download probleem

kape · 3 oktober 2011

Logje van HijackThis is niet meer nodig ... dat ziet er al een tijdje erg netjes uit.

Maar je probleem met Combofix los je nog steeds niet op. Het programma zelf staat op je USB-stick (je E ...) en het scriptje dat de fouten moet oplossen, sla je op op je harde schijf in je C-partitie. Het lukt dus blijkbaar niet om beide te laten samenwerken.

Kan je nu eens proberen om Combofix van je USB-stick te kopiëren naar je harde schijf (naar de C-partitie). Dat is dus geen download, maar enkel kopiëren en plakken. Zou toch moeten lukken. Of gaat dit ook niet ?

suske · 3 oktober 2011

staat nu op de harde schijf "c" moet ik terug een nieuw logje maken ?

---------- Post toegevoegd om 10:57 ---------- Vorige post was om 10:48 ----------

heb het op de c gezet maar in welke map moet ik dit zetten ? in programfiles ? want er staat een lege map in van combofix en als ik dit er in zet dan verwijst hij mij dat deze naam niet overeen komt "combo fix" als ik de naam dan verander in CFScript krijg ik de mededeling dat sommige programmas niet meer zouden werken .

kape · 3 oktober 2011

Verwijder de bestaande (lege) map van Combofix. Zet dan de Combofix die je van je USB hebt gehaald gewoon in je C: ... dat wordt dan de map C:\Combofix. Zet een snelkoppeling van deze map op je bureaublad. Bedoeling is dan dat je het scriptje CFScript.txt dat al op je bureaublad staat (c:\users\suske\Desktop\cfscript.txt) in deze snelkoppeling sleept, om de verbeteringen in gang te zetten.

suske · 3 oktober 2011

hopelijk is het gelukt

ComboFix 11-10-02.03 - suske 03/10/2011 12:57:42.13.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2686.1607 [GMT 2:00]

Gestart vanuit: C:\ComboFix.exe

gebruikte Opdracht switches :: c:\users\suske\Desktop\CFScript.txt..lnk

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-03 to 2011-10-03 ))))))))))))))))))))))))))))))

.

2011-10-03 11:05 . 2011-10-03 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-03 11:05 . 2011-10-03 11:05 -------- d-----w- c:\users\suske\AppData\Local\temp

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\users\suske\AppData\Roaming\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\programdata\Malwarebytes

2011-09-20 09:08 . 2011-09-20 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-20 09:08 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-20 08:03 . 2011-09-20 08:03 388096 ----a-r- c:\users\suske\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-20 08:03 . 2011-09-20 08:03 -------- d-----w- c:\program files\Trend Micro

2011-09-18 09:06 . 2011-09-18 09:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-09-18 09:06 . 2011-09-18 09:07 -------- d-----w- c:\program files\AVG Secure Search

2011-09-17 12:54 . 2011-09-17 12:54 -------- d-----w- c:\program files\ESET

2011-09-17 12:31 . 2011-09-17 12:33 -------- d--h--w- c:\windows\msdownld.tmp

2011-09-17 10:28 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-26 15:04 . 2011-05-22 03:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-25 11:21 . 2011-08-25 11:21 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-24 09:19 . 2011-07-24 09:19 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-07-22 02:54 . 2011-08-20 07:37 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-20 07:37 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-20 07:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-11 13:25 . 2011-08-25 08:58 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-06 15:31 . 2011-08-19 06:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-18 09:06 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-18 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-09-22 366024]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-08-31 660136]

"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-08-31 16040]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2009-08-31 320168]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2011-05-13 884584]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-18 218440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-08-21 13:52 1422632 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2007-08-17 05:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-08-03 05:22 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]

2008-02-04 09:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-20 20:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]

2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 oxgijw;oxgijw;c:\windows\System32\drivers\xlnk.sys [x]

R0 ylygcak;ylygcak;c:\windows\System32\drivers\acaeh.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2009-08-13 594600]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-08-13 98984]

S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-18 246600]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 17:01]

.

2011-10-03 c:\windows\Tasks\Uitgebreide garantie-suske.job

- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-10-14 09:13]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.130.1 195.130.131.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-03 13:05

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2011-10-03 13:08:31

ComboFix-quarantined-files.txt 2011-10-03 11:08

ComboFix2.txt 2011-10-03 10:18

ComboFix3.txt 2011-10-01 18:27

ComboFix4.txt 2011-10-01 07:50

ComboFix5.txt 2011-10-03 10:35

.

Pre-Run: 129.040.265.216 bytes beschikbaar

Post-Run: 129.009.364.992 bytes beschikbaar

.

- - End Of File - - 0B5D3705CF90695D8D7A876217645B06

kape · 3 oktober 2011

Nu staat Combofix wel op zijn plaats : de C-partitie, maar heb je het bestandje CFScript weer in een snelkoppeling veranderd : c:\users\suske\Desktop\CFScript.txt..lnk. Dat laatste stuk zorgt ervoor dat de opdracht weer niet correct gewerkt heeft. Het moet kortweg c:\users\suske\Desktop\CFScript.txt zijn dat je in de snelkoppeling van Combofix sleept.

suske · 3 oktober 2011

maar als ik dit bestand c:\users\suske\Desktop\CFScript.txt..lnk. opsla in documenten dan verwijder ik de "ink" en dan komt da no ni goe sorrry ???

kape · 3 oktober 2011

Voer nu eens exact uit wat hieronder staat :

1. Open een kladblokbestand.

2. Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\System32\drivers\acaeh.sys

c:\windows\System32\drivers\xlnk.sys

c:\windows\system32\ConduitEngine.tmp

c:\windows\msdownld.tmp

Folder::

c:\program files\ESET

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus].

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::

oxgijw

ylygcak

3. Sla dit bestand op je bureaublad op als CFScript.txt.

4. Laat dan even weten of dit gelukt is en of het script op je bureaublad staat ?

suske · 3 oktober 2011

zo staat het op mijn bureaublad CFScript.txt.

snelkoppeling

kape · 3 oktober 2011

Als je bestand deze naam heeft CFScript.txt en geen snelkoppeling is, mag je het in Combofix slepen.

suske · 4 oktober 2011

hopelijk is het nu gelukt ,

ComboFix 11-10-03.01 - suske 04/10/2011 9:41.14.2 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.2686.1402 [GMT 2:00]

Gestart vanuit: C:\ComboFix.exe

gebruikte Opdracht switches :: c:\users\suske\Desktop\CFScript.txt..txt

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\msdownld.tmp"

"c:\windows\system32\ConduitEngine.tmp"

"c:\windows\System32\drivers\acaeh.sys"

"c:\windows\System32\drivers\xlnk.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\ESET

c:\program files\ESET\ESET Online Scanner\esets_apiA.dll

c:\program files\ESET\ESET Online Scanner\esets_apiW.dll

c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll

c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe

c:\program files\ESET\ESET Online Scanner\log.txt

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod04E5.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod06E7.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod076F.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0D62.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod0F3C.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod1B67.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod1F7A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4E34.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5343.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod58DA.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5CC5.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6FA3.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod71C0.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7668.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod76D6.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod79C7.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod7B7E.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver

c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat

c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf

c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx

c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx

c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe

c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll

c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

c:\program files\ESET\ESET Online Scanner\unicows.dll

c:\windows\system32\ConduitEngine.tmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_oxgijw

-------\Service_ylygcak

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-04 to 2011-10-04 ))))))))))))))))))))))))))))))

.

2011-10-04 08:07 . 2011-10-04 08:16 -------- d-----w- c:\users\suske\AppData\Local\temp

2011-10-04 08:07 . 2011-10-04 08:07 -------- d-----w- c:\users\Default\AppData\Local\temp