Post-Security tool periode => trage pc

Wimmos · 13 februari 2010

Hoi allemaal,

Eergisteren kreeg ik het vreselijke Security Tool virus/spyware gebeuren over mij heen.. ik heb er lang over gedaan om alles te verwijderen, ook uit de registry, heb daarna eens nagescand met Spyware Doctor, Avast en AntiMalwareBytes.

Mijn computer is nu nog zeer traag, vooral bij het opstarten.. Hij start op, alles lijkt geladen, maar dan blokkeert hij enkele minuten vooraleer hij klaar is.. In totaal zo'n 15 minuten dus, vroeger was dit 3-4 minuten. Ik vermoed dus dat er nog restanten achtergebleven zijn ofzo? Ik zou graag alle zaken die ik niet meteen nodig heb als ik mijn pc nodig heb afzetten, op Gmail Notifier, geluid, netwerk, Avast, plugins na.

Hier is mijn logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:12, on 13/02/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

C:\CFusionMX\runtime\bin\jrunsvc.exe

C:\CFusionMX\db\slserver52\bin\swagent.exe

C:\CFusionMX\runtime\bin\jrun.exe

C:\CFusionMX\db\slserver52\bin\swstrtr.exe

C:\CFusionMX\db\slserver52\bin\swsoc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL

O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

O4 - HKLM\..\Run: [iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s

O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wimmiesworld.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/SU1.5/ocx/15034/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Gogrok\Skype4COM.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe

O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe

O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updateservice (gupdate1ca1b7ee1ed8770) (gupdate1ca1b7ee1ed8770) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11345 bytes

kape · 13 februari 2010

Om te beginnen kan je een aantal items uitschakelen.

Download Codestuff Starter

Start Codestuff Starter op

Selecteer het tabblad Automatisch Opstarten en vink volgende items uit. Deze programma’s worden onnodig mee opgestart.

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Wimmos · 13 februari 2010

Hier mijn combofix report, alvast bedankt!

ComboFix 10-02-12.01 - 13/02/2010 17:20:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.179 [GMT 1:00]

Running from: E:\ComboFix.exe

AV: avast! antivirus 4.8.1229 [VPS 100213-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\x\My Documents\ZbThumbnail.info

c:\program files\WinPCap

c:\program files\WinPCap\rpcapd.exe

c:\windows\run.log

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))

.

2010-02-13 16:14 . 2010-02-13 16:12 388608 ----a-w- c:\windows\system32\CF7050.exe

2010-02-13 13:21 . 2010-02-13 13:21 -------- d-----w- c:\program files\CodeStuff

2010-02-11 18:44 . 2010-02-13 09:43 -------- d-----w- c:\program files\Enigma Software Group

2010-02-11 15:09 . 2004-08-03 21:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-02-11 12:19 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-02-11 12:19 . 2004-08-03 22:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-02-11 08:42 . 2010-02-11 15:34 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

2010-02-11 08:42 . 2010-02-11 08:42 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-22 10:35 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-01-22 10:35 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-13 16:33 . 2003-07-26 20:27 21 ----a-w- C:\qpmd8376.bin

2010-02-13 06:02 . 2009-05-21 18:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-02-12 17:46 . 2009-06-23 11:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-11 15:33 . 2010-02-11 15:33 16 ----a-w- c:\documents and settings\LocalService\Application Data\sgcpom.dat

2010-02-11 08:41 . 2010-02-11 08:41 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\sgcpom.dat

2010-02-10 20:18 . 2006-09-24 07:26 -------- d-----w- c:\program files\Call Of Duty 2

2010-01-26 07:17 . 2008-08-15 11:20 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-07 15:07 . 2009-06-23 11:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-07 15:07 . 2009-06-23 11:20 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys

2010-01-02 22:40 . 2010-01-02 22:39 -------- d-----w- c:\program files\Sector69

2009-12-27 20:37 . 2004-01-09 22:41 -------- d-----w- c:\program files\Google

2009-12-22 17:21 . 2009-12-22 17:19 -------- d-----w- c:\documents and settings\x\Application Data\Easy Macro Recorder

2009-12-22 17:20 . 2009-12-22 17:19 -------- d-----w- c:\program files\Easy Macro Recorder

