• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Opgelost - help,pc is zeer traag

Status
Niet open voor verdere reacties.

wimdeman

wim van hoog naar laag
Lid geworden
24 mei 2007
Berichten
870
Waarderingsscore
0
goedenavond ,nalang weg te zijn geweest is mijn pc erg traag
wilt u mij helpen aub.
hier mijn hjt logje
alvast dank mvg wim
[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:47, on 27-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\program files\windows defender\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\agi\common\win32\pythonservice.exe
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ezsp_px.exe
c:\windows\system32\devldr32.exe
c:\program files\windows defender\msascui.exe
c:\progra~1\grisoft\avgfre~1\avgcc.exe
c:\program files\lexmark 3400 series\lxcymon.exe
c:\program files\lexmark 3400 series\ezprint.exe
c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe
c:\program files\java\jre6\bin\jusched.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\lxcycoms.exe
c:\program files\spybot - search & destroy\teatimer.exe
c:\windows\system32\rundll32.exe
c:\program files\windows media player\wmpnscfg.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
c:\program files\common files\motive\mccicmservice.exe
c:\program files\thuishelp\zesko\thuishelp.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
r3 - urlsearchhook: agsearchhook class - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: agsearchhook class - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
o2 - bho: lexmark werkbalk - {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
o2 - bho: kiwee toolbar - {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
o2 - bho: java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll
o2 - bho: adobe pdf conversion toolbar helper - {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
o2 - bho: windows live toolbar helper - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219b3e1547538286.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
o3 - toolbar: adobe pdf - {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
o3 - toolbar: lexmark werkbalk - {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o3 - toolbar: kiwee toolbar - {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
o3 - toolbar: windows live toolbar - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o3 - toolbar: &google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar.dll
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [nerofiltercheck] c:\windows\system32\nerocheck.exe
o4 - hklm\..\run: [ezshieldprotector for px] c:\windows\system32\ezsp_px.exe
o4 - hklm\..\run: [windows defender] c:\program files\windows defender\msascui.exe -hide
o4 - hklm\..\run: [avg7_cc] c:\progra~1\grisoft\avgfre~1\avgcc.exe /startup
o4 - hklm\..\run: [lxcymon.exe] c:\program files\lexmark 3400 series\lxcymon.exe
o4 - hklm\..\run: [ezprint] c:\program files\lexmark 3400 series\ezprint.exe
o4 - hklm\..\run: [lxcycats] rundll32 c:\windows\system32\spool\drivers\w32x86\3\lxcytime.dll,_rundllentry@16
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nwiz] nwiz.exe /install
o4 - hklm\..\run: [kiweehook] c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [zesko_mccitrayapp] c:\program files\thuishelp\zesko\thuishelp.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [sp2 connection patcher] c:\program files\sp2 connection patcher\sp2connpatcher.exe -n=200
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [nbj] c:\program files\ahead\nero backitup\nbj.exe
o4 - hkcu\..\run: [spybotsd teatimer] c:\program files\spybot - search & destroy\teatimer.exe
o4 - hkcu\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-19\..\run: [avg7_run] c:\progra~1\grisoft\avgfre~1\avgw.exe /runonce (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: microsoft office.lnk = c:\program files\microsoft office\office10\osa.exe
o8 - extra context menu item: &windows live search - res://c:\program files\windows live toolbar\msntb.dll/search.htm
o8 - extra context menu item: add to windows &live favorites - [noparse]http://favorites.live.com/quickadd.aspx[/noparse]
o8 - extra context menu item: convert link target to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: convert link target to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: convert selected links to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapturesellinks.html
o8 - extra context menu item: convert selected links to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappendsellinks.html
o8 - extra context menu item: convert selection to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: convert selection to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: convert to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: convert to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~3\office10\excel.exe/3000
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: cabbuilder - [noparse]http://kiw.imgag.com/imgag/kiw/toolbar/download/installercontrol.cab[/noparse]
o16 - dpf: {149e45d8-163e-4189-86fc-45022ab2b6c9} (spintop drm control) - file:///c:/program%20files/supercow/images/stg_drm.ocx
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - [noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse]
o16 - dpf: {255b1372-180c-4a22-a02d-1d4ab65f6ac2} (sdanetconclass class) - file:///c:/program%20files/rise%20of%20atlantis/images/stg_drm.dll
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (installation support) - c:\program files\yahoo!\common\yinsthelper.dll
o16 - dpf: {615f158e-d5ca-422f-a8e7-f6a5eed7063b} (bejeweled control) - [noparse]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1163869183281[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1163869455078[/noparse]
o16 - dpf: {8a94c905-ff9d-43b6-8708-f0f22d22b1cb} (wwlaunch control) - [noparse]http://www.worldwinner.com/games/shared/wwlaunch.cab[/noparse]
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (zoneintro class) - [noparse]http://cdn2.zone.msn.com/binframework/v10/zintro.cab34246.cab[/noparse]
o16 - dpf: {cc450d71-cc90-424c-8638-1f2dbac87a54} (armhelper control) - file:///c:/program%20files/venice/images/armhelper.ocx
o20 - winlogon notify: __c0017370 - c:\windows\system32\__c0017370.dat (file missing)
o23 - service: adobe lm service - adobe systems - c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
o23 - service: ag windows service (agwinservice) - unknown owner - c:\program files\agi\common\win32\pythonservice.exe
o23 - service: ares chatroom server (areschatserver) - ares development group - c:\program files\ares\chatserver.exe
o23 - service: avg7 alert manager server (avg7alrt) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
o23 - service: avg7 update service (avg7updsvc) - grisoft, s.r.o. - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
o23 - service: google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lxcy_device - - c:\windows\system32\lxcycoms.exe
o23 - service: mccicmservice - motive communications, inc. - c:\program files\common files\motive\mccicmservice.exe
o23 - service: nvidia driver helper service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
--
end of file - 12788 bytes

[/hjt]
 
Re: help,pc is zeer traag

Hallo Wim, zo te zien ben je inderdaad lang wegegweesd.

Want inmiddel kan je het genstalleerde antivirus programma naar de prullenbak verwijzen, want dat wordt allang niet meer ondersteund!

Na denstallatie van AVG 7 raad ik je aan over te stappen naar Avira Antivir - gebruikt minder resources dan AVG 8 en heeft een veel betere virusherkenning - http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html


Doe daarna de volgende stappen:

1) download, installeer en ga >MBAM< gebruiken.
Al tijdens de installatie wil MBAM< zijn database opwaarderen toestaan dus.
Ook bij herhaald gebruik: eerst de tab >Update< aandoen!

http://www.idealsoftware.nl/MBAM/

Start MBAM< en kies voor >Snelle Scan<

Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik dan op de knop >OK< , daarna op de knop >Bekijk Resultaten< om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klikken op: >Verwijder geselecteerde< .
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
De log wordt automatisch bewaard door MBAM< en dat kan je terugvinden door op de tab >Logs< te klikken in MBAM< .

Indien MBAM< moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op >OK< klikken!
Daarna zal MBAM< vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.


2) Hierna een nieuw Hijack This Log aanmaken en het resultaat daarvan samen met het eerste scanresultaat van MBAM posten;
tevens een Uninstall-lijst posten (Start HijackThis, klik op de knop >Open the Misc Tools section<, dan op de knop >Open Uninstall Manager< en als laatse op de knop >Save<)
.
 
Re: help,pc is zeer traag

bedankt zover ,hier de logjes
Malwarebytes' Anti-Malware 1.34
Database versie: 1811
Windows 5.1.2600 Service Pack 3

28-2-2009 1:27:38
mbam-log-2009-02-28 (01-27-38).txt

Scan type: Snelle Scan
Objecten gescand: 147111
Verstreken tijd: 1 hour(s), 12 minute(s), 6 second(s)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 6
Registerwaarden genfecteerd: 0
Registerdata bestanden genfecteerd: 0
Mappen genfecteerd: 0
Bestanden genfecteerd: 1

Geheugenprocessen genfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels genfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0017370 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden genfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden genfecteerd:
(Geen kwaadaardige items gevonden)

Mappen genfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden genfecteerd:
C:\Documents and Settings\LocalService\Favorieten\adult sites\Hardcore\yvon's training.lnk (Adware.SurfAssistant) -> Quarantined and deleted successfully.



[hjt]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:05, on 28-2-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\program files\windows defender\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\program files\agi\common\win32\pythonservice.exe
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\motive\mccicmservice.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\svchost.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ezsp_px.exe
c:\program files\windows defender\msascui.exe
c:\program files\lexmark 3400 series\ezprint.exe
c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\thuishelp\zesko\thuishelp.exe
c:\windows\system32\ctfmon.exe
c:\program files\spybot - search & destroy\teatimer.exe
c:\windows\system32\rundll32.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\lxcycoms.exe
c:\program files\avira\antivir personaledition classic\sched.exe
c:\program files\avira\antivir personaledition classic\avguard.exe
c:\program files\avira\antivir personaledition classic\avgnt.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\common files\microsoft shared\windows live\wlloginproxy.exe
c:\program files\trend micro\hijackthis\hijackthis.exe

r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
r3 - urlsearchhook: agsearchhook class - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: agsearchhook class - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
o2 - bho: lexmark werkbalk - {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
o2 - bho: kiwee toolbar - {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
o2 - bho: java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll
o2 - bho: adobe pdf conversion toolbar helper - {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
o2 - bho: windows live toolbar helper - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219b3e1547538286.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
o3 - toolbar: adobe pdf - {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
o3 - toolbar: lexmark werkbalk - {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o3 - toolbar: kiwee toolbar - {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
o3 - toolbar: windows live toolbar - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o3 - toolbar: &google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar.dll
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [nerofiltercheck] c:\windows\system32\nerocheck.exe
o4 - hklm\..\run: [ezshieldprotector for px] c:\windows\system32\ezsp_px.exe
o4 - hklm\..\run: [windows defender] c:\program files\windows defender\msascui.exe -hide
o4 - hklm\..\run: [lxcymon.exe] c:\program files\lexmark 3400 series\lxcymon.exe
o4 - hklm\..\run: [ezprint] c:\program files\lexmark 3400 series\ezprint.exe
o4 - hklm\..\run: [lxcycats] rundll32 c:\windows\system32\spool\drivers\w32x86\3\lxcytime.dll,_rundllentry@16
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nwiz] nwiz.exe /install
o4 - hklm\..\run: [kiweehook] c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [zesko_mccitrayapp] c:\program files\thuishelp\zesko\thuishelp.exe
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir personaledition classic\avgnt.exe /min
o4 - hklm\..\runonce: [malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [sp2 connection patcher] c:\program files\sp2 connection patcher\sp2connpatcher.exe -n=200
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [nbj] c:\program files\ahead\nero backitup\nbj.exe
o4 - hkcu\..\run: [spybotsd teatimer] c:\program files\spybot - search & destroy\teatimer.exe
o4 - hkcu\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: microsoft office.lnk = c:\program files\microsoft office\office10\osa.exe
o8 - extra context menu item: &windows live search - res://c:\program files\windows live toolbar\msntb.dll/search.htm
o8 - extra context menu item: add to windows &live favorites - [noparse]http://favorites.live.com/quickadd.aspx[/noparse]
o8 - extra context menu item: convert link target to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: convert link target to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: convert selected links to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapturesellinks.html
o8 - extra context menu item: convert selected links to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappendsellinks.html
o8 - extra context menu item: convert selection to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: convert selection to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: convert to adobe pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroiecapture.html
o8 - extra context menu item: convert to existing pdf - res://c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll/acroieappend.html
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~3\office10\excel.exe/3000
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: cabbuilder - [noparse]http://kiw.imgag.com/imgag/kiw/toolbar/download/installercontrol.cab[/noparse]
o16 - dpf: {149e45d8-163e-4189-86fc-45022ab2b6c9} (spintop drm control) - file:///c:/program%20files/supercow/images/stg_drm.ocx
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - [noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse]
o16 - dpf: {255b1372-180c-4a22-a02d-1d4ab65f6ac2} (sdanetconclass class) - file:///c:/program%20files/rise%20of%20atlantis/images/stg_drm.dll
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (installation support) - c:\program files\yahoo!\common\yinsthelper.dll
o16 - dpf: {615f158e-d5ca-422f-a8e7-f6a5eed7063b} (bejeweled control) - [noparse]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1163869183281[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1163869455078[/noparse]
o16 - dpf: {8a94c905-ff9d-43b6-8708-f0f22d22b1cb} (wwlaunch control) - [noparse]http://www.worldwinner.com/games/shared/wwlaunch.cab[/noparse]
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (zoneintro class) - [noparse]http://cdn2.zone.msn.com/binframework/v10/zintro.cab34246.cab[/noparse]
o16 - dpf: {cc450d71-cc90-424c-8638-1f2dbac87a54} (armhelper control) - file:///c:/program%20files/venice/images/armhelper.ocx
o23 - service: adobe lm service - adobe systems - c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
o23 - service: ag windows service (agwinservice) - unknown owner - c:\program files\agi\common\win32\pythonservice.exe
o23 - service: avira antivir personal - free antivirus scheduler (antivirscheduler) - avira gmbh - c:\program files\avira\antivir personaledition classic\sched.exe
o23 - service: avira antivir personal - free antivirus guard (antivirservice) - avira gmbh - c:\program files\avira\antivir personaledition classic\avguard.exe
o23 - service: ares chatroom server (areschatserver) - ares development group - c:\program files\ares\chatserver.exe
o23 - service: google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lxcy_device - - c:\windows\system32\lxcycoms.exe
o23 - service: mccicmservice - motive communications, inc. - c:\program files\common files\motive\mccicmservice.exe
o23 - service: nvidia driver helper service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
--
end of file - 12861 bytes

[/hjt]
--- automatische edit ---
was hjt uninstall vergeten
3D Rij-simulator
Aangifte inkomstenbelasting 2008
Ad-Aware SE Personal
Adobe Acrobat 7.1.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
Advanced ZIP Password Recovery
Alex Builds His Farm
Ares 2.0.9
Audacity 1.2.1
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe 1.0
Beveiligingsupdate for Windows Media Player 10 (KB917734)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows XP (KB938464)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951698)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB953839)
Beveiligingsupdate voor Windows XP (KB954211)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956391)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956841)
Beveiligingsupdate voor Windows XP (KB957095)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB960715)
Big City Adventure - San Francisco (remove only)
Big Fish Games Client
Cool Edit Pro 2.0
Diamond Drop 2 Deluxe
Extensie voor Windows Live Toolbar (Windows Live Toolbar)
Gold Rush - Treasure Hunt Deluxe
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix voor Windows Internet Explorer 7 (KB947864)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB952287)
Hyves Kwekker 1.1b
ISO Recorder
Java(TM) 6 Update 11
Jewel Match
Jewel Quest
Joost en de Reuzenkriebel
Kiwee Toolbar
Lexmark 3400 Series
Lexmark Werkbalk
Little Shop of Treasures Deluxe
Malwarebytes' Anti-Malware
Markeringviewer (Windows Live Toolbar)
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mirror Magic Deluxe
Mozilla Firefox (1.5.0.12)
MP3 Player Utilities 3.79
Need for Speed Underground 2
Need for Speed™ Most Wanted PC Demo
Nero 6 Ultra Edition
NewsBin Pro V5
NVIDIA Windows 2000/XP Display Drivers
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
Pastime Puzzles Deluxe
PowerQuest PartitionMagic 8.0
Puzzle Express (remove only)
Puzzle Express V1.0
RAR Password Cracker (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Smart Menu's (Windows Live Toolbar)
SP2 Connection Patcher
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Update voor Windows XP (KB951072-v2)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB967715)
WinAce Archiver
WinAce Archiver 2.0
Windows Defender
Windows Live aanmeldhulp
Windows Live Favorites voor Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Toolbar
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinISO 5.3
WinRAR archiver
WinRAR v3.20
WinZip
WinZip Self-Extractor
Yahoo! Install Manager
Yahoo! Toolbar
Ziggo Thuishelp
 
