"onveilige computer"

[wietsebuseyne]

hallo,

hierbij een hijackthislogje van een computer van iemand die altijd van "kotnet" verwijderd word omdat haar computer niet veilig zou zijn. Ik heb al gezien dan inderdaad veel programma outdated zijn en ze geupdate, maar er is toch nog iets mis met het internet ook. Bij deze dus een hijackthis-log, even checken zou handig zijn. Combofix heb ik al geprobeerd maar die zei iets van versie is verlopen ofzo misschien later nog eens proberen...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:32, on 27/06/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\jodrive32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Octoshape Streaming Services\Eveline Goethals\OctoshapeClient.exe
C:\WINDOWS\system32\rundll32.exe
G:\Harde Schijf\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.destandaard.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\EVELIN~1\LOCALS~1\Temp\138.exe -init
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft Config Setup] C:\WINDOWS\jodrive32.exe
O4 - HKLM\..\Run: [name_me] C:\Documents and Settings\Eveline Goethals\Application Data\1C.tmp
O4 - HKLM\..\Run: [oo] C:\WINDOWS\xsdll.exe
O4 - HKLM\..\Run: [aexi] C:\Documents and Settings\Eveline Goethals\Application Data\22.tmp
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Eveline Goethals\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\eveline goethals\wuaucldt.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Ejhyhc] C:\Documents and Settings\Eveline Goethals\Application Data\Ejhyhc.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://by109fd.bay109.hotmail.msn.com/cgi-bin/saferd/2007%2d2%2ejpg?_lang=EN&hm___tg=http%3a%2f%2f64%2e4%2e19%2e250%2fcgi%2dbin%2fgetmsg%2f2007%252d2%252ejpg&hm___qs=%26msg%3dE95811AB%2dD7F5%2d437E%2dA729%2d060D14D05B2E%26start%3d0%26len%3d821785%26mimepart%3d3%26curmbox%3d00000000%2d0000%2d0000%2d0000%2d000000000001%26b%3d65462892873ff4fa7b6a0634a2718e80%26disk%3d10%2e1%2e106%2e207_d534%26login%3develine_goethals%26domain%3dhotmail%252ecom%26_lang%3dEN%26country%3dBE&hm___cacheh=1&file=2007%2d2%2ejpg&domain=hotmail.com

--
End of file - 12995 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\EVELIN~1\LOCALS~1\Temp\138 .exe –init

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Microsoft Config Setup] C:\WINDOWS\jodrive32.exe

O4 - HKLM\..\Run: [name_me] C:\Documents and Settings\Eveline Goethals\Application Data\1C.tmp

O4 - HKLM\..\Run: [oo] C:\WINDOWS\xsdll.exe

O4 - HKLM\..\Run: [aexi] C:\Documents and Settings\Eveline Goethals\Application Data\22.tmp

O4 - HKCU\..\Run: [Ejhyhc] C:\Documents and Settings\Eveline Goethals\Application Data\Ejhyhc.exe

O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

O24 - Desktop Component 0: (no name) - http://by109fd.bay109.hotmail.msn.com/cgi-bin/saferd/2007%2d2%2ejpg?_lang=EN&hm_ __tg=http%3a%2f%2f64%2e4%2e19%2e250%2fcgi%2dbin%2fgetmsg%2f2007%252d2%252ejpg&hm ___qs=%26msg%3dE95811AB%2dD7F5%2d437E%2dA729%2d060D14D05B2E%26start%3d0%26len%3d 821785%26mimepart%3d3%26curmbox%3d00000000%2d0000%2d0000%2d0000%2d000000000001%2 6b%3d65462892873ff4fa7b6a0634a2718e80%26disk%3d10%2e1%2e106%2e207_d534%26login%3 develine_goethals%26domain%3dhotmail%252ecom%26_lang%3dEN%26country%3dBE&hm___ca cheh=1&file=2007%2d2%2ejpg&domain=hotmail.com

Klik op 'Fix checked' om de items te verwijderen.

Je Java software is verouderd.

Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.

Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6 Update 26.

• Scroll omlaag naar : "Java Platform Standard Edition".
  
• Klik op de "Download JRE" knop aan de rechterkant.
  
• In het uitklapmenu rechts naast Platform, selecteer Windows
  
• Vink aan: "I agree to the Java SE Runtime Environment 6u26 with JavaFX License Agreement", en klik op Continue.
  
• De pagina zal herladen.
  
• Klik op de jre-6u26-windows-i586.exe link ONDER Available Files en bewaar het naar je Bureaublad.
  
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  
• Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst.
  
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
  
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
  
• Herhaal dit tot alle oudere versies verdwenen zijn.
  
• Na het verwijderen van alle oudere versies, herstart je pc.
  
• Dubbelklik vervolgens op jre-6u26-windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.
  

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[wietsebuseyne]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:14:59, on 27/06/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Octoshape Streaming Services\Eveline Goethals\OctoshapeClient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Eveline Goethals\Mijn documenten\Downloads\HijackThis.exe
C:\Program Files\Java\jre6\bin\jqs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.destandaard.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Eveline Goethals\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11289 bytes

malwarebytes:

ik had eerder al eens gescand maar die log ben ik kwijt (kan ik wrs nog wel terug vinden maar is niet per se nodig denkik) en dus heb ik nogmaals gescand... er zijn nog infecties gevonden ookal had hij vorige keer zogezegd alles verwijderd....

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Databaseversie: 6961

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

27/06/2011 19:38:53
mbam-log-2011-06-27 (19-38-53).txt

Scantype: Snelle scan
Objecten gescand: 163537
Verstreken tijd: 15 minuut/minuten, 5 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 3

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)    

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\sdm32.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\ssf32.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\syc32.exe (Spyware.BlackShadesNET) -> Quarantined and deleted successfully.

ik had ook combofix al uitgevoerd ondertussen:

ComboFix 11-06-26.03 - Eveline Goethals 27/06/2011  17:38:09.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.32.1043.18.502.197 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eveline Goethals\Mijn documenten\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Eveline Goethals\Application Data\10.tmp
c:\documents and settings\Eveline Goethals\Application Data\15.tmp
c:\documents and settings\Eveline Goethals\Application Data\16.tmp
c:\documents and settings\Eveline Goethals\Application Data\18.tmp
c:\documents and settings\Eveline Goethals\Application Data\1C.tmp
c:\documents and settings\Eveline Goethals\Application Data\1F.tmp
c:\documents and settings\Eveline Goethals\Application Data\20.tmp
c:\documents and settings\Eveline Goethals\Application Data\22.tmp
c:\documents and settings\Eveline Goethals\Application Data\24.tmp
c:\documents and settings\Eveline Goethals\Application Data\25.tmp
c:\documents and settings\Eveline Goethals\Application Data\28.tmp
c:\documents and settings\Eveline Goethals\Application Data\29.tmp
c:\documents and settings\Eveline Goethals\Application Data\D.tmp
c:\documents and settings\Eveline Goethals\Application Data\E.tmp
c:\documents and settings\Eveline Goethals\Application Data\Ejhyhc.exe
c:\documents and settings\Eveline Goethals\Application Data\F.tmp
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\024187.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\024437.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\024453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\024484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\024500.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\024515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\048359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\055390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\055671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\055875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\056671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\058484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\058546.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\058562.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1012453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\104693.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1056312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1056484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\11031.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\110640.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\110671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\110687.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1112546.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1119468.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1119671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1119687.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1119953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1146125.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1146140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1146171.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\114678.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\114693.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1236187.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1246109.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1246140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1246156.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1246187.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\124678.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1338171.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1358984.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\135915.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1437671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1437703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\153278.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\155437.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\155453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\155484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\155500.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\155531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\15615.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\159500.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1632140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1639125.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1639703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1721578.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1732546.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1738625.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1738703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1821593.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\183293.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843437.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843468.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843765.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843796.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843843.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1843921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1910312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1910390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1921562.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1940734.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\1940796.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\197625.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2011109.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2019906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2021703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2040984.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\204146.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\207250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\207265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\207281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\207312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\207328.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2120125.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2142890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\217250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\217265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\217281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\217390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2215750.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2215828.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2220171.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2221859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2241390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2242875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\227250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\227359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\227390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\227406.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\227421.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2317140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2341484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2342875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2342953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\237250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\237359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\237375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\237406.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\237421.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2417140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2420171.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2420218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2442875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2442953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\247250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\247359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\247375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\247390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2520234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\252262.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2536156.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2542875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2542953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\255562.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\256796.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\257250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\257359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\257375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\257390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2636234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2642890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2642953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\267250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\267265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\267281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\267296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\271993.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2720531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2736171.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2742890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2746.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\277250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\277265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\277281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2819453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2820312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2822234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\283393.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\287250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\287265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\287281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2921187.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2933437.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\2933453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\297250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\297265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\297281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3019437.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3020531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\307250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\307265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\307281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3121671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3122593.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3133515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\317250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\317265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\317281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3233468.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\327250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\327265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\327281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\327296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3320312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\332218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\337250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\337265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\337281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\337296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3421828.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3433656.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\347250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\347265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\347281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3533968.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\356437.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\356890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\357250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\357265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\357281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3620859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\367250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\367265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\367281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3722156.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\377250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\377343.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\377375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\377390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\377406.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3848875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\387250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\387265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\387281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3920859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3948109.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3948812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3949421.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3949468.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3949515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3950609.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3951593.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\3952703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\397250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\397359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\397375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\397390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4022281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4048859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4048875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4048906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4048921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4048953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\407250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\407265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\407281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\412921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\413484.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\413703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\413718.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4148859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4148875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4148890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4148906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4148937.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\417250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\417265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\417281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4220890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4248859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4248875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4248890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4248906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4248921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\427250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\427265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\427281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\432515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\43315.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\433421.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\433828.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\43415.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4348859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4348875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4348890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4348906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4348921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4359718.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\437250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\437343.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\437359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\437375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4448859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4448875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4448890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4448937.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4448953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\447140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\447250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\447265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\447281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\450312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4511687.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\454359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4548859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4548875.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4548890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4548921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4548937.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\456109.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\456531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\456906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\45693.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\457250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\457265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\457281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\457562.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\457812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\458562.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4645703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\467250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\467265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\467281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\46746.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4745796.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\47460.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\477250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\477265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\477281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\47746.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4846234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4852953.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\487250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\487265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\487281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\487296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4937812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4939312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4939609.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4940156.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4940203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\494478.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4944812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\4944984.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\49450.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\49493.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\497250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\497343.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\497359.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\497375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\497500.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5011703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5011906.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5011968.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\501246.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5037812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5037828.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5037859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5037890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5037921.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\504265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\504281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5046171.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5046390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\50478.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5062.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\507250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\507265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\507281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5110156.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5133328.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5144203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5144500.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5144515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5144531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\514593.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5146390.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\514671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\515265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\519656.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\519843.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5211625.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5212140.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\521278.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5233609.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5239843.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5240500.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5240531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5240765.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5241125.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\524131.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\527937.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5312812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\532203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\532218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\532250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\532265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\532312.