Vraag & Antwoord

Beveiliging & privacy

PC Security Guardian

Anoniem
Trein2010
40 antwoorden
  • Hallo,
    Ik heb een vervelende mallware, of hoe dat mag heten, binnen gekregen onder de naam PC Security Guardian. Het schijnt nogal ingewikkeld te zijn, om die weer te verwijderen. Kan iemand mij daar wat aanwijzingen voor geven? Ik gebruik Mozilla Firefox, om internet te openen. Mijn Eset NOD 32 antivirus programma is ook van het beeldscherm verdwenen en kan ik niet meer openen, om bijv. te scannen.
    Bij voorbaat dank.
    Piet.
  • Hoi Piet, ik zet hieronder de gebruiksaanwijzing hoe er vanaf te komen.
    Denk nu niet, dat indien je Windows daarna weer normaal reageert, dat de problemen over zijn, dus blijf bij de fix, totdat ik het groen licht geef!
    Succes ermee.


    Tip: kopieer de inhoud van deze post naar een kladblokdocument, dat je opslaat op je bureaublad!

    Indien de besmetting het onmogelijk maakt om de benodigde bestanden te downloaden, doe dit dan met een andere computer en transfereer dan de bestanden via CD, USB-HD of USB-stick


    Ten eerste: herstart je PC dan naar 'Veilige modus met netwerkmogelijkheid'!
    Weet je niet hoe in Veilige modus op te starten kijk dan hier: http://www.nationaalcomputerforum.nl/showthread.php?t=27396


    [b:b99d45a5e8]N.B.: Vista- en Windows 7 gebruik(st)ers starten alle hier vermelde tools middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:b99d45a5e8]


  • Hartelijk dank voor het uitgebreide antwoord. Wat een toestand! Ik ga er zo gauw mogelijk aan werken. Heb al uitgevonden hoe op te starten in de veilige modus, maar door andere werkzaamheden kan ik pas vanavond verder (met telefonische hulp van mijn broer). Ik meld me wel als we ergens tegenaan lopen, waar we geen raad mee weten.
    Maar voorlopig geweldig bedankt voor de eerste hulp.
    Groeten,
    Piet.
  • Hoi Piet, het moet gewoon allemaal lukken!
    Velen zijn jouw al voorgegaan!
  • Hier volgt de logfile van MBAM.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6694

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    27-5-2011 21:12:21
    mbam-log-2011-05-27 (21-12-21).txt

    Scantype: Snelle scan
    Objecten gescand: 136654
    Verstreken tijd: 1 minuut/minuten, 13 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 757
    Registerwaarden geïnfecteerd: 31
    Registerdata geïnfecteerd: 1
    Mappen geïnfecteerd: 2
    Bestanden geïnfecteerd: 15

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and
  • En hier de logfile van hijackthis.Bij het vorige bericht lukte het niet, om dat er onder te krijgen. Hoop dat het zo goed is. Met veel dank!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:25:05, on 27-5-2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Fighters\sfagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fighters\sfus.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fighters\FighterSuiteService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
    R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll
    O1 - Hosts: 66.232.114.203 www.google.com
    O1 - Hosts: 178.17.165.3 www.google.com
    O1 - Hosts: 66.232.114.203 www.google.com.au
    O1 - Hosts: 178.17.165.3 www.google.com.au
    O1 - Hosts: 66.232.114.203 www.google.be
    O1 - Hosts: 178.17.165.3 www.google.be
    O1 - Hosts: 66.232.114.203 www.google.com.br
    O1 - Hosts: 178.17.165.3 www.google.com.br
    O1 - Hosts: 66.232.114.203 www.google.ca
    O1 - Hosts: 178.17.165.3 www.google.ca
    O1 - Hosts: 66.232.114.203 www.google.ch
    O1 - Hosts: 178.17.165.3 www.google.ch
    O1 - Hosts: 66.232.114.203 www.google.de
    O1 - Hosts: 178.17.165.3 www.google.de
    O1 - Hosts: 66.232.114.203 www.google.dk
    O1 - Hosts: 178.17.165.3 www.google.dk
    O1 - Hosts: 66.232.114.203 www.google.fr
    O1 - Hosts: 178.17.165.3 www.google.fr
    O1 - Hosts: 66.232.114.203 www.google.ie
    O1 - Hosts: 178.17.165.3 www.google.ie
    O1 - Hosts: 66.232.114.203 www.google.it
    O1 - Hosts: 178.17.165.3 www.google.it
    O1 - Hosts: 66.232.114.203 www.google.co.jp
    O1 - Hosts: 178.17.165.3 www.google.co.jp
    O1 - Hosts: 66.232.114.203 www.google.nl
    O1 - Hosts: 178.17.165.3 www.google.nl
    O1 - Hosts: 66.232.114.203 www.google.no
    O1 - Hosts: 178.17.165.3 www.google.no
    O1 - Hosts: 66.232.114.203 www.google.co.nz
    O1 - Hosts: 178.17.165.3 www.google.co.nz
    O1 - Hosts: 66.232.114.203 www.google.pl
    O1 - Hosts: 178.17.165.3 www.google.pl
    O1 - Hosts: 66.232.114.203 www.google.se
    O1 - Hosts: 178.17.165.3 www.google.se
    O1 - Hosts: 66.232.114.203 www.google.co.uk
    O1 - Hosts: 178.17.165.3 www.google.co.uk
    O1 - Hosts: 66.232.114.203 www.google.co.za
    O1 - Hosts: 178.17.165.3 www.google.co.za
    O1 - Hosts: 66.232.114.203 www.bing.com
    O1 - Hosts: 178.17.165.3 www.bing.com
    O1 - Hosts: 66.232.114.203 search.yahoo.com
    O1 - Hosts: 178.17.165.3 search.yahoo.com
    O1 - Hosts: 66.232.114.203 uk.search.yahoo.com
    O1 - Hosts: 178.17.165.3 uk.search.yahoo.com
    O1 - Hosts: 66.232.114.203 ca.search.yahoo.com
    O1 - Hosts: 178.17.165.3 ca.search.yahoo.com
    O1 - Hosts: 66.232.114.203 de.search.yahoo.com
    O1 - Hosts: 178.17.165.3 de.search.yahoo.com
    O1 - Hosts: 66.232.114.203 fr.search.yahoo.com
    O1 - Hosts: 178.17.165.3 fr.search.yahoo.com
    O1 - Hosts: 66.232.114.203 au.search.yahoo.com
    O1 - Hosts: 178.17.165.3 au.search.yahoo.com
    O1 - Hosts: 66.232.114.203 www.google-analytics.com
    O1 - Hosts: 178.17.165.3 www.google-analytics.com
    O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: Google Updateservice (gupdate1caaa66a50321f4) (gupdate1caaa66a50321f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
    O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe


    End of file - 9116 bytes
  • Hallo Piet, we moeten nu eerst ervoor zorgen dat de Hostfile gerepareerd wordt.

    [b:502a8e7ba5]Wat te doen[/b:502a8e7ba5]: Host-file reparatie
    [b:502a8e7ba5]Welk programma[/b:502a8e7ba5]: Malwarebytes MBAM en HostsXpert
    [b:502a8e7ba5]Waarvoor/waarom[/b:502a8e7ba5]: Host-file is door malware aangepast.
    [b:502a8e7ba5]Moeilijkheidsgraad[/b:502a8e7ba5]: geen.

    [b:502a8e7ba5]Benodigde programma's:[/b:502a8e7ba5]
    [list:502a8e7ba5][*:502a8e7ba5] Malwarebytes MBAM is reeds geïnstalleerd.
    [*:502a8e7ba5][b:502a8e7ba5]Download HostsXpert[/b:502a8e7ba5] [b:502a8e7ba5]hier[/b:502a8e7ba5].
    [*:502a8e7ba5]pak de gecomprimeerde map "HostExpert" alvast uit naar jouw bureaublad.[/list:u:502a8e7ba5]
    [b:502a8e7ba5]1.[/b:502a8e7ba5] Start Malwarebytes MBAM en klik in de bovenste rij tabs op de tab [b:502a8e7ba5]Meer functies[/b:502a8e7ba5]
    [list:502a8e7ba5][*:502a8e7ba5]Klik hier op de knop [b:502a8e7ba5]FileASSASIN starten[/b:502a8e7ba5].
    [*:502a8e7ba5]Vervolgens zal een nieuw venster openen.
    [*:502a8e7ba5]Kopieer en plak nu onderstaande regel in de opdrachtregel achter [b:502a8e7ba5]Bestandsnaam[/b:502a8e7ba5]:
    [*:502a8e7ba5][b:502a8e7ba5]
  • Bij deze de logfile van wat we tot nu toe gedaan hebben. Een paar kleine probleempjes zijn we tegen gekomen. Tijdens het draaien van combofix gaf het programma aan, dat er nog een scanner actief was, nl. Eset Nod 32. Die was echter niet te vinden op de C partitie en ook al enige tijd van het bureaublad verdwenen. Via het configuratiescherm hebben we geprobeerd, om de installatie van Eset Nod 32 te verwijderen, maar dat lukte niet, er kwam een foutmelding over beschadigde bestanden. We hebben wel verder combofix laten werken.
    Hopelijk zijn we weer een stapje verder gekomen. Pff !

    ComboFix 11-05-27.02 - Pieter 28-05-2011 13:32:34.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3326.2755 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Pieter\Bureaublad\ComboFix.exe
    AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Pieter\Application Data\ACD Systems\ACDSee\ImageDB.ddf
    c:\documents and settings\Pieter\Application Data\Roih
    c:\documents and settings\Pieter\Application Data\Roih\odez.exe
    c:\documents and settings\Pieter\Application Data\Sewout
    c:\documents and settings\Pieter\Application Data\Sewout\kyub.vaa
    c:\documents and settings\Pieter\WINDOWS
    c:\windows\daemon.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-28 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-27 21:15 . 2011-05-27 21:15 ——– d–h–r- c:\documents and settings\Pieter\Onlangs geopend
    2011-05-27 19:23 . 2011-05-27 19:23 388096 —-a-r- c:\documents and settings\Pieter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-27 19:23 . 2011-05-27 19:23 ——– d—–w- c:\program files\Trend Micro
    2011-05-27 19:08 . 2011-05-27 19:08 ——– d—–w- c:\documents and settings\Pieter\Application Data\Malwarebytes
    2011-05-27 19:08 . 2011-05-27 19:08 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-27 19:08 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-27 19:07 . 2011-05-27 19:08 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-27 19:07 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-26 10:40 . 2011-05-26 10:40 ——– d-sh–w- c:\documents and settings\All Users\Application Data\PSVICFZDZG
    2011-05-26 10:39 . 2011-05-26 10:40 ——– d-sh–w- c:\documents and settings\All Users\Application Data\8dfbcd
    2011-05-25 15:36 . 2011-05-27 19:12 ——– d—–w- c:\documents and settings\Pieter\Application Data\Rususo
    2011-05-25 15:36 . 2011-05-25 15:37 ——– d—–w- c:\documents and settings\Pieter\Application Data\Umqy
    2011-05-24 13:43 . 2011-05-24 13:43 1409 —-a-w- c:\windows\QTFont.for
    2011-05-19 08:30 . 2011-05-19 08:30 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-01 11:20 . 2011-04-14 16:57 89048 —-a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-01 11:20 . 2011-04-14 16:57 781272 —-a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-01 11:20 . 2011-04-14 16:57 465880 —-a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-01 11:20 . 2011-04-14 16:57 1874904 —-a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-01 11:20 . 2011-04-14 16:57 15832 —-a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-01 11:20 . 2011-04-14 16:57 142296 —-a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-01 11:20 . 2010-01-01 08:00 1974616 —-a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-01 11:20 . 2010-01-01 08:00 1892184 —-a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2008-10-23 14:37 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 19:44 . 2011-04-05 07:56 59888 ——w- c:\windows\system32\pxwma.dll
    2011-03-04 19:44 . 2010-09-21 20:03 45648 ——w- c:\windows\system32\drivers\PxHelp20.sys
    2011-03-04 19:44 . 2010-09-21 20:03 133616 ——w- c:\windows\system32\pxafs.dll
    2011-03-04 19:44 . 2011-04-05 07:56 126448 ——w- c:\windows\system32\pxinsi64.exe
    2011-03-04 19:44 . 2011-04-05 07:56 123888 ——w- c:\windows\system32\pxcpyi64.exe
    2011-03-04 06:36 . 2008-04-15 12:00 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53 . 2008-04-15 12:00 1858048 —-a-w- c:\windows\system32\win32k.sys
    2011-04-14 16:57 . 2011-05-01 11:20 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 —-a-w- c:\program files\Family Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-10-23 417838]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-23 61440]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-21 202256]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    = [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2008-03-17 16:06 1848648 —-a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2008-03-10 16:20 689488 —-a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    2008-07-08 14:41 2828184 —-a-w- c:\program files\Registry Mechanic\RegMech.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-06-27 03:23 16875008 ——r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2008-06-18 10:01 77824 ——r- c:\windows\SoundMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 10:17 61440 -c–a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7-10-2009 10:18 35168]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21-10-2010 14:44 189064]
    R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21-10-2010 14:44 1130120]
    R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [23-10-2008 20:12 43004]
    R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [23-10-2008 20:12 3878]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" –> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 gupdate1caaa66a50321f4;Google Updateservice (gupdate1caaa66a50321f4);c:\program files\Google\Update\GoogleUpdate.exe [10-2-2010 17:35 133104]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-2-2010 17:35 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15-1-2010 14:49 227232]
    S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23-10-2008 17:54 155136]
    S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23-10-2008 17:54 5248]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:35]
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:35]
    .
    2011-05-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-2146988105-1801674531-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
    .
    2011-05-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-2146988105-1801674531-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
    .
    .
    ——- Bijkomende Scan ——-
    .
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.138
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\0sqh1770.default\
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-28 13:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(780)
    c:\windows\system32\Ati2evxx.dll
    .
    Voltooingstijd: 2011-05-28 13:35:19
    ComboFix-quarantined-files.txt 2011-05-28 11:35
    .
    Pre-Run: 23.568.703.488 bytes beschikbaar
    Post-Run: 24.062.988.288 bytes beschikbaar
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - DD47BAC5E7C1C4920E922E350CF583C0
  • Hoi Piet, je mag ComboFix weer aan het zetten!

    Open daartoe een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:4017376982]Kladblok[/b:4017376982]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:4017376982]
  • Hallo hulp in nood !
    Bedankt voor de aanwijzingen. We lopen alleen tegen een probleem op. Je schrijft: Nu eerst de antivirus deaktiveren. Gebeurt dat door combofix of moeten we voordat we met combofix gaan werken de scanner deaktiveren?
    Dat laatste lukt nl. niet. We proberen steeds Eset NOD 32 te repareren of te verwijderen en zelfs weer opnieuw te installeren, maar bij alles krijgen we een foutmelding met het getal 2753.
    We durven even niet verder te gaan , voordat jij een advies in deze hebt gegeven (s.v.p.).
    Groeten,
    Piet.
  • Helaas - ComboFix is niet in staat zelf antivirusprogramma's te deaktiveren!

    En ik heb in het script een routine ingebouwd om Eset te verwijderen.

    Maar als je nu gaat "rotzooien" met Eset, maak je de zaak alleen maar erger!

    Desnoods laat je het ComboFix het script in Veilige modus afwerken!


    Apropos Eset, hebben jullie een betaalde licentie daarvoor?
  • Okay, bedankt. Sorry, dat we eerst wat probeerden met eset. Inmiddels heb ik combofix laten werken in de hoop, dat we weer een stapje dichter bij de oplossing zijn. Hieronder het resultaat.
    Met vriendelijke groet,
    Piet.

    ComboFix 11-05-27.02 - Pieter 28-05-2011 19:27:00.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3326.2801 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Pieter\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Pieter\Bureaublad\CFScript.txt
    .
    FILE ::
    "c:\program files\eset\eset nod32 antivirus\ekrn.exe"
    "c:\windows\qtfont.for"
    "c:\windows\system32\drivers\epfwtdir.sys"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\all users\application data\8dfbcd
    c:\documents and settings\all users\application data\8dfbcd\BackUp\McAfee Security Scan Plus.lnk
    c:\documents and settings\all users\application data\8dfbcd\PSG.ico
    c:\documents and settings\all users\application data\psvicfzdzg
    c:\documents and settings\all users\application data\psvicfzdzg\PSWWING.cfg
    c:\documents and settings\pieter\application data\rususo
    c:\documents and settings\pieter\application data\umqy
    c:\program files\family toolbar
    c:\program files\family toolbar\about.gif
    c:\program files\family toolbar\about.html
    c:\program files\family toolbar\active.html
    c:\program files\family toolbar\addPhotos.gif
    c:\program files\family toolbar\alerts.gif
    c:\program files\family toolbar\anniversary.gif
    c:\program files\family toolbar\AR.gif
    c:\program files\family toolbar\banner.html
    c:\program files\family toolbar\basis.xml
    c:\program files\family toolbar\BG.gif
    c:\program files\family toolbar\birthday.gif
    c:\program files\family toolbar\buyFamilyGifts.gif
    c:\program files\family toolbar\calendar.gif
    c:\program files\family toolbar\chat.html
    c:\program files\family toolbar\clearhist.exe
    c:\program files\family toolbar\clearSearchHistory.gif
    c:\program files\family toolbar\collage.gif
    c:\program files\family toolbar\createFamilySite.gif
    c:\program files\family toolbar\CS.gif
    c:\program files\family toolbar\DA.gif
    c:\program files\family toolbar\dbghelp.dll
    c:\program files\family toolbar\DE.gif
    c:\program files\family toolbar\EL.gif
    c:\program files\family toolbar\EN.gif
    c:\program files\family toolbar\ES.gif
    c:\program files\family toolbar\Family_Toolbar.dll
    c:\program files\family toolbar\family_toolbar.xpi
    c:\program files\family toolbar\familyTree.gif
    c:\program files\family toolbar\femaleOnline.gif
    c:\program files\family toolbar\femaleOnlineAway.gif
    c:\program files\family toolbar\FI.gif
    c:\program files\family toolbar\FR.gif
    c:\program files\family toolbar\HE.gif
    c:\program files\family toolbar\HR.gif
    c:\program files\family toolbar\HU.gif
    c:\program files\family toolbar\icons.bmp
    c:\program files\family toolbar\inboxOff.gif
    c:\program files\family toolbar\inboxOn.gif
    c:\program files\family toolbar\info.txt
    c:\program files\family toolbar\inviteFamily.gif
    c:\program files\family toolbar\IT.gif
    c:\program files\family toolbar\logoff.gif
    c:\program files\family toolbar\logOnToMH.gif
    c:\program files\family toolbar\LT.gif
    c:\program files\family toolbar\maleOnline.gif
    c:\program files\family toolbar\maleOnlineAway.gif
    c:\program files\family toolbar\MHlogo.gif
    c:\program files\family toolbar\morph.gif
    c:\program files\family toolbar\NL.gif
    c:\program files\family toolbar\NO.gif
    c:\program files\family toolbar\off.exe
    c:\program files\family toolbar\online.gif
    c:\program files\family toolbar\PB.gif
    c:\program files\family toolbar\photos.gif
    c:\program files\family toolbar\PL.gif
    c:\program files\family toolbar\privacy.gif
    c:\program files\family toolbar\PT.gif
    c:\program files\family toolbar\reload.gif
    c:\program files\family toolbar\RO.gif
    c:\program files\family toolbar\RU.gif
    c:\program files\family toolbar\search.gif
    c:\program files\family toolbar\site.gif
    c:\program files\family toolbar\sites.gif
    c:\program files\family toolbar\SK.gif
    c:\program files\family toolbar\SR.gif
    c:\program files\family toolbar\stub.xml
    c:\program files\family toolbar\SV.gif
    c:\program files\family toolbar\tagPeople.gif
    c:\program files\family toolbar\TB_AR.gif
    c:\program files\family toolbar\TB_BG.gif
    c:\program files\family toolbar\TB_CS.gif
    c:\program files\family toolbar\TB_DA.gif
    c:\program files\family toolbar\TB_DE.gif
    c:\program files\family toolbar\TB_EL.gif
    c:\program files\family toolbar\TB_EN.gif
    c:\program files\family toolbar\TB_ES.gif
    c:\program files\family toolbar\TB_FI.gif
    c:\program files\family toolbar\TB_FR.gif
    c:\program files\family toolbar\TB_HE.gif
    c:\program files\family toolbar\TB_HR.gif
    c:\program files\family toolbar\TB_HU.gif
    c:\program files\family toolbar\TB_IT.gif
    c:\program files\family toolbar\TB_LT.gif
    c:\program files\family toolbar\TB_NL.gif
    c:\program files\family toolbar\TB_NO.gif
    c:\program files\family toolbar\TB_PB.gif
    c:\program files\family toolbar\TB_PL.gif
    c:\program files\family toolbar\TB_PT.gif
    c:\program files\family toolbar\TB_RO.gif
    c:\program files\family toolbar\TB_RU.gif
    c:\program files\family toolbar\TB_SK.gif
    c:\program files\family toolbar\TB_SR.gif
    c:\program files\family toolbar\TB_SV.gif
    c:\program files\family toolbar\TB_TR.gif
    c:\program files\family toolbar\TB_UK.gif
    c:\program files\family toolbar\tbcore3.dll
    c:\program files\family toolbar\tbhelper.dll
    c:\program files\family toolbar\tbs_include_script_000391.js
    c:\program files\family toolbar\tbs_include_script_000733.js
    c:\program files\family toolbar\tbs_include_script_000784.js
    c:\program files\family toolbar\tbs_include_script_001134.js
    c:\program files\family toolbar\tbs_include_script_002287.js
    c:\program files\family toolbar\tbs_include_script_002346.js
    c:\program files\family toolbar\tbs_include_script_002789.js
    c:\program files\family toolbar\tbs_include_script_002833.js
    c:\program files\family toolbar\tbs_include_script_003080.js
    c:\program files\family toolbar\tbs_include_script_003083.js
    c:\program files\family toolbar\tbs_include_script_004456.js
    c:\program files\family toolbar\tbs_include_script_004711.js
    c:\program files\family toolbar\tbs_include_script_004823.js
    c:\program files\family toolbar\tbs_include_script_004824.js
    c:\program files\family toolbar\tbs_include_script_005792.js
    c:\program files\family toolbar\tbs_include_script_006838.js
    c:\program files\family toolbar\tbs_include_script_007158.js
    c:\program files\family toolbar\tbs_include_script_007564.js
    c:\program files\family toolbar\tbs_include_script_007690.js
    c:\program files\family toolbar\tbs_include_script_007803.js
    c:\program files\family toolbar\tbs_include_script_008357.js
    c:\program files\family toolbar\tbs_include_script_008502.js
    c:\program files\family toolbar\tbs_include_script_009578.js
    c:\program files\family toolbar\tbs_include_script_009807.js
    c:\program files\family toolbar\tbs_include_script_011492.js
    c:\program files\family toolbar\tbs_include_script_011550.js
    c:\program files\family toolbar\tbs_include_script_011614.js
    c:\program files\family toolbar\tbs_include_script_011637.js
    c:\program files\family toolbar\tbs_include_script_012671.js
    c:\program files\family toolbar\tbs_include_script_013916.js
    c:\program files\family toolbar\tbs_include_script_014484.js
    c:\program files\family toolbar\tbs_include_script_014583.js
    c:\program files\family toolbar\tbs_include_script_014799.js
    c:\program files\family toolbar\tbs_include_script_015508.js
    c:\program files\family toolbar\tbs_include_script_015800.js
    c:\program files\family toolbar\tbs_include_script_016179.js
    c:\program files\family toolbar\tbs_include_script_016289.js
    c:\program files\family toolbar\tbs_include_script_016678.js
    c:\program files\family toolbar\tbs_include_script_017022.js
    c:\program files\family toolbar\tbs_include_script_017427.js
    c:\program files\family toolbar\tbs_include_script_018243.js
    c:\program files\family toolbar\tbs_include_script_018279.js
    c:\program files\family toolbar\tbs_include_script_018505.js
    c:\program files\family toolbar\tbs_include_script_020098.js
    c:\program files\family toolbar\tbs_include_script_020109.js
    c:\program files\family toolbar\tbs_include_script_020129.js
    c:\program files\family toolbar\tbs_include_script_020859.js
    c:\program files\family toolbar\tbs_include_script_022495.js
    c:\program files\family toolbar\tbs_include_script_023942.js
    c:\program files\family toolbar\tbs_include_script_025757.js
    c:\program files\family toolbar\tbs_include_script_025787.js
    c:\program files\family toolbar\tbs_include_script_026799.js
    c:\program files\family toolbar\tbs_include_script_026954.js
    c:\program files\family toolbar\tbs_include_script_027482.js
    c:\program files\family toolbar\tbs_include_script_027696.js
    c:\program files\family toolbar\tbs_include_script_028246.js
    c:\program files\family toolbar\tbs_include_script_028279.js
    c:\program files\family toolbar\tbs_include_script_029390.js
    c:\program files\family toolbar\tbs_include_script_030206.js
    c:\program files\family toolbar\tbs_include_script_030277.js
    c:\program files\family toolbar\tbs_include_script_030359.js
    c:\program files\family toolbar\tbs_include_script_030760.js
    c:\program files\family toolbar\tbs_include_script_030814.js
    c:\program files\family toolbar\tbs_include_script_031331.js
    c:\program files\family toolbar\tbs_include_script_031332.js
    c:\program files\family toolbar\tbs_include_script_031711.js
    c:\program files\family toolbar\tbs_include_script_032188.js
    c:\program files\family toolbar\tbs_include_script_032423.js
    c:\program files\family toolbar\tbs_include_script_032495.js
    c:\program files\family toolbar\tellAFriend.gif
    c:\program files\family toolbar\toolbarSetting.gif
    c:\program files\family toolbar\TR.gif
    c:\program files\family toolbar\UK.gif
    c:\program files\family toolbar\uninstall.exe
    c:\program files\family toolbar\uninstall.gif
    c:\program files\family toolbar\update.exe
    c:\program files\family toolbar\updateToolbar.gif
    c:\program files\family toolbar\userSite.gif
    c:\program files\family toolbar\version.txt
    c:\program files\family toolbar\whatsNew.gif
    c:\program files\mcafee security scan
    c:\program files\mcafee security scan\2.0.181\AVScanComponent.dll
    c:\program files\mcafee security scan\2.0.181\AVScanner.ini
    c:\program files\mcafee security scan\2.0.181\avvclean.dat
    c:\program files\mcafee security scan\2.0.181\avvnames.dat
    c:\program files\mcafee security scan\2.0.181\avvscan.dat
    c:\program files\mcafee security scan\2.0.181\config.dat
    c:\program files\mcafee security scan\2.0.181\ftconfig.ini
    c:\program files\mcafee security scan\2.0.181\McAfee.ico
    c:\program files\mcafee security scan\2.0.181\mcbrwsr2.dll
    c:\program files\mcafee security scan\2.0.181\McCHSvc.exe
    c:\program files\mcafee security scan\2.0.181\MCCompHostConfig.ini
    c:\program files\mcafee security scan\2.0.181\mcscan32.dll
    c:\program files\mcafee security scan\2.0.181\mcuicnt.exe
    c:\program files\mcafee security scan\2.0.181\McUpdater.dll
    c:\program files\mcafee security scan\2.0.181\sa_cache_sqlite.dll
    c:\program files\mcafee security scan\2.0.181\sa_http_win32.dll
    c:\program files\mcafee security scan\2.0.181\sa_mbl.dll
    c:\program files\mcafee security scan\2.0.181\sa_store_sqlite.dll
    c:\program files\mcafee security scan\2.0.181\sacore.db
    c:\program files\mcafee security scan\2.0.181\sacore.dll
    c:\program files\mcafee security scan\2.0.181\sacoredata\uds_filetypes.txt
    c:\program files\mcafee security scan\2.0.181\sacoredata\uds_hosting.txt
    c:\program files\mcafee security scan\2.0.181\sacoredata\uds_tlds.txt
    c:\program files\mcafee security scan\2.0.181\SecurityScanner.dll
    c:\program files\mcafee security scan\2.0.181\SecurityScanner_LD.dll
    c:\program files\mcafee security scan\2.0.181\sqlite3.dll
    c:\program files\mcafee security scan\2.0.181\SSCustom_LD.dll
    c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    c:\program files\mcafee security scan\2.0.181\WebInfoScanner.dll
    c:\program files\mcafee security scan\2.0.181\WMIScanner.dll
    c:\program files\mcafee security scan\uninstall.exe
    c:\windows\qtfont.for
    c:\windows\system32\drivers\epfwtdir.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Legacy_EPFWTDIR
    ——-\Service_epfwtdir
    ——-\Legacy_McComponentHostService
    ——-\Legacy_ekrn
    ——-\Legacy_McComponentHostService
    ——-\Service_McComponentHostService
    ——-\Service_EhttpSrv
    ——-\Service_ekrn
    ——-\Service_McComponentHostService
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-04-28 to 2011-05-28 ))))))))))))))))))))))))))))))
    .
    .
    2011-05-27 21:15 . 2011-05-28 11:44 ——– d–h–r- c:\documents and settings\Pieter\Onlangs geopend
    2011-05-27 19:23 . 2011-05-27 19:23 388096 —-a-r- c:\documents and settings\Pieter\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-05-27 19:23 . 2011-05-27 19:23 ——– d—–w- c:\program files\Trend Micro
    2011-05-27 19:08 . 2011-05-27 19:08 ——– d—–w- c:\documents and settings\Pieter\Application Data\Malwarebytes
    2011-05-27 19:08 . 2011-05-27 19:08 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-05-27 19:08 . 2010-12-20 16:09 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-27 19:07 . 2011-05-27 19:08 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-27 19:07 . 2010-12-20 16:08 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-19 08:30 . 2011-05-19 08:30 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-01 11:20 . 2011-04-14 16:57 89048 —-a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-05-01 11:20 . 2011-04-14 16:57 781272 —-a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-05-01 11:20 . 2011-04-14 16:57 465880 —-a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-05-01 11:20 . 2011-04-14 16:57 1874904 —-a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-05-01 11:20 . 2011-04-14 16:57 15832 —-a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-05-01 11:20 . 2011-04-14 16:57 142296 —-a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-05-01 11:20 . 2010-01-01 08:00 1974616 —-a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-01 11:20 . 2010-01-01 08:00 1892184 —-a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2008-10-23 14:37 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 19:44 . 2011-04-05 07:56 59888 ——w- c:\windows\system32\pxwma.dll
    2011-03-04 19:44 . 2010-09-21 20:03 45648 ——w- c:\windows\system32\drivers\PxHelp20.sys
    2011-03-04 19:44 . 2010-09-21 20:03 133616 ——w- c:\windows\system32\pxafs.dll
    2011-03-04 19:44 . 2011-04-05 07:56 126448 ——w- c:\windows\system32\pxinsi64.exe
    2011-03-04 19:44 . 2011-04-05 07:56 123888 ——w- c:\windows\system32\pxcpyi64.exe
    2011-03-04 06:36 . 2008-04-15 12:00 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53 . 2008-04-15 12:00 1858048 —-a-w- c:\windows\system32\win32k.sys
    2011-04-14 16:57 . 2011-05-01 11:20 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-05-28_11.34.29 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-02-14 16:08 . 2011-02-14 16:08 10134 c:\windows\Installer\{2484D380-07C4-4987-8075-845A7ED02982}\callmsi.exe
    + 2011-02-14 16:08 . 2011-05-28 15:48 10134 c:\windows\Installer\{2484D380-07C4-4987-8075-845A7ED02982}\callmsi.exe
    + 2011-02-14 16:08 . 2011-05-28 15:48 138560 c:\windows\Installer\{2484D380-07C4-4987-8075-845A7ED02982}\egui.exe
    - 2011-02-14 16:08 . 2011-02-14 16:08 138560 c:\windows\Installer\{2484D380-07C4-4987-8075-845A7ED02982}\egui.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-10-23 417838]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-23 61440]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-21 202256]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
    "sfagent"="c:\program files\Fighters\sfagent.exe" [2010-10-21 760968]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    = [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-01-31 08:44 35760 —-a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2008-03-17 16:06 1848648 —-a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2008-03-10 16:20 689488 —-a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 -c–a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
    2008-07-08 14:41 2828184 —-a-w- c:\program files\Registry Mechanic\RegMech.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-06-27 03:23 16875008 ——r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2008-06-18 10:01 77824 ——r- c:\windows\SoundMan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-01-21 10:17 61440 -c–a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\sfus.exe [21-10-2010 14:44 189064]
    R2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [21-10-2010 14:44 1130120]
    R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [23-10-2008 20:12 43004]
    R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [23-10-2008 20:12 3878]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    S2 gupdate1caaa66a50321f4;Google Updateservice (gupdate1caaa66a50321f4);c:\program files\Google\Update\GoogleUpdate.exe [10-2-2010 17:35 133104]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-2-2010 17:35 133104]
    S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23-10-2008 17:54 155136]
    S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23-10-2008 17:54 5248]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:35]
    .
    2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 15:35]
    .
    2011-05-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-2146988105-1801674531-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
    .
    2011-05-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-2146988105-1801674531-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
    .
    .
    ——- Bijkomende Scan ——-
    .
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.138
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    FF - ProfilePath - c:\documents and settings\Pieter\Application Data\Mozilla\Firefox\Profiles\0sqh1770.default\
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-egui - (no file)
    AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-28 19:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(780)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(184)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-05-28 19:36:23 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-05-28 17:36
    ComboFix2.txt 2011-05-28 11:35
    .
    Pre-Run: 23.991.869.440 bytes beschikbaar
    Post-Run: 23.936.479.232 bytes beschikbaar
    .
    - - End Of File - - 8C4FE150FD9E099696C5F1EB67FD519D
  • Nog een kleine toevoeging: ik heb inderdaad een betaalde versie van eset nod 32.
    Piet.
  • Hoi Piet, zo te zien heeft ComboFix goed zijn best gedaan!

    Probeer nu eerst Eset/Nod32 te herinstalleren!

    Ik kreeg een PB van jouw broer. Jij woont in het oosten, waar precies als ik vragen mag?

    Desnoods stuur je dat in een PB.
  • Hallo Abraham 54.
    Bedankt voor je aanwijzing. Helaas lukt het installeren van Nod 32 wederom niet. Ik kreeg vlak voor het einde van de installatie weer de volgende tekst in het blauwe venster "Installer information": Tijdens de installatie is een onbekende fout opgetreden. Dit kan wijzen op een probleem met de installatiebestanden. De foutmelding is 2753.
    Heb je enig idee, wat we daarmee kunnen doen?
    Alvast bedankt voor je antwoord.
    Groeten,
    Piet.

    P.S. Goed dat mijn broer nog even een toelichting heeft geschreven. Ik woon in het mooie dorp Westerhaar, vlak bij Almelo. Hij in Amsterdam, dus we helpen elkaar steeds telefonisch.
  • Hoi Piet, ik woon nog oostelijker, vandaar mijn vraag.

    Kijk eens hier: http://www.tech-notes.nl/artikelen/microsoft/algemeen/windows-installatie-internal-error-2753.html

    En probeer dan daarna of de installatie nu wel lukt!
  • Hoi Abraham,
    Het is een hardnekkige toestand. Ik hoop, dat je er niet de balen van krijgt. Het aangegeven programma is uitgevoerd, helaas zelfde foutmelding, ook hebben we de nederlandse versie van nod 32 gedownload en weer geïnstalleerd, maar ook dat leverde weer dezelfde foutmelding op.
    Dan nog iets. Ooit heeft mijn broer het programma Daemon op mijn computer geïnstalleerd. Bij het opstarten krijg ik nu opeens een foutmelding van Daemon.dll . Dat is in een klein venster, wat ik weg kan klikken.
    We hebben geprobeerd, om dat programma te verwijderen via het configuratiescherm, maar ook dat lukt niet net zoals bij nod 32. Ik krijg dan de melding: "A network error occured while attempting to read from the file C:\windows\installer\daemon.msi ".
    Nou ja, het lijkt wel of we van het ene in het andere probleem rollen. Ik hoop, dat je er nog wat mee kunt.
    Groeten,
    Piet.
    P.S. Nog oostelijker? Toch niet Oldenzaal?
  • Grootste stad in Twente!

    Doe nu eerst maar eens het volgende:

    [b:190bd05e38]Welk programma[/b:190bd05e38]: sUbs [b:190bd05e38]dds.scr[/b:190bd05e38]
    [b:190bd05e38]Waarvoor/waarom[/b:190bd05e38]: maakt een diepgaand overzicht van Windows door middel van een scan.
    [b:190bd05e38]Moeilijkheidsgraad[/b:190bd05e38]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:190bd05e38]Downloadlokatie[/b:190bd05e38]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
    [b:190bd05e38]Download[/b:190bd05e38] sUBs dds.scr [b:190bd05e38]hier[/b:190bd05e38]

    [b:190bd05e38]sUBs dds.scr gebruiken[/b:190bd05e38]:
    [list:190bd05e38][*:190bd05e38][b:190bd05e38]
  • Bij deze de gevraagde logfiles. Helaas moet ik nu even naar Deventer, ben ongeveer 17.00 u. weer terug, maar ik hoop dus weer, dat je hier wat aan hebt.
    Met vriendelijke groet,
    Piet.

    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Run by Pieter at 14:18:32 on 2011-05-29
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3326.2876 [GMT 2:00]
    .
    AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fighters\sfagent.exe
    svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fighters\sfus.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Fighters\FighterSuiteService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Pieter\Bureaublad\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
    mRun: [Acronis True Image Monitor] "c:\program files\acronis\trueimage\TrueImageMonitor.exe"
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [sfagent] c:\program files\fighters\sfagent.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\pieter\application data\mozilla\firefox\profiles\0sqh1770.default\
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    .
    —- FIREFOX POLICIES —-
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\sfus.exe [2010-10-21 189064]
    R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2010-10-21 1130120]
    R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [2008-10-23 43004]
    R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [2008-10-23 3878]
    R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys –> c:\windows\system32\drivers\xcpip.sys [?]
    R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    S2 gupdate1caaa66a50321f4;Google Updateservice (gupdate1caaa66a50321f4);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 133104]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 133104]
    S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-10-23 155136]
    S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-10-23 5248]
    .
    =============== Created Last 30 ================
    .
    2011-05-28 11:31:51 ——– d-sha-r- C:\cmdcons
    2011-05-28 11:30:45 98816 —-a-w- c:\windows\sed.exe
    2011-05-28 11:30:45 89088 —-a-w- c:\windows\MBR.exe
    2011-05-28 11:30:45 256512 —-a-w- c:\windows\PEV.exe
    2011-05-28 11:30:45 161792 —-a-w- c:\windows\SWREG.exe
    2011-05-27 21:15:36 ——– d–h–r- c:\documents and settings\pieter\Onlangs geopend
    2011-05-27 19:23:24 388096 —-a-r- c:\documents and settings\pieter\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-05-27 19:23:24 ——– d—–w- c:\program files\Trend Micro
    2011-05-27 19:08:04 ——– d—–w- c:\documents and settings\pieter\application data\Malwarebytes
    2011-05-27 19:08:00 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-27 19:08:00 ——– d—–w- c:\documents and settings\all users\application data\Malwarebytes
    2011-05-27 19:07:57 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-27 19:07:57 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-19 08:30:59 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-01 11:20:27 89048 —-a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-05-01 11:20:27 781272 —-a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-05-01 11:20:27 465880 —-a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-05-01 11:20:27 1974616 —-a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-05-01 11:20:27 1892184 —-a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-05-01 11:20:27 1874904 —-a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-05-01 11:20:27 15832 —-a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-05-01 11:20:27 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    ==================== Find3M ====================
    .
    2011-03-07 05:33:45 692736 —-a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 19:44:14 59888 ——w- c:\windows\system32\pxwma.dll
    2011-03-04 19:44:14 45648 ——w- c:\windows\system32\drivers\PxHelp20.sys
    2011-03-04 19:44:14 133616 ——w- c:\windows\system32\pxafs.dll
    2011-03-04 19:44:12 126448 ——w- c:\windows\system32\pxinsi64.exe
    2011-03-04 19:44:12 123888 ——w- c:\windows\system32\pxcpyi64.exe
    2011-03-04 06:36:55 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:53:36 1858048 —-a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 14:18:41,78 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 23-10-2008 16:40:15
    System Uptime: 29-5-2011 12:51:57 (2 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS3L
    Processor: Intel Pentium III Xeon-processor | Socket 775 | 2533/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 49 GiB total, 21,99 GiB free.
    D: is FIXED (NTFS) - 146 GiB total, 138,992 GiB free.
    E: is FIXED (NTFS) - 78 GiB total, 75,787 GiB free.
    F: is FIXED (NTFS) - 146 GiB total, 143,881 GiB free.
    G: is FIXED (NTFS) - 45 GiB total, 34,88 GiB free.
    H: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: PnP BIOS Extension
    Device ID: ROOT\SYSTEM\0003
    Manufacturer: (Standard system devices)
    Name: PnP BIOS Extension
    PNP Device ID: ROOT\SYSTEM\0003
    Service: d347bus
    .
    ==== System Restore Points ===================
    .
    RP1: 28-5-2011 13:30:49 - Controlepunt van systeem
    RP2: 28-5-2011 17:47:44 - Verwijderd ESET NOD32 Antivirus
    RP3: 28-5-2011 17:48:46 - Verwijderd ESET NOD32 Antivirus
    RP4: 28-5-2011 18:01:56 - Verwijderd ESET NOD32 Antivirus
    RP5: 29-5-2011 11:25:06 - Verwijderd ESET NOD32 Antivirus
    RP6: 29-5-2011 12:21:25 - Verwijderd ESET NOD32 Antivirus
    RP7: 29-5-2011 12:34:09 - Removed DAEMON Tools
    RP8: 29-5-2011 12:35:36 - Removed DAEMON Tools
    RP9: 29-5-2011 12:38:19 - Verwijderd ESET NOD32 Antivirus
    .
    ==== Installed Programs ======================
    .
    Aangifte inkomstenbelasting 2008
    Aangifte inkomstenbelasting 2009
    Aangifte inkomstenbelasting 2010
    ACDSee
    Acronis True Image
    Adobe Acrobat 4.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4 - Nederlands
    Advanced Screen Cleaner
    ATI - Software-verwijderprogramma
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    Bejeweled 2 Deluxe
    Beveiligingsupdate for Windows XP (KB941569)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
    Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Player (KB2378111)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB968816)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB975558)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player 11 (KB936782)
    Beveiligingsupdate voor Windows Media Player 11 (KB954154)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2121546)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2259922)
    Beveiligingsupdate voor Windows XP (KB2279986)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB2296011)
    Beveiligingsupdate voor Windows XP (KB2296199)
    Beveiligingsupdate voor Windows XP (KB2347290)
    Beveiligingsupdate voor Windows XP (KB2360937)
    Beveiligingsupdate voor Windows XP (KB2387149)
    Beveiligingsupdate voor Windows XP (KB2393802)
    Beveiligingsupdate voor Windows XP (KB2412687)
    Beveiligingsupdate voor Windows XP (KB2419632)
    Beveiligingsupdate voor Windows XP (KB2423089)
    Beveiligingsupdate voor Windows XP (KB2436673)
    Beveiligingsupdate voor Windows XP (KB2440591)
    Beveiligingsupdate voor Windows XP (KB2443105)
    Beveiligingsupdate voor Windows XP (KB2476687)
    Beveiligingsupdate voor Windows XP (KB2478960)
    Beveiligingsupdate voor Windows XP (KB2478971)
    Beveiligingsupdate voor Windows XP (KB2479628)
    Beveiligingsupdate voor Windows XP (KB2479943)
    Beveiligingsupdate voor Windows XP (KB2481109)
    Beveiligingsupdate voor Windows XP (KB2483185)
    Beveiligingsupdate voor Windows XP (KB2485376)
    Beveiligingsupdate voor Windows XP (KB2485663)
    Beveiligingsupdate voor Windows XP (KB2503658)
    Beveiligingsupdate voor Windows XP (KB2506212)
    Beveiligingsupdate voor Windows XP (KB2506223)
    Beveiligingsupdate voor Windows XP (KB2507618)
    Beveiligingsupdate voor Windows XP (KB2508272)
    Beveiligingsupdate voor Windows XP (KB2508429)
    Beveiligingsupdate voor Windows XP (KB2509553)
    Beveiligingsupdate voor Windows XP (KB2511455)
    Beveiligingsupdate voor Windows XP (KB2524375)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB938464)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951066)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951698)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB954211)
    Beveiligingsupdate voor Windows XP (KB954459)
    Beveiligingsupdate voor Windows XP (KB954600)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956390)
    Beveiligingsupdate voor Windows XP (KB956391)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956841)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB957095)
    Beveiligingsupdate voor Windows XP (KB957097)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958687)
    Beveiligingsupdate voor Windows XP (KB958690)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960715)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961371)
    Beveiligingsupdate voor Windows XP (KB961373)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB968537)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB969898)
    Beveiligingsupdate voor Windows XP (KB969947)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971486)
    Beveiligingsupdate voor Windows XP (KB971557)
    Beveiligingsupdate voor Windows XP (KB971633)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973346)
    Beveiligingsupdate voor Windows XP (KB973354)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973525)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977165)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978251)
    Beveiligingsupdate voor Windows XP (KB978262)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB979687)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981322)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981957)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982132)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982665)
    Beveiligingsupdate voor Windows XP (KB982802)
    Browser Configuration Utility
    BST 1600/1700 PhotoSkins 2.0.1
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 2.0
    Canon MP620 series MP Drivers
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Class_50_Content_Update
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    DAEMON Tools
    De Hoekse Lijn v1.0
    De repaint van de ice 3 met NS logo
    De wadloper versie 1 door Olger Ernst
    EC SGMm Sprinter
    ESET NOD32 Antivirus
    Essentiële update voor Windows Media Player 11 (KB959772)
    Gebruikersregistratie voor Canon MP620 series
    Google Chrome
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows Media Player 11 (KB939683)
    Hotfix voor Windows XP (KB2158563)
    Hotfix voor Windows XP (KB2443685)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB970653-v3)
    Hotfix voor Windows XP (KB976098-v2)
    Hotfix voor Windows XP (KB979306)
    Hotfix voor Windows XP (KB981793)
    Install Creator
    Java Auto Updater
    Java(TM) 6 Update 23
    Lint Remix for MSTS v1.0
    Luisteris Sprinter for MSTS
    Malwarebytes' Anti-Malware
    mat pakket acts ijssellijn 0.8
    Materieel Pakket Amsterdam - Enschede V2.0 2.00
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional met FrontPage
    Microsoft Silverlight
    Microsoft Train Simulator
    Microsoft Train Simulator gmax Gamepack
    Microsoft Train Simulator gmax Sample Loco
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mozilla Firefox 4.0.1 (x86 nl)
    MSTS Patch 1.8.0521 EN
    MSTS Track Viewer 0.92
    MyHeritage Family Tree Builder
    Nero 6 Ultra Edition
    NS 1200 for MSTS v3.2
    NS 2200 for MSTS v1.1
    NS Buffel for MSTS v1.3
    NS DD-AR for MSTS v1.2
    NS IC Carriages v3.2
    NS Koploper for MSTS v2.2
    NS Koploper Olympic Patch
    NS Mat'54 for MSTS v1.5
    NS Mat'54 for MSTS v1.6
    NS Plan E Coaches for MSTS v1.1
    NS Plan T for MSTS V1.2
    NS Plan U for MSTS v1.2
    NS Plan V for MSTS BETA-1
    NS Plan V for MSTS v1.0
    NS Plan V for MSTS v1.1
    NS Plan V/T for MSTS v0.5beta
    NS Regiorunner for MSTS v1.3
    NS Sprinter for MSTS v2.1
    NS VAM Wagons for MSTS v0.1 Beta
    NS1800 for MSTS v1.4
    Opperland Route V1.0
    QD NS Railhopper V3.0
    QuickTime Alternative 1.68
    RailDriver
    RealPlayer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Registry Mechanic 8.0
    ROUTE ARNHEM DOETICHEM e.v. 4.0 SERVICEPACK1
    Route Utrecht - Arnhem V3.5
    Route Zaandam-Enkhuizen-Weesp
    SD40-2_Content_Update
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Skins
    SPAMfighter
    SPAMfighter Client
    Syntus Lint for MSTS v1.0
    Total Commander (Remove or Repair)
    TreeSize Professional 5.0
    TRS2006
    TRS2006 Patch 1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows Internet Explorer 8 (KB972636)
    Update voor Windows Internet Explorer 8 (KB976662)
    Update voor Windows Internet Explorer 8 (KB976749)
    Update voor Windows Internet Explorer 8 (KB980182)
    Update voor Windows XP (KB2141007)
    Update voor Windows XP (KB2345886)
    Update voor Windows XP (KB2467659)
    Update voor Windows XP (KB898461)
    Update voor Windows XP (KB951072-v2)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB955839)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971029)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    Van Dale Groot woordenboek van de Nederlandse taal 14
    Virm 9550
    VT NS serie 1300
    Watermill 3D Screensaver 1.0
    WebFldrs XP
    Westsluis Route V1.1
    Winamp
    Winamp Detector Plug-in
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    WinRAR
    Yahoo! Toolbar
    Zylom Games Player Plugin
    .
    ==== End Of File ===========================
  • Hoi Piet, ga naar http://kb.eset.com/esetkb/index?page=content&id=SOLN93 en download de 32-bits uninstaller voor jouw Eset antivirusversie en gebruik deze!

    Na een herstart moet je Eset dan wel weer kunnen installeren.

    Post daarna een nieuw Hijack This-log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.