Laatst bewerkt door een moderator:
Re: help,pc is zeer traag

Hallo Wim,

ben jij overigens de enigste gebruiker van de PC?

Ik zie dat je Avira Antivir inderdaad genstalleerd hebt. Een goed besluit mijn inziens!

Even nog dit: volgende maand komt versie 2009 hiervan uit en is dan weer een stuk beter, want dan komt de malware module uit de betaalde versie erbij!


Je logje vertoont geen gekke dingen, wel valt het grote aantal hulpbalken voor IE op!

Laat Avira je PC onderzoeken en post het log dan!
 
Re: help,pc is zeer traag

hierbij mijn avira logje
hartelijk dank voor de hulp
mvg wim
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'lxcycoms.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Thuishelp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'kwtbaim.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcymon.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'ezSP_Px.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'McciCMService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'pythonservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\KEVIN\Bureaublad\muziek mappen\ares com\( pc game ) need for speed underground 2 full game cd1+cd2+crack(2).exe
[0] Archive type: RAR SFX (self extracting)
--> ( PC GAME ) NEED.FOR.SPEED.UNDERGROUND 2 CD BY MAUIMIxXx\( PC GAME ) NEED.FOR.SPEED.UNDERGROUND 2 CD BY MAUIMIxXx\2 Need for Speed Underground Serial [found via www.fileDonkey.com].exe
[DETECTION] Contains recognition pattern of the WORM/Specx worm
[WARNING] The file was ignored!
C:\Documents and Settings\KEVIN\Bureaublad\muziek mappen\ares com\( pc game ) need for speed underground 2 full game cd1+cd2+crack.exe
[DETECTION] Contains recognition pattern of the W32/Hidrag.a Windows virus
[WARNING] The file was ignored!
C:\Documents and Settings\KEVIN\Bureaublad\muziek mappen\ares com\need for speed undercover clonedvd-thepirategay [www viaforumz com].exe
[DETECTION] Is the TR/Agent.aolj.24 Trojan
[NOTE] The file was moved to '4a0e0fd2.qua'!
C:\Documents and Settings\KEVIN\Bureaublad\Verwisselbare schijf (J)\autorun.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.cnw worm
[WARNING] The file was ignored!
C:\Documents and Settings\KEVIN\Local Settings\Application Data\Ares\My Shared Folder\need for speed carbono(2).exe
[DETECTION] Contains recognition pattern of the W32/Span.a Windows virus
[NOTE] The file was deleted!
C:\Documents and Settings\KEVIN\Local Settings\temp\0000079B
[0] Archive type: ACE
--> gfx8\campaign_map_england_black.act
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\petra\Bureaublad\tijdelijke map\stronghold - pc full game(2).exe
[0] Archive type: ZIP SFX (self extracting)
--> SHOLD.ACE
[1] Archive type: ACE
--> gfx8\campaign_map_england_black.act
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\petra\Local Settings\Application Data\Ares\My Shared Folder\(kids pc games) sonic adventure dx 2003.exe
[0] Archive type: RAR SFX (self extracting)
--> myt-sadx.ace
[1] Archive type: ACE
--> setup.bat
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\petra\Local Settings\Application Data\Ares\My Shared Folder\age of mythology - empire earth.exe
[0] Archive type: ZIP SFX (self extracting)
--> Empire Earth.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\petra\Local Settings\Application Data\Ares\My Shared Folder\age of mythology(not empire earth).exe
[0] Archive type: ZIP SFX (self extracting)
--> AOM.ACE
[1] Archive type: ACE
--> avi\credits.aom
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\petra\Local Settings\Application Data\Ares\My Shared Folder\age of wonders 2 - pc game.exe
[0] Archive type: RAR SFX (self extracting)
--> WINDOWS\Desktop\AOW2\Age Of Wonders 2\MYTAW2.ACE
[1] Archive type: ACE
--> Resource\FX\Spell\Fire_Rain
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\petra\Local Settings\Application Data\Mozilla\Firefox\Profiles\sdqzseii.default\Cache\0B45E2FAd01
[DETECTION] Is the TR/Dldr.FraudLoad.veek Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\petra\Local Settings\Temporary Internet Files\Content.IE5\UE92T6UJ\WinBej2Setup[1].exe
[0] Archive type: NSIS
--> Settings/QuincyCaps74gold2.gif
[WARNING] The file could not be written!
C:\Documents and Settings\petra\Mijn documenten\Warez\Games - Microsoft - Age of Empires 3 (Full PC Game).zip
[0] Archive type: ZIP SFX (self extracting)
--> Empire Earth.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\PETRA.HOME-COMPUTER\Application Data\Mozilla\Firefox\Profiles\m1p89737.Standaardgebruiker\Cache\A7CBCCB6d01
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[WARNING] The file was ignored!
C:\Documents and Settings\PETRA.HOME-COMPUTER\Bureaublad\software\WarezP2P.exe
[0] Archive type: NSIS
--> Settings/7k43.exe
[DETECTION] Is the TR/Dldr.Small.apc Trojan
[DETECTION] Contains recognition pattern of the DR/Dldr.Small.apc dropper
--> Settings/NavHelperInner.msi
[DETECTION] Contains recognition pattern of the DR/HyperBar.B.2 dropper
--> Settings/NNWARZ3_88.exe
[DETECTION] Contains recognition pattern of the DR/Gator.3103.3.A dropper
[NOTE] The file was deleted!
C:\Documents and Settings\PETRA.HOME-COMPUTER\Local Settings\Application Data\Shareaza\Incomplete\X3JGF3AMTAL4EZTBOAFN7LCDXZBLM5IF PC-Games - Zoo Tycoon (Full Game).zip
[0] Archive type: ZIP
--> Zootyc.ace
[1] Archive type: ACE
--> 1036\dwintl.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\PETRA.HOME-COMPUTER\Mijn documenten\Mijn afbeeldingen\WarezP2P.exe
[0] Archive type: NSIS
--> Settings/7k43.exe
[DETECTION] Is the TR/Dldr.Small.apc Trojan
[DETECTION] Contains recognition pattern of the DR/Dldr.Small.apc dropper
--> Settings/NavHelperInner.msi
[DETECTION] Contains recognition pattern of the DR/HyperBar.B.2 dropper
--> Settings/NNWARZ3_88.exe
[DETECTION] Contains recognition pattern of the DR/Gator.3103.3.A dropper
[WARNING] The file was ignored!
C:\Documents and Settings\WIM\Bureaublad\hans\winace2.6 keygen.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the TR/Agent.13392 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\WIM\wim\Local Settings\Application Data\Shareaza\Incomplete\MZKDQVGPY3GH77EZGPRQD3XXASFPM7UO MusicMatch Jukebox Plus v9 (+ patches & serials).exe
[0] Archive type: RAR SFX (self extracting)
--> MusicMatch Jukebox Plus v9 (+ patches & serials)\Key Generators\Keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\wim.HOMECOMPUTER\Local Settings\Application Data\Ares\My Shared Folder\nero 8 with instructions(only version that is fully keygenerator).rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Is the TR/Delf.Inject.F.209 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\wim.HOMECOMPUTER\Local Settings\Application Data\Ares\My Shared Folder\norton partition magic 8full cracked.rar
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656 worm
[WARNING] The file was ignored!
C:\Documents and Settings\wim.HOMECOMPUTER\Local Settings\Application Data\Ares\My Shared Folder\zylom games crack.zip
[0] Archive type: ZIP
--> Puzzle Inlay.zip
[1] Archive type: ZIP
--> Puzzle Inlay v1.45 Crack.exe
[DETECTION] Is the TR/Crypt.ASPM.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\wim.HOMECOMPUTER\Mijn documenten\My Shared Folder\(software) avg antivirus pro 7 0 206 + keygen342.zip
[0] Archive type: ZIP
--> AVG AntiVirus System 7.0. Keygen.exe
[DETECTION] Is the TR/Small.19968.G Trojan
--> 14.12 AVG Antivirus Pro v7.0.206/Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> 14.12 AVG Antivirus Pro v7.0.206.rar
[1] Archive type: ZIP
--> Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> AVG Antivirus Pro v7.0.206.rar
[1] Archive type: RAR
--> AVG AntiVirus System 7.0. Keygen.exe
[DETECTION] Is the TR/Small.19968.G Trojan
--> 14.12 AVG Antivirus Pro v7.0.206\Keygen\avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> Keygen\avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> 14.12 AVG Antivirus Pro v7.0.206.rar
[2] Archive type: ZIP
--> Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> (SOFTWARE) AVG Antivirus Pro 7.0.206 + keygen/14.12 AVG Antivirus Pro v7.0.206.rar
[1] Archive type: ZIP
--> Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> (SOFTWARE) AVG Antivirus Pro 7.0.206 + keygen/14.12 AVG Antivirus Pro v7.0.206/Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> (SOFTWARE) AVG Antivirus Pro 7.0.206 + keygen/AVG Antivirus Pro v7.0.206.rar
[1] Archive type: RAR
--> AVG AntiVirus System 7.0. Keygen.exe
[DETECTION] Is the TR/Small.19968.G Trojan
--> 14.12 AVG Antivirus Pro v7.0.206\Keygen\avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> Keygen\avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> 14.12 AVG Antivirus Pro v7.0.206.rar
[2] Archive type: ZIP
--> Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
--> (SOFTWARE) AVG Antivirus Pro 7.0.206 + keygen/AVG AntiVirus System 7.0. Keygen.exe
[DETECTION] Is the TR/Small.19968.G Trojan
--> (SOFTWARE) AVG Antivirus Pro 7.0.206 + keygen/Keygen/avg70167.exe
[DETECTION] Is the TR/Packed.7494 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\wim.HOMECOMPUTER\Mijn documenten\My Shared Folder\acid pro 4 0 + keygen + manual.exe
[0] Archive type: ZIP SFX (self extracting)
--> Acid Pro 4.0 keygenerator.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\My Shared Folder\Bejeweled 2 Deluxe NO cd.exe
[0] Archive type: ZIP SFX (self extracting)
--> Bej2Setup_TryGames2.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
--> Bej2Setup_TryGames.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
[NOTE] The file was deleted!
C:\My Shared Folder\Bejeweled 2 Deluxe ShareReactor.zip
[0] Archive type: ZIP
--> Bej2Setup_TryGames2.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
--> Bej2Setup_TryGames.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
[NOTE] The file was deleted!
C:\My Shared Folder\download11141238639367140.dat
[0] Archive type: RAR SFX (self extracting)
--> Games\Hoyle Board Games\CLS-HBG5.ACE
[1] Archive type: ACE
--> INSTAIDE.DLL
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\Effects\Glowing Edges.8BF
[DETECTION] Is the TR/IFrame.W.6 Trojan
[WARNING] The file was ignored!
C:\Program Files\Ares\WINDOWS\Desktop\AOW2\Age Of Wonders 2\MYTAW2.ACE
[0] Archive type: ACE
--> Resource\FX\Spell\Fire_Rain
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Common Files\fifw\fifwd\vocabulary
[DETECTION] Is the TR/Dldr.TSUpdate.J Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421964.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656 worm
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421965.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656 worm
[NOTE] The file was moved to '49dd46e8.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421966.exe
[DETECTION] Contains code of the W32/Virut.Gen Windows virus
[NOTE] The file was moved to '49dd46ed.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421968.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49dd46f0.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421969.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49dd46f3.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421970.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49dd46f7.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP683\A0421976.exe
[DETECTION] Contains recognition pattern of the WORM/IrcBot.1478656 worm
[NOTE] The file was moved to '49dd46fb.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP690\A0422380.exe
[DETECTION] Contains recognition pattern of the W32/Hidrag.a Windows virus
[NOTE] The file was moved to '49dd471f.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP690\A0422390.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.cnw worm
[NOTE] The file was moved to '49dd475d.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP694\A0422562.exe
[DETECTION] Is the TR/Agent.aolj.24 Trojan
[NOTE] The file was moved to '49dd477b.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP694\A0422579.exe
[DETECTION] Is the TR/Agent.aolj.24 Trojan
[NOTE] The file was moved to '49dd477f.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP694\A0422580.exe
[DETECTION] Contains recognition pattern of the W32/Span.a Windows virus
[NOTE] The file was moved to '49dd4783.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP694\A0422581.exe
[0] Archive type: NSIS
--> Settings/7k43.exe
[DETECTION] Is the TR/Dldr.Small.apc Trojan
[DETECTION] Contains recognition pattern of the DR/Dldr.Small.apc dropper
--> Settings/NavHelperInner.msi
[DETECTION] Contains recognition pattern of the DR/HyperBar.B.2 dropper
--> Settings/NNWARZ3_88.exe
[DETECTION] Contains recognition pattern of the DR/Gator.3103.3.A dropper
[NOTE] The file was moved to '49dd47e5.qua'!
C:\System Volume Information\_restore{DBF836C8-F3A9-4F18-B91A-36BCC6E3CFBC}\RP694\A0422582.exe
[0] Archive type: ZIP SFX (self extracting)
--> Bej2Setup_TryGames2.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
--> Bej2Setup_TryGames.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
[NOTE] The file was moved to '49dd47eb.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104858.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104858.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4828.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104860.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104860.exe
[DETECTION] Is the TR/Dldr.Swizzor.CN Trojan
[NOTE] The file was moved to '49da482e.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104861.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104861.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af01f.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104862.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104862.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4810.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104863.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104863.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da482f.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104865.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104865.exe
[DETECTION] Is the TR/Dldr.Swizzor.CO Trojan
[NOTE] The file was moved to '485af000.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104868.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104868.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4830.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104869.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104869.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af001.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104870.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104870.exe
[DETECTION] Contains recognition pattern of the WORM/WootBot.151552 worm
[NOTE] The file was moved to '49da4831.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104871.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104871.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da4832.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104872.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104872.exe
[DETECTION] Is the TR/Click.Agent.AH.2 Trojan
[NOTE] The file was moved to '485af003.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104878.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104878.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.VE worm
[NOTE] The file was moved to '49da4833.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104879.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104879.exe
[DETECTION] Contains recognition pattern of the DR/BargainBuddy.L.1 dropper
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104879.exe
[1] Archive type: NSIS
--> [WindowsDir]/adp8029_ISEARCHTECH6.exe
[DETECTION] Contains recognition pattern of the DR/BargainBuddy.Y.9 dropper
[NOTE] The file was moved to '485af004.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104882.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104882.exe
[DETECTION] Is the TR/Spy.LetRoll Trojan
[NOTE] The file was moved to '49da4834.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104883.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104883.exe
[DETECTION] Is the TR/Dldr.Swizzor.cb Trojan
[NOTE] The file was moved to '485af005.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104884.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104884.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da4835.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104885.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104885.exe
[DETECTION] Contains recognition pattern of the WORM/Wootbo.75762.A worm
[NOTE] The file was moved to '485af006.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104886.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104886.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4836.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104887.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104887.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.AA worm
[NOTE] The file was moved to '485af007.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104888.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104888.exe
[DETECTION] Is the TR/Click.Agent.AH.2 Trojan
[NOTE] The file was moved to '49da4837.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104889.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104889.exe
[DETECTION] Is the TR/Dldr.Swizzor.bo Trojan
[NOTE] The file was moved to '485af008.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104890.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104890.exe
[DETECTION] Is the TR/Click.Agent.AH.2 Trojan
[NOTE] The file was moved to '49da4838.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104892.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104892.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af009.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104893.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104893.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4839.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104894.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104894.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af00a.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104895.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0104895.exe
[DETECTION] Is the TR/Click.Agent.AH.2 Trojan
[NOTE] The file was moved to '49da483b.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105017.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105017.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da4842.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105041.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105041.exe
[DETECTION] Contains recognition pattern of the DR/BargainBuddy.L.1 dropper
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105041.exe
[1] Archive type: NSIS
--> [WindowsDir]/adp8029_ISEARCHTECH6.exe
[DETECTION] Contains recognition pattern of the DR/BargainBuddy.Y.9 dropper
[NOTE] The file was moved to '49da4843.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105043.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105043.exe
[DETECTION] Contains recognition pattern of the WORM/Wootbo.75762.A worm
[NOTE] The file was moved to '49da4844.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105044.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105044.exe
[DETECTION] Is the TR/Dldr.Dyfuca.cr Trojan
[NOTE] The file was moved to '485af075.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105048.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105048.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4845.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105049.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105049.exe
[DETECTION] Is the TR/Click.Agent.AH.2 Trojan
[NOTE] The file was moved to '49da4846.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105050.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105050.exe
[DETECTION] Is the TR/Dldr.IstBar.GO Trojan
[NOTE] The file was moved to '485af077.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105051.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105051.exe
[DETECTION] Contains recognition pattern of the WORM/WootBot.151552 worm
[NOTE] The file was moved to '49da4847.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105052.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105052.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af078.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105053.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105053.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4849.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105054.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105054.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4848.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105055.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105055.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '485af079.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105057.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105057.exe
[DETECTION] Contains recognition pattern of the DR/StartPage.NV dropper
[NOTE] The file was moved to '485af07a.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105058.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105058.exe
[DETECTION] Contains recognition pattern of the WORM/WootBot.115712 worm
[NOTE] The file was moved to '49da484b.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105059.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105059.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was moved to '485af07c.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105060.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105060.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was moved to '49da484a.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105061.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105061.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was moved to '485af07b.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105063.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105063.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da484c.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105065.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105065.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.VB worm
[NOTE] The file was moved to '49da484d.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105066.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105066.exe
[DETECTION] Contains recognition pattern of the WORM/Wootbo.75762.A worm
[NOTE] The file was moved to '485af07e.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105067.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105067.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '485af07d.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105068.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105068.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da484e.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105069.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105069.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da484f.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105070.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105070.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '485af060.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105073.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105073.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '485af07f.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105074.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105074.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da48b0.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105078.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105078.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da4851.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105079.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105079.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af062.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105081.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105081.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4850.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105083.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105083.exe
[DETECTION] Contains recognition pattern of the DR/ISearch.D dropper
[NOTE] The file was moved to '485af061.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105084.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105084.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '49da4853.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105085.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105085.exe
[DETECTION] Is the TR/Dldr.Swizzor.CO Trojan
[NOTE] The file was moved to '485af064.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105086.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105086.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4855.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105088.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105088.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4852.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105090.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105090.exe
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '485af063.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105091.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105091.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af066.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105092.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105092.exe
[DETECTION] Is the TR/Dldr.Swizzor.CO Trojan
[NOTE] The file was moved to '49da4857.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105093.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105093.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '485af068.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105094.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105094.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4854.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105095.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105095.exe
[DETECTION] Is the TR/Dldr.Swizzor.CO Trojan
[NOTE] The file was moved to '485af065.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105098.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105098.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4859.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105100.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105100.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49da4856.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105101.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP269\A0105101.exe
[DETECTION] Is the TR/Dldr.Swizzor.CN Trojan
[NOTE] The file was moved to '485af067.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP277\A0106663.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Iroffer.B back-door program
[NOTE] The file was moved to '49da486f.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP297\A0109283.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49da48ac.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP301\A0113466.exe
[DETECTION] Is the TR/Bckdr.AZJ Trojan
[NOTE] The file was moved to '49da4b63.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP305\A0117936.exe
[DETECTION] Is the TR/Dldr.FakeAV.A.6 Trojan
[NOTE] The file was moved to '49da4bef.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP305\A0117937.exe
[DETECTION] Is the TR/Dldr.FakeAV.A.3 Trojan
[NOTE] The file was moved to '49da4bf0.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP305\A0117944.sys
[DETECTION] Is the TR/Rkit.Agen.AF.2.B Trojan
[NOTE] The file was moved to '49da4bf2.qua'!
C:\System Volume Information\_restore{FFC2B767-F9EC-4FF7-A0EE-2DA3481DF8C6}\RP305\A0117948.exe
[DETECTION] Is the TR/Fakealert.HT Trojan
[NOTE] The file was moved to '485af3c3.qua'!
C:\unzipped\Bejeweled 2 Deluxe - (with crack)\Bej2Setup_TryGames.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
[NOTE] The file was moved to '4a134c64.qua'!
C:\unzipped\Bejeweled 2 Deluxe - (with crack)\Bej2Setup_TryGames2.exe
[DETECTION] Is the TR/Small.9770684.A Trojan
[NOTE] The file was moved to '4a134c65.qua'!
Begin scan in 'D:\' <lokal disc(D)>
Used time: 5:19:42 Hour(s)
The scan has been done completely.
14440 Scanning directories
620517 Files were scanned
168 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
8 files were deleted
0 files were repaired
109 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
620347 Files not concerned
11123 Archives were scanned
31 Warnings
117 Notes
 
Re: help,pc is zeer traag

Hallo Wim, is je PC gebruikt tijdens jouw afwezigheid?
 
Re: help,pc is zeer traag

hallo ja deze pc wordt door alle gezinsleden gebruikt. 5 personen
 
Re: help,pc is zeer traag

Allen via hetzelfde account?
Of hebben alle accounts beheerdersrechten?
 
Re: help,pc is zeer traag

ik denk alle beheerder zijn enals pc aanstaat gebruikt iedereen hem,ongeacht welk account open staat.mvg wimj
 
Re: help,pc is zeer traag

Het Avira log laat namelijk o.a. zien, dat er keygens aanwezig zijn in de PC.
Dat duidt dus op illegale software, welke dan vrijgeschakeld wordt middels die keygens!
En daar schuilt dus ook gevaar - want het gros van keygens zet spyware in computers.

Dit soort computergedrag kan ingeperkt worden door voor bepaalde gebruikers het gebruikersaccount met beperkte rechten uit te voeren!

Gezien de problemen in je computer, moet er een scan door Combofix gedaan worden.

Combofix zelf is vernieuwd, download het bestand enkel naar je bureaublad;
dan klik je het Avira icoon in de systray met rechts aan en dan deaktiveer je de Antivir Guard; verder mogen er geen webpagina's openstaan!

Dan klik je Combofix aan en volg je de instrukties.
Als Combofix bezig is, klik dan niet in het Combofix venster, want dan bevriest de boel!

Combofix: http://www.nationaalcomputerforum.nl/showpost.php?p=312118&postcount=3
 
Re: help,pc is zeer traag

ok,zal div accounts maken ,bedankt voor de tip
hierbij mijn combofix logje
mvg wim
 
Re: help,pc is zeer traag

Ik denk dat het Combofix log nog "in de maak" is.

Nog even dit m.b.t. Gebruikersaccounts - deze met wachtwoord uitvoeren, anders heeft het geen zin, dit te doen!
 
Re: help,pc is zeer traag

kan geen logje sturen van combofix,als ik wil plakken hier,loopt iexlplorer vast en reageert iexplorer niet meer
 
Re: help,pc is zeer traag

Hallo Wim,

probeer het volgende: klik in IE op de knop Extra en kies Internetopties.
Klik dan op de tab Geavanceerd en daar klik je op de knop Opnieuw instellen.
Er volgt eerst en waarschuwing en een overzicht van de gevolgen door de actie! Daarbij wordt een uitgebreide schoonmaakactie uitgevoerd. Ook worden ook invoegtoepassingen (zoals bijv. extra zoekbalken van derden) uitgeschakeld. De favorieten blijven behouden. Bevestig dan ook de waarschuwing door nogmaals op de knop Opnieuw instellen te klikken. Na deze actie is Internet Explorer bijna weer als nieuw.
 
Re: help,pc is zeer traag

heb alles gedaan wat u had beschreven,maar loopt weer vast als ik combofix logje wil kopieeren,ga een hjt logje maken miss lukt dat wel
--- automatische edit ---
bij deze

[hjt]
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:27:30, on 2-3-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\program files\windows defender\msmpeng.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\avira\antivir personaledition classic\sched.exe
c:\windows\explorer.exe
c:\program files\agi\common\win32\pythonservice.exe
c:\program files\avira\antivir personaledition classic\avguard.exe
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\svchost.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\common files\motive\mccicmservice.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\svchost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\ezsp_px.exe
c:\program files\lexmark 3400 series\ezprint.exe
c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe
c:\program files\java\jre6\bin\jusched.exe
c:\program files\thuishelp\zesko\thuishelp.exe
c:\program files\avira\antivir personaledition classic\avgnt.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\rundll32.exe
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\lxcycoms.exe
c:\windows\system32\notepad.exe
c:\program files\adobe\acrobat 7.0\acrobat\acrobat.exe
c:\docume~1\wim~1.hom\locals~1\temp\adobelm_cleanup.0001
c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
c:\docume~1\wim~1.hom\locals~1\temp\adobelm_cleanup.0001
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\wuauclt.exe
c:\documents and settings\wim.homecomputer\mijn documenten\tech clean\hijackthis_v2.exe

r1 - hkcu\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page =
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://go.microsoft.com/fwlink/?linkid=69157[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: &yahoo! toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: (no name) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - (no file)
o2 - bho: lexmark werkbalk - {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
o2 - bho: spybot-s&d ie protection - {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\sdhelper.dll
o2 - bho: kiwee toolbar - {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
o2 - bho: java(tm) plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: windows live aanmelden - help - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar.dll
o2 - bho: adobe pdf conversion toolbar helper - {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
o2 - bho: google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
o2 - bho: windows live toolbar helper - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o2 - bho: google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219b3e1547538286.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\ytsingleinstance.dll
o3 - toolbar: adobe pdf - {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll
o3 - toolbar: lexmark werkbalk - {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
o3 - toolbar: yahoo! toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o3 - toolbar: kiwee toolbar - {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
o3 - toolbar: windows live toolbar - {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
o3 - toolbar: &google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar.dll
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [nerofiltercheck] c:\windows\system32\nerocheck.exe
o4 - hklm\..\run: [ezshieldprotector for px] c:\windows\system32\ezsp_px.exe
o4 - hklm\..\run: [lxcymon.exe] c:\program files\lexmark 3400 series\lxcymon.exe
o4 - hklm\..\run: [ezprint] c:\program files\lexmark 3400 series\ezprint.exe
o4 - hklm\..\run: [lxcycats] rundll32 c:\windows\system32\spool\drivers\w32x86\3\lxcytime.dll,_rundllentry@16
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [nwiz] nwiz.exe /install
o4 - hklm\..\run: [kiweehook] c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre6\bin\jusched.exe
o4 - hklm\..\run: [zesko_mccitrayapp] c:\program files\thuishelp\zesko\thuishelp.exe
o4 - hklm\..\run: [avgnt] c:\program files\avira\antivir personaledition classic\avgnt.exe /min
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [sp2 connection patcher] c:\program files\sp2 connection patcher\sp2connpatcher.exe -n=200
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [nbj] c:\program files\ahead\nero backitup\nbj.exe
o4 - hkcu\..\run: [spybotsd teatimer] c:\program files\spybot - search & destroy\teatimer.exe
o4 - hkcu\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hkcu\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-1005\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'petra')
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-1005\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (user 'petra')
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-1005\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe (user 'petra')
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-1006\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'joyce')
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-1006\..\run: [wmpnscfg] c:\program files\windows media player\wmpnscfg.exe (user 'joyce')
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-1007\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'kevin')
o4 - hkus\s-1-5-21-1547161642-57989841-725345543-501\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'gast')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: microsoft office.lnk = c:\program files\microsoft office\office10\osa.exe
o9 - extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra 'tools' menuitem: spybot - search & destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\progra~1\spybot~1\sdhelper.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\network diagnostic\xpnetdiag.exe (file missing)
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: cabbuilder - [noparse]http://kiw.imgag.com/imgag/kiw/toolbar/download/installercontrol.cab[/noparse]
o16 - dpf: {149e45d8-163e-4189-86fc-45022ab2b6c9} (spintop drm control) - file:///c:/program%20files/supercow/images/stg_drm.ocx
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - [noparse]http://go.microsoft.com/fwlink/?linkid=39204[/noparse]
o16 - dpf: {255b1372-180c-4a22-a02d-1d4ab65f6ac2} (sdanetconclass class) - file:///c:/program%20files/rise%20of%20atlantis/images/stg_drm.dll
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (installation support) - c:\program files\yahoo!\common\yinsthelper.dll
o16 - dpf: {615f158e-d5ca-422f-a8e7-f6a5eed7063b} (bejeweled control) - [noparse]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/noparse]
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) - [noparse]http://update.microsoft.com/windowsupdate/v6/v5controls/en/x86/client/wuweb_site.cab?1163869183281[/noparse]
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (muwebcontrol class) - [noparse]http://update.microsoft.com/microsoftupdate/v6/v5controls/en/x86/client/muweb_site.cab?1163869455078[/noparse]
o16 - dpf: {8a94c905-ff9d-43b6-8708-f0f22d22b1cb} (wwlaunch control) - [noparse]http://www.worldwinner.com/games/shared/wwlaunch.cab[/noparse]
o16 - dpf: {b8be5e93-a60c-4d26-a2dc-220313175592} (zoneintro class) - [noparse]http://cdn2.zone.msn.com/binframework/v10/zintro.cab34246.cab[/noparse]
o16 - dpf: {cc450d71-cc90-424c-8638-1f2dbac87a54} (armhelper control) - file:///c:/program%20files/venice/images/armhelper.ocx
o22 - sharedtaskscheduler: preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: cache-daemon voor onderdeelcategorien - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: adobe lm service - adobe systems - c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
o23 - service: ag windows service (agwinservice) - unknown owner - c:\program files\agi\common\win32\pythonservice.exe
o23 - service: avira antivir personal - free antivirus scheduler (antivirscheduler) - avira gmbh - c:\program files\avira\antivir personaledition classic\sched.exe
o23 - service: avira antivir personal - free antivirus guard (antivirservice) - avira gmbh - c:\program files\avira\antivir personaledition classic\avguard.exe
o23 - service: ares chatroom server (areschatserver) - ares development group - c:\program files\ares\chatserver.exe
o23 - service: google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: lxcy_device - - c:\windows\system32\lxcycoms.exe
o23 - service: mccicmservice - motive communications, inc. - c:\program files\common files\motive\mccicmservice.exe
o23 - service: nvidia driver helper service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
--
end of file - 12299 bytes

[/hjt]
dit lukt wel,moet ik comdofix ook een kleur convertie doen>??
 
Laatst bewerkt door een moderator:
Re: help,pc is zeer traag

Als het Combofix log niet lukt wat de kleurmenger betreft, dan maar in originele staat posten!
 
Re: help,pc is zeer traag

lukt niet,bij combofix logje loopt iexplorer vast en reageert hij niet meer
 
Re: help,pc is zeer traag

A) download Combofix opnieuw!

B) de antivirusscanner en aktieve andere scanners moeten gedeaktiveerd worden en er mag geen enkele webbrowser openstaan!

Probeer dan opnieuw Combofix te laten scannen!
 
Re: help,pc is zeer traag

hier mijn combofix logje
[hjt]
combofix 09-02-28.01 - wim 2009-03-02 23:10:01.5 - ntfsx86
microsoft windows xp home edition 5.1.2600.3.1252.1.1043.18.255.76 [gmt 1:00]
gestart vanuit: c:\documents and settings\wim.homecomputer\bureaublad\combofix.exe
av: avira antivir personaledition *on-access scanning disabled* (updated)
fw: norton internet worm protection *disabled*
.
(((((((((((((((((((( bestanden gemaakt van 2009-02-02 to 2009-03-02 ))))))))))))))))))))))))))))))
.
2009-02-27 23:59 . 2009-02-27 23:59 <dir> d-------- c:\program files\avira
2009-02-27 23:59 . 2009-02-27 23:59 <dir> d-------- c:\documents and settings\all users.windows\application data\avira
2009-02-27 23:00 . 2009-02-27 23:00 <dir> d-------- c:\program files\trend micro
2009-02-27 22:39 . 2009-02-27 22:40 <dir> d-------- c:\program files\common files\motive
2009-02-26 13:08 . 2009-02-26 13:08 <dir> d-------- c:\ubisoft
2009-02-17 19:15 . 2009-02-17 19:15 <dir> d-------- c:\documents and settings\all users.windows\application data\motive
2009-02-15 12:51 . 2009-02-15 13:20 <dir> d-------- c:\program files\jewel match
2009-02-15 11:22 . 2009-02-15 11:22 <dir> d-------- c:\documents and settings\wim.homecomputer\application data\motive
2009-02-15 11:19 . 2009-02-27 22:39 <dir> d-------- c:\program files\thuishelp
2009-02-06 22:47 . 2009-02-06 22:47 0 --a------ c:\windows\xmcoder.ini
2009-02-06 22:03 . 2009-02-17 19:05 <dir> d-------- c:\program files\xing
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:48 --------- d-----w c:\documents and settings\all users.windows\application data\google updater
2009-03-01 14:22 --------- d-----w c:\documents and settings\wim.homecomputer\application data\newsbin
2009-02-27 23:08 --------- d-----w c:\program files\malwarebytes' anti-malware
2009-02-27 20:30 --------- d-----w c:\program files\lx_cats
2009-02-17 18:18 --------- d-----w c:\program files\elaborate bytes
2009-02-14 15:31 --------- d-----w c:\documents and settings\gast\application data\agi
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-02 19:18 --------- d-----w c:\program files\common files\symantec shared
2009-01-31 13:25 --------- d-----w c:\documents and settings\wim.homecomputer\application data\belastingdienst
2009-01-31 13:22 --------- d-----w c:\program files\belastingdienst
2009-01-23 16:58 --------- d-----w c:\program files\ea games
2009-01-23 16:16 --------- d-----w c:\program files\google
2008-04-15 09:41 0 ----a-w c:\program files\temp01
2008-02-15 20:56 20,720 ----a-w c:\documents and settings\petra\application data\gdipfontcachev1.dat
2007-10-28 22:49 20,720 ----a-w c:\documents and settings\wim.homecomputer\application data\gdipfontcachev1.dat
2007-10-27 14:00 20,720 ----a-w c:\documents and settings\joyce\application data\gdipfontcachev1.dat
2007-04-18 21:19 774,144 ----a-w c:\program files\rnginterstitial.dll
2005-12-06 20:19 21,216 ----a-w c:\documents and settings\petra.home-computer\application data\gdipfontcachev1.dat
2005-04-16 19:54 21,216 ----a-w c:\documents and settings\wim\application data\gdipfontcachev1.dat
2007-06-02 20:28 61,038 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-06-02 20:28 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-06-02 20:28 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-12 23:42 32,768 --sha-w c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012008101320081014\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-03-01_18.07.34.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-02 19:33:51 16,384 ----atw c:\windows\temp\perflib_perfdata_134.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
[hkey_local_machine\~\browser helper objects\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
2008-10-24 18:50 277648 --a------ c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll
[hkey_local_machine\software\microsoft\internet explorer\toolbar]
"{6638a9de-0745-4292-8a2e-ae530e7b9b3f}"= c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll [2008-10-24 277648]
[hkey_classes_root\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[hkey_classes_root\kiweeietoolbar.kiweetoolbar.1]
[hkey_classes_root\typelib\{259eeb17-79aa-44df-8410-8e55f82a902a}]
[hkey_classes_root\kiweeietoolbar.kiweetoolbar]
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{6638a9de-0745-4292-8a2e-ae530e7b9b3f}"= c:\program files\kiwee toolbar\2.8.167\kiweeietoolbar.dll [2008-10-24 277648]
[hkey_classes_root\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[hkey_classes_root\kiweeietoolbar.kiweetoolbar.1]
[hkey_classes_root\typelib\{259eeb17-79aa-44df-8410-8e55f82a902a}]
[hkey_classes_root\kiweeietoolbar.kiweetoolbar]
[hkey_current_user\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
"sp2 connection patcher"=c:\program files\sp2 connection patcher\sp2connpatcher.exe [2005-07-11 409600]
"swg"=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe [2007-06-27 68856]
"nbj"=c:\program files\ahead\nero backitup\nbj.exe [2005-02-10 1937408]
"spybotsd teatimer"=c:\program files\spybot - search & destroy\teatimer.exe [2008-08-18 1832272]
"nvmediacenter"=c:\windows\system32\nvmctray.dll [2003-07-28 49152]
"wmpnscfg"=c:\program files\windows media player\wmpnscfg.exe [2006-11-02 204288]
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"nerofiltercheck"=c:\windows\system32\nerocheck.exe [2001-07-09 155648]
"ezshieldprotector for px"=c:\windows\system32\ezsp_px.exe [2002-08-20 40960]
"lxcymon.exe"=c:\program files\lexmark 3400 series\lxcymon.exe [2006-03-06 286720]
"ezprint"=c:\program files\lexmark 3400 series\ezprint.exe [2006-02-07 98304]
"lxcycats"=c:\windows\system32\spool\drivers\w32x86\3\lxcytime.dll [2006-02-24 65536]
"nvcpldaemon"=c:\windows\system32\nvcpl.dll [2003-07-28 4841472]
"kiweehook"=c:\program files\kiwee toolbar\2.8.167\kwtbaim.exe [2008-10-24 56456]
"sunjavaupdatesched"=c:\program files\java\jre6\bin\jusched.exe [2008-12-14 136600]
"zesko_mccitrayapp"=c:\program files\thuishelp\zesko\thuishelp.exe [2008-04-14 1455104]
"avgnt"=c:\program files\avira\antivir personaledition classic\avgnt.exe [2008-06-12 266497]
"bluetoothauthenticationagent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2003-07-28 c:\windows\system32\nwiz.exe]
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=c:\program files\msn messenger\msnmsgr.exe [2007-01-19 5674352]
"dwqueuedreporting"=c:\progra~1\common~1\micros~1\dw\dwtrig20.exe [2005-04-25 36040]
[hkey_local_machine\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
[hkey_local_machine\software\microsoft\security center\monitoring\symantecfirewall]
"disablemonitoring"=dword:00000001
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=
c:\\program files\\ares\\ares.exe=
c:\\windows\\system32\\lxcycoms.exe=
c:\\documents and settings\\petra\\bureaublad\\tijdelijke map\\age\\age2_x1.exe=
c:\\documents and settings\\petra\\bureaublad\\tijdelijke map\\age\\empires2.exe=
c:\\program files\\iwin.com\\puzzle express\\puzzleexpress.exe=
c:\\program files\\jewel quest\\jewelquest.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\msn messenger\\msnmsgr.exe=
c:\\program files\\msn messenger\\livecall.exe=
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"135:tcp"= 135:tcp:tcp port 135
"5000:tcp"= 5000:tcp:tcp port 5000
"5001:tcp"= 5001:tcp:tcp port 5001
"5002:tcp"= 5002:tcp:tcp port 5002
"5003:tcp"= 5003:tcp:tcp port 5003
"5004:tcp"= 5004:tcp:tcp port 5004
"5005:tcp"= 5005:tcp:tcp port 5005
"5006:tcp"= 5006:tcp:tcp port 5006
"5007:tcp"= 5007:tcp:tcp port 5007
"5008:tcp"= 5008:tcp:tcp port 5008
"5009:tcp"= 5009:tcp:tcp port 5009
"5010:tcp"= 5010:tcp:tcp port 5010
"5011:tcp"= 5011:tcp:tcp port 5011
"5012:tcp"= 5012:tcp:tcp port 5012
"5013:tcp"= 5013:tcp:tcp port 5013
"5014:tcp"= 5014:tcp:tcp port 5014
"5015:tcp"= 5015:tcp:tcp port 5015
"5016:tcp"= 5016:tcp:tcp port 5016
"5017:tcp"= 5017:tcp:tcp port 5017
"5018:tcp"= 5018:tcp:tcp port 5018
"5019:tcp"= 5019:tcp:tcp port 5019
"5020:tcp"= 5020:tcp:tcp port 5020
r2 agwinservice;ag windows service;c:\program files\agi\common\win32\pythonservice.exe [2008-10-24 10240]
r2 svkp;svkp;c:\windows\system32\svkp.sys [2006-08-07 2368]
r2 windefend;windows defender;c:\program files\windows defender\msmpeng.exe [2006-11-03 13592]
r3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
s0 elbyvcd;elbyvcd;c:\windows\system32\drivers\elbyvcd.sys --> c:\windows\system32\drivers\elbyvcd.sys [?]
s3 qksecdd;qksecdd;\??\c:\docume~1\kevin\locals~1\temp\qksecdd.sys --> c:\docume~1\kevin\locals~1\temp\qksecdd.sys [?]
s3 stusb2ir;sigmatel usb 2.0 irda bridge;c:\windows\system32\drivers\stusb2ir.sys [2006-12-27 46104]
s3 vmskssrv;vmskssrv;\??\c:\docume~1\kevin\locals~1\temp\vmskssrv.sys --> c:\docume~1\kevin\locals~1\temp\vmskssrv.sys [?]
[hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa72be7-c0ff-11dc-a1f8-00a0b01992f2}]
\shell\auto\command - ufo.exe
\shell\autorun\command - c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll ufo.exe
.
inhoud van de 'gedeelde taken' map
2009-03-02 c:\windows\tasks\controleren op updates voor windows live toolbar.job
- c:\program files\windows live toolbar\msntbup.exe [2007-10-19 10:20]
2009-03-02 c:\windows\tasks\mp scheduled scan.job
- c:\program files\windows defender\mpcmdrun.exe [2006-11-03 18:20]
.
.
------- bijkomende scan -------
.
usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
dpf: cabbuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/installercontrol.cab
dpf: microsoft xml parser for java - file://c:\windows\java\classes\xmldso.cab
dpf: {255b1372-180c-4a22-a02d-1d4ab65f6ac2} - file:///c:/program%20files/rise%20of%20atlantis/images/stg_drm.dll
ff - profilepath -
---- firefox policies ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablepad", false); // allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillforms", true);
.
**************************************************************************
catchme 0.3.1367 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2009-03-02 23:16:28
windows 5.1.2600 service pack 3 ntfs
scannen van verborgen processen ...
c:\windows\explorer.exe [2896] 0x81e6d358
scannen van verborgen autostart items ...
hklm\software\microsoft\windows\currentversion\run
lxcycats = rundll32 c:\windows\system32\spool\drivers\w32x86\3\lxcytime.dll,_rundllentry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scannen van verborgen bestanden ...
**************************************************************************
.
voltooingstijd: 2009-03-02 23:25:44
combofix-quarantined-files.txt 2009-03-02 22:24:23
combofix2.txt 2009-03-01 17:11:52
combofix3.txt 2008-03-17 19:15:14
combofix4.txt 2008-03-16 22:18:49
combofix5.txt 2009-03-02 22:09:08
pre-run: 19.393.069.056 bytes beschikbaar
post-run: 19,387,871,232 bytes beschikbaar
current=1 default=1 failed=0 lastknowngood=4 sets=1,2,3,4
187 --- e o f --- 2009-03-02 19:45:03

[/hjt]
 
Re: help,pc is zeer traag

Hallo Wim,

nu het toch gelukt is met Combofix, hoe gaat het ondertussen met jouw Windows!

Overigens: Combofix mag je verwijderen, ga naar >Start > Uitvoeren, kopier en plak Combofix /U in het Uitvoeren-venster, klik daarna op >OK of gebruik >Enter.

Deze opdracht verwijdert zowel ComboFix, als de oude systeemherstelpunten (met eventuele restanten van malware), en maakt tevens een nieuw systeemherstelpunt aan.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan