Ok, the
msqpdxwupeirxy.dll log:VirSCAN.org Scanned Report :
Scanned time : 2008/12/10 02:40:44 (CET)
Scanner results: 38% van de scanners (15/39) detecteerde malware!
File Name : msqpdxosvdnrsr.dll
File Size : 41984 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : ea8c050ee2b08514c1e5ac09ad9b2e74
SHA1 : a3da9eba159c3dfb2ec404373ca94978ac53d2f6
Online report :
http://virscan.org/report/615b176dd3b88 ... 0ca14.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.27 20081210070218 2008-12-10 3.43 Virus.Win32.Fasec!IK
AhnLab V3 2008.12.10.01 2008.12.10 2008-12-10 1.22 -
AntiVir 7.9.0.43 7.1.0.213 2008-12-09 1.58 TR/Crypt.XPACK.Gen
Antiy 2.0.18 20081209.1826225 2008-12-09 0.12 -
Arcavir 1.0.5 200812071316 2008-12-07 1.31 -
Authentium 5.1.1 200812092231 2008-12-09 1.13 W32/FakeAlert.3!Maximus (Heuristic)
AVAST! 3.0.1 081209-1 2008-12-09 0.01 Win32:Fasec [Trj]
AVG 7.5.52.442 270.9.16/1840 2008-12-09 1.78 -
BitDefender 7.81008.2339269 7.22418 2008-12-10 2.19 -
CA (VET) 9.0.0.143 31.6.6253 2008-12-10 10.44 -
ClamAV 0.94.1 8739 2008-12-10 0.01 -
Comodo 3.0 713 2008-12-09 0.80 -
CP Secure 1.1.0.715 2008.12.09 2008-12-09 6.05 -
Dr.Web 4.44.0.9170 2008.12.09 2008-12-09 3.66 Trojan.DnsChange.13
ewido 4.0.0.2 2008.12.09 2008-12-09 3.23 -
F-Prot 4.4.4.56 20081209 2008-12-09 1.12 W32/SuspPack.J.gen!Eldorado (generic, not disinfectable)
F-Secure 5.51.6100 2008.12.10.01 2008-12-10 0.17 -
Fortinet 2.81-3.117 9.797 2008-12-09 0.23 -
GData 19.1846/19.140 20081210 2008-12-10 7.43 Win32:Fasec [Trj] [Engine:B]
ViRobot 20081208 2008.12.08 2008-12-08 1.59 -
Ikarus T3.1.01.45 2008.12.10.71983 2008-12-10 3.66 Virus.Win32.Fasec
JiangMin 11.0.706 2008.12.09 2008-12-09 2.59 -
Kaspersky 5.5.10 2008.12.09 2008-12-09 0.23 -
KingSoft 2008.9.8.18 2008.12.9.17 2008-12-09 0.59 Win32.Troj.EdpckDown.a.41984
McAfee 5.3.00 5459 2008-12-09 2.65 DNSChanger.gen
Microsoft 1.4205 2008.12.09 2008-12-09 8.27 Trojan:Win32/Alureon.gen!I
mks_vir 2.01 2008.12.07 2008-12-07 2.77 -
Norman 5.93.01 5.93.00 2008-12-09 5.81 -
Panda 9.05.01 2008.12.09 2008-12-09 2.89 Generic Trojan
Trend Micro 8.700-1004 5.698.08 2008-12-09 0.02 TROJ_ARPOISON.B
Quick Heal 10.00 2008.12.09 2008-12-09 0.85 -
Rising 20.0 21.07.12.00 2008-12-09 1.00 -
Sophos 2.81.2 4.36 2008-12-10 2.15 Mal/EncPk-GJ
Sunbelt 4674 4674 2008-11-04 9.12 -
Symantec 1.3.0.24 20081209.003 2008-12-09 0.12 -
nProtect 2008-12-09.00 2753009 2008-12-09 9.55 -
The Hacker 6.3.1.2 v00180 2008-12-08 0.81 -
VBA32 3.12.8.10 20081209.1019 2008-12-09 1.47 -
VirusBuster 4.5.11.10 10.95.2/730120 2008-12-09 0.98 Trojan.FakeAlert.Gen!Pac.2
And the
19609.exe log:VirSCAN.org Scanned Report :
Scanned time : 2008/12/15 19:44:02 (CET)
Scanner results: 3% van de scanners (1/39) detecteerde malware!
File Name : 19609.exe
File Size : 28672 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d3302b9da355aa017328cbfeabd06b22
SHA1 : e5a6ef3951cd5d5a46bfc0b21bb74626e473b90c
Online report :
http://virscan.org/report/3cd21a5ce912f ... d2fb9.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081215200646 2008-12-15 3.14 -
AhnLab V3 2008.12.15.03 2008.12.15 2008-12-15 1.13 -
AntiVir 7.9.0.45 7.1.0.235 2008-12-15 1.61 -
Antiy 2.0.18 20081215.1838801 2008-12-15 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.21 -
Authentium 5.1.1 200812151514 2008-12-15 1.06 -
AVAST! 3.0.1 081215-1 2008-12-15 0.00 -
AVG 7.5.52.442 270.9.18/1849 2008-12-15 1.81 -
BitDefender 7.81008.2352252 7.22548 2008-12-16 2.22 -
CA (VET) 9.0.0.143 31.6.6261 2008-12-15 3.82 -
ClamAV 0.94.1 8762 2008-12-15 0.02 -
Comodo 3.0 754 2008-12-14 0.83 -
CP Secure 1.1.0.715 2008.12.16 2008-12-16 6.03 -
Dr.Web 4.44.0.9170 2008.12.15 2008-12-15 3.69 -
ewido 4.0.0.2 2008.12.15 2008-12-15 3.45 -
F-Prot 4.4.4.56 20081215 2008-12-15 1.08 -
F-Secure 5.51.6100 2008.12.15.07 2008-12-15 3.90 -
Fortinet 2.81-3.117 9.813 2008-12-13 0.20 -
GData 19.1927/19.147 20081215 2008-12-15 2.91 -
ViRobot 20081215 2008.12.15 2008-12-15 0.41 -
Ikarus T3.1.01.45 2008.12.15.72011 2008-12-15 3.69 -
JiangMin 11.0.706 2008.12.15 2008-12-15 1.43 -
Kaspersky 5.5.10 2008.12.15 2008-12-15 0.06 -
KingSoft 2008.9.8.18 2008.12.15.20 2008-12-15 0.59 -
McAfee 5.3.00 5464 2008-12-14 2.61 -
Microsoft 1.4205 2008.12.15 2008-12-15 4.39 -
mks_vir 2.01 2008.12.15 2008-12-15 2.63 -
Norman 5.93.01 5.93.00 2008-12-12 5.78 -
Panda 9.05.01 2008.12.14 2008-12-14 2.79 -
Trend Micro 8.700-1004 5.710.05 2008-12-15 0.03 -
Quick Heal 10.00 2008.12.15 2008-12-15 0.85 Suspicious - DNAScan
Rising 20.0 21.08.02.00 2008-12-15 0.78 -
Sophos 2.81.2 4.36 2008-12-16 2.06 -
Sunbelt 4754 4754 2008-12-10 0.46 -
Symantec 1.3.0.24 20081214.003 2008-12-14 0.05 -
nProtect 12-15-2008.03 2773539 12-15-2008 4.24 -
The Hacker 6.3.1.2 v00188 2008-12-14 0.49 -
VBA32 3.12.8.10 20081215.0958 2008-12-15 1.49 -
VirusBuster 4.5.11.10 10.96.1/730495 2008-12-15 0.94 -
And the
imsins.BAK log:VirSCAN.org Scanned Report :
Scanned time : 2008/12/15 19:46:43 (CET)
Scanner results: Geen enkele scanner vond malware!
File Name : imsins.BAK
File Size : 1393 byte
File Type : ASCII text, with CRLF, LF line terminators
MD5 : db5be56b3dc37a6b1c4561723e479df0
SHA1 : fb456ba282138cc3d41c72400d9b1dc7c7b7af64
Online report :
http://virscan.org/report/404fce86b16df ... 000bc.htmlScanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081215200646 2008-12-15 3.06 -
AhnLab V3 2008.12.15.03 2008.12.15 2008-12-15 1.03 -
AntiVir 7.9.0.45 7.1.0.235 2008-12-15 1.69 -
Antiy 2.0.18 20081215.1838801 2008-12-15 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.19 -
Authentium 5.1.1 200812151514 2008-12-15 1.05 -
AVAST! 3.0.1 081215-1 2008-12-15 0.00 -
AVG 7.5.52.442 270.9.18/1849 2008-12-15 1.75 -
BitDefender 7.81008.2352252 7.22548 2008-12-16 2.14 -
CA (VET) 9.0.0.143 31.6.6261 2008-12-15 3.90 -
ClamAV 0.94.1 8762 2008-12-15 0.00 -
Comodo 3.0 754 2008-12-14 0.92 -
CP Secure 1.1.0.715 2008.12.16 2008-12-16 6.01 -
Dr.Web 4.44.0.9170 2008.12.15 2008-12-15 3.70 -
ewido 4.0.0.2 2008.12.15 2008-12-15 3.45 -
F-Prot 4.4.4.56 20081215 2008-12-15 1.06 -
F-Secure 5.51.6100 2008.12.15.07 2008-12-15 3.86 -
Fortinet 2.81-3.117 9.813 2008-12-13 0.17 -
GData 19.1927/19.147 20081215 2008-12-15 3.12 -
ViRobot 20081215 2008.12.15 2008-12-15 0.40 -
Ikarus T3.1.01.45 2008.12.15.72011 2008-12-15 3.67 -
JiangMin 11.0.706 2008.12.15 2008-12-15 1.41 -
Kaspersky 5.5.10 2008.12.15 2008-12-15 0.02 -
KingSoft 2008.9.8.18 2008.12.15.20 2008-12-15 0.60 -
McAfee 5.3.00 5464 2008-12-14 2.63 -
Microsoft 1.4205 2008.12.15 2008-12-15 5.97 -
mks_vir 2.01 2008.12.15 2008-12-15 2.61 -
Norman 5.93.01 5.93.00 2008-12-12 5.82 -
Panda 9.05.01 2008.12.14 2008-12-14 7.80 -
Trend Micro 8.700-1004 5.710.05 2008-12-15 0.02 -
Quick Heal 10.00 2008.12.15 2008-12-15 0.84 -
Rising 20.0 21.08.02.00 2008-12-15 0.24 -
Sophos 2.81.2 4.36 2008-12-16 2.01 -
Sunbelt 4754 4754 2008-12-10 0.43 -
Symantec 1.3.0.24 20081214.003 2008-12-14 0.04 -
nProtect 12-15-2008.03 2773539 12-15-2008 3.58 -
The Hacker 6.3.1.2 v00188 2008-12-14 0.54 -
VBA32 3.12.8.10 20081215.0958 2008-12-15 1.51 -
VirusBuster 4.5.11.10 10.96.1/730495 2008-12-15 0.93 -
And the
LopSD log: --------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.20GHz )
BIOS : Default System BIOS
USER : Gebruiker ( Administrator )
BOOT : Normal boot
Antivirus : Norman Security Suite ver. 7.00 7.00 (Not Activated)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:168 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT32 - Total:241 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( ma 15-12-2008|19:56 )
--------------------\\ Beschrijving van mappen in APPLIC~1
[30-08-2007|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
[20-11-2008|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05-09-2008|16:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[21-05-2007|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[25-05-2007|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15-10-2008|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard
[22-05-2007|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[14-12-2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EmailNotifier
[19-10-2007|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
[02-11-2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[15-12-2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[25-05-2007|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[24-11-2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[10-07-2008|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Linksys
[08-08-2007|22:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
[24-09-2008|15:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
[25-07-2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[14-12-2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Megaupload
[12-10-2008|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23-08-2008|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[12-04-2008|19:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[05-12-2008|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[12-07-2008|22:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[15-08-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NewsBin
[25-05-2007|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