2009-12-21 19:14 . 2006-04-28 08:58 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 15:15 . 2005-07-12 08:24 -------- d-----w- c:\documents and settings\x\Application Data\CoreFTP

2009-12-19 14:28 . 2005-07-12 08:23 -------- d-----w- c:\program files\CoreFTP

2009-12-03 18:14 . 2009-12-03 18:14 152576 ----a-w- c:\documents and settings\x\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-12-03 18:14 . 2009-12-01 19:25 79488 ----a-w- c:\documents and settings\x\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-21 16:36 . 2002-08-29 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-16 12:49 . 2004-10-23 15:26 31592 ----a-w- c:\documents and settings\x\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-08-16 15:42 . 2008-08-16 15:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 15:42 . 2008-08-16 15:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 15:42 . 2008-08-16 15:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 15:42 . 2008-08-16 15:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 15:43 . 2008-08-16 15:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 15:42 . 2008-08-16 15:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 15:42 . 2008-08-16 15:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2008-05-21 06:41 . 2008-05-21 06:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2008-05-21 06:41 . 2008-05-21 06:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2008-05-21 06:41 . 2008-05-21 06:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 11:58 . 2008-06-05 11:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 15:42 . 2008-08-16 15:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 122956]

"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 32768]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]

"Iomega Automatic Backup 1.0.1"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\x\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Snelle start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Snelle start.lnk

backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk

backup=c:\windows\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

2008-07-17 23:43 587568 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

2004-08-22 15:05 81920 -c--a-w- c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D7050v3]

2007-10-30 21:37 1654784 ----a-w- c:\program files\Belkin\F5D7050v3\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2007-08-11 20:55 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2003-01-16 01:29 1220608 -c----w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 18:50 155648 -c--a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2003-12-05 19:45 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-08-12 18:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"SDhelper"=2 (0x2)

"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\CoreFTP\\coreftp.exe"=

"c:\\Program Files\\Call Of Duty 2\\CoD2MP_s.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [18/07/2003 7:39 9344]

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [25/09/2005 9:52 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [25/09/2005 9:52 5248]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [21/05/2009 19:03 130936]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/07/2009 18:56 721904]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/08/2008 20:14 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/08/2008 20:14 20560]

R2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent;c:\cfusionmx\db\slserver52\bin\swagent.exe "ColdFusion MX ODBC Agent" --> c:\cfusionmx\db\slserver52\bin\swagent.exe ColdFusion MX ODBC Agent [?]

S2 gupdate1ca1b7ee1ed8770;Google Updateservice (gupdate1ca1b7ee1ed8770);c:\program files\Google\Update\GoogleUpdate.exe [12/08/2009 19:58 133104]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [21/05/2009 19:02 348752]

S3 zlportio;zlportio;\??\e:\games\SINGSTAR\UltraStar Deluxe\zlportio.sys --> e:\games\SINGSTAR\UltraStar Deluxe\zlportio.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-02-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-12 18:57]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 18:58]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 18:58]

.

.

------- Supplementary Scan -------

.

uStart Page =

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html

IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm

IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm

Trusted Zone: ugent.be\athena

Trusted Zone: ugent.be\athenax

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC00-000000000000} - hxxp://www.apple.com/qtactivex/qtplugin.cab

FF - ProfilePath - c:\documents and settings\x\Application Data\Mozilla\Firefox\Profiles\3rcdnuo8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=

FF - prefs.js: browser.search.selectedEngine - Fast Browser Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={2CA16DAD-E0A4-CE48-D821-A6F76129483D}&q=

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - localfilelinks

FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.nl Travian nl2 Travian nl3 http://s4.travian.nl Travian nl5 Travian nl6 http://s7.travian.nl Travian nl8 Travian - Browserspel - Romeinen, Galliërs & Germanen Travian - Browserspel - Romeinen, Galliërs & Germanen Travian nlx

FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-58230624 - c:\docume~1\ALLUSE~1\APPLIC~1\58230624\58230624.exe

MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-Shareaza_is1 - c:\program files\Shareaza\Uninstall\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-02-13 17:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll ACPI.sys >>UNKNOWN [0x828B7778]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf8747fc3

\Driver\ACPI -> ACPI.sys @ 0xf857bcb8

\Driver\atapi -> 0x828b7778

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084

ParseProcedure -> ntoskrnl.exe @ 0x8056f07e

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084

ParseProcedure -> ntoskrnl.exe @ 0x8056f07e

NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf840abc3

PacketIndicateHandler -> NDIS.sys @ 0xf8416b21

SendHandler -> NDIS.sys @ 0xf840ad33

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]

"ImagePath"="\"\""

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2304)

c:\windows\system32\WININET.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL

c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe

c:\program files\Logitech\MouseWare\system\em_exec.exe

c:\cfusionmx\runtime\bin\jrunsvc.exe

c:\cfusionmx\db\slserver52\bin\swagent.exe

c:\cfusionmx\runtime\bin\jrun.exe

c:\cfusionmx\db\slserver52\bin\swstrtr.exe

c:\cfusionmx\db\slserver52\bin\swsoc.exe

c:\windows\System32\CTsvcCDA.EXE

c:\program files\Creative\Shared Files\CTDevSrv.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\progra~1\Iomega\System32\AppServices.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Intel\Intel® Active Monitor\imonnt.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

.

**************************************************************************

.

Completion time: 2010-02-13 17:42:57 - machine was rebooted

ComboFix-quarantined-files.txt 2010-02-13 16:42

ComboFix2.txt 2009-06-24 08:37

Pre-Run: 496.291.840 bytes free

Post-Run: 600.289.280 bytes free

- - End Of File - - 07D248E47055BA1F064F6A27053859C5

13 februari 2010 aangepast door Wimmos

Wimmos · 13 februari 2010

Wat ik ook nog wou zeggen: mijn muis werkt niet goed meer in Firefox, ik weet niet of dit al sinds het virus is of net nu. Anyway mijn "back" en "forward" knop werken niet meer, middelste knop ook niet.. enkel in firefox.

Aan wat kan dat liggen? Software werkt prima.

kape · 13 februari 2010

Verwijder deze vetgedrukte bestanden

c:\windows\system32\fjhdyfhsn.bat

C:\qpmd8376.bin

... en laat dan eens weten hoe de situatie nu is ?

Wimmos · 13 februari 2010

Verwijder deze vetgedrukte bestanden
c:\windows\system32\fjhdyfhsn.bat

C:\qpmd8376.bin

... en laat dan eens weten hoe de situatie nu is ?

Done.. Het opstarten gaat nu sneller dan daarnet, maar duurt nog altijd een paar extra minuten . En mn muisknoppen werken nog altijd niet goed. Wat nu?

kape · 13 februari 2010

Download GMER Rootkit detector

Bewaar het op een veilige plaats en pak het uit naar je bureaublad

Verbreek je internetverbinding en sluit ALLE programma's
Er is een kleine kans dat tijdens het runnen van deze applicatie de computer uitvalt, dus zorg dat je al je werk hebt opgeslagen
Dubbelklik gmer.exe en selecteer de “rootkit tab” > klik “scan”
Als je een waarschuwing krijgt over "rootkitactiviteiten" en als er wordt gevraagd om toestemming voor de scan geef OK
Klik rootkit tab en klik scan
als het scannen klaar is klik je copy
Open notepad en copy/paste de tekst
Herstel je internetverbinding en post de tekst in je volgende antwoord.

Plaats de uitslag van Gmer aub.

Wimmos · 13 februari 2010

Van zodra ik het programma gmer.exe open begint het vanzelf te scannen en loopt het vast na enkele seconden, waarna ik de boodschap kriijg om deze error naar windows te versturen..

Nochtans stond mijn internet uit, alle programma's uit voor zover ik weet, ook antivirus..

kape · 13 februari 2010

Eerst iets anders dan :

Download LopSD naar je Bureaublad

Kies Optie N en Enter
Klik OK bij het informatie venter
Kies Optie 2 (Fix + Hosts), en Enter
Aan het eind verschijnt een log ( LopR.txt ) plaats de inhoud ervan in je volgende antwoord

Vista gebruikers:rechtsklik op LopSD en kies voor "Als Administrator uitvoeren”

Note:LopSD wordt door sommige virusscanners als virus gezien,deactiveer daarom je scanner

Wimmos · 13 februari 2010

Ziezo.

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.40GHz )

BIOS : BIOS Date: 02/26/03 09:37:20 Ver: 08.00.08

USER : x ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 100213-1] 4.8.1229 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:28 Go (Free:0 Go)

D:\ (Local Disk) - FAT32 - Total:9 Go (Free:0 Go)

E:\ (Local Disk) - FAT32 - Total:24 Go (Free:8 Go)

F:\ (Local Disk) - FAT32 - Total:14 Go (Free:0 Go)

G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

H:\ (CD or DVD)

I:\ (CD or DVD)

J:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( za 13/02/2010|20:09 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ HERSTEL

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\BitDownload.ini

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\btdht.dat

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\DHTLog.txt

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\lib.vcs

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\PlayLists

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\RoutingTree.bin

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\search.ini

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\Shared.dat

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\ShareHistory.dat

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\SPK.bin

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\Storage

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\Torrents

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\trdnld.vcs

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\trupld.vcs

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitDownload\URLs.ini

Verwijderd ! - C:\DOCUME~1\WIMVLA~1\APPLIC~1\Bitdownload

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Verwijderd ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Beschrijving van mappen in APPLIC~1

[31/05/2009|14:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}

[30/08/2007|21:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[30/08/2007|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[23/08/2007|09:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus

[11/02/2008|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative

[07/07/2003|08:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink

[30/07/2009|19:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite

[30/07/2009|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro

[05/08/2008|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[12/08/2009|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater

[19/01/2008|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[23/06/2009|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[14/10/2005|17:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[10/03/2009|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[19/07/2003|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

[26/11/2003|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

[21/05/2009|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools

[31/08/2004|20:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm

[26/08/2005|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap

[05/12/2003|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[20/01/2008|16:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

[17/08/2007|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[30/08/2009|18:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[13/02/2010|07:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[20/04/2008|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

[27/10/2005|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[24/02/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[04/08/2003|15:36] C:\DOCUME~1\BEHEER~1\APPLIC~1\Adobe

[04/08/2003|15:37] C:\DOCUME~1\BEHEER~1\APPLIC~1\AdobeUM

[27/12/2003|22:37] C:\DOCUME~1\BEHEER~1\APPLIC~1\Aim

[31/07/2004|19:45] C:\DOCUME~1\BEHEER~1\APPLIC~1\ArcSoft

[23/07/2006|20:34] C:\DOCUME~1\BEHEER~1\APPLIC~1\Creative

[25/07/2003|20:05] C:\DOCUME~1\BEHEER~1\APPLIC~1\Help

[04/07/2003|16:12] C:\DOCUME~1\BEHEER~1\APPLIC~1\Identities

[07/10/2005|18:30] C:\DOCUME~1\BEHEER~1\APPLIC~1\Iomega Automatic Backup

[26/08/2004|20:56] C:\DOCUME~1\BEHEER~1\APPLIC~1\Ipswitch

[05/08/2008|12:13] C:\DOCUME~1\BEHEER~1\APPLIC~1\Macromedia

[27/07/2006|09:27] C:\DOCUME~1\BEHEER~1\APPLIC~1\Media Player Classic

[01/05/2005|20:17] C:\DOCUME~1\BEHEER~1\APPLIC~1\Microsoft

[26/07/2003|17:22] C:\DOCUME~1\BEHEER~1\APPLIC~1\Microsoft Web Folders

[21/03/2004|17:13] C:\DOCUME~1\BEHEER~1\APPLIC~1\MSN6

[10/07/2004|09:55] C:\DOCUME~1\BEHEER~1\APPLIC~1\Real

[25/07/2003|19:31] C:\DOCUME~1\BEHEER~1\APPLIC~1\Symantec

[04/07/2003|16:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[21/05/2009|17:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[21/05/2009|17:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[23/02/2008|10:56] C:\DOCUME~1\WIMVLA~1\APPLIC~1\.bsnes

[30/05/2008|20:59] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Adobe

[21/02/2006|21:06] C:\DOCUME~1\WIMVLA~1\APPLIC~1\AdobeAUM

[22/06/2008|18:04] C:\DOCUME~1\WIMVLA~1\APPLIC~1\AdobeUM

[01/08/2004|11:13] C:\DOCUME~1\WIMVLA~1\APPLIC~1\ArcSoft

[26/08/2008|11:50] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Atari

[23/08/2007|10:10] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Azureus

[01/11/2009|23:17] C:\DOCUME~1\WIMVLA~1\APPLIC~1\BitTorrent

[10/02/2008|13:53] C:\DOCUME~1\WIMVLA~1\APPLIC~1\BSplayer

[23/09/2007|19:16] C:\DOCUME~1\WIMVLA~1\APPLIC~1\BSplayer Pro

[19/12/2009|16:15] C:\DOCUME~1\WIMVLA~1\APPLIC~1\CoreFTP

[01/05/2005|21:23] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Creative

[30/07/2009|19:13] C:\DOCUME~1\WIMVLA~1\APPLIC~1\DAEMON Tools Lite

[30/07/2009|18:56] C:\DOCUME~1\WIMVLA~1\APPLIC~1\DAEMON Tools Pro

[30/08/2008|13:36] C:\DOCUME~1\WIMVLA~1\APPLIC~1\DNA

[22/12/2009|18:21] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Easy Macro Recorder

[01/09/2004|15:54] C:\DOCUME~1\WIMVLA~1\APPLIC~1\EverAd

[29/05/2008|22:19] C:\DOCUME~1\WIMVLA~1\APPLIC~1\FrostWire

[17/08/2008|22:59] C:\DOCUME~1\WIMVLA~1\APPLIC~1\GetRightToGo

[19/09/2004|15:55] C:\DOCUME~1\WIMVLA~1\APPLIC~1\GlobalSCAPE

[20/01/2007|17:00] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Google

[20/07/2003|14:40] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Help

[30/06/2009|11:39] C:\DOCUME~1\WIMVLA~1\APPLIC~1\ICAClient

[21/05/2009|22:21] C:\DOCUME~1\WIMVLA~1\APPLIC~1\id Software

[16/07/2003|19:29] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Identities

[13/11/2009|16:24] C:\DOCUME~1\WIMVLA~1\APPLIC~1\InstallShield

[07/10/2005|20:02] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Iomega Automatic Backup

[06/01/2008|18:42] C:\DOCUME~1\WIMVLA~1\APPLIC~1\ISP Monitor

[07/10/2005|18:03] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Leadertech

[05/08/2008|12:13] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Macromedia

[23/06/2009|12:21] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Malwarebytes

[15/02/2006|20:57] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Media Player Classic

[09/11/2009|18:57] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Microsoft

[26/07/2009|19:14] C:\DOCUME~1\WIMVLA~1\APPLIC~1\mIRC

[19/06/2008|09:02] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Mozilla

[11/12/2005|12:16] C:\DOCUME~1\WIMVLA~1\APPLIC~1\MSN6

[21/08/2008|11:51] C:\DOCUME~1\WIMVLA~1\APPLIC~1\My Games

[23/12/2009|20:13] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Opera

[11/02/2009|19:14] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Orbit

[16/05/2006|16:13] C:\DOCUME~1\WIMVLA~1\APPLIC~1\PC Tools

[16/11/2009|14:37] C:\DOCUME~1\WIMVLA~1\APPLIC~1\QuosaDDM

[06/12/2004|20:48] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Raptisoft

[20/01/2008|16:42] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Real

[24/09/2007|08:19] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Screenshot Sender

[16/07/2007|22:47] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Shareaza

[07/09/2004|18:20] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Sun

[18/08/2007|09:54] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Symantec

[25/12/2007|19:22] C:\DOCUME~1\WIMVLA~1\APPLIC~1\SystemRequirementsLab

[31/03/2007|17:27] C:\DOCUME~1\WIMVLA~1\APPLIC~1\teamspeak2

[31/05/2009|14:27] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Uniblue

[31/08/2009|21:51] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Winamp

[18/06/2004|19:30] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Yahoo!

[03/06/2004|18:52] C:\DOCUME~1\WIMVLA~1\APPLIC~1\Yahoo! Messenger

--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks

[13/02/2010 19:17][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[13/02/2010 19:17][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[13/02/2010 18:18][--a------] C:\WINDOWS\tasks\Google Software Updater.job

[13/02/2010 18:18][--ah-----] C:\WINDOWS\tasks\SA.DAT

[29/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ MsgPlus SPONSOR INSTALLED !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]

"SponsorInstalled"=dword:00000000

--------------------\\ Beschrijving van mappen in C:\Program Files

[19/09/2004|15:36] C:\Program Files\AC3Filter

[22/04/2006|10:54] C:\Program Files\Active Data Recovery Services

[30/08/2007|22:24] C:\Program Files\Adobe

[30/08/2007|21:42] C:\Program Files\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==

[18/07/2003|07:39] C:\Program Files\Ahead

[09/10/2003|21:18] C:\Program Files\Aimsoft

[10/05/2006|11:55] C:\Program Files\Alarm Clock

[24/08/2008|20:13] C:\Program Files\Alwil Software

[20/05/2004|20:14] C:\Program Files\Analog Devices

[18/06/2004|22:01] C:\Program Files\aod

[30/10/2005|23:12] C:\Program Files\ArcSoft

[17/07/2006|19:49] C:\Program Files\ARI

[22/07/2006|12:03] C:\Program Files\AV Vcs 4.0 DIAMOND

[21/07/2007|18:44] C:\Program Files\AviSynth 2.5

[13/11/2009|16:25] C:\Program Files\Belkin

[20/04/2008|09:35] C:\Program Files\BFG

[07/08/2008|18:27] C:\Program Files\BitTorrent

[13/02/2010|20:07] C:\Program Files\Call Of Duty 2

[31/07/2004|17:03] C:\Program Files\Canon

[04/11/2009|19:47] C:\Program Files\Cisco Systems

[29/06/2009|11:47] C:\Program Files\Citrix

[13/02/2010|14:21] C:\Program Files\CodeStuff

[13/02/2010|17:26] C:\Program Files\Common Files

[04/07/2003|16:03] C:\Program Files\ComPlus Applications

[19/12/2009|15:28] C:\Program Files\CoreFTP

[10/02/2008|10:58] C:\Program Files\Creative

[07/07/2003|08:35] C:\Program Files\CyberLink

[30/07/2009|19:11] C:\Program Files\DAEMON Tools Lite

[30/07/2009|19:05] C:\Program Files\DAEMON Tools Pro

[30/07/2009|19:11] C:\Program Files\DAEMON Tools Toolbar

[28/12/2006|18:53] C:\Program Files\DFX

[20/07/2003|14:01] C:\Program Files\directx

[15/05/2007|10:42] C:\Program Files\DivX

[30/08/2008|08:54] C:\Program Files\DNA

[26/04/2006|11:33] C:\Program Files\D-Tools

[30/08/2009|18:16] C:\Program Files\DVDVideoSoft

[22/12/2009|18:20] C:\Program Files\Easy Macro Recorder

[02/07/2006|13:51] C:\Program Files\EGB

[13/02/2010|10:43] C:\Program Files\Enigma Software Group

[15/02/2006|20:54] C:\Program Files\ffdshow

[15/08/2005|18:11] C:\Program Files\FlashGet

[15/04/2006|09:49] C:\Program Files\FLVPlayer

[30/08/2009|18:16] C:\Program Files\Free WMA to MP3 Converter

[22/03/2009|16:47] C:\Program Files\FrostWire

[25/09/2007|17:57] C:\Program Files\Gabest

[07/02/2005|22:58] C:\Program Files\Gadwin Systems

[05/12/2006|21:15] C:\Program Files\GetVideo

[27/12/2009|21:37] C:\Program Files\Google

[06/11/2004|20:59] C:\Program Files\HarmWare

[16/08/2007|18:21] C:\Program Files\Inetpromoter

[21/03/2007|21:16] C:\Program Files\install_2_11_H

[13/11/2009|16:25] C:\Program Files\InstallShield Installation Information

[04/07/2003|16:19] C:\Program Files\Intel

[26/01/2010|08:14] C:\Program Files\Internet Explorer

[07/10/2005|18:09] C:\Program Files\Iomega

[04/07/2004|09:46] C:\Program Files\Ipswitch

[28/08/2007|21:43] C:\Program Files\iTudou

[03/12/2009|19:18] C:\Program Files\Java

[30/08/2007|08:31] C:\Program Files\KeePass Password Safe

[20/01/2008|16:43] C:\Program Files\K-Lite Codec Pack

[05/08/2008|12:10] C:\Program Files\Lavasoft

[30/08/2009|18:19] C:\Program Files\LimeWire

[02/07/2006|18:02] C:\Program Files\Lionhead Studios

[04/01/2009|16:18] C:\Program Files\Logitech

[05/08/2008|12:13] C:\Program Files\Macromedia

[12/02/2010|18:46] C:\Program Files\Malwarebytes' Anti-Malware

[15/08/2008|00:06] C:\Program Files\Messenger

[23/06/2009|14:05] C:\Program Files\Messenger Plus! 2

[29/04/2006|15:42] C:\Program Files\Messenger Plus! 3

[26/07/2009|18:12] C:\Program Files\Messenger Plus! Live

[27/10/2009|12:25] C:\Program Files\Microsoft

[25/02/2008|07:45] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[26/07/2003|19:48] C:\Program Files\microsoft frontpage

[30/07/2009|19:14] C:\Program Files\Microsoft Games

[26/07/2003|20:13] C:\Program Files\Microsoft Image Composer

[15/04/2009|16:36] C:\Program Files\Microsoft Office

[26/01/2010|08:17] C:\Program Files\Microsoft Silverlight

[26/07/2003|19:50] C:\Program Files\Microsoft Visual Studio

[05/08/2008|12:14] C:\Program Files\Minefield

[26/07/2009|19:13] C:\Program Files\mIRC

[15/02/2006|20:53] C:\Program Files\Morgan

[03/08/2006|14:59] C:\Program Files\Movie Maker

[13/02/2010|20:07] C:\Program Files\Mozilla Firefox

[16/11/2009|12:19] C:\Program Files\MSBuild

[15/04/2009|16:32] C:\Program Files\MSECache

[24/12/2005|18:19] C:\Program Files\MSN

[04/07/2003|16:02] C:\Program Files\MSN Gaming Zone

[29/03/2008|15:01] C:\Program Files\MSN Messenger

[21/11/2006|00:13] C:\Program Files\MSXML 4.0

[16/11/2009|12:07] C:\Program Files\MSXML 6.0

[03/08/2006|14:56] C:\Program Files\NetMeeting

[30/07/2008|15:37] C:\Program Files\NetMeter

[30/10/2005|23:18] C:\Program Files\Netscape

[21/05/2009|22:16] C:\Program Files\Norton Security Scan

[05/12/2006|21:15] C:\Program Files\Nuclear Coffee

[04/07/2003|16:04] C:\Program Files\Online Services

[26/07/2003|16:41] C:\Program Files\Ontrack

[25/10/2009|23:23] C:\Program Files\Outlook Express

[30/08/2009|18:21] C:\Program Files\Parkeerbonnen Monopoly

[30/08/2009|18:22] C:\Program Files\PokerStars

[21/08/2007|18:26] C:\Program Files\PopCap Games

[06/08/2008|19:07] C:\Program Files\Project64 1.6

[26/04/2006|11:33] C:\Program Files\QuickTime

[18/06/2004|22:01] C:\Program Files\Real

[16/11/2009|12:19] C:\Program Files\Reference Assemblies

[19/11/2006|10:45] C:\Program Files\ReflexiveArcade

[02/01/2010|23:40] C:\Program Files\Sector69

[31/01/2004|12:48] C:\Program Files\Sierra On-Line

[20/01/2008|19:43] C:\Program Files\SLD Codec Pack

[11/08/2007|14:43] C:\Program Files\Sobotta Atlas

[27/10/2005|11:16] C:\Program Files\Sony Setup

[14/06/2009|13:54] C:\Program Files\Spyware Doctor

[16/08/2007|18:20] C:\Program Files\Spyware-doctor

[17/08/2009|15:55] C:\Program Files\StuffPlug3

[22/08/2008|18:00] C:\Program Files\Sun

[19/09/2008|23:36] C:\Program Files\Switch Off

[25/12/2007|19:22] C:\Program Files\SystemRequirementsLab

[23/06/2009|11:42] C:\Program Files\Trend Micro

[23/12/2003|23:16] C:\Program Files\TryMedia

[31/05/2009|14:25] C:\Program Files\Uniblue

[30/07/2004|23:36] C:\Program Files\Uninstall Information

[16/10/2008|22:26] C:\Program Files\VeryPDF PDF2Word v3.0

[22/10/2007|18:36] C:\Program Files\Webteh

[03/07/2008|12:02] C:\Program Files\Winamp

[27/10/2009|12:37] C:\Program Files\Windows Live

[10/03/2009|08:22] C:\Program Files\Windows Live SkyDrive

[10/12/2006|10:01] C:\Program Files\Windows Media Connect 2

[10/12/2006|10:01] C:\Program Files\Windows Media Player

[03/08/2006|14:56] C:\Program Files\Windows NT

[07/11/2004|20:41] C:\Program Files\WindowsUpdate

[26/04/2006|11:33] C:\Program Files\WinRAR

[18/02/2007|20:55] C:\Program Files\WordWeb

[30/06/2008|07:29] C:\Program Files\Workspace Macro Pro 6.5

[04/07/2004|10:05] C:\Program Files\WS_FTP

[04/07/2003|16:05] C:\Program Files\xerox

[29/06/2008|10:19] C:\Program Files\Yahoo!

[09/08/2003|00:41] C:\Program Files\YRefresher

--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files

[30/08/2007|22:20] C:\Program Files\Common Files\Adobe

[30/08/2007|21:53] C:\Program Files\Common Files\Adobe Systems Shared

[26/07/2003|17:24] C:\Program Files\Common Files\Designer

[15/11/2009|22:55] C:\Program Files\Common Files\Deterministic Networks

[10/02/2008|12:25] C:\Program Files\Common Files\DVDVideoSoft

[03/11/2007|14:41] C:\Program Files\Common Files\InstallShield

[07/09/2004|18:16] C:\Program Files\Common Files\Java

[04/01/2009|16:18] C:\Program Files\Common Files\Logitech

[26/07/2003|20:35] C:\Program Files\Common Files\Macromedia

[21/05/2009|17:43] C:\Program Files\Common Files\Microsoft Shared

[07/09/2004|18:06] C:\Program Files\Common Files\mozilla.org

[04/07/2003|16:03] C:\Program Files\Common Files\MSSoap

[18/02/2006|18:00] C:\Program Files\Common Files\Novell Shared

[04/07/2003|17:53] C:\Program Files\Common Files\ODBC

[21/05/2009|19:08] C:\Program Files\Common Files\PC Tools

[20/01/2008|16:43] C:\Program Files\Common Files\Real

[04/07/2003|16:03] C:\Program Files\Common Files\Services

[04/07/2003|17:53] C:\Program Files\Common Files\SpeechEngines

[29/10/2006|15:28] C:\Program Files\Common Files\SWF Studio

[30/08/2009|18:20] C:\Program Files\Common Files\Symantec Shared

[13/06/2007|09:33] C:\Program Files\Common Files\System

[10/03/2009|08:20] C:\Program Files\Common Files\Windows Live

[24/02/2008|11:05] C:\Program Files\Common Files\WindowsLiveInstaller

[05/08/2008|12:10] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Zoeken met S_Lop

Geen Lop mappen gevonden !

--------------------\\ Zoeken naar Lop Bestanden - Mappen

Geen Lop mappen gevonden !

--------------------\\ Zoeken doorheen het Register

..... OK !

--------------------\\ Nazicht van het Hosts bestand

Hosts bestand IN ORDE

--------------------\\ Zoeken naar verborgen bestanden met Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-02-13 20:13:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 233

--------------------\\ Zoeken naar andere infecties

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\WIMVLA~1\Application Data\BitTorrent\Virtual Villagers 3 + Crack.rar.1.torrent

C:\DOCUME~1\WIMVLA~1\Application Data\BitTorrent\Virtual Villagers 3 + Crack.rar.torrent

C:\DOCUME~1\WIMVLA~1\My Documents\Downloads\Metadata\Adobe Photoshop CS2 v9.0 FinaL + KeyGeN & Activator==.zip.xml

C:\DOCUME~1\WIMVLA~1\My Documents\Downloads\Metadata\Bigfish Games - Virtual Villagers - The Lost Children + Crack updated-fixed Release 02-2007.zip.xml

[F:11][D:7]-> C:\DOCUME~1\WIMVLA~1\LOCALS~1\Temp

[F:121][D:0]-> C:\DOCUME~1\WIMVLA~1\Cookies

[F:43][D:4]-> C:\DOCUME~1\WIMVLA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - za 13/02/2010|20:16 - Option : [2]

--------------------\\ Scan voltooid om 20:16:25

Inloggen

Post-Security tool periode => trage pc

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie