Mededeling

**iamarjan1988** · 07-01-08, 14:02

de pop-up's komen terwijl er geen gebruik gemaakt wordt van IE er is wel altijd een LAN verbinding. wie helpt

**Marckie** · 09-01-08, 13:59

Maak een hijackthislog en post deze.
Dan kunnen we zien wat er juist aan de hand is.

**iamarjan1988** · 09-01-08, 14:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:32, on 9-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [NECMFK] "C:\Program Files\necmfk\necmfk.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171802809387
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 14329 bytes

**Marckie** · 09-01-08, 14:14

Sluit alle open vensters.
Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

O2 - BHO: superiorads - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: (no name) - {8E015787-B1E3-404a-95DE-3E71E1FA0305} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart

Klik daarna op "Fix checked" en sluit HijackThis af.

Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Plaats het op je bureaublad.
Dubbelklik er op om het programma te starten.
In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
Volg de instructies op het scherm.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

**iamarjan1988** · 09-01-08, 14:59

ComboFix 08-01-09.2 - Arjan van der Steege 2008-01-09 15:21:30.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Arjan van der Steege\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sprt_ads.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))
.

2008-01-09 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 23:08 . 2008-01-08 23:08 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-01-07 18:58 . 2008-01-09 15:10 <DIR> dr-h----- C:\Documents and Settings\Arjan van der Steege\Onlangs geopend
2008-01-07 15:15 . 2008-01-07 15:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-07 15:14 . 2008-01-07 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-05 20:08 . 2008-01-05 20:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-02 20:18 . 2008-01-02 20:18 <DIR> d-------- C:\Program Files\SAGEM
2008-01-02 20:18 . 2008-01-02 20:18 <DIR> d-------- C:\Documents and Settings\Arjan van der Steege\Application Data\InstallShield
2008-01-02 20:18 . 2007-04-04 08:08 184,320 --a------ C:\WINDOWS\system32\coclassfast.dll
2008-01-02 09:56 . 2008-01-02 09:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 22:36 . 2008-01-07 19:47 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-27 13:25 . 2008-01-09 15:08 <DIR> d-------- C:\Program Files\IntelligentAdvisor
2007-12-27 12:08 . 2008-01-09 15:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 12:08 . 2008-01-09 15:30 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-24 15:38 . 2008-01-08 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 14:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 15:49 --------- d-----w C:\Program Files\Winamp
2008-01-06 15:49 --------- d-----w C:\Program Files\MP3 Remix
2008-01-05 17:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 12:31 --------- d-----w C:\Program Files\Codemasters
2007-12-25 19:35 --------- d-----w C:\Program Files\LimeWire
2007-12-24 14:40 --------- d-----w C:\Program Files\Google
2007-12-18 14:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-18 14:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-18 14:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-18 14:22 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-18 14:22 --------- d-----w C:\Program Files\Symantec
2007-12-18 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-18 13:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-04 19:15 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:30 727,040 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,501,760 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 08:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 08:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 08:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-09 12:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 12:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 12:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 12:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 12:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 12:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 12:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 12:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 11:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 22:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-03-14 21:37 185480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 20:07 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 19:52 376912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-02-27 10:27 135168]
"NECMFK"="C:\Program Files\necmfk\necmfk.exe" [2004-01-23 12:41 62976]
"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-01-27 20:10 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-11 08:35 88363 C:\WINDOWS\AGRSMMSG.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-12 22:10 151597]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-26 21:31 77824]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09 57344]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 12:35 319488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
"Spyware Doctor"=""

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-24 15:38:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=C:\WINDOWS\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Arjan van der Steege^Menu Start^Programma's^Opstarten^Norton System Doctor.LNK]
path=C:\Documents and Settings\Arjan van der Steege\Menu Start\Programma's\Opstarten\Norton System Doctor.LNK
backup=C:\WINDOWS\pss\Norton System Doctor.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-01 10:02]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\system32\drivers\mfkgtkey.sys [2003-12-03 08:48]
R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 15:36]
R1 Ps2LedIF;Ps2LedIF;C:\WINDOWS\system32\drivers\ps2ledif.sys [2003-01-10 14:39]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 16:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 16:09]
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;C:\WINDOWS\system32\DRIVERS\Ps2Led.sys [2004-01-21 19:58]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Arjan van der Steege\Mijn documenten\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\kerneld.wnt [2007-08-19 13:38]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\3.tmp

S3 nenum13E;nenum13E;C:\DOCUME~1\ARJANV~1\LOCALS~1\Temp\nenum13E.sys

S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\system32\DRIVERS\snct511.sys [2002-11-26 17:16]
S3 wlask48d;802.11b WLAN PC Card Service;C:\WINDOWS\system32\DRIVERS\wlask48d.sys [2004-01-06 11:33]

.
Inhoud van de 'Gedeelde Taken' map
"2008-01-09 14:27:04 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2005-08-07 20:54:42 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2008-01-09 14:00:00 C:\WINDOWS\Tasks\F67528E5A372C4AD.job"
- c:\docume~1\arjanv~1\applic~1\dentfo~1\Medialongcopy.exe
"2005-05-08 19:13:46 C:\WINDOWS\Tasks\Herinnering voor registratie 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-05-08 19:13:46 C:\WINDOWS\Tasks\Herinnering voor registratie 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-05-08 19:13:46 C:\WINDOWS\Tasks\Herinnering voor registratie 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-05-08 19:13:46 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
"2007-12-21 22:05:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Arjan van der Steege.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-12-21 19:00:00 C:\WINDOWS\Tasks\Schijfopruiming.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-01-07 19:00:00 C:\WINDOWS\Tasks\Systeemherstel.job"
- C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 15:42:00
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = ??????????

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-01-09 15:53:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-09 14:53:09
.
2007-12-18 16:14:52 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:59:08, on 9-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [NECMFK] "C:\Program Files\necmfk\necmfk.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\nl.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171802809387
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13838 bytes

**Marckie** · 09-01-08, 15:12

Download reglooks.exe
Plaats het op je bureaublad.
Dubbelklik op reglooks.exe. Doe verder niets en wacht tot er een logfile opent. Post de inhoud van deze logfile.

**iamarjan1988** · 09-01-08, 15:19

REGLOOKS logfile

version 0.977
wo 09-01-2008 16:15:39,60
running from: "C:\Documents and Settings\Arjan van der Steege\Bureaublad"

--- SSODL regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll"

--- STS regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found

--- USERINIT regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

--- SHELL regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"

--- SYSTEM regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""

--- APPINIT_DLLS regkey ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""

--- NOTIFY regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"WRNotifier" "DllName"="WRLogonNTF.dll"

--- BOOTEXECUTE regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0SsiEfr.e\0lsdelete\0\0

--- SHELLEXECUTEHOOKS regkey ---

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

--- HKLM\Run regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Apoint"="\"C:\\Program Files\\Apoint2K\\Apoint.exe\""
"NECMFK"="\"C:\\Program Files\\necmfk\\necmfk.exe\""
"ATIPTA"="\"C:\\PROGRAM FILES\\ATI TECHNOLOGIES\\ATI CONTROL PANEL\\ATIPTAXX.EXE\""
"AGRSMMSG"="AGRSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
[run\OptionalComponents]
[run\OptionalComponents\IMAIL]
"Installed"="1"
[run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[run\OptionalComponents\MSFS]
"Installed"="1"

--- HKLM\RunOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found

--- HKLM\RunOnceEx regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
@=""

--- HKLM\RunServices regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
no HKLM RunServices keys found

--- HKLM\RunServicesOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
no HKLM RunServicesOnce keys found

--- HKCU\Run regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""

--- HKCU\RunOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found

--- HKCU\RunOnceEx regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKCU RunOnceEx keys found

--- HKCU\RunServices regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
no HKCU RunServices keys found

--- HKCU\RunServicesOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
no HKCU RunServicesOnce keys found

--- HKU\.DEFAULT\Run regkeys - Default user ---

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""

--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""

--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

--- HKLM\Explorer\Run regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
no HKLM Explorer\Run keys found

--- HKCU\Explorer\Run regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
no HKCU Explorer\Run keys found

--- Image File Execution regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found

--- BROWSER HELPER OBJECTS regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}" FILE ="C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll"
"{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}" FILE ="C:\\Program Files\\Winamp Toolbar\\winamptb.dll"
"{6548BF73-58FF-71D5-F97D-17C71E323709}" FILE ="C:\\Program Files\\IntelligentAdvisor\\IntelligentAdvisor-2.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}" FILE ="c:\\program files\\google\\googletoolbar1.dll"
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}" FILE ="C:\\Program Files\\Google\\GoogleToolbarNotifier\\2.1.1119.1736\\swg.dll"

--- TOOLBAR regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" FILE ="C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll"
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" FILE ="C:\\Program Files\\Winamp Toolbar\\winamptb.dll"
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" FILE ="c:\\program files\\google\\googletoolbar1.dll"

--- URLSEARCHHOOKS regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"="" FILE ="C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll"

--- CONTEXTMENUHANDLERS regkeys ---

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll"
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\PROGRA~1\\NORTON~1\\NavShExt.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
"AVG Anti-Spyware" CLSID ={8934FCEF-F5B8-468f-951F-78A921CD3920} FILE ="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\context.dll"
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
"Symantec.Norton.Antivirus.IEContextMenu" CLSID ={FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} FILE ="C:\\PROGRA~1\\NORTON~1\\NavShExt.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

--- ALTERNATESHELL regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
"AlternateShell"="cmd.exe"

--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
no unknown services found

--- SAFEBOOT NETWORK SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
nm
nm.sys

--- SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4
"DisplayName"="IPv6-hulpservice"
%SystemRoot%\system32\svchost.exe -k netsvcs

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aeaudio
system32\drivers\aeaudio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ApfiltrService
"DisplayName"="NEC VersaGlide Filter Driver"
System32\DRIVERS\Apfiltr.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Asapi
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atiide
System32\DRIVERS\atiide.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bridge
"DisplayName"="MAC-brug"
System32\DRIVERS\bridge.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BridgeMP
"DisplayName"="MAC-brugminipoort"
System32\DRIVERS\bridge.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\caboagp
"DisplayName"="ATI Cabo AGP Filter"
System32\DRIVERS\atisgkaf.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EverestDriver
"DisplayName"="Lavalys EVEREST Kernel Driver"
\??\C:\Documents and Settings\Arjan van der Steege\Mijn documenten\EVEREST Ultimate Edition 2007 v4.10.1120 Beta\kerneld.wnt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ikhfile
"DisplayName"="File Security Kernel Anti-Spyware Driver"
system32\drivers\ikhfile.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ikhlayer
"DisplayName"="Kernel Anti-Spyware Driver"
system32\drivers\ikhlayer.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MFKGTKEY
\SystemRoot\system32\drivers\mfkgtkey.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nenum13E
"DisplayName"="nenum13E"
\??\C:\DOCUME~1\ARJANV~1\LOCALS~1\Temp\nenum13E.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\papycpu
\SystemRoot\system32\drivers\papycpu.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\papyjoy
\SystemRoot\system32\drivers\papyjoy.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTL8023
"DisplayName"="Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver"
System32\DRIVERS\Rtlnic51.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDhelper
"DisplayName"="PC Tools Spyware Doctor"
C:\Program Files\Spyware Doctor\sdhelp.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNCT511
"DisplayName"="PC Camera (6005 CIF)"
system32\DRIVERS\snct511.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SoundMAX Agent Service (default
"DisplayName"="SoundMAX Agent Service"
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TIEHDUSB
system32\drivers\tiehdusb.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wlask48d
"DisplayName"="802.11b WLAN PC Card Service"
System32\DRIVERS\wlask48d.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{1CE72AE3-C4E9-436F-BB40-D46D827890C0}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{3F9CF9BD-369C-43C4-BACD-09AD41CD639B}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{5F9422CB-E5CE-446F-BABB-A5980F4B3BB0}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{E12AD28B-29EE-42CD-ACFE-1DDCEF7ADC8D}
no imagepath value found

--- SECURITYPROVIDERS regkey ---

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

--- SVCHOST regkey ---

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCom patibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntm ssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedacc ess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuaus erv\0BITS\0ShellHWDetection\0helpsvc\0WmdmPmSN\0xmlprov\0wscsvc\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
HTTPFilter: HTTPFilter\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
Usnsvc: usnsvc\0\0
WudfServiceGroup: WUDFSvc\0\0

--- WOW-CMDLINE regkeys ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

--- DNS SERVER regkeys ---

no "NameServer" values found

--- STARTUP FOLDERS ---

C:\Documents and Settings\Arjan van der Steege\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Google Updater.lnk

--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\Controleren op updates voor Windows Live Toolbar.job
C:\WINDOWS\tasks\Critical Battery Alarm Program.job
C:\WINDOWS\tasks\F67528E5A372C4AD.job
C:\WINDOWS\tasks\Herinnering voor registratie 1.job
C:\WINDOWS\tasks\Herinnering voor registratie 2.job
C:\WINDOWS\tasks\Herinnering voor registratie 3.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Arjan van der Steege.job
C:\WINDOWS\tasks\Schijfopruiming.job
C:\WINDOWS\tasks\Systeemherstel.job

--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)

FINISHED

**Marckie** · 09-01-08, 15:33

Download sophos-anti-rootkit: http://www.sophos.com/products/free-...i-rootkit.html
Plaatst het op je bureaublad.
Dubbelklik op sarsfx.exe om de bestanden uit te pakken. (aanvaard de standaardinstallatiemap C:\Program Files\Sophos\Sophos Anti-Rootkit)
Wanneer de installatie succesvol is verlopen krijg je hiervan een melding.
Klik op JA/YES om het programma te starten.
Zorg dat aangevinkt zijn:
- Running processes
- Windows Registry
- Local Hard Drives
Klik op de knop "Start Scan".

Wanneer je een melding krijgt dat de scan klaar is, klik je op de knop "OK" en sluit je het programma af.
Ga naar Start - Uitvoeren en tik in: %temp%\sarscan.log
Er opent een kladblokbestandje. Post de inhoud van dit bestand.

**iamarjan1988** · 09-01-08, 16:13

Sophos Anti-Rootkit Version 1.3.1 (data 1.07) (c) 2006 Sophos Plc
Started logging on 9-1-2008 at 16:40:15
Stopped logging on 9-1-2008 at 16:55:33

**Marckie** · 09-01-08, 16:24

Niets gevonden.
Zijn er nog problemen?

**iamarjan1988** · 09-01-08, 17:54

ja er zijn nog steeds pop-ups en komt dan een bericht rechtsonder in het scherm met de tekst "Ad served by intelligent advisor" maar ik hoor geen geluiden meer

**Marckie** · 09-01-08, 18:12

Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
Klik vervolgens op de toets Scan Settings.
Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
Klik dan op de toets OK.
Start nu het scannen door op de tekst My Computer te klikken.

Hou er rekening mee dat deze scan een tijdje in beslag neemt.
Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

Post dit rapport in je volgende bericht.

**iamarjan1988** · 09-01-08, 21:32

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 09, 2008 10:31:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/01/2008
Kaspersky Anti-Virus database records: 504887
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 62292
Number of viruses found: 5
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:47:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\11CF363B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Documenten\101_1771.JPG Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArt_{14230F0B-DAF1-4233-978F-40AAB959E93F}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArt_{14230F0B-DAF1-4233-978F-40AAB959E93F}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArt_{9598667B-F31D-4CD9-8BAD-89765EFE59EC}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArt_{9598667B-F31D-4CD9-8BAD-89765EFE59EC}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Allereerst moet je je naam veranderen in gouranga.doc Object is locked skipped
C:\Documents and Settings\All Users\Documenten\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\ESBK.mb Object is locked skipped
C:\Documents and Settings\All Users\Documenten\ESBK.mbb Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\herwin\CanstagebiedersenNedleerlingenjan05.doc Object is locked skipped
C:\Documents and Settings\All Users\Documenten\herwin\naamloos.bmp Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Jantje Smit & Normaal - Zuiderzee ballade.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Jantje Smit & Ome Henk - Arie In Zijn Ferrari.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\K4 - Klein geil sletje (K3 parodie)(1).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas & Gea Hulshof - Drie blauwe stenen.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Achter de regenboog.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Een traan op elke wang.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Ik hou steeds meer van jou.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Kom en hou me in je armen.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea - Kristal der Heimat.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en gea - zeg mij waarom.wma Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Dan Gaan De Lichten Aan.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\lucas en gea hulshof - de waarheid.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas En Gea Hulshof - Drink Het Bier Lekker Hier.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Gran Canaria.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\lucas en gea hulshof - Heb je mij niet meer nodig(1).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas En Gea Hulshof - Huil Maar Niet Vanavond.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Ik zal dansen op je bruiloft.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Jij wil vrij zijn.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Steeds weer huil je(1).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea Hulshof - Steeds weer huil je.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\lucas en gea hulshof-Een meisje als jij.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Lucas en Gea-In het kleine cafeetje.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Marco Borsato - De Speeltuin.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Marco Borsato - Dromen zijn be.MP3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\marco bosato - de waarheid.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Blauwe heuvels.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Waterlelies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen\Voorbeelden van afbeeldingen\Zonsondergang.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\0 Zo Ver Weg - Starkoo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{559A27D6-885C-46D3-AF50-5B5206EEF9C6}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{559A27D6-885C-46D3-AF50-5B5206EEF9C6}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{6E564A22-748A-4624-9849-03A2C75F865C}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{6E564A22-748A-4624-9849-03A2C75F865C}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A0BF2D5A-5616-4CEC-8EA8-CA04099E0BC8}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A0BF2D5A-5616-4CEC-8EA8-CA04099E0BC8}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A2A359EF-F96D-4CB8-BA62-DE5DF43334D2}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A2A359EF-F96D-4CB8-BA62-DE5DF43334D2}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{A92A5C66-2766-4E91-AC2A-4114913CC4B5}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{BFCC5385-0BC9-400D-88DA-A09B89CB3A8C}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\AlbumArt_{BFCC5385-0BC9-400D-88DA-A09B89CB3A8C}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\ALTIJD LAZERUS - Knocking on Heavens Door.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Always Hardcore-Technohead.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Bassdusche - Ziggy X.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Een Teken Van Leven - De Kast.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Explode - Jordan & Baker.MP3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Fantasy World - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Fly on the wings of love - XTM ft. Ania.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Forever & Ever - Parla & Pardoux ft. Deniz.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Forever Young - Alphaville.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Hardcore Feelings - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Have You Ever Been Mellow 2002 - Fortezza ft. Amanda.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Het Feestfestival - Altijd Lazerus.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Het Is Een Nacht - Guus Meeuwis & Vagant.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Hymn - Gigi D'Agostino.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Met mien ogen dicht - Jannes.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Moonlight Shadow - DJ Mystik.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\More Than A Feeling - Jan Wayne.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Move Your Body - Staccato.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\music.bmp Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\music.wma Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Nobody Listen To Techno - Base Attack.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Nog Een Keer - Volumia.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\On & On - Yanou ft. Fo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Poison - Groove Coverage.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Raak - De Kast.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Rainbow High In The Sky - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Right Here Waiting - Full Gainer ft. Scotty.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- 4 and 5 star rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Have not heard recently.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Listen to late at night.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Listen to on Weekdays.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- Listen to on Weekends.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- One Audio CD worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Favorites -- One Data CD-R worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Fresh tracks -- yet to be played.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Fresh tracks -- yet to be rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Fresh tracks.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\High bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Low bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Music tracks I dislike.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Music tracks I have not rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\0005D095\Music tracks with content protection.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sample Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\So Happy Together (Hardcore Remix)-poogie bear.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Somewhere Over The Rainbow - Cosmic Gate.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Stuck On You - Mark 'oh.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\02_Music_added_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\04_Music_played_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\09_Music_played_the_most.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\10_All_Music.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\11_All_Pictures.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\51D5417D\12_All_Video.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Sync Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\The Wave - Cosmic Gate.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Together In Wonderland - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Turn Me On - Kevin Little.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Viva La Vida - Captain Jack.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Negende symfonie van Beethoven (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Voorbeelden van muziek\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Wereld zonder jou (duet met Trijntje oosterhuis) - Marco Borsato.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\When You Sleep - Paddy Kelly.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Where Are You - Mario Lopez.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Wonderfull Days - Mark Oh.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\X2X We Want More - Brooklyn Bounce.MP3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Xanadu - Party Animals.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\You're Free - Yomanda.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Your Smile - Charly Lownoise & Mental Theo.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn muziek\Zelfs je naam is mooi - Henk Westbroek.MP3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Mijn video's\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documenten\mp3Henk Wijngaard - Het Zwarte Asfalt.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Ne-Yo - Sexy Love.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Nederlandse - Piratenhits-(HETE ZOMERHITS tr9 margarita.MP3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Normaal - Oerend Hard.MP3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Piraten - Henk Wijngaard - 120 Varkens Naar Beiroet.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Piraten Hits - Gebroeders Brouwer - Trompet Sirtaki ( instrumentaal ).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Piratenhits - Gebroeders Ko - Nanu.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Piratenhits - Sytse Scheeringa - Mien olde Puch.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Radio online setup.exe Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Stageverslag Selles Auto.doc Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Turbo Hits-Piraten-Henkie - De Fiets Van Piet Van Pa(1).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documenten\Zangavondgehandicapten25okt.doc Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Geschiedenis\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\Perflib_Perfdata_1398.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\Perflib_Perfdata_13a0.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\Perflib_Perfdata_e40.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF1954.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF196F.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF2C12.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DF2C34.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFD4EA.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFD50C.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFF9C7.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temp\~DFFB15.tmp Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Arjan van der Steege\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll Infected: not-a-virus:AdWare.Win32.Agent.zi skipped
C:\Program Files\IntelligentAdvisor\IntelligentAdvisor.dat Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP881\A0115492.exe Infected: not-a-virus:AdWare.Win32.Relevant.b skipped
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP882\A0115554.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP882\A0115563.dll Infected: not-a-virus:AdWare.Win32.Agent.yr skipped
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP883\A0116526.dll Infected: not-a-virus:AdWare.Win32.Agent.zi skipped
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP883\A0116540.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\System Volume Information\_restore{43998A11-46B5-49E5-A241-3E03FA1E4E98}\RP899\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_574.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

**Marckie** · 10-01-08, 18:42

Zijn er nog problemen?

Mededeling

Pop-up's en geluid op laptop

Pop-up's en geluid op laptop

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment