Het is nu di okt 21, 2014 8:58 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 10 berichten ] 
Auteur Bericht
BerichtGeplaatst: ma maart 10, 2008 11:22 pm 
Offline
Lid

Geregistreerd: ma maart 10, 2008 11:18 pm
Berichten: 9
Beste mensen,

Als een digibeet, toch besmet met rotzooi,

Ik heb alle stappen doorlopen, en dit is mijn log file:

Wie kan mij Helpen

Hans

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:11, on 10-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/I ... oader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.ggzge.net/dana-cached/se ... tupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11147 bytes


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: di maart 11, 2008 12:37 am 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 12166
Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis :)


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 10:23 am 
Offline
Lid

Geregistreerd: ma maart 10, 2008 11:18 pm
Berichten: 9
Eerst de nieuwe hijacklog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:17, on 12-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A057A45C-5F78-49AC-A515-684A7CD2B440} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/I ... oader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.ggzge.net/dana-cached/se ... tupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: byxxyay - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12970 bytes

En dan het malware logje:

Malwarebytes' Anti-Malware 1.08
Database versie: 480

Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 99120
Verstreken tijd: 35 minute(s), 58 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 12
Registerwaarden geïnfecteerd: 1
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 12

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
c:\WINDOWS\system32\byxxyay.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\pmkhe.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{fbd29c3c-c642-4843-a627-6e54a947b511} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbd29c3c-c642-4843-a627-6e54a947b511} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxxyay (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a057a45c-5f78-49ac-a515-684a7cd2b440} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a057a45c-5f78-49ac-a515-684a7cd2b440} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fbd29c3c-c642-4843-a627-6e54a947b511} (Trojan.Vundo) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkhe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmkhe -> Delete on reboot.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
c:\WINDOWS\system32\byxxyay.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmkhe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ehkmp.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ehkmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efccbbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gebabca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{355A274C-BDED-46C3-B564-FB3BE8D43B7E}\RP179\A0024087.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{355A274C-BDED-46C3-B564-FB3BE8D43B7E}\RP180\A0024193.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{355A274C-BDED-46C3-B564-FB3BE8D43B7E}\RP180\A0024194.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{355A274C-BDED-46C3-B564-FB3BE8D43B7E}\RP180\A0024212.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{355A274C-BDED-46C3-B564-FB3BE8D43B7E}\RP181\A0025212.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{355A274C-BDED-46C3-B564-FB3BE8D43B7E}\RP182\A0026292.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 12:30 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 12166
Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {A057A45C-5F78-49AC-A515-684A7CD2B440} - (no file)
O2 - BHO: (no name) - {FBD29C3C-C642-4843-A627-6E54A947B511} - (no file)
O20 - Winlogon Notify: byxxyay - C:\WINDOWS\

Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Herstart je computer.

Post een nieuw logje van Hijackthis.

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht ;)


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 2:16 pm 
Offline
Lid

Geregistreerd: ma maart 10, 2008 11:18 pm
Berichten: 9
Daar komen de logjes :)

Eerst de hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:44, on 12-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} (Cimporter Object) - http://www.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ss ... gctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss ... gctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/I ... oader4.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://portal.ggzge.net/dana-cached/se ... tupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11452 bytes

En dan de zoek log:

----a-w 952 2008-03-07 19:48:38 C:\WINDOWS\win.ini
----a-w 379,480 2008-03-09 08:25:16 C:\WINDOWS\setupact.log
----a-w 49 2008-03-12 12:08:20 C:\WINDOWS\wiaservc.log
----a-w 159 2008-03-12 12:09:42 C:\WINDOWS\wiadebug.log
----a-w 4,200 2008-03-12 12:10:22 C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
----a-w 1,517,990 2008-03-12 12:07:52 C:\WINDOWS\WindowsUpdate.log
----a-w 116 2008-03-12 09:37:30 C:\WINDOWS\NeroDigital.ini
--s-a-w 2,048 2008-03-12 12:09:24 C:\WINDOWS\bootstat.dat
----a-w 32,528 2008-03-12 12:08:18 C:\WINDOWS\SchedLgU.Txt
----a-w 0 2008-03-12 12:09:46 C:\WINDOWS\0.log
----a-w 85,662 2008-03-12 07:45:50 C:\WINDOWS\setupapi.log
----a-w 208 2008-03-07 22:04:52 C:\WINDOWS\wininit.ini
----a-w 245,938 2008-03-10 20:14:04 C:\WINDOWS\ntbtlog.txt
----a-w 861 2008-03-07 19:53:36 C:\WINDOWS\KB912812.log
----a-w 39,383 2008-03-08 15:50:44 C:\WINDOWS\KB944533-IE7.log
----a-w 167 2008-03-07 16:32:38 C:\WINDOWS\ConverterCore.INI
----a-w 357 2008-03-08 07:24:34 C:\WINDOWS\GEARInstall.log
----a-w 1,158 2008-03-12 12:10:20 C:\WINDOWS\system32\wpa.dbl
----a-w 64,194 2008-03-07 19:50:54 C:\WINDOWS\system32\perfc009.dat
----a-w 405,644 2008-03-07 19:50:54 C:\WINDOWS\system32\perfh009.dat
----a-w 83,556 2008-03-07 19:50:54 C:\WINDOWS\system32\perfc013.dat
----a-w 470,638 2008-03-07 19:50:54 C:\WINDOWS\system32\perfh013.dat
----a-w 48,776 2008-03-08 07:49:56 C:\WINDOWS\system32\S32EVNT1.DLL
----a-w 93,760 2008-03-10 14:52:28 C:\WINDOWS\system32\entvoarp.dll
----a-w 1,035,092 2008-03-07 19:50:54 C:\WINDOWS\system32\PerfStringBackup.INI
------w 42,496 2008-03-12 08:07:54 C:\WINDOWS\system32\byxxyay.dll
----a-w 29 2008-03-07 16:55:52 C:\WINDOWS\system32\uwfpdsir.tmp
------w 294,976 2008-03-12 08:07:54 C:\WINDOWS\system32\pmkhe.dll
----a-w 143 2008-03-12 07:57:28 C:\WINDOWS\system32\mcrh.tmp
--sha-w 208,853 2008-03-12 08:12:46 C:\WINDOWS\system32\ehkmp.ini2
----a-w 16 2008-03-08 07:36:42 C:\WINDOWS\system32\coh.cache
----a-w 93,248 2008-03-12 07:13:42 C:\WINDOWS\system32\rvulvgti.dll
---ha-w 1,024 2008-03-12 12:12:20 C:\WINDOWS\system32\config\system.LOG
---ha-w 24,576 2008-03-12 12:13:02 C:\WINDOWS\system32\config\software.LOG
---ha-w 1,024 2008-03-12 12:12:06 C:\WINDOWS\system32\config\default.LOG
---ha-w 1,024 2008-03-12 12:09:30 C:\WINDOWS\system32\config\SAM.LOG
---ha-w 1,024 2008-03-12 12:11:40 C:\WINDOWS\system32\config\SECURITY.LOG
----a-w 524,288 2008-03-12 12:08:18 C:\WINDOWS\system32\config\SysEvent.Evt
----a-w 524,288 2008-03-12 12:08:18 C:\WINDOWS\system32\config\AppEvent.Evt
----a-w 115,000 2008-03-08 07:49:56 C:\WINDOWS\system32\drivers\SYMEVENT.SYS
----a-w 806 2008-03-08 07:49:56 C:\WINDOWS\system32\drivers\SYMEVENT.INF
----a-w 8,014 2008-03-08 07:49:56 C:\WINDOWS\system32\drivers\SYMEVENT.CAT
----a-w 776 2008-03-08 07:08:30 C:\WINDOWS\system32\drivers\etc\hosts.20080310-161453.backup
----a-r 227,750 2008-03-10 15:14:54 C:\WINDOWS\system32\drivers\etc\hosts.20080310-164735.backup
----a-w 20 2008-03-12 12:09:42 C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
----a-w 5,424 2008-03-12 12:11:00 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
----a-w 5,424 2008-03-12 12:11:08 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
----a-w 4 2008-03-12 12:11:08 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
----a-w 796 2008-03-12 12:11:08 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
----a-w 4,628 2008-03-12 12:11:08 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
----a-w 9,428,992 2008-03-12 12:11:08 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
----a-w 1,581,056 2008-03-12 12:11:08 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
----a-w 501 2008-03-07 23:18:10 C:\WINDOWS\system32\wbem\Logs\wbemprox.log
----a-w 64,480 2008-03-12 12:10:18 C:\WINDOWS\system32\wbem\Logs\FrameWork.log
----a-w 15,627 2008-03-12 08:19:28 C:\WINDOWS\system32\wbem\Logs\wmiprov.log
----a-w 65,605 2008-03-12 12:10:04 C:\WINDOWS\system32\wbem\Logs\wbemess.lo_
----a-w 2,277 2008-03-12 12:11:20 C:\WINDOWS\system32\wbem\Logs\wbemess.log
----a-w 738 2008-03-07 19:50:46 C:\WINDOWS\system32\wbem\Performance\WmiApRpl.h
----a-w 6,534 2008-03-07 19:50:54 C:\WINDOWS\system32\wbem\Performance\WmiApRpl.ini
----a-w 8,192 2008-03-12 12:08:20 C:\WINDOWS\system32\CatRoot2\edb.chk
----a-w 85,913 2008-03-08 17:09:40 C:\WINDOWS\system32\CatRoot2\dberr.txt
----a-w 131,072 2008-03-12 12:08:20 C:\WINDOWS\system32\CatRoot2\edb.log
----a-w 131,072 2008-03-08 04:54:52 C:\WINDOWS\system32\CatRoot2\edb000A3.log
----a-w 1,588,872 2008-03-09 08:25:04 C:\WINDOWS\inf\INFCACHE.1
----a-w 4,100 2008-03-09 08:25:04 C:\WINDOWS\inf\branches.PNF
----a-w 1,139 2008-03-08 19:50:38 C:\WINDOWS\Temp\Norton_SPALOG_3_8_2008_567687.txt
----a-w 1,502 2008-03-08 19:50:54 C:\WINDOWS\Temp\Norton_SPALOG_3_8_2008_5410625.txt
----a-w 255 2008-03-12 12:09:32 C:\WINDOWS\Temp\WGAErrLog.txt
----a-w 0 2008-03-09 07:58:50 C:\WINDOWS\Temp\T30DebugLogFile.txt
----a-w 409 2008-03-12 12:10:26 C:\WINDOWS\Temp\WGANotify.settings
----a-w 8,192 2008-03-10 14:50:38 C:\WINDOWS\Temp\JET16A6.tmp
----a-w 11,960,320 2008-03-10 14:50:40 C:\WINDOWS\Temp\JET18E8.tmp
----a-w 8,192 2008-03-10 16:18:00 C:\WINDOWS\Temp\JET367D.tmp
----a-w 0 2008-03-12 12:11:24 C:\WINDOWS\Temp\JET4F20.tmp
----a-w 0 2008-03-12 12:11:26 C:\WINDOWS\Temp\JET521D.tmp
----a-w 31,864 2008-03-12 07:23:10 C:\WINDOWS\Temp\symlcsv1.exe
----a-w 1,219 2008-03-09 15:42:30 C:\WINDOWS\Temp\Norton_SPALOG_3_9_2008_27481593.txt
----a-w 0 2008-03-12 12:09:26 C:\WINDOWS\Debug\PASSWD.LOG
----a-w 107,320 2008-03-12 12:09:24 C:\WINDOWS\Debug\UserMode\userenv.log
----a-w 433,368 2008-03-08 16:57:14 C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1043.dat.bak
----a-w 1,438 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_918.xml
----a-w 47,120 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_920.xml
----a-w 2,500 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_922.xml
----a-w 15,552 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_924.xml
----a-w 3,462 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_926.xml
----a-w 1,574 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_928.xml
----a-w 27,836 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_930.xml
----a-w 2,036 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_932.xml
----a-w 490,658 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_934.xml
----a-w 191,760 2008-03-08 17:56:04 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_936.xml
----a-w 71,920 2008-03-08 17:56:04 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_938.xml
----a-w 6,120 2008-03-08 17:56:04 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_940.xml
----a-w 170,962 2008-03-08 17:56:04 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_942.xml
----a-w 32,662 2008-03-08 17:56:30 C:\WINDOWS\pchealth\helpctr\DataColl\history_db.xml
----a-w 8,901,192 2008-03-08 17:56:10 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_944.xml
----a-w 48,664 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_916.xml
----a-w 3,742 2008-03-06 14:26:20 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_897.xml
----a-w 5,246 2008-03-06 14:26:22 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_907.xml
----a-w 22,192 2008-03-06 14:26:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_913.xml
----a-w 3,742 2008-03-08 17:56:02 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_927.xml
----a-w 19,832 2008-03-08 17:56:04 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_937.xml
----a-w 25,588 2008-03-08 17:56:04 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_943.xml
----a-w 46,966 2008-03-08 17:56:28 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_945.xml
----a-w 1,059,840 2008-03-08 07:47:54 C:\WINDOWS\Installer\1916a9.msi
----a-w 307,200 2008-03-08 07:22:24 C:\WINDOWS\Installer\251f3.msi
----a-w 2,086,400 2008-03-08 17:21:48 C:\WINDOWS\Installer\4ee094.msi
----a-w 966,144 2008-03-08 07:24:04 C:\WINDOWS\Installer\251ff.msi
----a-w 373,760 2008-03-08 07:24:22 C:\WINDOWS\Installer\25205.msi
----a-w 252,928 2008-03-08 07:24:34 C:\WINDOWS\Installer\2520b.msi
----a-w 217,088 2008-03-08 07:24:48 C:\WINDOWS\Installer\25211.msi
----a-w 250,368 2008-03-08 07:25:08 C:\WINDOWS\Installer\25217.msi
----a-w 700,928 2008-03-08 07:25:24 C:\WINDOWS\Installer\2521d.msi
----a-w 4,389,888 2008-03-08 07:28:06 C:\WINDOWS\Installer\25223.msi
----a-w 961,536 2008-03-08 07:28:52 C:\WINDOWS\Installer\2522d.msi
----a-w 1,875,456 2008-03-08 07:29:14 C:\WINDOWS\Installer\25233.msi
----a-w 1,651,200 2008-03-08 17:22:20 C:\WINDOWS\Installer\4ee09e.msi
----a-w 1,946,624 2008-03-08 07:52:14 C:\WINDOWS\Installer\2523f.msi
----a-w 1,852,416 2008-03-08 07:30:50 C:\WINDOWS\Installer\25245.msi
----a-w 1,469,440 2008-03-08 07:31:14 C:\WINDOWS\Installer\2524b.msi
----a-w 1,498,112 2008-03-08 07:32:00 C:\WINDOWS\Installer\25251.msi
----a-w 807,936 2008-03-08 07:32:34 C:\WINDOWS\Installer\25257.msi
----a-w 839,168 2008-03-08 07:50:24 C:\WINDOWS\Installer\1916bb.msi
----a-w 1,665,536 2008-03-08 17:22:52 C:\WINDOWS\Installer\4ee0a4.msi
----a-w 1,436,160 2008-03-08 17:23:16 C:\WINDOWS\Installer\4ee0aa.msi
----a-w 1,462,784 2008-03-08 17:24:30 C:\WINDOWS\Installer\4ee0b8.msi
----a-w 549,376 2008-03-08 17:24:58 C:\WINDOWS\Installer\4ee0be.msi
----a-w 908,800 2008-03-08 17:25:24 C:\WINDOWS\Installer\4ee0c4.msi
----a-w 805,888 2008-03-08 17:25:42 C:\WINDOWS\Installer\4ee0ca.msi
----a-w 42,749 2008-03-08 07:09:24 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CONFIG\security.config.cch
----a-w 25,114 2008-03-08 07:24:30 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CONFIG\enterprisesec.config.cch
----a-w 1,048,576 2008-03-12 12:09:54 C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C10A2146-E5B9-4E9D-B1A9-AAA85CD8D562}.crmlog
----a-w 146,040 2008-03-08 07:24:20 C:\WINDOWS\assembly\GAC\SymAddIn\10.2.0.1__ea8ad8cd626b3bac\SymAddIn.dll
----a-w 197 2008-03-08 07:24:26 C:\WINDOWS\assembly\GAC\SymAddIn\10.2.0.1__ea8ad8cd626b3bac\__AssemblyInfo__.ini
---ha-w 6 2008-03-12 12:09:38 C:\WINDOWS\Tasks\SA.DAT
----a-w 28,490 2008-03-12 11:17:44 C:\WINDOWS\Prefetch\HPQDSTCP.EXE-251675CE.pf
----a-w 43,368 2008-03-12 11:17:44 C:\WINDOWS\Prefetch\HPQKYGRP.EXE-36C12FCC.pf
----a-w 19,542 2008-03-12 11:17:50 C:\WINDOWS\Prefetch\DOCPROC.EXE-1F645EA2.pf
----a-w 25,018 2008-03-08 07:08:16 C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf
----a-w 41,334 2008-03-08 17:54:12 C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf
----a-w 73,496 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\EHREC.EXE-2365F918.pf
----a-w 98,640 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\SPOOLSV.EXE-3A613CE3.pf
----a-w 71,012 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf
----a-w 96,992 2008-03-08 17:25:04 C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf
----a-w 11,738 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf
----a-w 20,750 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\EHRECVR.EXE-20A109D9.pf
----a-w 12,446 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\EHSCHED.EXE-1E7EF345.pf
----a-w 84,992 2008-03-12 12:02:00 C:\WINDOWS\Prefetch\OUTLOOK.EXE-0CC1C5E5.pf
----a-w 14,342 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf
----a-w 32,028 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\HPOSTS08.EXE-06128920.pf
----a-w 22,864 2008-03-12 12:08:04 C:\WINDOWS\Prefetch\LOGONUIX.EXE-0CAA0AB7.pf
----a-w 11,118 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\LSSRVC.EXE-0B977198.pf
----a-w 33,526 2008-03-12 08:16:12 C:\WINDOWS\Prefetch\ALUSCHEDULERSVC.EXE-16E7B2A3.pf
----a-w 16,078 2008-03-12 08:16:12 C:\WINDOWS\Prefetch\REGSRVC.EXE-1A4FEDDE.pf
----a-w 72,636 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf
----a-w 33,378 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-1D8A4379.pf
----a-w 18,700 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\HPOBNZ08.EXE-0D7D2E90.pf
----a-w 51,786 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\DLLHOST.EXE-474D72E6.pf
----a-w 21,634 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf
----a-w 50,632 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\HPOEVM08.EXE-18AF13A4.pf
----a-w 7,772 2008-03-08 18:10:18 C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf
----a-w 37,314 2008-03-12 07:21:46 C:\WINDOWS\Prefetch\FWCFG.EXE-25BD130D.pf
----a-w 42,686 2008-03-12 08:16:42 C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf
----a-w 46,678 2008-03-12 07:12:50 C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf
----a-w 86,460 2008-03-12 08:53:24 C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf
----a-w 10,570 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\PSDRVCHECK.EXE-2ABC771E.pf
----a-w 66,586 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\GOOGLEDESKTOP.EXE-16DAD850.pf
----a-w 12,526 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-2926B5EA.pf
----a-w 13,944 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf
----a-w 39,654 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\HCONTROL.EXE-27D377E4.pf
----a-w 14,726 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\IGFXTRAY.EXE-0A23D403.pf
----a-w 12,312 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\HKCMD.EXE-0F06AE14.pf
----a-w 12,248 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\IGFXPERS.EXE-19DA7B04.pf
----a-w 28,232 2008-03-12 11:42:42 C:\WINDOWS\Prefetch\WINMINE.EXE-1C017FC4.pf
----a-w 39,028 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\PIFSVC.EXE-263A5067.pf
----a-w 17,304 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\ATKOSD.EXE-283F7FA7.pf
----a-w 44,372 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf
----a-w 18,552 2008-03-12 11:27:52 C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf
----a-w 15,212 2008-03-12 11:27:54 C:\WINDOWS\Prefetch\DFRGFAT.EXE-22605FE5.pf
----a-w 27,750 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\ZCFGSVC.EXE-3A532485.pf
----a-w 56,922 2008-03-10 21:24:02 C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf
----a-w 13,134 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\BATTERYLIFE.EXE-09B13A23.pf
----a-w 19,216 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\ADOBEUPDATEMANAGER.EXE-0075C43E.pf
----a-w 16,620 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf
----a-w 15,904 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\HPGS2WNF.EXE-37EAA714.pf
----a-w 17,824 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\EHTRAY.EXE-337AC592.pf
----a-w 15,874 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\SYNTPENH.EXE-2B70B91C.pf
----a-w 48,746 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\IFRMEWRK.EXE-02DE6F7E.pf
----a-w 10,570 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\WINAMPA.EXE-15BD1ED5.pf
----a-w 27,808 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf
----a-w 13,574 2008-03-12 07:11:42 C:\WINDOWS\Prefetch\MCRDSVC.EXE-05390B47.pf
----a-w 19,362 2008-03-12 07:11:42 C:\WINDOWS\Prefetch\FXSSVC.EXE-140862E7.pf
----a-w 16,348 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf
----a-w 22,028 2008-03-12 08:16:52 C:\WINDOWS\Prefetch\EHMSAS.EXE-1E4CE886.pf
----a-w 21,798 2008-03-08 18:27:12 C:\WINDOWS\Prefetch\RUNDLL32.EXE-65A9A159.pf
----a-w 28,332 2008-03-08 18:29:58 C:\WINDOWS\Prefetch\SPAEX.EXE-0E9B9C37.pf
----a-w 17,152 2008-03-12 11:40:58 C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf
----a-w 33,700 2008-03-08 18:29:58 C:\WINDOWS\Prefetch\LUPRODRG.EXE-1FFB6E6E.pf
----a-w 40,990 2008-03-12 08:35:12 C:\WINDOWS\Prefetch\PIFCRAWL.EXE-317BEAFF.pf
----a-w 52,964 2008-03-09 08:12:20 C:\WINDOWS\Prefetch\COMHOST.EXE-0533DCA1.pf
----a-w 51,202 2008-03-12 07:30:42 C:\WINDOWS\Prefetch\LUALL.EXE-288D30C1.pf
----a-w 36,828 2008-03-08 19:50:30 C:\WINDOWS\Prefetch\CCLUFIX.EXE-3AC0E2C9.pf
----a-w 37,350 2008-03-08 19:50:32 C:\WINDOWS\Prefetch\SPA.EXE-0544546B.pf
----a-w 32,752 2008-03-08 19:50:38 C:\WINDOWS\Prefetch\LUPRODRG.EXE-2091CB72.pf
----a-w 62,112 2008-03-08 19:50:42 C:\WINDOWS\Prefetch\SPAEX.EXE-3AD34460.pf
----a-w 33,674 2008-03-08 19:50:56 C:\WINDOWS\Prefetch\LUPRODRG.EXE-16F63392.pf
----a-w 20,858 2008-03-08 19:50:56 C:\WINDOWS\Prefetch\N360PA~1.EXE-225C0CF7.pf
----a-w 93,412 2008-03-10 15:31:18 C:\WINDOWS\Prefetch\ACRORD32.EXE-1CE22EA3.pf
----a-w 24,016 2008-03-09 07:58:32 C:\WINDOWS\Prefetch\EVTENG.EXE-38C1434A.pf
----a-w 20,636 2008-03-09 07:58:32 C:\WINDOWS\Prefetch\S24EVMON.EXE-2EB33684.pf
----a-w 20,440 2008-03-10 18:56:30 C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf
----a-w 7,752 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf
----a-w 21,408 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\ABLKSR.EXE-32F5710F.pf
----a-w 32,482 2008-03-09 08:12:28 C:\WINDOWS\Prefetch\LUPRODRG.EXE-3B18DAD7.pf
----a-w 24,800 2008-03-12 07:28:02 C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf
----a-w 19,216 2008-03-09 22:11:26 C:\WINDOWS\Prefetch\RUNDLL32.EXE-5C5C7A0B.pf
----a-w 41,842 2008-03-12 07:30:26 C:\WINDOWS\Prefetch\SSAUTORN.EXE-3B2FABF0.pf
----a-w 70,494 2008-03-12 07:23:20 C:\WINDOWS\Prefetch\SYMLCSV1.EXE-0F09BE6C.pf
----a-w 18,150 2008-03-09 08:25:12 C:\WINDOWS\Prefetch\RUNDLL32.EXE-40AD95F9.pf
----a-w 15,198 2008-03-12 07:23:24 C:\WINDOWS\Prefetch\SYMLCSVC.EXE-2CB155BD.pf
----a-w 19,716 2008-03-09 14:13:22 C:\WINDOWS\Prefetch\DOOM95.EXE-30215FC1.pf
----a-w 16,504 2008-03-12 09:30:10 C:\WINDOWS\Prefetch\MAINSTUB.EXE-001B79F7.pf
----a-w 67,638 2008-03-09 15:38:18 C:\WINDOWS\Prefetch\SUPPSTUB.EXE-06FE2AF3.pf
----a-w 41,250 2008-03-09 21:53:16 C:\WINDOWS\Prefetch\SCANSTUB.EXE-233B46B9.pf
----a-w 22,700 2008-03-09 15:42:20 C:\WINDOWS\Prefetch\SPAEX.EXE-0C2548AB.pf
----a-w 33,686 2008-03-09 15:42:32 C:\WINDOWS\Prefetch\LUPRODRG.EXE-056D2EF5.pf
----a-w 19,624 2008-03-09 15:42:32 C:\WINDOWS\Prefetch\N360PA~1.EXE-0E70326D.pf
----a-w 20,312 2008-03-10 14:56:44 C:\WINDOWS\Prefetch\OSE.EXE-2C5425B3.pf
----a-w 39,552 2008-03-09 21:44:24 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A22402C.pf
----a-w 33,670 2008-03-09 21:44:28 C:\WINDOWS\Prefetch\RUNDLL32.EXE-488D8186.pf
----a-w 40,596 2008-03-09 21:59:20 C:\WINDOWS\Prefetch\NAOPSTUB.EXE-1095559D.pf
----a-w 74,184 2008-03-09 22:06:28 C:\WINDOWS\Prefetch\RUNDLL32.EXE-5A0CA285.pf
----a-w 31,018 2008-03-09 22:07:48 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3CADD0BA.pf
----a-w 37,322 2008-03-09 22:10:38 C:\WINDOWS\Prefetch\RUNDLL32.EXE-7249F641.pf
----a-w 42,808 2008-03-10 16:16:24 C:\WINDOWS\Prefetch\SM56HLPR.EXE-10940500.pf
----a-w 15,158 2008-03-10 16:16:24 C:\WINDOWS\Prefetch\HPGS2WND.EXE-11832C7F.pf
----a-w 8,290 2008-03-10 14:51:24 C:\WINDOWS\Prefetch\SYMLCSV1.EXE-2CF2E134.pf
----a-w 18,538 2008-03-10 15:07:24 C:\WINDOWS\Prefetch\SPYBOTSD152.EXE-1369EA3D.pf
----a-w 53,042 2008-03-12 08:28:32 C:\WINDOWS\Prefetch\WFICA32.EXE-36CF7B68.pf
----a-w 17,944 2008-03-10 15:07:24 C:\WINDOWS\Prefetch\SPYBOTSD152.TMP-3756F9BB.pf
----a-w 36,026 2008-03-10 15:07:58 C:\WINDOWS\Prefetch\SPYBOTSD_INCLUDES.EXE-0B715E2B.pf
----a-w 102,214 2008-03-10 16:17:28 C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf
----a-w 31,882 2008-03-12 08:17:22 C:\WINDOWS\Prefetch\TEATIMER.EXE-0390E8A7.pf
----a-w 66,482 2008-03-10 16:17:14 C:\WINDOWS\Prefetch\SDUPDATE.EXE-2A88E3BA.pf
----a-w 49,612 2008-03-10 15:18:24 C:\WINDOWS\Prefetch\RUNDLL32.EXE-68E85C97.pf
----a-w 48,794 2008-03-10 15:21:50 C:\WINDOWS\Prefetch\RUNDLL32.EXE-69F5042C.pf
----a-w 30,792 2008-03-10 15:21:54 C:\WINDOWS\Prefetch\RUNDLL32.EXE-481532AF.pf
----a-w 45,342 2008-03-10 15:22:48 C:\WINDOWS\Prefetch\FREE-SPYHUNTER-SCANNER-INSTAL-34309C27.pf
----a-w 68,972 2008-03-10 15:23:20 C:\WINDOWS\Prefetch\SPYHUNTER3.EXE-17CC83A1.pf
----a-w 41,756 2008-03-10 15:35:42 C:\WINDOWS\Prefetch\UNINSTALL.EXE-34016BEC.pf
----a-w 28,612 2008-03-10 21:24:04 C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf
----a-w 11,854 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\ALCMTR.EXE-01A7139B.pf
----a-w 20,948 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\RTHDCPL.EXE-005A6E31.pf
----a-w 20,292 2008-03-10 17:57:04 C:\WINDOWS\Prefetch\ATF-CLEANER.EXE-34B912B5.pf
----a-w 54,424 2008-03-10 18:02:18 C:\WINDOWS\Prefetch\AVGAS-SETUP-7.5.1.43-3339.EXE-088A3E97.pf
----a-w 76,278 2008-03-12 08:16:10 C:\WINDOWS\Prefetch\GUARD.EXE-1B701525.pf
----a-w 1,498,638 2008-03-12 12:11:34 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
----a-w 445,412 2008-03-12 11:27:42 C:\WINDOWS\Prefetch\Layout.ini
----a-w 58,302 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\IGFXSRVC.EXE-1D88F978.pf
----a-w 95,164 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
----a-w 78,912 2008-03-12 11:29:40 C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf
----a-w 64,204 2008-03-12 11:29:30 C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1610F181.pf
----a-w 47,838 2008-03-12 11:29:40 C:\WINDOWS\Prefetch\LUCALLBACKPROXY.EXE-29128DB6.pf
----a-w 102,318 2008-03-08 04:53:42 C:\WINDOWS\Prefetch\NSCSRVCE.EXE-24B30AFD.pf
----a-w 48,736 2008-03-12 12:11:36 C:\WINDOWS\Prefetch\DOT1XCFG.EXE-007A59B8.pf
----a-w 8 2008-03-08 04:54:20 C:\WINDOWS\SoftwareDistribution\EventCache\{11D17F2B-0087-409F-AB3C-B54C8A7EC525}.bin
----a-w 8 2008-03-08 07:22:20 C:\WINDOWS\SoftwareDistribution\EventCache\{2EB14BFE-8FD5-4BD8-81A0-F0B4A3E67020}.bin
----a-w 8 2008-03-08 07:59:08 C:\WINDOWS\SoftwareDistribution\EventCache\{10B1E11B-7A6C-46DB-8929-7CFC281E3387}.bin
----a-w 8 2008-03-08 15:55:02 C:\WINDOWS\SoftwareDistribution\EventCache\{A8AB5BF2-DB1F-46DD-AC84-E6CB46920F98}.bin
----a-w 8 2008-03-08 18:01:44 C:\WINDOWS\SoftwareDistribution\EventCache\{429662F0-1EE2-4D8A-98F9-3895A3CB218C}.bin
----a-w 8 2008-03-10 14:51:00 C:\WINDOWS\SoftwareDistribution\EventCache\{6F2DAD1B-EF4B-466E-A986-1AF70F7AC31D}.bin
----a-w 8 2008-03-10 16:16:30 C:\WINDOWS\SoftwareDistribution\EventCache\{255D4D00-434C-4FB5-90B7-2CF8B0B43B4F}.bin
----a-w 8 2008-03-12 08:17:10 C:\WINDOWS\SoftwareDistribution\EventCache\{CBCB6A55-F5EE-483A-97A2-F985CE9F95EB}.bin
----a-w 8 2008-03-12 12:12:14 C:\WINDOWS\SoftwareDistribution\EventCache\{D8CA4487-2767-4E6F-A0C9-962B4B8CB5B4}.bin
----a-w 4 2008-03-08 04:54:22 C:\WINDOWS\SoftwareDistribution\Download\1641df03ac29cd5eb68d7361219d0d81\_downloadprogress_.state
----a-w 34 2008-03-08 04:55:14 C:\WINDOWS\SoftwareDistribution\Download\1641df03ac29cd5eb68d7361219d0d81\_usedelta_.state
----a-w 34 2008-03-08 04:54:42 C:\WINDOWS\SoftwareDistribution\Download\1641df03ac29cd5eb68d7361219d0d81\_unpacked_.state
----a-w 6,299,648 2008-03-12 12:10:42 C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
----a-w 65,536 2008-03-12 12:10:42 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
----a-w 131,072 2008-03-08 20:34:02 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00080.log
----a-w 131,072 2008-03-12 12:10:40 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
----a-w 8,192 2008-03-12 12:11:04 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
----a-w 25,384 2008-03-12 07:13:32 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab
----a-w 25,384 2008-03-08 16:02:40 C:\WINDOWS\SoftwareDistribution\WebSetup\wsus3setup.cab
----a-w 25,516 2008-03-08 15:50:44 C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf
----a-w 7,491 2008-03-10 21:11:20 C:\WINDOWS\BDOSCAN8\bdoscan.log
----a-w 87 2008-03-10 20:25:52 C:\WINDOWS\BDOSCAN8\bdoscan.ini
----a-w 6,828 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\scanoptions.tsi
----a-w 86,016 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\upd82.bpx
----a-w 195 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\scanres2.html
----a-w 17,067 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\scanres.html
----a-w 254 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\rtvr2.html
----a-w 4,746 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\rtvr.html
----a-w 471,040 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\oscan82.ocx
----a-w 86,016 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\librtvr.dll
----a-w 1,878 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\boot.xmd
----a-w 27,136 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\avxt.dll
----a-w 10,240 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\avxs.dll
----a-w 45,056 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\avxdisk.dll
----a-w 77,824 2008-03-10 20:26:30 C:\WINDOWS\BDOSCAN8\bdupd.dll.updpnd
----a-w 142,848 2008-03-10 20:26:30 C:\WINDOWS\BDOSCAN8\libfn.dll
----a-w 181,760 2008-03-10 20:26:30 C:\WINDOWS\BDOSCAN8\bdcore.dll
----a-w 6,828 2008-03-10 20:26:28 C:\WINDOWS\BDOSCAN8\scanoptions.tsk
----a-w 14,999 2008-03-10 20:28:16 C:\WINDOWS\BDOSCAN8\plugins.htm
----a-w 29,707 2008-03-10 21:09:44 C:\WINDOWS\BDOSCAN8\scanrep.html
----a-w 18,937 2008-03-10 20:28:06 C:\WINDOWS\BDOSCAN8\plugins\zip.xmd
----a-w 1,604 2008-03-10 20:28:06 C:\WINDOWS\BDOSCAN8\plugins\z.xmd
----a-w 33,050 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i92
----a-w 30,116 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i91
----a-w 29,859 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i90
----a-w 40,748 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\7zip.xmd
----a-w 3,842 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\gzip.xmd
----a-w 58,430 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.ivd
----a-w 3,892 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\access.xmd
----a-w 5,001 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.xmd
----a-w 32,189 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.ivd
----a-w 30,782 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i99
----a-w 8,737 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\ace.xmd
----a-w 2,082 2008-03-10 20:27:54 C:\WINDOWS\BDOSCAN8\plugins\mso.xmd
----a-w 6,996 2008-03-10 20:27:54 C:\WINDOWS\BDOSCAN8\plugins\mime.xmd
----a-w 3,399 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\adsntfs.xmd
----a-w 205 2008-03-10 20:27:54 C:\WINDOWS\BDOSCAN8\plugins\na.cvd
----a-w 1,948 2008-03-10 20:27:52 C:\WINDOWS\BDOSCAN8\plugins\mdx_xf.cvd
----a-w 19,174 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\alz.xmd
----a-w 1,988 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\uudecode.xmd
----a-w 110 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\update.txt
----a-w 3,611 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\arc.xmd
----a-w 30,320 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i93
----a-w 32,228 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i89
----a-w 33,341 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i88
----a-w 6,284 2008-03-10 20:26:32 C:\WINDOWS\BDOSCAN8\plugins\arj.xmd
----a-w 49,435 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\ve.cvd
----a-w 45,669 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\unpack.xmd
----a-w 102,269 2008-03-10 20:26:34 C:\WINDOWS\BDOSCAN8\plugins\aspy_emu.cvd
----a-w 48 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\ve.ivd
----a-w 151,978 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\unpack.ivd
----a-w 6,712 2008-03-10 20:26:34 C:\WINDOWS\BDOSCAN8\plugins\bach.xmd
----a-w 33,050 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i94
----a-w 30,159 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i87
----a-w 32,983 2008-03-10 20:27:32 C:\WINDOWS\BDOSCAN8\plugins\emalware.i86
----a-w 1,878 2008-03-10 20:26:26 C:\WINDOWS\BDOSCAN8\plugins\boot.xmd
----a-w 1,247 2008-03-10 20:28:06 C:\WINDOWS\BDOSCAN8\plugins\xishield.xmd
----a-w 1,559 2008-03-10 20:28:06 C:\WINDOWS\BDOSCAN8\plugins\xcookies.xmd
----a-w 19,355 2008-03-10 20:26:34 C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd
----a-w 32,324 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i95
----a-w 31,381 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i85
----a-w 30,433 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i84
----a-w 14,378 2008-03-10 20:26:34 C:\WINDOWS\BDOSCAN8\plugins\cab.xmd
----a-w 31,914 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i96
----a-w 34,072 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i83
----a-w 31,546 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i82
----a-w 358,723 2008-03-10 20:26:34 C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.cvd
----a-w 34,915 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i97
----a-w 32,997 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i81
----a-w 31,465 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i80
----a-w 100,612 2008-03-10 20:26:36 C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.ivd
----a-w 34,586 2008-03-10 20:27:34 C:\WINDOWS\BDOSCAN8\plugins\emalware.i98
----a-w 34,840 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i79
----a-w 36,009 2008-03-10 20:27:30 C:\WINDOWS\BDOSCAN8\plugins\emalware.i78
----a-w 396,719 2008-03-10 20:26:36 C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.rvd
----a-w 34,202 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i77
----a-w 33,635 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i76
----a-w 33,326 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i75
----a-w 186,491 2008-03-10 20:26:38 C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.xmd
----a-w 32,067 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i74
----a-w 30,678 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i73
----a-w 32,504 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i72
----a-w 119,702 2008-03-10 20:26:38 C:\WINDOWS\BDOSCAN8\plugins\ceva_dll.cvd
----a-w 62 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i39
----a-w 62 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i38
----a-w 62 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i37
----a-w 130,609 2008-03-10 20:26:38 C:\WINDOWS\BDOSCAN8\plugins\ceva_emu.cvd
----a-w 2,806 2008-03-10 20:27:36 C:\WINDOWS\BDOSCAN8\plugins\epoc.xmd
----a-w 29,076 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i71
----a-w 32,489 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i70
----a-w 297,530 2008-03-10 20:26:40 C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.cvd
----a-w 3,797 2008-03-10 20:28:06 C:\WINDOWS\BDOSCAN8\plugins\wise.xmd
----a-w 13,015 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\viza.xmd
----a-w 94,628 2008-03-10 20:26:40 C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.ivd
----a-w 301,831 2008-03-10 20:27:38 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.cvd
----a-w 32,957 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i69
----a-w 34,862 2008-03-10 20:27:28 C:\WINDOWS\BDOSCAN8\plugins\emalware.i68
----a-w 13,189 2008-03-10 20:26:42 C:\WINDOWS\BDOSCAN8\plugins\chm.xmd
----a-w 59,319 2008-03-10 20:27:38 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i01
----a-w 33,240 2008-03-10 20:27:26 C:\WINDOWS\BDOSCAN8\plugins\emalware.i67
----a-w 30,220 2008-03-10 20:27:26 C:\WINDOWS\BDOSCAN8\plugins\emalware.i66
----a-w 6,626 2008-03-10 20:26:42 C:\WINDOWS\BDOSCAN8\plugins\cookie.cvd
----a-w 688 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\vedata.cvd
----a-w 79,803 2008-03-10 20:28:04 C:\WINDOWS\BDOSCAN8\plugins\ve.xmd
----a-w 2,158 2008-03-10 20:26:42 C:\WINDOWS\BDOSCAN8\plugins\cookie.xmd
----a-w 193,418 2008-03-10 20:28:02 C:\WINDOWS\BDOSCAN8\plugins\unpack.cvd
----a-w 846 2008-03-10 20:28:02 C:\WINDOWS\BDOSCAN8\plugins\tnef.xmd
----a-w 3,489 2008-03-10 20:26:42 C:\WINDOWS\BDOSCAN8\plugins\cpio.xmd
----a-w 1,102 2008-03-10 20:28:02 C:\WINDOWS\BDOSCAN8\plugins\thebat.xmd
----a-w 2,863 2008-03-10 20:28:02 C:\WINDOWS\BDOSCAN8\plugins\td0.xmd
----a-w 295,343 2008-03-10 20:26:42 C:\WINDOWS\BDOSCAN8\plugins\cran.cvd
----a-w 3,998 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\tar.xmd
----a-w 10,540 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\swf.xmd
----a-w 91,228 2008-03-10 20:26:44 C:\WINDOWS\BDOSCAN8\plugins\cran.ivd
----a-w 13,163 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\sfx.xmd
----a-w 10,277 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\sdx.xmd
----a-w 6,060 2008-03-10 20:26:44 C:\WINDOWS\BDOSCAN8\plugins\cran.xmd
----a-w 57,208 2008-03-10 20:27:38 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i02
----a-w 27,911 2008-03-10 20:27:26 C:\WINDOWS\BDOSCAN8\plugins\emalware.i65
----a-w 26,004 2008-03-10 20:27:26 C:\WINDOWS\BDOSCAN8\plugins\emalware.i64
----a-w 1,346 2008-03-10 20:26:44 C:\WINDOWS\BDOSCAN8\plugins\dbx.xmd
----a-w 51,178 2008-03-10 20:27:38 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i03
----a-w 25,913 2008-03-10 20:27:26 C:\WINDOWS\BDOSCAN8\plugins\emalware.i63
----a-w 31,044 2008-03-10 20:27:26 C:\WINDOWS\BDOSCAN8\plugins\emalware.i62
----a-w 10,871 2008-03-10 20:26:44 C:\WINDOWS\BDOSCAN8\plugins\docfile.xmd
----a-w 50,585 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i04
----a-w 25,936 2008-03-10 20:27:24 C:\WINDOWS\BDOSCAN8\plugins\emalware.i61
----a-w 29,298 2008-03-10 20:27:24 C:\WINDOWS\BDOSCAN8\plugins\emalware.i60
----a-w 30,223 2008-03-10 20:26:44 C:\WINDOWS\BDOSCAN8\plugins\emalware.001
----a-w 55,570 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i05
----a-w 29,765 2008-03-10 20:27:24 C:\WINDOWS\BDOSCAN8\plugins\emalware.i59
----a-w 32,989 2008-03-10 20:27:24 C:\WINDOWS\BDOSCAN8\plugins\emalware.i58
----a-w 31,662 2008-03-10 20:26:44 C:\WINDOWS\BDOSCAN8\plugins\emalware.002
----a-w 55,887 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i06
----a-w 30,238 2008-03-10 20:27:24 C:\WINDOWS\BDOSCAN8\plugins\emalware.i57
----a-w 26,251 2008-03-10 20:27:24 C:\WINDOWS\BDOSCAN8\plugins\emalware.i56
----a-w 31,124 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.003
----a-w 49,628 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i07
----a-w 29,624 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i55
----a-w 21,693 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i54
----a-w 30,115 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.004
----a-w 34,629 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i08
----a-w 29,055 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i53
----a-w 28,838 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i52
----a-w 30,026 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.005
----a-w 26,888 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i09
----a-w 30,905 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i51
----a-w 26,649 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i50
----a-w 29,935 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.006
----a-w 31,601 2008-03-10 20:27:40 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i10
----a-w 27,643 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i49
----a-w 31,295 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i48
----a-w 26,507 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.007
----a-w 31,453 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i11
----a-w 32,667 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i47
----a-w 27,444 2008-03-10 20:27:22 C:\WINDOWS\BDOSCAN8\plugins\emalware.i46
----a-w 26,299 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.008
----a-w 31,589 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i12
----a-w 29,463 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i45
----a-w 30,291 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i44
----a-w 26,599 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.009
----a-w 29,124 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i13
----a-w 29,376 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i43
----a-w 32,985 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i42
----a-w 26,587 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.010
----a-w 20,322 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i14
----a-w 29,376 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i41
----a-w 30,380 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i40
----a-w 26,854 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.011
----a-w 32,803 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i15
----a-w 31,845 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i39
----a-w 30,698 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i38
----a-w 26,799 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.012
----a-w 22,202 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i16
----a-w 31,020 2008-03-10 20:27:20 C:\WINDOWS\BDOSCAN8\plugins\emalware.i37
----a-w 33,657 2008-03-10 20:27:18 C:\WINDOWS\BDOSCAN8\plugins\emalware.i36
----a-w 26,400 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.013
----a-w 29,786 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i17
----a-w 32,677 2008-03-10 20:27:18 C:\WINDOWS\BDOSCAN8\plugins\emalware.i35
----a-w 30,101 2008-03-10 20:27:18 C:\WINDOWS\BDOSCAN8\plugins\emalware.i34
----a-w 233 2008-03-10 20:26:46 C:\WINDOWS\BDOSCAN8\plugins\emalware.014
----a-w 5,741 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i18
----a-w 30,171 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i33
----a-w 29,338 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i32
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.015
----a-w 62 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i19
----a-w 27,564 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i31
----a-w 25,865 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i30
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.016
----a-w 62 2008-03-10 20:27:42 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i20
----a-w 30,267 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i29
----a-w 32,521 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i28
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.017
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i21
----a-w 29,149 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i27
----a-w 28,079 2008-03-10 20:27:16 C:\WINDOWS\BDOSCAN8\plugins\emalware.i26
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.018
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i22
----a-w 26,371 2008-03-10 20:27:14 C:\WINDOWS\BDOSCAN8\plugins\emalware.i25
----a-w 30,949 2008-03-10 20:27:14 C:\WINDOWS\BDOSCAN8\plugins\emalware.i24
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.019
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i23
----a-w 30,106 2008-03-10 20:27:14 C:\WINDOWS\BDOSCAN8\plugins\emalware.i23
----a-w 34,776 2008-03-10 20:27:14 C:\WINDOWS\BDOSCAN8\plugins\emalware.i22
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.020
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i24
----a-w 30,627 2008-03-10 20:27:14 C:\WINDOWS\BDOSCAN8\plugins\emalware.i21
----a-w 31,279 2008-03-10 20:27:14 C:\WINDOWS\BDOSCAN8\plugins\emalware.i20
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.021
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i25
----a-w 31,448 2008-03-10 20:27:12 C:\WINDOWS\BDOSCAN8\plugins\emalware.i19
----a-w 27,984 2008-03-10 20:27:12 C:\WINDOWS\BDOSCAN8\plugins\emalware.i18
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.022
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i26
----a-w 31,458 2008-03-10 20:27:12 C:\WINDOWS\BDOSCAN8\plugins\emalware.i17
----a-w 28,175 2008-03-10 20:27:12 C:\WINDOWS\BDOSCAN8\plugins\emalware.i16
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.023
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i27
----a-w 30,630 2008-03-10 20:27:12 C:\WINDOWS\BDOSCAN8\plugins\emalware.i15
----a-w 29,089 2008-03-10 20:27:12 C:\WINDOWS\BDOSCAN8\plugins\emalware.i14
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.024
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i28
----a-w 30,114 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i13
----a-w 32,454 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i12
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.025
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i29
----a-w 32,074 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i11
----a-w 34,476 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i10
----a-w 62 2008-03-10 20:26:48 C:\WINDOWS\BDOSCAN8\plugins\emalware.026
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i30
----a-w 26,323 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i09
----a-w 31,219 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i08
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.027
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i31
----a-w 33,430 2008-03-10 20:27:10 C:\WINDOWS\BDOSCAN8\plugins\emalware.i07
----a-w 31,133 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.i06
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.028
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i32
----a-w 26,331 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.i05
----a-w 26,845 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.i04
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.029
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i33
----a-w 25,792 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.i03
----a-w 34,745 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.i02
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.030
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i34
----a-w 30,153 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.i01
----a-w 6,500,383 2008-03-10 20:27:08 C:\WINDOWS\BDOSCAN8\plugins\emalware.cvd
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.031
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i35
----a-w 62 2008-03-10 20:26:52 C:\WINDOWS\BDOSCAN8\plugins\emalware.050
----a-w 62 2008-03-10 20:26:52 C:\WINDOWS\BDOSCAN8\plugins\emalware.049
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.032
----a-w 62 2008-03-10 20:27:44 C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i36
----a-w 62 2008-03-10 20:26:52 C:\WINDOWS\BDOSCAN8\plugins\emalware.048
----a-w 62 2008-03-10 20:26:52 C:\WINDOWS\BDOSCAN8\plugins\emalware.047
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.033
----a-w 62 2008-03-10 20:26:52 C:\WINDOWS\BDOSCAN8\plugins\emalware.046
----a-w 62 2008-03-10 20:26:52 C:\WINDOWS\BDOSCAN8\plugins\emalware.045
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.044
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.034
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.043
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.042
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.041
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.035
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.040
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.039
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.038
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.036
----a-w 122,676 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\gvmscripts.cvd
----a-w 62 2008-03-10 20:26:50 C:\WINDOWS\BDOSCAN8\plugins\emalware.037
----a-w 8,201 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\ha.xmd
----a-w 3,534 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\hlp.xmd
----a-w 4,669 2008-03-10 20:27:46 C:\WINDOWS\BDOSCAN8\plugins\hpe.cvd
----a-w 2,537 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\hpe.xmd
----a-w 1,726 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\hqx.xmd
----a-w 18,951 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\html.xmd
----a-w 7,622 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\imp.xmd
----a-w 21,368 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\instyler.xmd
----a-w 1,173 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\inno.xmd
----a-w 37,426 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\iso.xmd
----a-w 3,305 2008-03-10 20:27:48 C:\WINDOWS\BDOSCAN8\plugins\java.cvd
----a-w 8,501 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\java.xmd
----a-w 4,795 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\jpeg.xmd
----a-w 9,492 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\lha.xmd
----a-w 930 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\lnk.xmd
----a-w 2,150 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\mbox.xmd
----a-w 791 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\mbx.xmd
----a-w 9,651 2008-03-10 20:27:52 C:\WINDOWS\BDOSCAN8\plugins\mdx_x95.cvd
----a-w 59,489 2008-03-10 20:27:52 C:\WINDOWS\BDOSCAN8\plugins\mdx_w95.cvd
----a-w 172,226 2008-03-10 20:27:52 C:\WINDOWS\BDOSCAN8\plugins\mdx_97.ivd
----a-w 46,043 2008-03-10 20:27:50 C:\WINDOWS\BDOSCAN8\plugins\mdx.xmd
----a-w 344,892 2008-03-10 20:27:52 C:\WINDOWS\BDOSCAN8\plugins\mdx_97.cvd
----a-w 5,672 2008-03-10 20:27:54 C:\WINDOWS\BDOSCAN8\plugins\mobmalware.cvd
----a-w 6,864 2008-03-10 20:27:54 C:\WINDOWS\BDOSCAN8\plugins\mobmalware.xmd
----a-w 12,596 2008-03-10 20:27:54 C:\WINDOWS\BDOSCAN8\plugins\na.xmd
----a-w 18,255 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\nelf.cvd
----a-w 3,036 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\nelf.xmd
----a-w 14,390 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\nsis.xmd
----a-w 1,062 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\objd.xmd
----a-w 12,755 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\pdf.xmd
----a-w 4,278 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\proc.xmd
----a-w 6,178 2008-03-10 20:27:56 C:\WINDOWS\BDOSCAN8\plugins\pst.xmd
----a-w 406 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\regscan.xmd
----a-w 15,292 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\regscan.cvd
----a-w 13,700 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\regarch.xmd
----a-w 44,859 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\rar.xmd
----a-w 203 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\regarch.cvd
----a-w 1,187 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\rpm.xmd
----a-w 2,515 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\rtf.xmd
----a-w 1,904 2008-03-10 20:27:58 C:\WINDOWS\BDOSCAN8\plugins\rup.cvd
----a-w 1,891 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\rup.xmd
----a-w 191,100 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\sdx.cvd
----a-w 83,880 2008-03-10 20:28:00 C:\WINDOWS\BDOSCAN8\plugins\sdx.ivd
----a-w 3,667 2008-03-10 20:28:06 C:\WINDOWS\BDOS


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 2:50 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 12166
Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\entvoarp.dll
C:\WINDOWS\system32\byxxyay.dll
C:\WINDOWS\system32\uwfpdsir.tmp
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\rvulvgti.dll
C:\WINDOWS\wininit.ini) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Herstart de computer.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 3:24 pm 
Offline
Lid

Geregistreerd: ma maart 10, 2008 11:18 pm
Berichten: 9
Hier is ie:

Deleting files
C:\WINDOWS\system32\entvoarp.dll deleted
C:\WINDOWS\system32\byxxyay.dll deleted
C:\WINDOWS\system32\uwfpdsir.tmp deleted
C:\WINDOWS\system32\pmkhe.dll deleted
C:\WINDOWS\system32\mcrh.tmp deleted
C:\WINDOWS\system32\ehkmp.ini2 deleted
C:\WINDOWS\system32\rvulvgti.dll deleted
C:\WINDOWS\wininit.ini deleted


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 3:31 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 12166
Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Vertel of er nog problemen zijn :)


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 3:49 pm 
Offline
Lid

Geregistreerd: ma maart 10, 2008 11:18 pm
Berichten: 9
smeenk schreef:
Vertel of er nog problemen zijn :)


Het lijkt erop dat het probleem bij de vorige stap die jij voorstelde, al opgelost was.

Echter uiteraard alles uitgevoerd,

Kunnen nu de verschillende gedownloade programma's weer gedeinstalleerd worden?
Ik denk hierbij aan AVG anti Spyware, malwarebytes en de online scanners??

Ik gebruik zelf Norton 360. vandaar de vraag!?

In iedergeval al hartelijk dank!!!!!!!!!!!1 :D :D :D


Omhoog
 Profiel  
 
 Berichttitel:
BerichtGeplaatst: wo maart 12, 2008 3:58 pm 
Offline
Site Admin
Avatar gebruiker

Geregistreerd: wo feb 08, 2006 12:42 pm
Berichten: 12166
Graag gedaan hoor :)

Programma's die je niet meer wenst te gebruiken mag je deïnstalleren/verwijderen.

Omdat je problemen voorbij zijn verplaats ik je topic naar de "Opgeloste Hijackthis logs".
Wil je dit topic heropend hebben, stuur mij dan een "PB".


Groeten smeenk ;)


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 10 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Yahoo [Bot] en 3 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling