10 20:49 . 2009-02-15 15:24 <DIR> d——– c:\program files\Drive Rescue
    2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\program files\Auslogics
    2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Auslogics
    2009-01-26 20:25 . 2009-01-26 20:25 <DIR> d——– c:\program files\Hitman Pro 3
    2009-01-26 20:25 . 2009-01-26 22:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro
    2009-01-26 19:32 . 2009-01-26 20:05 16,827 –a—— c:\windows\system32\drivers\hosts
    2009-01-25 21:36 . 2009-01-26 16:36 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire
    2009-01-25 10:40 . 2009-01-25 10:40 <DIR> d——– c:\program files\Notepad++
    2009-01-25 10:40 . 2009-01-25 11:11 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Notepad++
    2009-01-24 22:42 . 2009-01-24 22:45 <DIR> d——– C:\VBScript maker
    2009-01-24 19:33 . 2009-01-24 19:36 <DIR> d——– c:\windows\system32\XPSViewer
    2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\Reference Assemblies
    2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\MSBuild
    2009-01-24 19:32 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-21 15:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Skype
    2009-02-20 20:11 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-02-19 17:52 410,984 —-a-w c:\windows\system32\deploytk.dll
    2009-02-19 17:52 ——— d—–w c:\program files\Java
    2009-02-18 22:03 15,688 —-a-w c:\windows\system32\lsdelete.exe
    2009-02-18 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-17 10:00 ——— d—–w c:\program files\Brother
    2009-02-17 09:59 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-15 17:25 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-15 14:52 ——— d—–w c:\program files\ScanSoft
    2009-02-15 14:52 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\ScanSoft
    2009-02-09 20:25 ——— d—–w c:\program files\Computerservice SSHSBV
    2009-01-30 17:02 ——— d—–w c:\program files\Dymo Label
    2009-01-29 12:42 ——— d—–w c:\program files\MSECache
    2009-01-26 08:41 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-12 19:14 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\DVD Flick
    2009-01-12 12:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Nero
    2009-01-12 11:54 ——— d—–w c:\program files\Skype
    2009-01-12 11:54 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
    2009-01-12 11:53 ——— d—–w c:\program files\Common Files\Skype
    2009-01-09 15:40 ——— d—–w c:\program files\Common Files\BIL
    2009-01-09 15:39 18,944 —-a-w c:\windows\system32\drivers\busbcrw.sys
    2009-01-06 22:33 ——— d—–w c:\program files\BankingTools
    2009-01-06 22:33 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\BankingTools
    2008-12-27 21:32 ——— d—–w c:\program files\Pre-Design Studio
    2008-12-21 14:20 ——— d—–w c:\program files\Pinnacle
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
    2008-04-10 11:01 14,960 —-a-w c:\program files\settings.dat
    2008-04-08 10:08 5,632 -csha-w c:\program files\Thumbs.db
    2008-03-20 12:27 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
    "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2006-09-15 2048000]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 29744]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-10-15 14864384]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-18 509784]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-14 5418864]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Systeemvak van ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-02 57344]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    –a—— 2005-03-18 11:53 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    –a—— 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    –a—— 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
    –a—— 2007-02-27 15:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    ——— 2006-09-15 13:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
    ——— 2004-04-20 17:33 61440 c:\program files\Pinnacle\PCTV USB2\Remote\remoterm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2008-10-22 09:49 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
    –a—— 2007-10-03 08:33 1206600 c:\program files\Webroot\Washer\wwDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ose"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "btwdins"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Ahead\\Nero\\nero.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Downloaded Program Files\\imloader.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-18 64160]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-09-09 598856]
    R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2007-02-08 18944]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS –> c:\pcdr5\ATIXPGAA.SYS [?]
    S3 brfilt;MFC-filterstuurprogramma van Brother;c:\windows\system32\drivers\BrFilt.sys [2007-02-07 2944]
    S3 BrSerWDM;Serieel stuurprogramma van Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-02-07 60416]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-02-07 11008]
    S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;c:\windows\system32\drivers\BrUsbScn.sys [2007-02-07 10368]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-13 29744]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-18 23:02]

    2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    2009-02-11 c:\windows\Tasks\HPCeeSchedule.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]

    2009-02-21 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - A:\ []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: bonaparte.nl\www
    Trusted Zone: msn.com\groups
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-21 19:25:23
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,f0,19,05,d3,
    e5,33,54,e2,63,26,f1,3f,c8,ff,68,33,23,01,1f,20,b4,8e,35,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ca,31,71,4e,9b,
    ff,1d,ef,6a,9c,d6,61,af,45,84,18,79,a2,05,80,51,ab,58,f3,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,9a,ec,2c,5c,
    a1,33,6d,ff,7c,85,e0,43,d4,0e,fe,1d,48,57,c1,33,cf,39,b6,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,24,dc,6f,28,
    a9,d4,f9,86,8c,21,01,be,91,eb,e7,bb,a0,27,56,4d,aa,a5,60,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3d,6b,ac,52,78,
    63,98,b1,f5,1d,4d,73,a8,13,5c,05,7f,50,33,64,2f,b2,d7,3a,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2b,7f,b9,eb,cb,
    81,50,8d,df,20,58,62,78,6b,cf,c8,ce,77,10,20,81,05,c4,07,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,68,33,45,b8,98,
    c2,ef,31,fb,a7,78,e6,12,2f,9a,ea,26,82,75,8a,53,b0,76,69,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,28,84,9f,79,
    75,62,bf,01,3a,48,fc,e8,04,4a,f1,0c,e5,9d,ed,60,89,c2,01,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,44,ff,42,b1,33,
    aa,2a,60,f6,0f,4e,58,98,5b,89,c9,4b,0c,00,e9,57,ca,3f,de,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5f,fd,13,ee,99,
    b9,bf,77,3d,ce,ea,26,2d,45,aa,78,26,2c,91,53,42,a3,3a,54,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,f9,ad,7e,23,
    80,77,65,2a,b7,cc,b5,b9,7f,41,e7,ab,d1,04,db,e7,a9,ab,5e,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0d,9d,3a,dc,32,
    52,5d,b3,6c,43,2d,1e,aa,22,2f,9c,6a,2b,66,76,b5,d7,60,dd,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(940)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2009-02-21 19:56:13
    ComboFix-quarantined-files.txt 2009-02-21 18:55:28
    ComboFix2.txt 2009-02-21 12:32:05

    Pre-Run: 190.989.119.488 bytes beschikbaar
    Post-Run: 190,975,193,088 bytes beschikbaar

    310 — E O F — 2009-01-23 19:41:58
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:13:46, on 21-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
    O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.bonaparte.nl
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  • Ik ook, maar ik heb, samen met mijn man gekeken en er was toen heel echt maar 1 020, met de melding die ik gemeld heb. Wat nu , de hele sessie opnieuw doen, vanaf het verwijderen van deze Winlogon?
    Sorry voor het schijnbaar op het verkeerde been zetten, maar hoe gek het ook klinkt, snappen doe ik het zowiezo niet, er was maar 1 020 mededeling.
  • Ik heb een nieuwe comfix log gemaalt en een hijackthis log, nadat ik Winlogo notify, alsnog heb weggehaald met fix checked.

    ComboFix 09-02-19.01 - Compaq_Eigenaar 2009-02-21 22:25:21.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1043.18.1022.477 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Compaq_Eigenaar\Mijn documenten\internet\bescherming computer\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Compaq_Eigenaar\Bureaublad\logs\CFScript.txt
    AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    c:\windows\system\DM150437.sys
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-21 to 2009-02-21 ))))))))))))))))))))))))))))))
    .

    2009-02-20 22:13 . 2009-02-20 22:29 <DIR> d——– c:\program files\Microsoft Bootvis
    2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\program files\Karen's Power Tools
    2009-02-20 22:06 . 2009-02-20 22:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Karen's Power Tools
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Malwarebytes
    2009-02-20 21:06 . 2009-02-20 21:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-20 21:06 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-20 21:06 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-20 17:52 . 2009-02-20 20:19 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\.housecall6.6
    2009-02-19 13:00 . 2009-02-19 13:00 <DIR> d——– c:\program files\Trend Micro
    2009-02-18 23:03 . 2009-02-18 23:03 64,160 –a—— c:\windows\system32\drivers\Lbd.sys
    2009-02-18 23:01 . 2009-02-18 23:01 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-18 20:24 . 2009-02-18 20:27 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-02-18 20:24 . 2009-02-18 22:01 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-17 10:59 . 2006-01-17 01:03 126,976 ——— c:\windows\system32\BrfxD05a.dll
    2009-02-17 10:59 . 2001-11-15 01:00 6,224 ——— c:\windows\CVRPAGE.bmp
    2009-02-17 10:59 . 2003-11-28 18:57 0 –a—— c:\windows\brdfxspd.dat
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\program files\SUPERAntiSpyware
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\SUPERAntiSpyware.com
    2009-02-15 18:25 . 2009-02-15 18:25 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-02-15 18:12 . 2009-02-15 18:12 80 –a—— C:\bootdelete.lst
    2009-02-15 16:40 . 2009-02-15 18:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro 3
    2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\program files\Common Files\ScanSoft Shared
    2009-02-15 15:52 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft
    2009-02-15 13:48 . 2009-02-15 15:52 <DIR> d——– c:\documents and settings\All Users\Application Data\ScanSoft(2)
    2009-02-10 20:49 . 2009-02-15 15:24 <DIR> d——– c:\program files\Drive Rescue
    2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\program files\Auslogics
    2009-02-09 14:21 . 2009-02-09 14:21 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Auslogics
    2009-01-26 20:25 . 2009-01-26 20:25 <DIR> d——– c:\program files\Hitman Pro 3
    2009-01-26 20:25 . 2009-01-26 22:37 <DIR> d——– c:\documents and settings\All Users\Application Data\Hitman Pro
    2009-01-26 19:32 . 2009-01-26 20:05 16,827 –a—— c:\windows\system32\drivers\hosts
    2009-01-25 21:36 . 2009-01-26 16:36 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\LimeWire
    2009-01-25 10:40 . 2009-01-25 10:40 <DIR> d——– c:\program files\Notepad++
    2009-01-25 10:40 . 2009-01-25 11:11 <DIR> d——– c:\documents and settings\Compaq_Eigenaar\Application Data\Notepad++
    2009-01-24 22:42 . 2009-01-24 22:45 <DIR> d——– C:\VBScript maker
    2009-01-24 19:33 . 2009-01-24 19:36 <DIR> d——– c:\windows\system32\XPSViewer
    2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\Reference Assemblies
    2009-01-24 19:33 . 2009-01-24 19:33 <DIR> d——– c:\program files\MSBuild
    2009-01-24 19:32 . 2006-06-29 13:07 14,048 ——— c:\windows\system32\spmsg2.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-21 22:26 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Skype
    2009-02-21 21:11 ——— d—–w c:\documents and settings\All Users\Application Data\Google Updater
    2009-02-19 17:52 410,984 —-a-w c:\windows\system32\deploytk.dll
    2009-02-19 17:52 ——— d—–w c:\program files\Java
    2009-02-18 22:03 15,688 —-a-w c:\windows\system32\lsdelete.exe
    2009-02-18 22:01 ——— d—–w c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-17 10:00 ——— d—–w c:\program files\Brother
    2009-02-17 09:59 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-02-15 17:25 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-15 14:52 ——— d—–w c:\program files\ScanSoft
    2009-02-15 14:52 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\ScanSoft
    2009-02-09 20:25 ——— d—–w c:\program files\Computerservice SSHSBV
    2009-01-30 17:02 ——— d—–w c:\program files\Dymo Label
    2009-01-29 12:42 ——— d—–w c:\program files\MSECache
    2009-01-26 08:41 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-01-12 19:14 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\DVD Flick
    2009-01-12 12:41 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\Nero
    2009-01-12 11:54 ——— d—–w c:\program files\Skype
    2009-01-12 11:54 ——— d—–w c:\documents and settings\All Users\Application Data\Skype
    2009-01-12 11:53 ——— d—–w c:\program files\Common Files\Skype
    2009-01-09 15:40 ——— d—–w c:\program files\Common Files\BIL
    2009-01-09 15:39 18,944 —-a-w c:\windows\system32\drivers\busbcrw.sys
    2009-01-06 22:33 ——— d—–w c:\program files\BankingTools
    2009-01-06 22:33 ——— d—–w c:\documents and settings\Compaq_Eigenaar\Application Data\BankingTools
    2008-12-27 21:32 ——— d—–w c:\program files\Pre-Design Studio
    2008-12-21 14:20 ——— d—–w c:\program files\Pinnacle
    2008-12-13 06:39 3,593,216 ——w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ——w c:\windows\system32\dllcache\srv.sys
    2008-04-10 11:01 14,960 —-a-w c:\program files\settings.dat
    2008-04-08 10:08 5,632 -csha-w c:\program files\Thumbs.db
    2008-03-20 12:27 32 -c–a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-21_13.10.41.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-21 19:06:06 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_c4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-26 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
    "NBJ"="c:\progra~1\Ahead\NEROBA~1\NBJ.exe" [2006-09-15 2048000]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-10-02 57344]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-04 29744]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "RTHDCPL"="c:\windows\RTHDCPL.EXE" [2005-10-15 14864384]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-18 509784]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-19 148888]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-14 5418864]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Systeemvak van ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-10-02 57344]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.PIM1"= PCLEPIM1.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Pinnacle Scheduler.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Pinnacle Scheduler.lnk
    backup=c:\windows\pss\Pinnacle Scheduler.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    –a—— 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    –a—— 2005-03-18 11:53 40960 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    –a—— 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    –a—— 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFaceOnlinePluginsService]
    –a—— 2007-02-27 15:36 278528 c:\program files\MediaFaceOnlinePluginsService\dolcore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
    ——— 2006-09-15 13:27 2048000 c:\program files\Ahead\Nero BackItUp\NBJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    –a—— 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVUSB2Remote]
    ——— 2004-04-20 17:33 61440 c:\program files\Pinnacle\PCTV USB2\Remote\remoterm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    –a—— 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    –a—— 2008-10-22 09:49 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
    –a—— 2007-10-03 08:33 1206600 c:\program files\Webroot\Washer\wwDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "ose"=3 (0x3)
    "LightScribeService"=2 (0x2)
    "iPod Service"=3 (0x3)
    "InCDsrv"=2 (0x2)
    "btwdins"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Ahead\\Nero\\nero.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\Downloaded Program Files\\imloader.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"=
    "c:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-18 64160]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-08-09 29808]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2008-09-09 598856]
    R3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [2007-02-08 18944]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS –> c:\pcdr5\ATIXPGAA.SYS [?]
    S3 brfilt;MFC-filterstuurprogramma van Brother;c:\windows\system32\drivers\BrFilt.sys [2007-02-07 2944]
    S3 BrSerWDM;Serieel stuurprogramma van Brother;c:\windows\system32\drivers\BrSerWdm.sys [2007-02-07 60416]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2007-02-07 11008]
    S3 BrUsbScn;MFC-stuurprogramma van Brother voor USB-scanner;c:\windows\system32\drivers\BrUsbScn.sys [2007-02-07 10368]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-13 29744]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys –> c:\windows\system32\drivers\hitmanpro3.sys [?]

    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - GTNDIS5

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-18 23:02]

    2008-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

    2009-02-11 c:\windows\Tasks\HPCeeSchedule.job
    - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]

    2009-02-21 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-14 11:53]

    2009-02-20 c:\windows\Tasks\wrSpySweeperFullSweep.job
    - A:\ []
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.startpagina.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: bonaparte.nl\www
    Trusted Zone: msn.com\groups
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-21 23:26:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a2,f0,19,05,d3,
    e5,33,54,e2,63,26,f1,3f,c8,ff,68,33,23,01,1f,20,b4,8e,35,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ca,31,71,4e,9b,
    ff,1d,ef,6a,9c,d6,61,af,45,84,18,79,a2,05,80,51,ab,58,f3,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,9a,ec,2c,5c,
    a1,33,6d,ff,7c,85,e0,43,d4,0e,fe,1d,48,57,c1,33,cf,39,b6,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,07,24,dc,6f,28,
    a9,d4,f9,86,8c,21,01,be,91,eb,e7,bb,a0,27,56,4d,aa,a5,60,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3d,6b,ac,52,78,
    63,98,b1,f5,1d,4d,73,a8,13,5c,05,7f,50,33,64,2f,b2,d7,3a,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2b,7f,b9,eb,cb,
    81,50,8d,df,20,58,62,78,6b,cf,c8,ce,77,10,20,81,05,c4,07,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,68,33,45,b8,98,
    c2,ef,31,fb,a7,78,e6,12,2f,9a,ea,26,82,75,8a,53,b0,76,69,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,7d,28,84,9f,79,
    75,62,bf,01,3a,48,fc,e8,04,4a,f1,0c,e5,9d,ed,60,89,c2,01,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,44,ff,42,b1,33,
    aa,2a,60,f6,0f,4e,58,98,5b,89,c9,4b,0c,00,e9,57,ca,3f,de,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,5f,fd,13,ee,99,
    b9,bf,77,3d,ce,ea,26,2d,45,aa,78,26,2c,91,53,42,a3,3a,54,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,78,f9,ad,7e,23,
    80,77,65,2a,b7,cc,b5,b9,7f,41,e7,ab,d1,04,db,e7,a9,ab,5e,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0d,9d,3a,dc,32,
    52,5d,b3,6c,43,2d,1e,aa,22,2f,9c,6a,2b,66,76,b5,d7,60,dd,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "3140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(936)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(1820)
    c:\progra~1\EMBIRD32\EMBIRDCP.DLL
    c:\progra~1\EMBIRD32\LVKRN14N.DLL
    c:\progra~1\EMBIRD32\ltfil14n.DLL
    c:\progra~1\EMBIRD32\LTKRN14N.dll
    c:\progra~1\EMBIRD32\LTIMG14N.dll
    c:\progra~1\EMBIRD32\LTDIS14n.dll
    c:\progra~1\EMBIRD32\ux32w.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
    c:\program files\Illustrate\dBpoweramp\dBShell.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2009-02-21 23:57:58
    ComboFix-quarantined-files.txt 2009-02-21 22:57:08
    ComboFix2.txt 2009-02-21 18:57:08
    ComboFix3.txt 2009-02-21 12:32:05

    Pre-Run: 190.953.725.952 bytes beschikbaar
    Post-Run: 190,940,622,848 bytes beschikbaar

    328 — E O F — 2009-01-23 19:41:58

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:15:33, on 22-2-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Webroot\Washer\WasherSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
    O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
    O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
    O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe"
    O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.bonaparte.nl
    O15 - Trusted Zone: http://groups.msn.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232350243484
    O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232350226328
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5l.incredimail.com/contents/setup/2008010201/downloader/imloader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: pmnnKDvv - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe


    End of file - 11488 bytes
    Ondanks, dat ik Winlogo verwijderd heb met Fix checked, zie ik dat het er nu nog/weer in zit

    Toch hhop ik dat u in staat bent mij verder te helpen, als het nodig mocht zijn. In ieder geval ror zover bedankt voor de genomen moeite.
  • Download dit bestand: zoek.exe
    Dubbelklik het, na een tijdje opent er een logje.
    Post de inhoud van dit logje in je volgende bericht
  • Zelfs op Zondag antwoord. geweldig. Bij deze de log van de zoek exe

    ======C:\WINDOWS====
    —-a-w 0 2009-02-22 09:59:09 C:\WINDOWS\0.log
    –s-a-w 2,048 2009-02-22 09:58:39 C:\WINDOWS\bootstat.dat
    —-a-w 93 2009-02-17 10:01:00 C:\WINDOWS\brpcfx.ini
    —-a-w 789 2009-02-17 10:01:00 C:\WINDOWS\Brpfx04a.ini
    —-a-w 27 2009-02-17 10:01:43 C:\WINDOWS\BRPP2KA.INI
    —-a-w 434 2009-02-17 10:01:43 C:\WINDOWS\BRWMARK.INI
    —-a-w 59 2009-02-07 21:22:39 C:\WINDOWS\C@shFlowApp.INI
    —-a-w 149 2009-01-24 18:23:37 C:\WINDOWS\cdplayer.ini
    —-a-w 16,382 2009-01-24 18:37:06 C:\WINDOWS\comsetup.log
    —-a-w 23,006 2008-11-29 09:43:21 C:\WINDOWS\easyc.ini
    —-a-w 40 2009-01-25 18:13:57 C:\WINDOWS\Embedit.INI
    —-a-w 49,277 2009-01-24 18:37:06 C:\WINDOWS\FaxSetup.log
    —-a-w 7,857 2009-01-24 18:37:06 C:\WINDOWS\iis6.log
    —-a-w 36 2009-01-30 17:02:55 C:\WINDOWS\iltwain.ini
    —-a-w 1,374 2009-01-19 07:46:42 C:\WINDOWS\imsins.BAK
    —-a-w 1,374 2009-01-24 18:37:06 C:\WINDOWS\imsins.log
    —-a-w 21,386 2009-01-19 07:46:31 C:\WINDOWS\KB952069.log
    —-a-w 7,936 2009-01-19 07:41:40 C:\WINDOWS\KB954600.log
    —-a-w 35,506 2009-01-19 07:45:07 C:\WINDOWS\KB955839.log
    —-a-w 13,242 2009-01-19 07:41:52 C:\WINDOWS\KB956802.log
    —-a-w 22,346 2009-01-19 07:42:51 C:\WINDOWS\KB958215-IE7.log
    —-a-w 16,884 2009-01-19 07:46:42 C:\WINDOWS\KB958687.log
    —-a-w 17,687 2009-01-19 07:45:22 C:\WINDOWS\KB960714-IE7.log
    —-a-w 186 2009-02-15 17:20:06 C:\WINDOWS\KRAMERS_YESNETNOLOCK.INI
    —-a-w 2,472 2009-01-24 18:37:06 C:\WINDOWS\msgsocm.log
    —-a-w 229 2009-02-17 20:03:39 C:\WINDOWS\NeroDigital.ini
    —-a-w 921,540 2009-02-20 09:43:11 C:\WINDOWS\ntbtlog.txt
    —-a-w 9,940 2009-01-24 18:37:06 C:\WINDOWS\ntdtcsetup.log
    —-a-w 23,648 2009-01-24 18:37:06 C:\WINDOWS\ocgen.log
    —-a-w 3,088 2009-01-24 18:37:06 C:\WINDOWS\ocmsn.log
    —-a-w 395 2008-09-29 13:56:08 C:\WINDOWS\ODBC.INI
    —-a-w 818 2008-12-21 12:50:43 C:\WINDOWS\orun32.ini
    —-a-w 216 2009-02-09 09:37:35 C:\WINDOWS\password.klc
    —-a-w 63 2008-12-21 14:27:12 C:\WINDOWS\PixieTool.INI
    —-a-w 32,540 2009-02-22 01:08:31 C:\WINDOWS\SchedLgU.Txt
    —-a-w 120 2009-02-09 10:51:42 C:\WINDOWS\setupact.log
    —-a-w 117,846 2009-02-18 22:10:10 C:\WINDOWS\setupapi.log
    —-a-w 0 2009-01-19 07:41:38 C:\WINDOWS\setuperr.log
    —-a-w 199 2009-01-26 08:31:29 C:\WINDOWS\Snelkoppeling naar Cd-rom-station.lnk
    —-a-w 348 2009-01-24 18:37:06 C:\WINDOWS\spupdsvc.log
    —-a-w 227 2009-02-21 22:28:08 C:\WINDOWS\system.ini
    —-a-w 18,875 2009-01-24 18:37:06 C:\WINDOWS\tsoc.log
    —-a-w 7,037 2009-01-19 07:45:16 C:\WINDOWS\updspapi.log
    —-a-w 259 2009-02-22 10:01:33 C:\WINDOWS\wiadebug.log
    —-a-w 49 2009-02-22 09:58:49 C:\WINDOWS\wiaservc.log
    —-a-w 789 2009-02-14 21:28:36 C:\WINDOWS\win.ini
    —-a-w 117 2008-10-02 17:17:02 C:\WINDOWS\wincmd.ini
    —-a-w 1,395,604 2009-02-22 10:11:15 C:\WINDOWS\WindowsUpdate.log
    —-a-w 938 2009-02-10 13:31:28 C:\WINDOWS\wmsetup.log

    Entries: 49 (48)
    Directories: 0 Files: 49
    Bytes: 2,775,475 Blocks: 5,444
    ======C:\WINDOWS\system32=====
    —-a-w 224 2009-02-13 15:29:53 C:\WINDOWS\System32\9B13A86D.plf
    —-a-w 124,928 2008-10-16 20:33:22 C:\WINDOWS\System32\advpack.dll
    —-a-w 50 2009-02-17 10:00:59 C:\WINDOWS\System32\bridf06a.dat
    —-a-w 92,696 2008-10-16 13:09:44 C:\WINDOWS\System32\cdm.dll
    —-a-w 410,984 2009-02-19 17:52:23 C:\WINDOWS\System32\deploytk.dll
    —-a-w 347,136 2008-10-16 20:33:22 C:\WINDOWS\System32\dxtmsft.dll
    —-a-w 214,528 2008-10-16 20:33:22 C:\WINDOWS\System32\dxtrans.dll
    —-a-w 133,120 2008-10-16 20:33:22 C:\WINDOWS\System32\extmgr.dll
    —-a-w 0 2009-01-26 18:32:19 C:\WINDOWS\System32\ff03872f-.txt
    —-a-w 861,616 2009-01-24 21:03:18 C:\WINDOWS\System32\FNTCACHE.DAT
    —-a-w 286,720 2008-10-23 12:43:45 C:\WINDOWS\System32\gdi32.dll
    —-a-w 63,488 2008-10-16 20:33:22 C:\WINDOWS\System32\icardie.dll
    —-a-w 70,656 2008-10-16 13:14:32 C:\WINDOWS\System32\ie4uinit.exe
    —-a-w 153,088 2008-10-16 20:33:22 C:\WINDOWS\System32\ieakeng.dll
    —-a-w 230,400 2008-10-16 20:33:22 C:\WINDOWS\System32\ieaksie.dll
    —-a-w 161,792 2008-10-15 07:04:53 C:\WINDOWS\System32\ieakui.dll
    —-a-w 383,488 2008-10-16 20:33:23 C:\WINDOWS\System32\ieapfltr.dll
    —-a-w 384,512 2008-10-16 20:33:23 C:\WINDOWS\System32\iedkcs32.dll
    —-a-w 6,066,176 2008-10-16 20:33:25 C:\WINDOWS\System32\ieframe.dll
    —-a-w 44,544 2008-10-16 20:33:25 C:\WINDOWS\System32\iernonce.dll
    —-a-w 267,776 2008-10-16 20:33:25 C:\WINDOWS\System32\iertutil.dll
    —-a-w 13,824 2008-10-16 13:11:09 C:\WINDOWS\System32\ieudinit.exe
    —-a-w 1,831,424 2008-10-16 20:33:26 C:\WINDOWS\System32\inetcpl.cpl
    —-a-w 144,792 2009-02-19 17:52:23 C:\WINDOWS\System32\java.exe
    —-a-w 73,728 2009-02-19 17:52:23 C:\WINDOWS\System32\javacpl.cpl
    —-a-w 144,792 2009-02-19 17:52:23 C:\WINDOWS\System32\javaw.exe
    —-a-w 148,888 2009-02-19 17:52:23 C:\WINDOWS\System32\javaws.exe
    —-a-w 27,648 2008-10-16 20:33:26 C:\WINDOWS\System32\jsproxy.dll
    —-a-w 15,688 2009-02-18 22:03:03 C:\WINDOWS\System32\lsdelete.exe
    —-a-w 1,205 2008-12-14 15:32:27 C:\WINDOWS\System32\lvcoinst.log
    —-a-w 20,853,704 2009-01-09 16:35:30 C:\WINDOWS\System32\MRT.exe
    —-a-w 459,264 2008-10-16 20:33:26 C:\WINDOWS\System32\msfeeds.dll
    —-a-w 52,224 2008-10-16 20:33:26 C:\WINDOWS\System32\msfeedsbs.dll
    —-a-w 3,593,216 2008-12-13 06:39:18 C:\WINDOWS\System32\mshtml.dll
    —-a-w 477,696 2008-10-16 20:33:29 C:\WINDOWS\System32\mshtmled.dll
    —-a-w 193,024 2008-10-16 20:33:29 C:\WINDOWS\System32\msrating.dll
    —-a-w 671,232 2008-10-16 20:33:30 C:\WINDOWS\System32\mstime.dll
    —-a-w 1,106,944 2008-09-04 17:17:14 C:\WINDOWS\System32\msxml3.dll
    —-a-w 1,286,152 2008-09-30 15:43:34 C:\WINDOWS\System32\msxml4.dll
    ——w 1,307,648 2008-09-10 01:16:18 C:\WINDOWS\System32\msxml6.dll
    —-a-w 268,648 2008-10-16 13:06:48 C:\WINDOWS\System32\mucltui.dll
    —-a-w 27,496 2008-10-16 13:06:34 C:\WINDOWS\System32\mucltui.dll.mui
    —-a-w 208,744 2008-10-16 13:07:48 C:\WINDOWS\System32\muweb.dll
    —-a-w 337,408 2008-10-15 16:37:40 C:\WINDOWS\System32\netapi32.dll
    —-a-w 102,912 2008-10-16 20:33:30 C:\WINDOWS\System32\occache.dll
    —-a-w 72,940 2009-02-15 15:33:38 C:\WINDOWS\System32\perfc009.dat
    —-a-w 93,144 2009-02-15 15:33:38 C:\WINDOWS\System32\perfc013.dat
    —-a-w 446,178 2009-02-15 15:33:38 C:\WINDOWS\System32\perfh009.dat
    —-a-w 514,356 2009-02-15 15:33:38 C:\WINDOWS\System32\perfh013.dat
    —-a-w 1,141,758 2009-02-15 15:33:38 C:\WINDOWS\System32\PerfStringBackup.INI
    —-a-w 278,528 2008-10-22 08:49:37 C:\WINDOWS\System32\pncrt.dll
    —-a-w 6,656 2008-10-22 08:49:45 C:\WINDOWS\System32\pndx5016.dll
    —-a-w 5,632 2008-10-22 08:49:45 C:\WINDOWS\System32\pndx5032.dll
    —-a-w 44,544 2008-10-16 20:33:30 C:\WINDOWS\System32\pngfilt.dll
    ——w 551,672 2009-01-12 19:22:24 C:\WINDOWS\System32\Px.dll
    ——w 531,192 2009-01-12 19:22:24 C:\WINDOWS\System32\pxdrv.dll
    ——w 72,440 2009-01-12 19:22:33 C:\WINDOWS\System32\pxhpinst.exe
    ——w 187,128 2009-01-12 19:22:23 C:\WINDOWS\System32\PxMas.dll
    ——w 1,628,920 2009-01-12 19:22:26 C:\WINDOWS\System32\PxSFS.DLL
    ——w 379,640 2009-01-12 19:22:24 C:\WINDOWS\System32\PxWave.dll
    —-a-w 185,944 2008-10-22 08:50:01 C:\WINDOWS\System32\rmoc3260.dll
    —-a-w 247,326 2008-10-03 10:05:08 C:\WINDOWS\System32\strmdll.dll
    ——w 62,976 2008-10-23 10:06:59 C:\WINDOWS\System32\tzchange.exe
    —-a-w 960,766 2009-01-19 07:45:02 C:\WINDOWS\System32\TZLog.log
    —-a-w 105,984 2008-10-16 20:33:30 C:\WINDOWS\System32\url.dll
    —-a-w 1,160,192 2008-10-16 20:33:31 C:\WINDOWS\System32\urlmon.dll
    ——w 39,672 2009-01-12 19:22:19 C:\WINDOWS\System32\VXBLOCK.dll
    —-a-w 233,472 2008-10-16 20:33:32 C:\WINDOWS\System32\webcheck.dll
    —-a-w 1,846,528 2008-09-15 15:28:42 C:\WINDOWS\System32\win32k.sys
    —-a-w 826,368 2008-10-16 20:33:32 C:\WINDOWS\System32\wininet.dll
    —-a-w 1,158 2009-02-22 09:59:15 C:\WINDOWS\System32\wpa.dbl
    —-a-w 561,688 2008-10-16 13:12:20 C:\WINDOWS\System32\wuapi.dll
    —-a-w 27,672 2008-10-16 13:08:10 C:\WINDOWS\System32\wuapi.dll.mui
    —-a-w 51,224 2008-10-16 13:09:44 C:\WINDOWS\System32\wuauclt.exe
    —-a-w 213,528 2008-10-16 13:12:20 C:\WINDOWS\System32\wuaucpl.cpl
    —-a-w 27,672 2008-10-16 13:08:10 C:\WINDOWS\System32\wuaucpl.cpl.mui
    —-a-w 1,809,944 2008-10-16 13:13:40 C:\WINDOWS\System32\wuaueng.dll
    —-a-w 18,968 2008-10-16 13:07:30 C:\WINDOWS\System32\wuaueng.dll.mui
    —-a-w 323,608 2008-10-16 13:12:22 C:\WINDOWS\System32\wucltui.dll
    —-a-w 35,864 2008-10-16 13:09:40 C:\WINDOWS\System32\wucltui.dll.mui
    —-a-w 34,328 2008-10-16 13:08:58 C:\WINDOWS\System32\wups.dll
    —-a-w 43,544 2008-10-16 13:09:44 C:\WINDOWS\System32\wups2.dll
    —-a-w 202,776 2008-10-16 13:12:24 C:\WINDOWS\System32\wuweb.dll

    Entries: 83 (83)
    Directories: 0 Files: 83
    Bytes: 58,622,153 Blocks: 114,523
    ======C:\WINDOWS\system32\drivers=====
    —-a-w 18,944 2009-01-09 15:39:43 C:\WINDOWS\System32\drivers\busbcrw.sys
    —-a-w 16,827 2009-01-26 19:05:41 C:\WINDOWS\System32\drivers\hosts
    —-a-w 64,160 2009-02-18 22:03:00 C:\WINDOWS\System32\drivers\Lbd.sys
    —-a-w 15,504 2009-02-11 09:19:34 C:\WINDOWS\System32\drivers\mbam.sys
    —-a-w 38,496 2009-02-11 09:19:42 C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    —-a-w 455,296 2008-10-24 11:21:09 C:\WINDOWS\System32\drivers\mrxsmb.sys
    —-a-w 333,952 2008-12-11 10:57:09 C:\WINDOWS\System32\drivers\srv.sys

    Entries: 7 (7)
    Directories: 0 Files: 7
    Bytes: 943,179 Blocks: 1,846
    ======C:\WINDOWS\Tasks======
    —-a-w 472 2009-02-18 22:07:03 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    —-a-w 284 2008-09-30 06:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    —-a-w 326 2009-02-11 20:47:09 C:\WINDOWS\Tasks\HPCeeSchedule.job
    —-a-w 462 2009-02-21 17:00:18 C:\WINDOWS\Tasks\ParetoLogic Registration.job
    —ha-w 6 2009-02-22 09:58:42 C:\WINDOWS\Tasks\SA.DAT
    —-a-w 1,596 2009-02-20 01:00:46 C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job

    Entries: 6 (5)
    Directories: 0 Files: 6
    Bytes: 3,146 Blocks: 9
    =======C:\Program Files=====
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    =======C:=====
    —-a-w 2,460 2009-02-22 09:58:28 C:\aaw7boot.log
    —-a-w 3,072 2008-12-01 11:29:08 C:\ads_err.adi
    —-a-w 21,166 2008-12-01 11:30:26 C:\ads_err.adt
    —-a-w 192 2009-01-12 11:47:15 C:\BcBtRmv.log
    –sha-r 282 2009-01-04 13:49:03 C:\boot.ini
    —-a-w 80 2009-02-15 17:12:51 C:\bootdelete.lst
    —-a-w 23,033 2009-02-21 22:58:44 C:\ComboFix.txt
    —-a-w 0 2009-02-13 15:29:46 C:\FileRecovery.log
    –sha-w 1,072,152,576 2009-02-22 09:58:36 C:\hiberfil.sys
    —-a-w 164 2008-09-08 07:38:33 C:\install.dat
    —-a-w 90 2008-12-04 13:10:16 C:\LogiSetup.log
    –sha-w 1,610,612,736 2009-02-22 09:58:29 C:\pagefile.sys
    —-a-w 216 2008-12-20 10:48:44 C:\password.klc
    —-a-w 11,048,322 2009-01-15 08:21:15 C:\PctvMobileChannelScan.log
    —-a-w 13,030 2008-12-30 14:12:40 C:\PDOXUSRS.NET
    —ha-w 232 2008-12-23 22:20:47 C:\sqmdata00.sqm
    —ha-w 232 2008-12-23 22:23:12 C:\sqmdata01.sqm
    —ha-w 232 2008-12-23 22:29:12 C:\sqmdata02.sqm
    —ha-w 232 2008-12-23 22:32:31 C:\sqmdata03.sqm
    —ha-w 232 2008-12-24 18:42:52 C:\sqmdata04.sqm
    —ha-w 232 2008-12-24 19:25:29 C:\sqmdata05.sqm
    —ha-w 268 2009-01-06 13:24:19 C:\sqmdata06.sqm
    —ha-w 268 2009-01-06 15:35:55 C:\sqmdata07.sqm
    —ha-w 232 2009-01-24 18:18:08 C:\sqmdata08.sqm
    —ha-w 232 2009-01-24 21:10:14 C:\sqmdata09.sqm
    —ha-w 232 2009-01-25 09:45:21 C:\sqmdata10.sqm
    —ha-w 232 2009-01-25 09:47:15 C:\sqmdata11.sqm
    —ha-w 268 2009-01-25 15:36:16 C:\sqmdata12.sqm
    —ha-w 232 2009-01-26 08:41:45 C:\sqmdata13.sqm
    —ha-w 268 2009-02-08 16:49:12 C:\sqmdata14.sqm
    —ha-w 232 2008-12-23 22:15:14 C:\sqmdata15.sqm
    —ha-w 232 2008-12-23 22:15:19 C:\sqmdata16.sqm
    —ha-w 232 2008-12-23 22:20:10 C:\sqmdata17.sqm
    —ha-w 232 2008-12-23 22:20:19 C:\sqmdata18.sqm
    —ha-w 232 2008-12-23 22:20:33 C:\sqmdata19.sqm
    —ha-w 244 2008-12-23 22:20:47 C:\sqmnoopt00.sqm
    —ha-w 244 2008-12-23 22:23:12 C:\sqmnoopt01.sqm
    —ha-w 244 2008-12-23 22:29:12 C:\sqmnoopt02.sqm
    —ha-w 244 2008-12-23 22:32:31 C:\sqmnoopt03.sqm
    —ha-w 244 2008-12-24 18:42:52 C:\sqmnoopt04.sqm
    —ha-w 244 2008-12-24 19:25:29 C:\sqmnoopt05.sqm
    —ha-w 244 2009-01-06 13:24:10 C:\sqmnoopt06.sqm
    —ha-w 244 2009-01-06 15:35:55 C:\sqmnoopt07.sqm
    —ha-w 244 2009-01-24 18:18:08 C:\sqmnoopt08.sqm
    —ha-w 244 2009-01-24 21:10:14 C:\sqmnoopt09.sqm
    —ha-w 244 2009-01-25 09:45:21 C:\sqmnoopt10.sqm
    —ha-w 244 2009-01-25 09:47:15 C:\sqmnoopt11.sqm
    —ha-w 244 2009-01-25 15:36:15 C:\sqmnoopt12.sqm
    —ha-w 244 2009-01-26 08:41:44 C:\sqmnoopt13.sqm
    —ha-w 244 2009-02-08 16:49:12 C:\sqmnoopt14.sqm
    —ha-w 244 2008-12-23 22:15:14 C:\sqmnoopt15.sqm
    —ha-w 244 2008-12-23 22:15:19 C:\sqmnoopt16.sqm
    —ha-w 244 2008-12-23 22:20:10 C:\sqmnoopt17.sqm
    —ha-w 244 2008-12-23 22:20:19 C:\sqmnoopt18.sqm
    —ha-w 244 2008-12-23 22:20:33 C:\sqmnoopt19.sqm
    —-a-w 199 2008-09-08 07:06:01 C:\yousendit.log

    Entries: 56 (13)
    Directories: 0 Files: 56
    Bytes: 2,693,887,282 Blocks: 5,261,526
    ======C:\Documents and Settings\Compaq_Eigenaar\Application Data======
    Entries: 0 (0)
    Directories: 0 Files: 0
    Bytes: 0 Blocks: 0
    ======C:\Documents and Settings\Compaq_Eigenaar======
    —-a-w 74 2009-02-14 21:32:51 C:\Documents and Settings\Compaq_Eigenaar\default.pls
    —-a-w 1,486 2009-02-21 15:22:19 C:\Documents and Settings\Compaq_Eigenaar\intlname.ols
    —-a-w 15,179,776 2009-02-22 01:08:51 C:\Documents and Settings\Compaq_Eigenaar\ntuser.dat
    —ha-w 1,024 2009-02-22 10:16:20 C:\Documents and Settings\Compaq_Eigenaar\ntuser.dat.LOG
    –sh–w 288 2009-02-22 01:08:22 C:\Documents and Settings\Compaq_Eigenaar\ntuser.ini

    Entries: 5 (3)
    Directories: 0 Files: 5
    Bytes: 15,182,648 Blocks: 29,655
    ======C:\WINDOWS\Downloaded Program Files====
    —-a-w 386,048 2008-12-24 14:38:24 C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
    —-a-w 295 2008-10-16 13:16:04 C:\WINDOWS\Downloaded Program Files\muweb.inf
    —-a-w 293 2008-10-16 13:16:04 C:\WINDOWS\Downloaded Program Files\wuweb.inf

    Entries: 3 (3)
    Directories: 0 Files: 3
    Bytes: 386,636 Blocks: 756
    =============
  • Download en bewaar SDFix
    op je bureaublad.
    Dubbelklik op [b:9a0b3cf810]SDFix.exe[/b:9a0b3cf810] en kies voor [b:9a0b3cf810]Install[/b:9a0b3cf810] om het tooltje uit te pakken in een eigen map op je bureaublad.

    Start de computer opnieuw op, maar dan in veilige modus.

    [list:9a0b3cf810][*:9a0b3cf810] In veilige modus, open de SDFix map op je bureaublad en dubbelklik op [b:9a0b3cf810]RunThis.bat[/b:9a0b3cf810] om het tooltje te starten.
    [*:9a0b3cf810] Typ [b:9a0b3cf810]Y[/b:9a0b3cf810] om het clean proces te starten.
    [*:9a0b3cf810] het verwijdert alle Trojan Services of Registry Entries die met deze infectie te maken hebben, als het tooltje klaar is zal het jou vertellen om eender welke toets te drukken om je pc te herstarten, doe dit ook.
    [*:9a0b3cf810] Wanneer de pc herstart zal het tooltje opnieuw runnen en het opruimproces beëindigen en je de melding [b:9a0b3cf810]Finished[/b:9a0b3cf810] tonen, druk dan op eender welke toets om het scriptje te beëindigen en je bureaublad zullen tevoorschijn komen.
    [*:9a0b3cf810] Wanneer je bureaublad icoontjes verschijnen zal het rapportje van SDFix openen en ook in de map bewaren onder de naam [b:9a0b3cf810]Report.txt[/b:9a0b3cf810].[/list:u:9a0b3cf810]
  • Mijn report.txt log


    [b:c71f1cc9fc]SDFix: Version 1.240 [/b:c71f1cc9fc]
    Run by Compaq_Eigenaar on zo 22-02-2009 at 12:11

    Microsoft Windows XP [versie 5.1.2600]
    Running From: C:\Documents and Settings\Compaq_Eigenaar\Bureaublad\SDFix

    [b:c71f1cc9fc]Checking Services [/b:c71f1cc9fc]:


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    [b:c71f1cc9fc]Checking Files [/b:c71f1cc9fc]:

    Trojan Files Found:

    C:\WINDOWS\system32\drivers\hosts - Deleted





    Removing Temp Files

    [b:c71f1cc9fc]ADS Check [/b:c71f1cc9fc]:



    [b:c71f1cc9fc]Final Check [/b:c71f1cc9fc]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-22 13:04:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden services & system hive …

    scanning hidden registry entries …

    scanning hidden files …

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    [b:c71f1cc9fc]Remaining Services [/b:c71f1cc9fc]:




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe"="C:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL.exe:*:Enabled:C:\\Documents and Settings\\Compaq_Eigenaar\\Mijn documenten\\internet\\bankingtools\\ActiveInstall_NL"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Ahead\\Nero\\nero.exe"="C:\\Program Files\\Ahead\\Nero\\nero.exe:*:Enabled:Nero Burning ROM"
    "C:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe"="C:\\Program Files\\BankingTools\\C@shflow v3\\Update.exe:*:Enabled:Update"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\Downloaded Program Files\\imloader.exe"="C:\\WINDOWS\\Downloaded Program Files\\imloader.exe:*:Disabled:IncrediMail Installer"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
    "C:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe"="C:\\Program Files\\BankingTools\\C@shflow v3\\C@shflowApp.exe:*:Enabled:C@shFlowApp"
    "C:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe"="C:\\Program Files\\BankingTools\\C@shflow V3.2\\C@shflowApp.exe:*:Enabled:C@shFlowApp"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b:c71f1cc9fc]Remaining Files [/b:c71f1cc9fc]:


    File Backups: - C:\DOCUME~1\COMPAQ~1\BUREAU~1\SDFix\backups\backups.zip

    [b:c71f1cc9fc]Files with Hidden Attributes [/b:c71f1cc9fc]:

    Wed 7 Feb 2007 213 A.SHR — "C:\BOOT.BAK"
    Tue 11 Jan 2005 68,608 A..H. — "C:\DK7\Autoplay CD Augustus 2004\~WRL3313.tmp"
    Sun 2 Feb 2003 47,104 A..H. — "C:\DK7\lessen\~WRL1369.tmp"
    Sat 4 Oct 2008 6,108,728 A..H. — "C:\Program Files\Picasa2\setup.exe"
    Mon 26 Jan 2009 1,740,632 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 26 Jan 2009 5,365,592 A.SHR — "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 26 Jan 2009 2,144,088 A.SHR — "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sat 18 Feb 2006 32 A.SH. — "C:\WINDOWS\SMINST\HPCD.SYS"
    Mon 17 Jan 2005 188,928 A..H. — "C:\DK7\lessen\makkelijke lessen\~WRL3653.tmp"
    Thu 8 Feb 2007 0 A.SH. — "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS016C5A33-587F-4A4D-879E-072C8E30E3DF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0489282A-FE53-4DA6-8DBB-01CC5FF01118.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS06DC6519-8941-4C05-B359-FBE0E997BC9C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS076EEA32-3A21-4C21-BF02-F98C59A99DF6.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS09894D2F-84DE-451E-8227-65B474F58309.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BC3E71D-0C65-47CD-9034-C62FA1E07BCE.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FA2A7DB-BCEF-43AE-AEFA-FA95A6673333.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS10CF0D4C-C9D1-45C9-AC34-4D065F18C4EC.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS132C64AC-E453-46E9-943B-1686AA3E6018.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS15B16814-D23F-4D4B-B615-A38481B4A374.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS162D4F3B-F908-4F96-9CF8-B084FFFD0346.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS17713FC2-9BFA-4E3F-9462-30C63F3A4A4E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A2E9B7A-3A0C-43A8-B375-E36FFD8066F9.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A73F193-1BCC-4017-85E9-F1F012D0A21A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1BFF16C1-594B-4BD0-954A-2AC23B991904.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DAA31EA-DCEF-48C6-AF2E-B029C72CF38B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2006BC2C-35EC-4F37-91D8-F1516BB1A993.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS213B2E98-8DEF-4764-A842-6CC1A7F2B29F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS22F2BA0E-559A-464B-991A-0E8DDDC0078F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2937A060-55C5-4C97-B501-786B0C72D0F2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2BEECCF5-D227-4EEC-A89A-64961362BC5C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D95F33E-1C28-46F6-8DA0-991418F15E63.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS30C72D40-F2FD-48BC-BB92-5A6C168A649C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33EDC69E-1C71-49AC-ADED-E8FC00820C37.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS341E00FE-4898-4BFD-BFBE-CF40EA67FC6E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34B8A6C1-15B9-4D4B-8C0E-38F785061DD1.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS37D8A65A-B9EC-4B7D-80D0-C741EDE8A7EA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BC5638F-1B88-4E96-9A34-2AE946A9C71B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BC3BF36-C487-4AC1-A278-F4CDDF240A5D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E2CF8BE-568E-4232-AB47-6423A0A07E32.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E6AE9ED-5FB8-4C25-A98A-3F70E38F95FA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS407C6C52-CBAC-4924-91D1-C1D99CFD59FB.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42365D8C-F3E3-433D-8B69-5185BB058E4C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS433B732F-B9E2-4431-BD40-4B91369A330C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS44FBE0AF-43A8-44C4-9FAD-F72749D27C0A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4483CCBD-96C5-4532-86E2-C474B4FA1FD2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS496BE45F-9DDA-4B2B-9ED8-30CC92CA4EF9.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C795AC9-DB2F-4CE4-89CC-9CDAD45975AD.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54415B87-A7E2-4C5B-9EB8-5FA19499A91D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55881B4E-5EFE-4B9B-BC7C-FA4F15AB4BD7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5644E99A-4719-4BD0-86FF-548991012E11.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57D53C6C-A623-4C8A-887C-D57152B1CCCC.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5BBC3A29-2296-4034-BF2C-B9B0030A9034.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5FC42547-1AAA-4DD3-8815-255D39506847.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS60211F58-C9A7-4906-B727-96B898697ECB.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D0AB840-2B4D-4306-BBAD-F18444351D7B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FBF263F-537B-4B5A-9D24-96FB334E3E56.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7014F99B-F97A-40D7-9725-965236546CD3.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS72E3D5F7-7A76-45E5-83F5-6FFD0973C27F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7664FA1C-6141-4BD6-8EF2-DA246EAF553C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A0F40AF-9986-4DD4-BFF5-3703A5234225.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7BD0BC06-E6B6-4E3D-9CB5-4CF99EED792A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7DBB7BBF-9417-4216-A5FC-E2937C1C1DA3.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7EB363B0-C1CA-46F4-AA84-33AD6F2FC6AD.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS82142910-67D0-47E0-A19E-D5E792565A7A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS867512D0-0763-4625-BCAD-AE6BF73D938D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86688816-6181-4459-AA5F-C77A7995B995.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8AD09760-DDC2-4383-9034-3DEFB6010FC6.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8CCDB24D-D18F-4D1A-AB53-B9FF9E07DFFE.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9597208D-B20E-4091-B42C-5277EB5117CF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS98B53232-AD04-4C5C-B5A1-8062AF6A217C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E05C75B-31A3-437E-8054-25C300B596C7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1479AD0-956B-461F-A41C-07DD7254EFE0.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA35D3B8D-0B75-4357-A75A-C2058B5E54BA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA6B6FAC9-F931-449D-9E1D-7759B0F9B677.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAED18E8A-EB2F-44C0-B842-F09ECBDED1E7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB5D50227-CAAA-4DD0-AD8A-6B2A0CB8D13D.tmp"
    Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB603E016-6389-4477-B823-D16F30F0C925.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB8848DDC-19E8-4E1F-8F51-0FA3F600036C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB8806BEA-829E-476A-B0BA-A0A9BE4FE321.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB4D53D5-981F-4086-8EDD-527B8E6AAD78.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBCDB0FB0-DB32-449E-95BD-46D7A33FCBEA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF9A075C-3E4C-4187-BC16-B21EC38F26CE.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0A4E113-F0F4-4123-8AD0-553D170CEFDA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC12A34EA-41DC-4909-BB88-E47B093ED8DC.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC214C1C1-AB32-4147-9BFD-E8475D797B1A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC5F67F39-FF75-4B83-AEDB-B83437B277A1.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD1E04F4-7D02-4F3B-A5C8-25BCDB094770.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD658554B-5C81-4C93-A701-AEF743E2C9E2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD6E6DA82-ACA9-47A7-A869-A3E12886A03F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD730B216-BE8A-4632-8A76-5A5B4F950AA8.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8C144A0-8B89-41B6-9336-5F48A7F0E5A8.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD9CDDE84-760D-4E86-8430-FB15681C85F6.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDB0E6E88-EC3B-41B5-B279-4A080D7974DF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDABD51E-636B-443D-B848-AEBB7185B594.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDEC98F10-D683-4B43-B78D-83FBC204D1A1.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE20A864F-AE0E-4944-B25F-F0F930A8B957.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3C2865B-7C1E-4508-B37C-D98517E1659C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6D94CE4-5C64-4F5B-BFDF-992B7CB2D9E7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE678B38E-DC11-4777-8997-26F405370CA5.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE9756037-0DC0-4C2B-9B2D-147C27B05FB5.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEA84EE7A-4E63-4826-93FE-6BAFDE12CD32.tmp"
    Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC85E4B3-C3FA-4EDC-A638-7074205B51D2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC2C54E7-FE70-43C6-977F-DF6C324A2BE9.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEE4B1780-B941-4D15-8768-E2A2BAD7535B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFFC1C74-B811-4C7C-B5EA-DCD0B348AC7E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEFA39AC1-8CA3-44C2-85AA-0DCA88F55620.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF50A6A36-CAFA-44DF-BE98-BA87A46523B9.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6D52045-9ED1-4CDF-8416-5CF3E9CC72F9.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF783F69B-FDAF-4673-8B66-F2549ABDF7F5.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF8A7AF93-FA59-41B1-9DAA-3B3025C99EA4.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC7594FC-AA24-42A5-910D-EB8464E6AA1B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC8330B1-053B-4742-9875-34CAAD8DCD24.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE4A6FBE-CD52-4107-BFDE-7742816977ED.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS01ECE980-F2F6-4108-AAE0-2675C569D3F7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS02EFB277-3158-4C25-B02F-849654AA9C3E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS038620C9-4597-4538-AFAF-AC7F96FACC34.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS039A2695-DBD9-4FD1-A4DC-42FE4267C2D2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS054959EE-4FC5-4881-AFEB-C2D0D77B4B4F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0618EAF2-30FC-4868-8326-C715F0182FA7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS08EEB2B3-4E36-403E-B5B4-A61D4F56C3E2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0A751D6D-490B-41C5-BB63-CCE75748D6B8.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BC283BB-4F71-4F68-BF2D-AD0221DC876A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0FD98D5B-56DC-46B1-AD5D-38D4B4B8D07C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12AA8A75-7C77-449C-BF3E-38CEA6AD88E2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS14B918FE-94B0-42C4-88E6-1EB6A719179E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS173CD804-814E-413E-BBAE-2CC6B112DC03.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1769E9BE-7CE1-4B07-B2C4-FB8EE1B695B6.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A77C467-9B9F-4C19-BE35-AEE3A3B6304F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A7583F4-2BB5-4072-BF0B-DCCA3D2181E5.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1C04C41D-10FA-475E-99A6-9B55D61B6FBB.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DBAF6D3-3191-425E-82FC-4429C1FBC013.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1D05AA08-682C-412F-8CA1-9E8BCF852AD6.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1DB7B254-9F8B-408F-BE5F-DBBC9521B26A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1FC791F8-B8A6-4245-957C-1674FD746B18.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2096128A-AA30-42E5-9246-FC49FC16B1A1.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS24BFED0F-07B3-47A6-B086-E6079044513C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS26990AD1-80B4-4E4A-B1FB-1F5D1602F977.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2719EE17-554C-46AB-B9EB-A3788087BB4D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS278D3C23-A12C-4002-9ED1-E5313734F938.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS297FDA33-A551-40C6-B8D4-C25F630C9C0F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2EF3C817-C6BD-484D-9672-944C273DE728.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS30E684B4-C5A7-45F1-B2BD-B9CCBF3C79C4.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS304EC783-E567-4184-9C84-306561951ECF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS318A5117-C026-41BD-BEA2-F590A722091B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34FDCC8B-1C22-420F-A56D-6484291C0962.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3426E2F0-3032-45FC-AFFB-D40DA6DD0827.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS36641A66-3CBA-4B6B-9F12-B52F093C27B7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39960DAE-E1A8-4947-A4BE-B74CB89DC232.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3ACD8080-1BCC-4D95-A610-42D2C8C8D667.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D62AB6E-F644-4792-90C0-C4C7843C45BF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40D4AAFC-AA66-42BA-A560-A5F43BB12782.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40659536-463B-4629-9A7F-10D3B318B9B6.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS441BAAB1-2DB8-42E8-9193-3454CCC47D0E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS445DBEE6-1A52-4860-A548-8297FA94703C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS48F99363-977A-49A2-89EB-02286FADDDCA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EF33CDC-D144-4605-9CDF-A3CE99BDC2BD.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EB63AB5-2CAB-4F39-87AA-85DB20353AA0.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS522DDF07-E66E-49AE-8E99-D4791910B371.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS522B2980-F6F8-45EB-9F97-50D94C161073.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5354B207-B8F5-466B-883C-3AF491530B3C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5BAFC125-ABB1-40C1-9657-A038C663548A.tmp"
    Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CD36160-869B-42F9-B820-DFE4488AFD92.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6382C50E-3B42-4C95-91FA-3B38D65D606F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66BD7417-BA7C-4D3E-B187-C2B75B29096C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67C32D79-FE32-4A80-8B87-A316C0B79CC3.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS68CB3DE7-C501-41B5-AA99-C84DB4C80CBE.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AA4F2D9-61A3-4707-9808-CDF5EB020C9B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D738B86-828E-4DDD-A857-7560D7B6FAA7.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7099B2C6-E9A5-47AF-BAEA-EDD97859AFDF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS70382FBF-3363-407A-A75C-3021BE398356.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS71957731-249C-4FBE-B44B-0EFC875F3F59.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS731E2770-6F93-43F5-94CA-2EDFA637B210.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS74AFF66F-1726-4B6D-85C3-EA91D3341460.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS766604A1-8840-4B0A-8999-0A4957B3B20C.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS770597EA-457C-42A0-83E2-894E47E88BE2.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS78AAA455-796A-4750-B526-D3C2E96F042B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8732D257-C121-453C-AA7F-5E21B85C65C9.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B8AA3FE-9D7C-40B8-99FA-FC5FDF077CEF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F2C4E85-8AEA-49EB-9DDB-B972E3D62E20.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS913EA1DD-6CBA-4BA8-A3FA-75DD22989E89.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A8CC78E-13AC-4B42-8659-C2667B66F0BF.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B85334F-047D-4351-8B96-515979095DC8.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C905D24-ED90-468C-9E46-B45106125C55.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9CF68234-6E02-4E9B-8D8D-E6E4E620F2B1.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D47F822-EE14-40FF-9424-489F9879014D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9F6E62B1-9728-4F59-BDA5-E12122241060.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA103B7E6-A960-41D6-9F29-94CF41AECD85.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3C13C58-1F91-4404-9B20-6D2FD7C0155D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA421A908-8779-46AC-A87B-5F8AAE5CFD40.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA46F7CBD-792E-45E8-BA8A-48E2BE22B93F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA904B900-F350-4DAF-89BB-5DBF19BE47D0.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABF981AC-3CD8-45CC-BA8E-68BCB95A7E5D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABDAD950-CF92-4109-817F-DE782787120D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAECD87CE-7860-44E6-AF0D-43EB64FA9803.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF53237B-7B25-4B42-84CC-4DD1CE0EE17E.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC7367AD-D19C-41D0-A353-E3EA66D046C0.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE9AAD7F-2FB6-47CD-93BF-F741AAA11DEA.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC7B7344C-E18F-4467-BAA3-A307B523817B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD4ADA4E7-9F3C-4988-892B-55776D314BB4.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5C04DE2-B6FE-49F1-AC00-EBBB60E09844.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD67F3E81-8BE0-4486-A3DA-EEAEE5B9244F.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD84037C8-44D2-4A76-90E6-6FB80830EA86.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD89F9DE0-A09E-4C35-A1F5-595C4D247494.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8A688D5-C4E2-42DE-B40D-EEC50291D6FE.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDD3E6C9C-2B2D-4E57-AFE0-AFF811E217FC.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE76EF8DC-A8B4-4759-B80A-92F2828F4967.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE71BF117-DE43-46DD-AC8D-3E7CAA6F349A.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE85D839C-FBAC-43B3-83D8-305226F30F71.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE8DA9667-979A-4880-A54C-2272A80BA1A1.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE92510BF-6B98-4F2C-80AF-9884C1395458.tmp"
    Sun 22 Feb 2009 65,536 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSED45FE08-D82F-4D55-B932-49BE09EF4D80.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF5058D7F-ACF7-40AF-BEAE-4BEF117E7392.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9F74721-872F-42CA-81F4-B8E6F9C14973.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFAE5295E-4530-4B9B-A371-3CDC63F9E7C4.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC5B607C-68D3-4489-ACAB-A98CCED6516B.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFD538727-BA73-4F28-A794-0EA507EBEA5D.tmp"
    Sun 22 Feb 2009 0 A..H. — "C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFEEEC30B-C3C0-42B0-9141-4AB0F20ED018.tmp"
    Thu 24 Apr 2003 19,456 A..H. — "C:\Documents and Settings\Compaq_Eigenaar\Mijn documenten\Borduren\borduurprogrammas\balarad cd\01 BELANGRIJK Lees dit eerst\~WRL0409.tmp"
    Sun 3 Oct 2004 778,240 A.SH. — "C:\Documents and Settings\Compaq_Eigenaar\Mijn documenten\fotos\oostenrijk vakantie\oostenrijk\donderdag\SIV2.tmp"

    [b:c71f1cc9fc]Finished![/b:c71f1cc9fc]
  • Download [b:e13b7d5a14] naar je Bureaublad:[list:e13b7d5a14][*:e13b7d5a14]Dubbelklik [b:e13b7d5a14]drweb-cureit.exe[/b:e13b7d5a14] Klik op udate
    [*:e13b7d5a14]Na de update verschijnt er een nieuw icoontje op je buroblad "CureIt.exe" dubbelklik het en klik op Scan, sta het toe om de express scan te starten.
    [*:e13b7d5a14]Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:e13b7d5a14]Yes to all[/b:e13b7d5a14] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    [*:e13b7d5a14]Eenmaal de korte scan is beëindigd, kan je de drives selecteren die je wilt laten scannen.
    [*:e13b7d5a14]Selecteer hier [b:e13b7d5a14]alle drives[/b:e13b7d5a14]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    [*:e13b7d5a14]Klik daarna de [b:e13b7d5a14]groene pijl[/b:e13b7d5a14] rechts om de scan te starten.
    [*:e13b7d5a14]Klik [b:e13b7d5a14]Yes to all[/b:e13b7d5a14] wanneer er gevraagd wordt om cure of move uit te voeren.
    [*:e13b7d5a14]Wanneer de scan beëindigd is, kijk of je kunt op het icoontje naast de gevonden bestanden klikken: [img:e13b7d5a14]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:e13b7d5a14]
    [*:e13b7d5a14]Indien ja,klik er op en klik vervolgens op het icoontje er juist onder en selecteer [b:e13b7d5a14]Move incurable[/b:e13b7d5a14] zoals je hier ziet:
    [img:e13b7d5a14]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:e13b7d5a14]
    Dit verplaatst gevonden bestanden naar de "%userprofile%\DoctorWeb\quarantaine-map" indien herstel niet mogelijk is.
    [*:e13b7d5a14]Nadat de scan gedaan is, in het menu bovenaan, klik [b:e13b7d5a14]File[/b:e13b7d5a14] en kies [b:e13b7d5a14]Save report List[/b:e13b7d5a14]. Bewaar het op je Bureaublad.
    [*:e13b7d5a14]Sluit daarna Dr.Web Cureit.
    [*:e13b7d5a14][b:e13b7d5a14]Herstart[/b:e13b7d5a14] je computer!! [i:e13b7d5a14]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart[/i:e13b7d5a14].
    [*:e13b7d5a14]Na het herstarten, [b:e13b7d5a14]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post[/b:e13b7d5a14].
    [/list:u:e13b7d5a14]

    Negeer popups over Buy of 50% korting

    Plaats ook een nieuw HJT logje.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.