[25-05-2007|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[15-08-2008|16:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[05-01-2008|07:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[23-06-2007|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OLYMPUS
[22-07-2008|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
[10-07-2008|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
[12-09-2007|22:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25-05-2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[22-11-2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24-07-2008|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[11-12-2008|16:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[08-05-2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[21-05-2007|16:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[14-08-2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[26-05-2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes
[42|map(pen)] C:\DOCUME~1\ALLUSE~1\APPLIC~1\bytes beschikbaar
[11-02-2008|19:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[21-05-2007|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[14-12-2008|15:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[0|bestand(en)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\DEFAUL~1\APPLIC~1\bytes beschikbaar
[20-11-2008|09:16] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Adobe
[12-07-2008|22:25] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ahead
[25-05-2007|14:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Apple Computer
[24-05-2007|07:57] C:\DOCUME~1\GEBRUI~1\APPLIC~1\CyberLink
[16-07-2007|14:07] C:\DOCUME~1\GEBRUI~1\APPLIC~1\DivX
[15-12-2008|16:14] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Dropbox
[22-06-2007|00:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Eyeblaster
[30-08-2008|22:10] C:\DOCUME~1\GEBRUI~1\APPLIC~1\FLV Extract
[30-07-2008|15:44] C:\DOCUME~1\GEBRUI~1\APPLIC~1\fretsonfire
[06-12-2008|17:01] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Garritan
[24-08-2007|06:26] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Google
[15-08-2008|16:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabIt
[09-11-2008|12:23] C:\DOCUME~1\GEBRUI~1\APPLIC~1\GrabPro
[30-05-2007|19:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Help
[19-05-2008|19:01] C:\DOCUME~1\GEBRUI~1\APPLIC~1\HP
[02-01-2008|20:13] C:\DOCUME~1\GEBRUI~1\APPLIC~1\ICAClient
[08-05-2008|15:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Identities
[21-04-2008|15:55] C:\DOCUME~1\GEBRUI~1\APPLIC~1\LimeWire
[19-07-2007|10:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Macromedia
[25-07-2008|10:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Malwarebytes
[14-12-2008|11:39] C:\DOCUME~1\GEBRUI~1\APPLIC~1\MegauploadToolbar
[20-11-2008|20:24] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Microsoft
[11-08-2008|16:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Music Recognition
[01-04-2008|17:32] C:\DOCUME~1\GEBRUI~1\APPLIC~1\NCH Swift Sound
[15-08-2008|16:47] C:\DOCUME~1\GEBRUI~1\APPLIC~1\NewsLeecher
[19-05-2008|22:05] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Norman
[14-07-2007|08:54] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Opera
[14-12-2008|13:19] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Orbit
[22-07-2008|17:38] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Propellerhead Software
[05-12-2008|16:27] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Samsung
[15-07-2008|19:33] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Skype
[01-06-2007|17:34] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SmartFTP
[13-06-2007|09:28] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Sun
[24-07-2008|17:41] C:\DOCUME~1\GEBRUI~1\APPLIC~1\SUPERAntiSpyware.com
[28-04-2008|13:56] C:\DOCUME~1\GEBRUI~1\APPLIC~1\teamspeak2
[17-11-2008|17:51] C:\DOCUME~1\GEBRUI~1\APPLIC~1\TeamViewer
[19-06-2007|15:58] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Ventrilo
[15-08-2008|16:50] C:\DOCUME~1\GEBRUI~1\APPLIC~1\WinRAR
[15-08-2008|16:49] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Xfire
[04-10-2007|09:03] C:\DOCUME~1\GEBRUI~1\APPLIC~1\XLAB ISL Plugins
[08-05-2008|15:02] C:\DOCUME~1\GEBRUI~1\APPLIC~1\Zylom
[0|bestand(en)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes
[43|map(pen)] C:\DOCUME~1\GEBRUI~1\APPLIC~1\bytes beschikbaar
[15-08-2008|16:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[11-08-2008|09:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[21-05-2007|15:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes
[5|map(pen)] C:\DOCUME~1\LOCALS~1\APPLIC~1\bytes beschikbaar
[21-05-2007|15:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[0|bestand(en)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes
[3|map(pen)] C:\DOCUME~1\NETWOR~1\APPLIC~1\bytes beschikbaar
--------------------\\ Geplande Taken gelocaliseerd in C:\WINDOWS\Tasks
[05-11-2008 07:41][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14-12-2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[15-12-2008 16:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02-03-2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Beschrijving van mappen in C:\Program Files
[16-08-2008|18:24] C:\Program Files\Acoustica Beatcraft
[03-10-2008|20:41] C:\Program Files\Acoustica Shared Effects
[15-10-2008|12:01] C:\Program Files\Activision
[20-11-2008|09:14] C:\Program Files\Adobe
[25-05-2007|18:02] C:\Program Files\Adobe Type Manager
[06-12-2008|18:22] C:\Program Files\AoA Audio Extractor
[30-05-2007|06:41] C:\Program Files\Apple Software Update
[12-01-2008|13:28] C:\Program Files\ASIO4ALL v2
[16-08-2008|18:00] C:\Program Files\Beatbox Demo
[08-05-2008|14:02] C:\Program Files\BFG
[15-08-2008|16:50] C:\Program Files\BitComet
[11-12-2008|15:48] C:\Program Files\BitLord
[01-07-2007|23:17] C:\Program Files\Canon
[02-01-2008|12:41] C:\Program Files\Citrix
[14-12-2008|12:28] C:\Program Files\Common Files
[21-05-2007|15:25] C:\Program Files\ComPlus Applications
[30-08-2008|22:00] C:\Program Files\Cucusoft
[22-05-2007|07:43] C:\Program Files\CyberLink
[17-08-2007|17:13] C:\Program Files\Datel
[15-08-2008|16:50] C:\Program Files\Davilex
[21-09-2008|18:35] C:\Program Files\DBP
[03-06-2007|06:14] C:\Program Files\directx
[15-08-2008|16:49] C:\Program Files\DiskInternals
[05-10-2007|17:34] C:\Program Files\DivX
[30-10-2008|17:26] C:\Program Files\Dropbox
[15-08-2008|16:49] C:\Program Files\Enterbrain
[15-08-2008|16:50] C:\Program Files\File Extension Changer
[06-12-2008|17:09] C:\Program Files\Finale 2009
[11-12-2008|16:21] C:\Program Files\FLV Converter
[06-12-2008|17:01] C:\Program Files\Garritan
[24-08-2007|06:25] C:\Program Files\Google
[05-09-2008|14:46] C:\Program Files\Guitar Pro 5
[03-12-2008|17:07] C:\Program Files\HotHotSoftware
[24-08-2008|20:47] C:\Program Files\HP
[25-09-2008|18:00] C:\Program Files\HyperCam
[15-08-2008|15:05] C:\Program Files\Image-Line
[10-09-2008|19:55] C:\Program Files\Install Creator Pro
[14-12-2008|12:30] C:\Program Files\InstallShield Installation Information
[21-05-2007|15:40] C:\Program Files\Intel
[12-12-2008|07:23] C:\Program Files\Internet Explorer
[30-05-2007|06:44] C:\Program Files\iPod
[01-04-2008|17:24] C:\Program Files\IrfanView
[14-12-2008|15:31] C:\Program Files\Java
[10-07-2008|12:27] C:\Program Files\Linksys
[11-01-2008|23:37] C:\Program Files\LizardTech
[15-08-2008|16:50] C:\Program Files\MagicISO
[24-09-2008|15:40] C:\Program Files\MAGIX
[16-11-2008|21:13] C:\Program Files\Malwarebytes' Anti-Malware
[19-09-2008|09:16] C:\Program Files\Messenger
[15-08-2008|16:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[21-05-2007|15:27] C:\Program Files\microsoft frontpage
[03-10-2008|14:51] C:\Program Files\Microsoft Office
[01-06-2007|17:42] C:\Program Files\Microsoft Office Frontpage 2003
[25-05-2007|13:34] C:\Program Files\Microsoft Visual Studio
[02-11-2008|17:11] C:\Program Files\Microsoft Works
[01-06-2007|17:42] C:\Program Files\Microsoft.NET
[09-06-2008|19:57] C:\Program Files\MobilEdit
[09-10-2007|19:03] C:\Program Files\Movavi Flash Converter
[19-09-2008|09:12] C:\Program Files\Movie Maker
[15-08-2008|16:50] C:\Program Files\MP3 WAV WMA Converter
[22-05-2007|08:04] C:\Program Files\MSBuild
[03-10-2008|14:50] C:\Program Files\MSECache
[04-09-2008|14:28] C:\Program Files\MSN BackUp
[21-05-2007|15:24] C:\Program Files\MSN Gaming Zone
[21-05-2007|15:36] C:\Program Files\MSXML 4.0
[22-05-2007|08:06] C:\Program Files\MSXML 6.0
[07-03-2008|18:32] C:\Program Files\Multiverse Client
[07-03-2008|18:32] C:\Program Files\Multiverse Tools
[12-04-2008|19:58] C:\Program Files\NCH Software
[05-12-2008|19:35] C:\Program Files\NCH Swift Sound
[12-07-2008|22:13] C:\Program Files\Nero
[19-09-2008|09:10] C:\Program Files\NetMeeting
[15-08-2008|16:47] C:\Program Files\NewsBin
[19-05-2008|22:05] C:\Program Files\Norman
[21-05-2007|15:26] C:\Program Files\Online Services
[06-12-2008|19:39] C:\Program Files\OrbitDownloader
[19-09-2008|09:10] C:\Program Files\Outlook Express
[08-05-2008|14:18] C:\Program Files\Peggle
[06-12-2008|17:01] C:\Program Files\Plogue
[30-05-2007|06:43] C:\Program Files\QuickTime
[03-02-2008|19:15] C:\Program Files\Rapidown
[22-05-2007|08:01] C:\Program Files\Reference Assemblies
[28-08-2008|12:46] C:\Program Files\Ruby
[16-08-2008|18:14] C:\Program Files\SABnzbd
[05-12-2008|16:35] C:\Program Files\SAMSUNG
[25-05-2007|19:48] C:\Program Files\Serif
[21-05-2007|15:42] C:\Program Files\SigmaTel
[12-09-2007|22:24] C:\Program Files\Skype
[15-08-2008|16:48] C:\Program Files\SmartFTP Client
[22-05-2008|08:34] C:\Program Files\SpamWeed
[23-11-2008|10:38] C:\Program Files\Spybot - Search & Destroy
[24-07-2008|17:40] C:\Program Files\SUPERAntiSpyware
[05-10-2007|18:27] C:\Program Files\SWF2AVI
[16-07-2007|09:58] C:\Program Files\SystemRequirementsLab
[05-12-2008|19:31] C:\Program Files\TallStick
[17-11-2008|17:47] C:\Program Files\TeamViewer3
[10-01-2008|19:55] C:\Program Files\The Game Creators
[05-12-2008|20:11] C:\Program Files\Trend Micro
[16-08-2008|19:38] C:\Program Files\UltraGet Video Downloader
[21-05-2007|15:30] C:\Program Files\Uninstall Information
[05-12-2008|19:41] C:\Program Files\vanBasco's Karaoke Player
[03-08-2007|13:41] C:\Program Files\VentSrv
[16-02-2008|12:36] C:\Program Files\VstPlugins
[01-09-2008|19:51] C:\Program Files\Wamp
[25-05-2007|19:55] C:\Program Files\Web Publish
[13-12-2008|16:08] C:\Program Files\WebEx
[12-10-2008|17:54] C:\Program Files\Windows Live
[25-05-2007|12:01] C:\Program Files\Windows Media Connect 2
[19-09-2008|09:10] C:\Program Files\Windows Media Player
[19-09-2008|09:10] C:\Program Files\Windows NT
[21-05-2007|15:26] C:\Program Files\WindowsUpdate
[15-08-2008|16:49] C:\Program Files\Xampp
[21-05-2007|15:27] C:\Program Files\xerox
[08-04-2008|20:49] C:\Program Files\Xfire
[04-10-2007|15:38] C:\Program Files\XLAB ISL Boot
[08-05-2008|15:01] C:\Program Files\Zylom Games
[0|bestand(en)] C:\Program Files\bytes
[118|map(pen)] C:\Program Files\bytes beschikbaar
--------------------\\ Beschrijving van mappen in C:\Program Files\Common Files
[20-11-2008|09:18] C:\Program Files\Common Files\Adobe
[02-11-2008|10:59] C:\Program Files\Common Files\Adobe AIR
[05-09-2008|16:08] C:\Program Files\Common Files\Adobe Systems Shared
[12-07-2008|22:21] C:\Program Files\Common Files\Ahead
[10-01-2008|20:08] C:\Program Files\Common Files\Bcgsoft
[25-05-2007|14:25] C:\Program Files\Common Files\Blizzard Entertainment
[01-07-2007|23:11] C:\Program Files\Common Files\Canon
[25-05-2007|13:34] C:\Program Files\Common Files\Designer
[26-06-2008|13:44] C:\Program Files\Common Files\Enterbrain
[25-05-2007|10:25] C:\Program Files\Common Files\Hewlett-Packard
[25-05-2007|10:30] C:\Program Files\Common Files\HP
[30-05-2008|22:43] C:\Program Files\Common Files\INCA Shared
[15-08-2008|14:52] C:\Program Files\Common Files\InstallShield
[24-05-2007|07:55] C:\Program Files\Common Files\LightScribe
[20-01-2008|07:49] C:\Program Files\Common Files\Macrovision Shared
[30-08-2007|11:55] C:\Program Files\Common Files\MAGIX Shared
[06-12-2008|16:58] C:\Program Files\Common Files\Microsoft Shared
[09-10-2007|19:03] C:\Program Files\Common Files\MOVAVI
[21-05-2007|15:25] C:\Program Files\Common Files\MSSoap
[21-05-2007|16:23] C:\Program Files\Common Files\Nero
[21-05-2007|23:20] C:\Program Files\Common Files\ODBC
[04-12-2007|07:29] C:\Program Files\Common Files\Previews
[10-07-2008|12:29] C:\Program Files\Common Files\Pure Networks Shared
[21-05-2007|15:25] C:\Program Files\Common Files\Services
[25-05-2007|10:31] C:\Program Files\Common Files\Sonic Shared
[21-05-2007|23:20] C:\Program Files\Common Files\SpeechEngines
[19-09-2008|09:10] C:\Program Files\Common Files\System
[25-08-2008|14:59] C:\Program Files\Common Files\Threeships Shared
[15-08-2008|16:50] C:\Program Files\Common Files\WindowsLiveInstaller
[24-07-2008|17:40] C:\Program Files\Common Files\Wise Installation Wizard
[0|bestand(en)] C:\Program Files\Common Files\bytes
[32|map(pen)] C:\Program Files\Common Files\bytes beschikbaar
--------------------\\ Process
( 66 Processes )
iexplore.exe ~ [PID:1796]
--------------------\\ Zoeken met S_Lop
Geen Lop mappen gevonden !
--------------------\\ Zoeken naar Lop Bestanden - Mappen
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData
C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\Program Files\OrbitDownloader
C:\Program Files\OrbitDownloader\addons
C:\Program Files\OrbitDownloader\banurl.ini
C:\Program Files\OrbitDownloader\changelog.txt
C:\Program Files\OrbitDownloader\download.dll
C:\Program Files\OrbitDownloader\Grab.exe
C:\Program Files\OrbitDownloader\GrabDll.dll
C:\Program Files\OrbitDownloader\GrabKernel.dll
C:\Program Files\OrbitDownloader\GrabPro.dll
C:\Program Files\OrbitDownloader\idht.dll
C:\Program Files\OrbitDownloader\Lang.ini
C:\Program Files\OrbitDownloader\language
C:\Program Files\OrbitDownloader\libeay32.dll
C:\Program Files\OrbitDownloader\orbitcth.dll
C:\Program Files\OrbitDownloader\orbitdm.exe
C:\Program Files\OrbitDownloader\orbitmxt.dll
C:\Program Files\OrbitDownloader\orbitnet.exe
C:\Program Files\OrbitDownloader\saction.dll
C:\Program Files\OrbitDownloader\siteinfo.ini
C:\Program Files\OrbitDownloader\ssleay32.dll
C:\Program Files\OrbitDownloader\unins000.dat
C:\Program Files\OrbitDownloader\unins000.exe
C:\Program Files\OrbitDownloader\update
C:\Program Files\OrbitDownloader\winfile.dll
--------------------\\ Zoeken doorheen het Register
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Nazicht van het Hosts bestand
Hosts bestand GEWIJZIGD
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1
www.drivecleaner.com ## added by CiD
127.0.0.1
www.errorprotector.com ## added by CiD
127.0.0.1
www.errorsafe.com ## added by CiD
127.0.0.1
www.systemdoctor.com ## added by CiD
127.0.0.1
www.utils.winfixer.com ## added by CiD
127.0.0.1
www.win-anti-virus-pro.com ## added by CiD
127.0.0.1
www.win-virus-pro.com ## added by CiD
127.0.0.1
www.winantispam.com ## added by CiD
127.0.0.1
www.winantispy.com ## added by CiD
127.0.0.1
www.winantispyware.com ## added by CiD
127.0.0.1
www.winantivirus.com ## added by CiD
127.0.0.1
www.winantiviruspro.com ## added by CiD
127.0.0.1
www.windrivecleaner.com ## added by CiD
127.0.0.1
www.windrivesafe.com ## added by CiD
127.0.0.1
www.winfixer.com ## added by CiD
127.0.0.1
www.winfixer2006.com ## added by CiD
127.0.0.1
www.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Zoeken naar verborgen bestanden met Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net Rootkit scan 2008-12-15 19:58:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 205
--------------------\\ Zoeken naar andere infecties
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica BeatCraft Keygen.rar
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobefireworkscs3keygenz.w.t.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\adobephotoshopcs2tryouttofullactivationkeygenoscaria.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Cleaning Lab 2008 Deluxe Crack.nzb
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\NewsLeecher crack.txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\[isoHunt]_Guitar_Pro_5.2_(FULL_with_Keygen)___RSE_Guitar___RSE_Basses___RSE_Drums!_Enjoy.torrent
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\Acoustica Beatcraft Installer.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft + Keygen\KEYGEN.EXE
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Acoustica Beatcraft v1.x Serial\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Adobe CS4\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\arobasmusicguitarprov5.0keygenbeat.zip
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Earn Rapidshare Premium..txt
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Guitar Pro 5\Guitar Pro 5\Guitar Pro 5 + crack\Guitar Pro 5.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\BEAT.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\file_id.diz
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\KeyGen.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Guitar Pro\Keygen\keygen.nfo
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.exe
C:\DOCUME~1\GEBRUI~1\Bureaublad\Spelletjes\Downloads\Magix Music Maker 2007\Crack.zip
C:\DOCUME~1\GEBRUI~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ.
http://WWW.C.url C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\crack-rapidshare-time-delay-and-download-limit[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\full-download-widi-3.3-crack-serial-torrent-keygen[1].htm
C:\DOCUME~1\GEBRUI~1\Local Settings\Temporary Internet Files\Content.IE5\Z5H14XLY\keygen[1].rar
C:\DOCUME~1\GEBRUI~1\Menu Start\Programma's\Image-Line\FL Studio 7\crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Cleaning Lab 2008 Deluxe Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Finale 2009 ISO\keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\Magix Music Maker 2006 v11.0.1.3 E-version Crack\Magix Music Maker 2006 v11.0.1.3 E-version Crack.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\downloads\complete\_UNPACK_Adobe CS4 Master Collection.1\Wiej\Adobe.Creative.Suite.4.Master.Collection.RETAIL\Adobe CS4 Master Collection Keygen.exe
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\[Dropbox]\My Dropbox\Public\rmxp-rmvx keygen.zip
C:\DOCUME~1\GEBRUI~1\Mijn documenten\Mijn Chatlogs\_NZB\Magix Music Maker 2006 v11.0.1.3 E-version Crack.nzb
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\arobasmusicguitarprov5.0keygenbeat.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 + crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Guitar Pro 5 Keygen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\Magix Music Cleaning Lab 2008 Deluxe Crack.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinale2009keygenngen.lnk
C:\DOCUME~1\GEBRUI~1\Onlangs geopend\makemusicfinalenotepad2009keygenedge.lnk
C:\DOCUME~1\ALLUSE~1\Favorieten\Frank en Rick Online\BESTCRACKS.NET - THE BEST CRACKS, SERIAL NUMBERS, KEYGENS, PATCHES, GAMES, SOFTWARE CRACK, CRACKZ.
http://WWW.C.url [F:601][D:116]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp
[F:75][D:0]-> C:\DOCUME~1\GEBRUI~1\Cookies
[F:11643][D:594]-> C:\DOCUME~1\GEBRUI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - ma 15-12-2008|20:01 - Option : [1]
--------------------\\ Scan voltooid om 20:01:31
And last, but not least, the
HijackThis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:52, on 15-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\Bin\zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Frank en Rick\I-Tunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\SpamWeed\swengine.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Norman\Npm\Bin\Nvcsched.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\Nip.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Frank en Rick\I-Tunes\iTunes.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Gebruiker\Menu Start\Programma's\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://start.ziggo.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\OrbitDownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ThreeShips IEHelper - {17FDB9F8-DCC4-4F6A-AE07-B16018A48469} - C:\Program Files\Common Files\Threeships Shared\DLL\ThreeShipsIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\OrbitDownloader\GrabPro.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Mam\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Frank en Rick\I-Tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Event Reminder.lnk = C:\Mam\TLC Domus\PrintMaster\Pmremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpamWeed.lnk = C:\Program Files\SpamWeed\swengine.exe
O8 - Extra context menu item: &Download by Orbit -
res://C:\Program Files\OrbitDownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -
res://C:\Program Files\OrbitDownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit -
res://C:\Program Files\OrbitDownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -
res://C:\Program Files\OrbitDownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://downloadcenter.samsung.com/conte ... ite_EN.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/pr02/re ... NPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/NL-NL/a-U ... E_UNO1.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://game02.zylom.com/activex/zylomgamesplayer.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Mam\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Xampp\apache\bin\apache.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
--
End of file - 12836 bytes
Whew, big post.