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5333281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5333296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5333328.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5333343.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5333375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5346515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5346671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\535265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5433281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5433296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5433328.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5433343.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5433375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5446890.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\545640.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5456734.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5513375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5557234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\555765.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\558578.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5627703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5646812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5647765.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5647812.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\565718.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5657375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\572862.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\574546.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5748828.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5827703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\584531.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5848296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5859125.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\588703.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\594671.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5948406.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5955218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\5956687.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\595796.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\614859.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\632203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\632218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\632250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\632265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\632281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\6570.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\732203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\732218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\732250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\732265.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\732281.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\752968.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\75715.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\80515.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\811656.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\832203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\832218.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\832375.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\832406.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\832421.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\853984.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\8540.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\855781.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\912453.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\932203.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\932234.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\932250.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\932296.exe
c:\documents and settings\Eveline Goethals\Local Settings\Application Data\932328.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-05-27 to 2011-06-27  ))))))))))))))))))))))))))))))
.
.
2011-06-27 15:47 . 2011-06-27 15:47    --------    d--h--r-    c:\documents and settings\Eveline Goethals\Onlangs geopend
2011-06-27 15:13 . 2011-06-27 15:13    --------    d-----w-    c:\program files\CCleaner
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-06-27 13:48 . 2011-06-27 13:48    --------    d-----w-    c:\documents and settings\Eveline Goethals\Application Data\Malwarebytes
2011-06-27 13:47 . 2011-06-27 13:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-27 13:09 . 2011-06-16 04:49    142296    ----a-w-    c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-27 13:09 . 2011-06-16 04:49    89048    ----a-w-    c:\program files\Mozilla Firefox\libEGL.dll
2011-06-27 13:09 . 2011-06-16 04:49    781272    ----a-w-    c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-27 13:09 . 2011-06-16 04:49    719832    ----a-w-    c:\program files\Mozilla Firefox\mozcpp19.dll
2011-06-27 13:09 . 2011-06-16 04:49    465880    ----a-w-    c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-27 13:09 . 2011-06-16 04:49    1850328    ----a-w-    c:\program files\Mozilla Firefox\mozjs.dll
2011-06-27 13:09 . 2011-06-16 04:49    16856    ----a-w-    c:\program files\Mozilla Firefox\plugin-container.exe
2011-06-27 13:09 . 2011-06-16 04:49    15832    ----a-w-    c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-27 13:09 . 2010-01-01 08:00    2106216    ----a-w-    c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 13:09 . 2010-01-01 08:00    1998168    ----a-w-    c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 18:49 . 2011-06-22 18:49    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 18:24 . 2011-06-23 18:12    164352    ----a-w-    C:\syc32.exe
2011-06-20 05:24 . 2011-06-20 05:24    340    ----a-w-    c:\documents and settings\Eveline Goethals\Application Data\21.tmp
2011-06-20 05:22 . 2011-06-20 05:22    152064    ----a-w-    C:\ssf32.exe
2011-06-19 07:52 . 2011-06-19 07:52    151552    ----a-w-    C:\sdm32.exe
2011-06-13 17:34 . 2011-06-13 17:34    893    ----a-w-    c:\documents and settings\Eveline Goethals\Application Data\17.tmp
2011-06-09 13:58 . 2011-06-09 13:58    --------    d-----w-    c:\documents and settings\Eveline Goethals\Local Settings\Application Data\PCHealth
2011-06-07 03:44 . 2011-06-07 03:44    --------    d-----w-    c:\program files\MSBuild
2011-06-07 03:44 . 2011-06-07 03:44    --------    d-----w-    c:\program files\Reference Assemblies
2011-06-07 03:42 . 2008-07-06 12:06    89088    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-07 03:39 . 2008-07-06 12:06    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-07 03:39 . 2008-07-06 12:06    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-07 03:39 . 2008-07-06 10:50    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-07 03:39 . 2008-07-06 10:50    597504    ------w-    c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-07 03:39 . 2008-07-06 12:06    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2011-06-07 03:15 . 2011-06-07 03:15    --------    d-----w-    c:\program files\MSXML 6.0
2011-06-07 03:10 . 2011-06-07 03:10    --------    d-----r-    c:\documents and settings\LocalService\Favorieten
2011-06-06 20:24 . 2011-06-06 20:24    --------    d-----w-    c:\documents and settings\Eveline Goethals\Application Data\Avira
2011-06-06 19:50 . 2011-06-06 19:50    --------    d-sh--w-    c:\documents and settings\Default User\IETldCache
2011-06-06 06:27 . 2010-05-06 10:36    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-06-06 06:26 . 2010-02-12 10:03    293376    ------w-    c:\windows\system32\browserchoice.exe
2011-06-06 05:20 . 2011-06-06 16:12    --------    d-----w-    C:\tvd
2011-06-05 21:53 . 2011-04-01 15:07    61960    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:53 . 2011-04-01 15:07    137656    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-06-05 21:53 . 2010-06-17 13:27    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2011-06-05 21:53 . 2010-06-17 13:27    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2011-06-05 21:53 . 2011-06-05 21:53    --------    d-----w-    c:\program files\Avira
2011-06-05 21:53 . 2011-06-05 21:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 19:22 . 2011-04-06 19:22    218688    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-16 04:49 . 2011-06-27 13:09    142296    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2005-09-14 229466]
"Octoshape Streaming Services"="c:\program files\Octoshape Streaming Services\Eveline Goethals\OctoshapeClient.exe" [2006-02-13 214648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-06 16251904]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360]
.
c:\documents and settings\Eveline Goethals\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-3-19 114688]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Eveline Goethals\\OctoshapeClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Zattoo\\zattood.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\Program Files\\Zattoo\\Zattoo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Eveline Goethals\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/04/2011 21:22 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/06/2011 23:53 136360]
S1 mailKmd;mailKmd; [x]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/02/2010 8:23 135664]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [22/08/2007 19:07 223232]
S3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [24/01/2007 16:04 10336]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 06:23]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 06:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.destandaard.be/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.74.208.65 194.119.228.67
FF - ProfilePath - c:\documents and settings\Eveline Goethals\Application Data\Mozilla\Firefox\Profiles\zfg91kos.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-Ejhyhc - c:\documents and settings\Eveline Goethals\Application Data\Ejhyhc.exe
HKLM-Run-name_me - c:\documents and settings\Eveline Goethals\Application Data\1C.tmp
HKLM-Run-aexi - c:\documents and settings\Eveline Goethals\Application Data\22.tmp
AddRemove-HijackThis - g:\harde schijf\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 18:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 name_me = c:\documents and settings\Eveline Goethals\Application Data\1C.tmp??|?#? ??????????|????@?????????????)?????@?#?????"??|??????????????????#?????\?#?x?)?????x?)?P??????|???|?Q'?x?)???????)????????|Lo)?x?)?|?#????????|p?)?H?#?A??|??)?]??|x?)?????A???x???????h;? 
 aexi = c:\documents and settings\Eveline Goethals\Application Data\22.tmp??|?#? ??????????|????@?????????????)?????@?#?????"??|??????????????????#?????\?#?x?)?????x?)?P??????|???|?Q'?x?)???????)????????|Lo)?x?)?|?#????????|p?)?H?#?A??|??)?]??|x?)?????A???x???????h;? 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2212)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Voltooingstijd: 2011-06-27  18:24:27 - machine werd herstart
ComboFix-quarantined-files.txt  2011-06-27 16:24
.
Pre-Run: 1.467.793.408 bytes beschikbaar
Post-Run: 3.635.056.640 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DE93844A3CF353F858D1F0DC378BB261

[kape]

Oeps ... Combofix heeft wel een ontzettend grote berg rotzooi van de PC gehaald. Maar we zijn er nog niet helemaal :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\syc32.exe

c:\documents and settings\Eveline Goethals\Application Data\21.tmp

C:\ssf32.exe

C:\sdm32.exe

c:\documents and settings\Eveline Goethals\Application Data\17.tmp

c:\program files\Hitman Pro\hitmanpro2.sys

c:\documents and settings\Eveline Goethals\Application Data\1C.tmp

c:\documents and settings\Eveline Goethals\Application Data\22.tmp

Driver::

mailKmd

hitmanpro2

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[wietsebuseyne]

kheb het erin gesleept hij deed weer een scan ofzo maar kdenk da het wel gelukt is. Ineens ook service pack 3 geinstalleerd...

ComboFix 11-06-28.02 - Eveline Goethals 28/06/2011  20:31:16.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.32.1043.18.502.269 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eveline Goethals\Mijn documenten\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eveline Goethals\Bureaublad\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\Eveline Goethals\Application Data\17.tmp"
"c:\documents and settings\Eveline Goethals\Application Data\1C.tmp"
"c:\documents and settings\Eveline Goethals\Application Data\21.tmp"
"c:\documents and settings\Eveline Goethals\Application Data\22.tmp"
"c:\program files\Hitman Pro\hitmanpro2.sys"
"C:\sdm32.exe"
"C:\ssf32.exe"
"C:\syc32.exe"
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Eveline Goethals\Application Data\17.tmp
c:\documents and settings\Eveline Goethals\Application Data\21.tmp
c:\program files\Hitman Pro\hitmanpro2.sys
.
----- BITS: Mogelijk geïnfecteerde sites -----
.
hxxp://apnmedia.ask.com
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HITMANPRO2
-------\Service_hitmanpro2
-------\Service_mailKmd
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-05-28 to 2011-06-28  ))))))))))))))))))))))))))))))
.
.
2011-06-28 18:19 . 2011-06-28 18:19    --------    d-----w-    c:\documents and settings\LocalService\Menu Start
2011-06-27 17:21 . 2011-05-29 07:11    39984    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-27 17:21 . 2011-05-29 07:11    22712    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-06-27 17:21 . 2011-06-27 17:21    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-06-27 17:11 . 2011-06-27 17:11    --------    d-----w-    c:\program files\Common Files\Java
2011-06-27 17:09 . 2011-06-27 17:07    476904    ----a-w-    c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-27 17:09 . 2011-06-27 17:07    73728    ----a-w-    c:\windows\system32\javacpl.cpl
2011-06-27 17:09 . 2011-06-27 17:07    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-06-27 15:47 . 2011-06-28 18:16    --------    d--h--r-    c:\documents and settings\Eveline Goethals\Onlangs geopend
2011-06-27 15:13 . 2011-06-27 15:13    --------    d-----w-    c:\program files\CCleaner
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-06-27 14:53 . 2011-06-27 14:53    143360    ----a-w-    c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-06-27 13:48 . 2011-06-27 13:48    --------    d-----w-    c:\documents and settings\Eveline Goethals\Application Data\Malwarebytes
2011-06-27 13:47 . 2011-06-27 13:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-27 13:09 . 2011-06-16 04:49    142296    ----a-w-    c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-27 13:09 . 2011-06-16 04:49    89048    ----a-w-    c:\program files\Mozilla Firefox\libEGL.dll
2011-06-27 13:09 . 2011-06-16 04:49    781272    ----a-w-    c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-27 13:09 . 2011-06-16 04:49    719832    ----a-w-    c:\program files\Mozilla Firefox\mozcpp19.dll
2011-06-27 13:09 . 2011-06-16 04:49    465880    ----a-w-    c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-27 13:09 . 2011-06-16 04:49    1850328    ----a-w-    c:\program files\Mozilla Firefox\mozjs.dll
2011-06-27 13:09 . 2011-06-16 04:49    16856    ----a-w-    c:\program files\Mozilla Firefox\plugin-container.exe
2011-06-27 13:09 . 2011-06-16 04:49    15832    ----a-w-    c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-27 13:09 . 2010-01-01 08:00    2106216    ----a-w-    c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 13:09 . 2010-01-01 08:00    1998168    ----a-w-    c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-22 18:49 . 2011-06-22 18:49    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-09 13:58 . 2011-06-09 13:58    --------    d-----w-    c:\documents and settings\Eveline Goethals\Local Settings\Application Data\PCHealth
2011-06-07 03:44 . 2011-06-07 03:44    --------    d-----w-    c:\program files\MSBuild
2011-06-07 03:44 . 2011-06-07 03:44    --------    d-----w-    c:\program files\Reference Assemblies
2011-06-07 03:42 . 2008-07-06 12:06    89088    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-07 03:39 . 2008-07-06 12:06    89088    -c----w-    c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-07 03:39 . 2008-07-06 12:06    117760    ------w-    c:\windows\system32\prntvpt.dll
2011-06-07 03:39 . 2008-07-06 12:06    575488    -c----w-    c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-07 03:39 . 2008-07-06 10:50    597504    -c----w-    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-07 03:39 . 2008-07-06 10:50    597504    ------w-    c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-07 03:39 . 2008-07-06 12:06    1676288    -c----w-    c:\windows\system32\dllcache\xpssvcs.dll
2011-06-07 03:15 . 2011-06-07 03:15    --------    d-----w-    c:\program files\MSXML 6.0
2011-06-07 03:10 . 2011-06-07 03:10    --------    d-----r-    c:\documents and settings\LocalService\Favorieten
2011-06-06 20:24 . 2011-06-06 20:24    --------    d-----w-    c:\documents and settings\Eveline Goethals\Application Data\Avira
2011-06-06 19:50 . 2011-06-06 19:50    --------    d-sh--w-    c:\documents and settings\Default User\IETldCache
2011-06-06 06:27 . 2010-05-06 10:36    743424    -c----w-    c:\windows\system32\dllcache\iedvtool.dll
2011-06-06 06:26 . 2010-02-12 10:03    293376    ------w-    c:\windows\system32\browserchoice.exe
2011-06-06 05:20 . 2011-06-06 16:12    --------    d-----w-    C:\tvd
2011-06-05 21:53 . 2011-06-28 18:12    66616    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2011-06-05 21:53 . 2011-06-28 18:12    138192    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-06-05 21:53 . 2010-06-17 13:27    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2011-06-05 21:53 . 2010-06-17 13:27    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2011-06-05 21:53 . 2011-06-05 21:53    --------    d-----w-    c:\program files\Avira
2011-06-05 21:53 . 2011-06-05 21:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Avira
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 19:22 . 2011-04-06 19:22    218688    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-16 04:49 . 2011-06-27 13:09    142296    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"MtdAcq"="c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2005-09-14 229466]
"Octoshape Streaming Services"="c:\program files\Octoshape Streaming Services\Eveline Goethals\OctoshapeClient.exe" [2006-02-13 214648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-06 16251904]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-07-17 65536]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-07-10 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-07-14 798810]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-25 185896]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-04-10 15360]
.
c:\documents and settings\Eveline Goethals\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2007-3-19 114688]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\NetMeeting\\Conf.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\InterVideo\\MediaOne Gallery\\mediaone.exe"=
"c:\\Program Files\\Octoshape Streaming Services\\Eveline Goethals\\OctoshapeClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Zattoo\\zattood.exe"=
"c:\\Program Files\\Zattoo\\Zattoo2.exe"=
"c:\\Program Files\\Zattoo\\Zattoo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Eveline Goethals\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/04/2011 21:22 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/06/2011 23:53 136360]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/02/2010 8:23 135664]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [22/08/2007 19:07 223232]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/06/2011 19:21 39984]
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 06:23]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 06:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.destandaard.be/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.74.208.65 194.119.228.67
FF - ProfilePath - c:\documents and settings\Eveline Goethals\Application Data\Mozilla\Firefox\Profiles\zfg91kos.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]GMER - Rootkit Detector and Remover[/url]
Rootkit scan 2011-06-28 20:47
Windows 5.1.2600 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1168)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Voltooingstijd: 2011-06-28  20:53:31 - machine werd herstart
ComboFix-quarantined-files.txt  2011-06-28 18:53
ComboFix2.txt  2011-06-27 16:24
.
Pre-Run: 3.886.776.320 bytes beschikbaar
Post-Run: 3.768.770.560 bytes beschikbaar
.
- - End Of File - - FC6718DF48DAF58AA1ACE60231AB0174

[kape]

Combofix heeft perfect gewerkt. De aangeduide items werden verwijderd ... nu wordt het even afwachten of "Kotnet" nog opmerkingen heeft over deze PC ?

Ondertussen mag je ook de gebruikte tools en de restjes van de besmettingen verwijderen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

[wietsebuseyne]

thx again kape

ccleaner had ik al laten lopen

morgen gaat de computer terug naar de eigenaar hopelijk heeft ze dan geen problemen, maar dit zal wel niet aangezien alle bedreigingen weg zijn en ik ook de browser etc heb geupdate. Het enige rare is dat de computer mijn draadloos internet niet herkent... (precies ook geen andere netwerken) alleen via een kabel lukt dit. Ik hoop dat ze dit probleem niet heeft met haar draadloos internet al begin ik ervoor te vrezen...

EDIT: een of andere knop voor draadloos op en af gezet en nu werkt het perfect ik dank u opnieuw

28 juni 2011 aangepast door wietsebuseyne