Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack Logje Checken Graag

V-J
7 antwoorden
  • Elke start onnodige Internet Explorer Popup

    Alvast Bedankt

    Logfile of HijackThis v1.99.1
    Scan saved at 14:34:16, on 11-10-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\WINDOWS\iexplore.exe
    C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\p0n8la5u1d.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
  • Hallo,


    Start HJT opnieuw en doe een systemscan only, vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked.

    [b:ae4642b449]R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\p0n8la5u1d.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)[/b:ae4642b449]

    start verkenner en zoek naar onderstaande map dikgedrukt en verwijder die.

    C:\Program Files\Common Files\[b:ae4642b449]{3C985221-063C-1043-0309-06051124001f}[/b:ae4642b449]
    C:\Program Files\[b:ae4642b449]ToolBar888\MyToolBar.dll[/b:ae4642b449]
    C:\WINDOWS\system32\[b:ae4642b449]p0n8la5u1d.dll[/b:ae4642b449]




    Download [b:ae4642b449]Combofix[/b:ae4642b449] naar je Bureaublad.[list:ae4642b449]
    Dubbelklik [b:ae4642b449]Combofix.exe[/b:ae4642b449]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:ae4642b449]NIET[/b:ae4642b449] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:ae4642b449]
    Wanneer de fix voltooid is en na herstart, zal de log [b:ae4642b449]combofix.txt[/b:ae4642b449] openen.
    [i:ae4642b449]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:ae4642b449]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren

    succes
    Juisterr
  • Jevithan - 06-10-11 19:22:06,12 Service Pack 2
    ComboFix 06.10.11 - Running from: "C:\Documents and Settings\Jevithan\Bureaublad"

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\xnnput9_1_0.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dawsockx.dll"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    FILES REMOVED:

    C:\WINDOWS\system32\dawsockx.dll
    C:\WINDOWS\system32\g0lm0a31ed.dll
    C:\WINDOWS\system32\t6r80g9ue6.dll
    C:\WINDOWS\system32\xnnput9_1_0.dll




    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\QTGHSTIF\dfndrff_e_uit[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\CHUVCTIJ\drsmartload45a[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\drsmartload833a[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\C1I3W1MN\MTE3NDI6ODoxNgV2[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\U761SJQ3
    wnmff_e[1].exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-11 to 2006-10-11 ))))))))))))))))))))))))))))))))))


    2006-10-10 18:29 224,478 –a—— C:\WINDOWS\iexplore.exe
    2006-10-09 13:12 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2006-10-08 18:28 32,896 –a—— C:\WINDOWS\system32\APFTrans.sys
    2006-10-02 18:19 81,920 –a—— C:\WINDOWS\system32\AppToPort.dll
    2006-10-02 18:19 24,576 –a—— C:\WINDOWS\system32\hook1.dll
    2006-10-02 18:19 20,480 –a—— C:\WINDOWS\system32\hook2.dll
    2006-10-02 16:11 77,824 –a—— C:\WINDOWS\system32\driverif.dll
    2006-10-02 16:11 733,236 –a—— C:\WINDOWS\system32\vete.dll
    2006-10-02 16:11 541,733 –a—— C:\WINDOWS\system32\drivers\vetmonnt.sys
    2006-10-02 16:11 21,605 –a—— C:\WINDOWS\system32\drivers\vet-filt.sys
    2006-10-02 16:11 15,668 –a—— C:\WINDOWS\system32\drivers\vet-rec.sys
    2006-10-02 16:11 12,288 –a—— C:\WINDOWS\system32\vetntmsg.dll
    2006-10-02 16:11 108,453 –a—— C:\WINDOWS\system32\drivers\vetfddnt.sys
    2006-10-02 12:14 5,120 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2006-09-27 15:11 720,896 –a—— C:\WINDOWS\iun6002.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer_.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer.exe
    2006-09-26 16:05 3,082 –a—— C:\WINDOWS\system32\affv9553p6now.sys
    2006-09-26 15:59 395,776 –a—— C:\WINDOWS\system32\libmplayer.dll
    2006-09-26 15:59 34,820 –a—— C:\WINDOWS\system32\ffdshow.reg
    2006-09-26 15:59 262,144 –a—— C:\WINDOWS\system32\TomsMoComp_ff.dll
    2006-09-26 15:59 2,255,360 –a—— C:\WINDOWS\system32\libavcodec.dll
    2006-09-26 15:59 112,640 –a—— C:\WINDOWS\system32\libmpeg2_ff.dll
    2006-09-26 15:53 33,280 –a—— C:\WINDOWS\is-HAP4U.exe
    2006-09-21 18:54 1,003,520 –a—— C:\WINDOWS\system32\ltmm_n.dll
    2006-09-21 18:51 969,728 –a—— C:\WINDOWS\system32\libmcl-4.4.0.dll
    2006-09-21 18:51 8,192 –a—— C:\WINDOWS\system32\libcvr-1.0.0.dll
    2006-09-21 18:51 39,936 –a—— C:\WINDOWS\system32\libxpm-1.0.0.dll
    2006-09-21 18:51 301,056 –a—— C:\WINDOWS\system32\libtif-1.0.0.dll
    2006-09-21 18:51 30,720 –a—— C:\WINDOWS\system32\libdsw-1.0.0.dll
    2006-09-21 18:51 22,016 –a—— C:\WINDOWS\system32\libhav-1.0.0.dll
    2006-09-21 18:51 205,824 –a—— C:\WINDOWS\system32\libjp2-1.0.0.dll
    2006-09-21 18:51 16,384 –a—— C:\WINDOWS\system32\libgif-1.0.0.dll
    2006-09-21 18:51 149,504 –a—— C:\WINDOWS\system32\libpng-1.0.0.dll
    2006-09-21 18:51 110,592 –a—— C:\WINDOWS\system32\libjpg-1.0.0.dll
    2006-09-21 18:51 1,679,872 –a—— C:\WINDOWS\system32\libmpg-1.0.0.dll
    2006-09-21 18:51 1,185,280 –a—— C:\WINDOWS\system32\libogg-1.0.0.dll
    2006-09-18 13:19 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
    2006-09-14 15:08 94,208 ——— C:\WINDOWS\system32\mclsp.dll
    2006-09-14 15:08 32,768 –a—— C:\WINDOWS\system32\instlsp.exe
    2006-09-14 15:08 11,264 –a—— C:\WINDOWS\system32\sporder.dll
    2006-09-14 13:20 0 –a—— C:\WINDOWS\system32\Ultra.dll
    2006-09-14 10:47 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2006-09-14 10:47 40,960 –a—— C:\WINDOWS\system32\swsc.exe
    2006-09-14 10:47 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2006-09-14 10:47 135,168 –a—— C:\WINDOWS\system32\swreg.exe
    2006-09-13 12:11 10,193 -r-h—– C:\WINDOWS\system32\win_3.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-11 19:19 ——– d——– C:\Program Files\Common Files
    2006-10-11 19:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Azureus
    2006-10-11 19:03 ——– d——– C:\Program Files\ElcomSoft
    2006-10-11 16:48 ——– d——– C:\Program Files\WinRAR
    2006-10-11 14:22 ——– d——– C:\Program Files\Intelore
    2006-10-11 14:14 ——– d——– C:\Program Files\DC++
    2006-10-11 13:59 ——– d——– C:\Program Files\Xilisoft
    2006-10-10 19:08 ——– d——– C:\Documents and Settings\Jevithan\Application Data\NetPumper
    2006-10-10 18:57 ——– d——– C:\Program Files\7-Zip
    2006-10-10 16:06 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Media Player Classic
    2006-10-09 16:35 ——– d——– C:\Program Files\eMule
    2006-10-09 13:25 ——– d——– C:\Documents and Settings\Jevithan\Application Data\PC Tools
    2006-10-08 18:37 ——– d——– C:\Program Files\Common Files\Wise Installation Wizard
    2006-10-08 18:28 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-08 18:28 ——– d——– C:\Program Files\Armor2net
    2006-10-06 22:36 ——– d——– C:\Program Files\DreamCatcher
    2006-10-06 20:23 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.ABC
    2006-10-04 20:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Macromedia
    2006-10-04 15:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\SiteAdvisor
    2006-10-04 15:05 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee
    2006-10-04 14:59 ——– d——– C:\Program Files\Common Files\McAfee
    2006-10-02 18:58 ——– d——– C:\Program Files\File Recover
    2006-10-02 15:57 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Comodo
    2006-10-02 12:14 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-10-02 11:51 ——– d——– C:\Program Files\WinAVI VideoConverter
    2006-10-01 19:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Lavasoft
    2006-10-01 12:52 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Registry Booster
    2006-09-30 18:31 ——– d——– C:\Program Files\Azureus
    2006-09-30 18:14 ——– d——– C:\Program Files\TuneUp Utilities 2006
    2006-09-29 13:37 ——– d——– C:\Program Files\Gabest
    2006-09-23 18:08 5632 –ahs—- C:\Program Files\Thumbs.db
    2006-09-23 18:08 ——– d——– C:\Program Files\ShopInsite MMI
    2006-09-23 18:08 ——– d——– C:\Program Files\Messenger
    2006-09-23 18:08 ——– d——– C:\Program Files\A-one Video Joiner
    2006-09-22 12:05 ——– d——– C:\Program Files\Super Video Splitter
    2006-09-20 22:03 ——– d——– C:\Documents and Settings\Jevithan\Application Data\STOIK
    2006-09-20 16:11 ——– d—s—- C:\Documents and Settings\Jevithan\Application Data\Microsoft
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Designer
    2006-09-18 21:31 ——– d——– C:\Program Files\Microsoft Office
    2006-09-18 21:31 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Microsoft Web Folders
    2006-09-18 14:27 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.BitTornado
    2006-09-18 12:01 ——– d——– C:\Program Files\AliveMedia
    2006-09-15 14:21 ——– d——– C:\Documents and Settings\Jevithan\Application Data\LimeWire
    2006-09-14 16:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee.com Personal Firewall
    2006-09-14 15:07 15360 –a—— C:\WINDOWS\system32\BASSMOD.dll
    2006-09-13 20:40 ——– d——– C:\Program Files\Admiresoft
    2006-09-13 16:15 ——– d——– C:\Program Files\Internet Explorer
    2006-09-10 21:35 ——– d——– C:\Program Files\Allok Video Joiner
    2006-09-07 16:00 ——– d——– C:\Program Files\Common Files\Deterministic Networks
    2006-09-06 20:44 ——– d——– C:\Program Files\Common Files\Softwin
    2006-09-06 19:44 77824 –a—— C:\WINDOWS\system32\xcomm.dll
    2006-09-06 19:44 73728 –a—— C:\WINDOWS\system32\sockspy.dll
    2006-08-30 13:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\dvdcss
    2006-08-29 00:47 1257783 –a—— C:\WINDOWS\system32\drivers\v3engine.sys
    2006-08-28 21:11 ——– d——– C:\Program Files\EA Games
    2006-08-28 20:32 ——– d——– C:\Program Files\Windows Media Player
    2006-08-28 20:14 ——– d——– C:\Program Files\Movie Joiner
    2006-08-24 18:09 ——– d——– C:\Program Files\Innovatools
    2006-08-24 17:25 12464 –a—— C:\WINDOWS\system32\drivers\secdrv.sys
    2006-08-24 17:05 ——– d——– C:\Program Files\D-Tools
    2006-08-22 20:24 ——– d——– C:\Program Files\ATI Technologies
    2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 14:11 ——– d——– C:\Program Files\MSN Messenger
    2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 –a—— C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-20 18:35 ——– d——– C:\Program Files\Allok Video Splitter
    2006-08-19 22:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Vso
    2006-08-19 19:54 5680 –a—— C:\WINDOWS\system32\drivers\psntkd20.sys
    2006-08-16 16:42 ——– d——– C:\Program Files\Windows NT
    2006-08-15 13:13 ——– d——– C:\Program Files\Bucek
    2006-08-15 13:02 ——– d——– C:\Program Files\AVI MPEG RM WMV Joiner
    2006-08-14 19:32 ——– d——– C:\Program Files\Easy Video Joiner
    2006-08-13 19:36 ——– d——– C:\Program Files\Google
    2006-08-13 18:16 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Google
    2006-08-13 16:54 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Skype
    2006-08-12 16:59 ——– d——– C:\Program Files\Xara
    2006-08-12 15:47 ——– d——– C:\Program Files\AviSynth 2.5
    2006-08-12 15:46 ——– d——– C:\Documents and Settings\Jevithan\Application Data\uTorrent
    2006-08-11 20:58 666624 –a—— C:\WINDOWS\is-7DAPH.exe
    2006-08-11 20:58 ——– d——– C:\Program Files\Common Files\Agnitum Shared
    2006-08-10 19:37 8 –a—— C:\WINDOWS\system32\lssexp.dll
    2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
    2006-07-20 22:24 286720 –a—— C:\WINDOWS\iun506.exe
    2006-07-18 20:45 46 –a—— C:\WINDOWS\system32\w3c985va.dll
    2006-07-16 22:10 784 –a—— C:\Documents and Settings\Jevithan\Application Data\mpauth.dat
    2006-07-16 16:23 73216 –a—— C:\WINDOWS\ST6UNST.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Armor2net"="C:\\Program Files\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000000
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoChangeStartMenu"=dword:00000000
    "NoClose"=dword:00000000
    "NoLogOff"=dword:00000000
    "NoRun"=dword:00000000

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Jevithan^Menu Start^Programma's^Opstarten^Snelkoppeling naar zlclient.lnk]
    "path"="C:\\Documents and Settings\\Jevithan\\Menu Start\\Programma's\\Opstarten\\Snelkoppeling naar zlclient.lnk"
    "backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar zlclient.lnkStartup"
    "location"="Startup"
    "command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe "
    "item"="Snelkoppeling naar zlclient"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\0153901159966770mcinstcleanup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cleanup"
    "hkey"="HKLM"
    "command"="C:\\DOCUME~1\\Jevithan\\LOCALS~1\\Temp\\015390~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\APVXDWIN]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="APVXDWIN"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdmcon"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdnagent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdnagent.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDOESRV]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdoesrv"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDSwitchAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdswitch"
    "hkey"="HKLM"
    "command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BitTorrent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bittorrent"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" –force_start_minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CaISSDT]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="caissdt"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dfndrff_e26"
    "hkey"="HKLM"
    "command"="C:\dfndrff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Explorer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iexplore"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\iexplore.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FreeCall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeCall"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FSWebServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fsws"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Easy File Sharing Web Server\\fsws.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IDMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IDMan"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\eMule\\Incoming\\Internet Download Manager v5.03.02 Multilangages Incl-Crack\\Crack\\IDMan.exe /onboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kybrdff_16"
    "hkey"="HKLM"
    "command"="c:\kybrdff_16.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kis]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kqkm]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kqkmm"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\COMMON~1\\kqkm\\kqkmm.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MacroVirus]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MacroVirus"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MacroVirus\\MacroVirus.exe -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsgPlus"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnreord]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmonitor"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\Jevithan\\Bureaublad\\TAMIL° ZONE\\Setup\\MSN_Password_Logger_v3\\msnmonitor.ex"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg
    ewname]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwnmff_e26"
    "hkey"="HKLM"
    "command"="C:
    wnmff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NI.UWA6PM_0001_N91M2107]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UWA6PM_0001_N91M2107NetInstaller"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS\\Downloaded Program Files\\UWA6PM_0001_N91M2107NetInstaller.exe\" -nag "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Outpost Firewall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="outpost"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe\" /waitservice"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OutpostFeedBack]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="feedback"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PadTouch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PadExe"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pccguide.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pccguide"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PrivacyKeyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PrivacyKeyboard"
    "hkey"="HKLM"
    "command"="C:\\KAV5.0\\PrivacyKeyboard\\PrivacyKeyboard.exe /autorun"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SCANINICIO]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Inicio"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\shell]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ibm00001"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SmoothView]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SmoothView"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\TOSHIBA-zoomutility\\SmoothView.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Snelkiezer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Snelkiezer"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\Snelkiezer.exe /quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedOptimizer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SPO"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyEmergency]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpyEmergency"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Netgate\\Spy Emergency 2006\\SpyEmergency.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpySweeper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpySweeper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spyware Doctor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\startkey]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="system32"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\system32.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\stonedrv]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="stonedrv"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\stonedrv.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sunserver"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SynTPEnh]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SynTPEnh"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SysTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lhiq"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\lhiq.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tkq0724f]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE w1111879.dll,n 0040724b0000000a1111879"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TOSCDSPD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="toscdspd"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Toshiba Hotkey Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Hotkey"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang NL"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TPSMain]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TPSMain"
    "hkey"="HKLM"
    "command"="TPSMain.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VoipStunt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VoipStunt"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows installer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winstall"
    "hkey"="HKCU"
    "command"="C:\\winstall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Task Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="taskmgn"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\taskmgn.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Zone Labs Client]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="zlclient"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
    "PAVSRV"=dword:00000002
    "PAVFIRES"=dword:00000002
    "SDhelper"=dword:00000002
    "wampmysqld"=dword:00000003
    "wampapache"=dword:00000003
    "TUWinStylerThemeSvc"=dword:00000003
    "AVP"=dword:00000002
    "VSSERV"=dword:00000002
    "bdss"=dword:00000002
    "LIVESRV"=dword:00000002
    "XCOMM"=dword:00000002
    "WinDefend"=dword:00000002
    "WWW File Share Pro"=dword:00000002
    "Ati HotKey Poller"=dword:00000002
    "MSIServer"=dword:00000003
    "wuauserv"=dword:00000002
    "svcWRSSSDK"=dword:00000002


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\XoftSpy.job

    Completion time: Wed 11-10-2006 19:26:44.29
    ComboFix.txt

    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:55, on 11-10-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
  • Download [b:abf840c0f2]KillBox![/b:abf840c0f2][/color:abf840c0f2] en pak het uit naar je bureaublad.

    [b:abf840c0f2]Selecteer[/b:abf840c0f2] de onderstaande, vetgedrukte regels, door de linker muisknop ingedrukt te houden en van links boven naar rechts beneden te bewegen (het veld wordt blauw):


    [list:abf840c0f2][b:abf840c0f2]
    2006-10-09 13:12 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer_.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer.exe
    2006-09-14 10:47 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2006-09-14 13:20 0 –a—— C:\WINDOWS\system32\Ultra.dll
    [/b:abf840c0f2][/list:u:abf840c0f2]
    Klik met je rechtermuisknop in het blauwe veld en vervolgens op kopieeren

  • Start KillBox! door te dubbelklikken op het killbox icoontje
  • Open [b:abf840c0f2]options[/b:abf840c0f2] in het killbox menu en selecteer [b:abf840c0f2]auto parse[/b:abf840c0f2]
  • Open [b:abf840c0f2]file[/b:abf840c0f2] in het killboxmenu bovenaan en kies: [b:abf840c0f2]Paste from clipboard[/b:abf840c0f2]
  • [i:abf840c0f2]Het vetgedrukte, dat je hebt geselecteerd en gekopiëerd, zal nu verschijnen in het veld bij
  • Full Path of File to Delete. (Controleer dit eventueel door te klikken op het pijltje naast dat veld)
    Files die niet (meer) bestaan worden door killbox niet weergegeven[/i:abf840c0f2]
  • kies de optie ('s) [b:abf840c0f2]Delete on reboot[/b:abf840c0f2] en [b:abf840c0f2]unregister dll's before deleting.[/b:abf840c0f2]
  • Klik op de knop [b:abf840c0f2]All files[/b:abf840c0f2].
  • Klik op de rode cirkel met het wit kruisje erin.
  • Killbox! zal zeggen dat deze bestanden zullen verwijderd worden on reboot.. Klik YES
  • Wanneer Killbox! vraagt om nu te rebooten, klik je op YES.
  • [i:abf840c0f2]Als je volgende boodschap krijgt: PendingFileRenameOperations Registry Data has been Removed by External Process!
  • dan zal je handmatig moeten herstarten.[/i:abf840c0f2]

    Killbox zal nu je PC herstarten
    Killbox zal nu je PC herstarten
    Verwijder na de herstart de map [b:abf840c0f2]C:\!Killbox[/b:abf840c0f2]
    Leeg daarna de prullenbak

    start HJT opnieuw en doe een systemscan only en vink onderstaande regels aan sluit alle vensters(behalve HJT) en klik op fix checked.


    [b:abf840c0f2]R3 - Default URLSearchHook is missing
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)[/b:abf840c0f2]

    Verwijder via verkenner onderstaand items.

    C:\Program Files\Common Files\[b:abf840c0f2]{3C985221-063C-1043-0309-06051124001f}[/b:abf840c0f2]

    Start combofix nogmaals en laat het runnen.

    Mag ik een nieuw HJT logje en een nieuw Combofix logje.
  • Jevithan - 06-10-12 13:30:31,56 Service Pack 2
    ComboFix 06.10.12 - Running from: "C:\Documents and Settings\Jevithan\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-09-12 to 2006-10-12 ))))))))))))))))))))))))))))))))))


    2006-10-10 18:29 224,478 –a—— C:\WINDOWS\iexplore.exe
    2006-10-08 18:28 32,896 –a—— C:\WINDOWS\system32\APFTrans.sys
    2006-10-02 18:19 81,920 –a—— C:\WINDOWS\system32\AppToPort.dll
    2006-10-02 18:19 24,576 –a—— C:\WINDOWS\system32\hook1.dll
    2006-10-02 18:19 20,480 –a—— C:\WINDOWS\system32\hook2.dll
    2006-10-02 16:11 77,824 –a—— C:\WINDOWS\system32\driverif.dll
    2006-10-02 16:11 733,236 –a—— C:\WINDOWS\system32\vete.dll
    2006-10-02 16:11 541,733 –a—— C:\WINDOWS\system32\drivers\vetmonnt.sys
    2006-10-02 16:11 21,605 –a—— C:\WINDOWS\system32\drivers\vet-filt.sys
    2006-10-02 16:11 15,668 –a—— C:\WINDOWS\system32\drivers\vet-rec.sys
    2006-10-02 16:11 12,288 –a—— C:\WINDOWS\system32\vetntmsg.dll
    2006-10-02 16:11 108,453 –a—— C:\WINDOWS\system32\drivers\vetfddnt.sys
    2006-10-02 12:14 5,120 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2006-09-27 15:11 720,896 –a—— C:\WINDOWS\iun6002.exe
    2006-09-26 16:05 3,082 –a—— C:\WINDOWS\system32\affv9553p6now.sys
    2006-09-26 15:59 395,776 –a—— C:\WINDOWS\system32\libmplayer.dll
    2006-09-26 15:59 34,820 –a—— C:\WINDOWS\system32\ffdshow.reg
    2006-09-26 15:59 262,144 –a—— C:\WINDOWS\system32\TomsMoComp_ff.dll
    2006-09-26 15:59 2,255,360 –a—— C:\WINDOWS\system32\libavcodec.dll
    2006-09-26 15:59 112,640 –a—— C:\WINDOWS\system32\libmpeg2_ff.dll
    2006-09-26 15:53 33,280 –a—— C:\WINDOWS\is-HAP4U.exe
    2006-09-21 18:54 1,003,520 –a—— C:\WINDOWS\system32\ltmm_n.dll
    2006-09-21 18:51 969,728 –a—— C:\WINDOWS\system32\libmcl-4.4.0.dll
    2006-09-21 18:51 8,192 –a—— C:\WINDOWS\system32\libcvr-1.0.0.dll
    2006-09-21 18:51 39,936 –a—— C:\WINDOWS\system32\libxpm-1.0.0.dll
    2006-09-21 18:51 301,056 –a—— C:\WINDOWS\system32\libtif-1.0.0.dll
    2006-09-21 18:51 30,720 –a—— C:\WINDOWS\system32\libdsw-1.0.0.dll
    2006-09-21 18:51 22,016 –a—— C:\WINDOWS\system32\libhav-1.0.0.dll
    2006-09-21 18:51 205,824 –a—— C:\WINDOWS\system32\libjp2-1.0.0.dll
    2006-09-21 18:51 16,384 –a—— C:\WINDOWS\system32\libgif-1.0.0.dll
    2006-09-21 18:51 149,504 –a—— C:\WINDOWS\system32\libpng-1.0.0.dll
    2006-09-21 18:51 110,592 –a—— C:\WINDOWS\system32\libjpg-1.0.0.dll
    2006-09-21 18:51 1,679,872 –a—— C:\WINDOWS\system32\libmpg-1.0.0.dll
    2006-09-21 18:51 1,185,280 –a—— C:\WINDOWS\system32\libogg-1.0.0.dll
    2006-09-18 13:19 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
    2006-09-14 15:08 94,208 ——— C:\WINDOWS\system32\mclsp.dll
    2006-09-14 15:08 32,768 –a—— C:\WINDOWS\system32\instlsp.exe
    2006-09-14 15:08 11,264 –a—— C:\WINDOWS\system32\sporder.dll
    2006-09-14 10:47 40,960 –a—— C:\WINDOWS\system32\swsc.exe
    2006-09-14 10:47 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2006-09-14 10:47 135,168 –a—— C:\WINDOWS\system32\swreg.exe
    2006-09-13 12:11 10,193 -r-h—– C:\WINDOWS\system32\win_3.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-12 13:24 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Azureus
    2006-10-11 19:19 ——– d——– C:\Program Files\Common Files
    2006-10-11 19:03 ——– d——– C:\Program Files\ElcomSoft
    2006-10-11 16:48 ——– d——– C:\Program Files\WinRAR
    2006-10-11 14:22 ——– d——– C:\Program Files\Intelore
    2006-10-11 14:14 ——– d——– C:\Program Files\DC++
    2006-10-11 13:59 ——– d——– C:\Program Files\Xilisoft
    2006-10-10 19:08 ——– d——– C:\Documents and Settings\Jevithan\Application Data\NetPumper
    2006-10-10 18:57 ——– d——– C:\Program Files\7-Zip
    2006-10-10 16:06 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Media Player Classic
    2006-10-09 16:35 ——– d——– C:\Program Files\eMule
    2006-10-09 13:25 ——– d——– C:\Documents and Settings\Jevithan\Application Data\PC Tools
    2006-10-08 18:37 ——– d——– C:\Program Files\Common Files\Wise Installation Wizard
    2006-10-08 18:28 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-08 18:28 ——– d——– C:\Program Files\Armor2net
    2006-10-06 22:36 ——– d——– C:\Program Files\DreamCatcher
    2006-10-06 20:23 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.ABC
    2006-10-04 20:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Macromedia
    2006-10-04 15:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\SiteAdvisor
    2006-10-04 15:05 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee
    2006-10-04 14:59 ——– d——– C:\Program Files\Common Files\McAfee
    2006-10-02 18:58 ——– d——– C:\Program Files\File Recover
    2006-10-02 15:57 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Comodo
    2006-10-02 12:14 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-10-02 11:51 ——– d——– C:\Program Files\WinAVI VideoConverter
    2006-10-01 19:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Lavasoft
    2006-10-01 12:52 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Registry Booster
    2006-09-30 18:31 ——– d——– C:\Program Files\Azureus
    2006-09-30 18:14 ——– d——– C:\Program Files\TuneUp Utilities 2006
    2006-09-29 13:37 ——– d——– C:\Program Files\Gabest
    2006-09-23 18:08 5632 –ahs—- C:\Program Files\Thumbs.db
    2006-09-23 18:08 ——– d——– C:\Program Files\ShopInsite MMI
    2006-09-23 18:08 ——– d——– C:\Program Files\Messenger
    2006-09-23 18:08 ——– d——– C:\Program Files\A-one Video Joiner
    2006-09-22 12:05 ——– d——– C:\Program Files\Super Video Splitter
    2006-09-20 22:03 ——– d——– C:\Documents and Settings\Jevithan\Application Data\STOIK
    2006-09-20 16:11 ——– d—s—- C:\Documents and Settings\Jevithan\Application Data\Microsoft
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Designer
    2006-09-18 21:31 ——– d——– C:\Program Files\Microsoft Office
    2006-09-18 21:31 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Microsoft Web Folders
    2006-09-18 14:27 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.BitTornado
    2006-09-18 12:01 ——– d——– C:\Program Files\AliveMedia
    2006-09-15 14:21 ——– d——– C:\Documents and Settings\Jevithan\Application Data\LimeWire
    2006-09-14 16:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee.com Personal Firewall
    2006-09-14 15:07 15360 –a—— C:\WINDOWS\system32\BASSMOD.dll
    2006-09-13 20:40 ——– d——– C:\Program Files\Admiresoft
    2006-09-13 16:15 ——– d——– C:\Program Files\Internet Explorer
    2006-09-10 21:35 ——– d——– C:\Program Files\Allok Video Joiner
    2006-09-07 16:00 ——– d——– C:\Program Files\Common Files\Deterministic Networks
    2006-09-06 20:44 ——– d——– C:\Program Files\Common Files\Softwin
    2006-09-06 19:44 77824 –a—— C:\WINDOWS\system32\xcomm.dll
    2006-09-06 19:44 73728 –a—— C:\WINDOWS\system32\sockspy.dll
    2006-08-30 13:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\dvdcss
    2006-08-29 00:47 1257783 –a—— C:\WINDOWS\system32\drivers\v3engine.sys
    2006-08-28 21:11 ——– d——– C:\Program Files\EA Games
    2006-08-28 20:32 ——– d——– C:\Program Files\Windows Media Player
    2006-08-28 20:14 ——– d——– C:\Program Files\Movie Joiner
    2006-08-24 18:09 ——– d——– C:\Program Files\Innovatools
    2006-08-24 17:25 12464 –a—— C:\WINDOWS\system32\drivers\secdrv.sys
    2006-08-24 17:05 ——– d——– C:\Program Files\D-Tools
    2006-08-22 20:24 ——– d——– C:\Program Files\ATI Technologies
    2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 14:11 ——– d——– C:\Program Files\MSN Messenger
    2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 –a—— C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-20 18:35 ——– d——– C:\Program Files\Allok Video Splitter
    2006-08-19 22:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Vso
    2006-08-19 19:54 5680 –a—— C:\WINDOWS\system32\drivers\psntkd20.sys
    2006-08-16 16:42 ——– d——– C:\Program Files\Windows NT
    2006-08-15 13:13 ——– d——– C:\Program Files\Bucek
    2006-08-15 13:02 ——– d——– C:\Program Files\AVI MPEG RM WMV Joiner
    2006-08-14 19:32 ——– d——– C:\Program Files\Easy Video Joiner
    2006-08-13 19:36 ——– d——– C:\Program Files\Google
    2006-08-13 18:16 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Google
    2006-08-13 16:54 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Skype
    2006-08-12 16:59 ——– d——– C:\Program Files\Xara
    2006-08-12 15:47 ——– d——– C:\Program Files\AviSynth 2.5
    2006-08-12 15:46 ——– d——– C:\Documents and Settings\Jevithan\Application Data\uTorrent
    2006-08-11 20:58 666624 –a—— C:\WINDOWS\is-7DAPH.exe
    2006-08-10 19:37 8 –a—— C:\WINDOWS\system32\lssexp.dll
    2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
    2006-07-20 22:24 286720 –a—— C:\WINDOWS\iun506.exe
    2006-07-18 20:45 46 –a—— C:\WINDOWS\system32\w3c985va.dll
    2006-07-16 22:10 784 –a—— C:\Documents and Settings\Jevithan\Application Data\mpauth.dat
    2006-07-16 16:23 73216 –a—— C:\WINDOWS\ST6UNST.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Armor2net"="C:\\Program Files\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000000
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoChangeStartMenu"=dword:00000000
    "NoClose"=dword:00000000
    "NoLogOff"=dword:00000000
    "NoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jevithan^Menu Start^Programma's^Opstarten^Snelkoppeling naar zlclient.lnk]
    "path"="C:\\Documents and Settings\\Jevithan\\Menu Start\\Programma's\\Opstarten\\Snelkoppeling naar zlclient.lnk"
    "backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar zlclient.lnkStartup"
    "location"="Startup"
    "command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe "
    "item"="Snelkoppeling naar zlclient"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0153901159966770mcinstcleanup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cleanup"
    "hkey"="HKLM"
    "command"="C:\\DOCUME~1\\Jevithan\\LOCALS~1\\Temp\\015390~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="APVXDWIN"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdmcon"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdnagent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdnagent.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdoesrv"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdswitch"
    "hkey"="HKLM"
    "command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bittorrent"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" –force_start_minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="caissdt"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dfndrff_e26"
    "hkey"="HKLM"
    "command"="C:\dfndrff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iexplore"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\iexplore.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeCall"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSWebServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fsws"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Easy File Sharing Web Server\\fsws.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IDMan"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\eMule\\Incoming\\Internet Download Manager v5.03.02 Multilangages Incl-Crack\\Crack\\IDMan.exe /onboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kybrdff_16"
    "hkey"="HKLM"
    "command"="c:\kybrdff_16.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kqkm]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kqkmm"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\COMMON~1\\kqkm\\kqkmm.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacroVirus]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MacroVirus"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MacroVirus\\MacroVirus.exe -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsgPlus"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnreord]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmonitor"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\Jevithan\\Bureaublad\\TAMIL° ZONE\\Setup\\MSN_Password_Logger_v3\\msnmonitor.ex"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg
    ewname]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwnmff_e26"
    "hkey"="HKLM"
    "command"="C:
    wnmff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6PM_0001_N91M2107]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UWA6PM_0001_N91M2107NetInstaller"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS\\Downloaded Program Files\\UWA6PM_0001_N91M2107NetInstaller.exe\" -nag "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="outpost"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe\" /waitservice"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="feedback"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PadExe"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pccguide"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyKeyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PrivacyKeyboard"
    "hkey"="HKLM"
    "command"="C:\\KAV5.0\\PrivacyKeyboard\\PrivacyKeyboard.exe /autorun"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Inicio"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ibm00001"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SmoothView"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\TOSHIBA-zoomutility\\SmoothView.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkiezer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Snelkiezer"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\Snelkiezer.exe /quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SPO"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpyEmergency"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Netgate\\Spy Emergency 2006\\SpyEmergency.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpySweeper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="system32"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\system32.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stonedrv]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="stonedrv"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\stonedrv.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sunserver"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SynTPEnh"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lhiq"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\lhiq.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkq0724f]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE w1111879.dll,n 0040724b0000000a1111879"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="toscdspd"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Hotkey"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang NL"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TPSMain"
    "hkey"="HKLM"
    "command"="TPSMain.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VoipStunt"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winstall"
    "hkey"="HKCU"
    "command"="C:\\winstall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Task Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="taskmgn"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\taskmgn.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="zlclient"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "PAVSRV"=dword:00000002
    "PAVFIRES"=dword:00000002
    "SDhelper"=dword:00000002
    "wampmysqld"=dword:00000003
    "wampapache"=dword:00000003
    "TUWinStylerThemeSvc"=dword:00000003
    "AVP"=dword:00000002
    "VSSERV"=dword:00000002
    "bdss"=dword:00000002
    "LIVESRV"=dword:00000002
    "XCOMM"=dword:00000002
    "WinDefend"=dword:00000002
    "WWW File Share Pro"=dword:00000002
    "Ati HotKey Poller"=dword:00000002
    "MSIServer"=dword:00000003
    "wuauserv"=dword:00000002
    "svcWRSSSDK"=dword:00000002


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\XoftSpy.job

    Completion time: 06-10-12 13:32:20.90
    ComboFix.txt

    Logfile of HijackThis v1.99.1
    Scan saved at 13:35:56, on 12-10-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall
    etdog.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
  • moet ik nog iets doen?
  • Ja onderstaande aub.
    Download en installeer [b:0f92c64512]AVG Anti-Spyware[/b:0f92c64512].[list:0f92c64512]
    Na de installatie, open AVG Anti-Spyware:
    * onder "[b:0f92c64512]Status[/b:0f92c64512]", klik op [b:0f92c64512]Change state[/b:0f92c64512] naast "Resident shield". (wijzig van active naar [b:0f92c64512]inactive[/b:0f92c64512]!)
    * onder "[b:0f92c64512]Update[/b:0f92c64512]", klik op de [b:0f92c64512]Start update[/b:0f92c64512] knop.
    * onder "[b:0f92c64512]Scanner[/b:0f92c64512]", tab "Settings":[list:0f92c64512]- onder "How to act?", klik op "[u:0f92c64512]Recommended actions[/u:0f92c64512]" en selecteer [b:0f92c64512]Quarantine[/b:0f92c64512]. ([b:0f92c64512]ZEER BELANGRIJK![/b:0f92c64512])
    * onder "Reports", selecteer [b:0f92c64512]Automatically generate report after every scan[/b:0f92c64512] en [u:0f92c64512]verwijder[/u:0f92c64512] het vinkje bij [b:0f92c64512]Only if threats were found[/b:0f92c64512][/list:u:0f92c64512]
    Sluit AVG Anti-Spyware. Laat het [b:0f92c64512]nog niet[/b:0f92c64512] scannen.[/list:u:0f92c64512]

    Start op in veilige modus, (op F8 getapt drukken tijdens opstarten)
    Start HJT opnieuw en vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.




    [b:0f92c64512]O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab[/b:0f92c64512]



    Start [b:0f92c64512]AVG Anti-Spyware[/b:0f92c64512].[list:0f92c64512]* Klik op [b:0f92c64512]Scan[/b:0f92c64512] en kies [b:0f92c64512]Complete System Scan[/b:0f92c64512]. Na de scan; volg onderstaande instructies : BELANGRIJK : Klik niet op de "Save Scan Report" knop vooraleer je de "Apply all Actions" knop hebt aangeklikt ![/color:0f92c64512] * Draag er zorg voor dat [b:0f92c64512]Set all elements to[/b:0f92c64512]: op [b:0f92c64512]Quarantine[/b:0f92c64512] staat (1)[/color:0f92c64512], zoniet klik op de link en kies [b:0f92c64512]Quarantine[/b:0f92c64512] in de popup menu. (2)[/color:0f92c64512] (Dit geldt niet voor cookies, deze worden onveranderlijk gedelete !) * Onderaan het venster klik op de [b:0f92c64512]Apply all Actions[/b:0f92c64512] knop. (3)[/color:0f92c64512] [img:0f92c64512]http://home.scarlet.be/~topalex/ewidoscan.jpg[/img:0f92c64512] * Wanneer je de melding krijgt 'All actions have been applied', klik je onderaan op de knop [b:0f92c64512]Save Report[/b:0f92c64512]. * Klik in het menu bovenaan op [b:0f92c64512]Reports[/b:0f92c64512]. Kopieer het rapport van de scan en plaats dat hier in je volgende bericht.[/list:u:0f92c64512]En ook nog.
    Download [b:0f92c64512]Java Runtime Environment (JRE) 5.0 Update 9[/color:0f92c64512][/b:0f92c64512].
    [list:0f92c64512][*:0f92c64512]Scroll omlaag naar : "[i:0f92c64512]The J2SE Runtime Environment (JRE) allows end-users to run Java applications[/i:0f92c64512]".
    [*:0f92c64512]Klik op de "[b:0f92c64512]Download[/b:0f92c64512]" knop aan de rechterkant.
    [*:0f92c64512]Vink aan: "[b:0f92c64512][i:0f92c64512]Accept[/b:0f92c64512] License Agreement[/i:0f92c64512]".
    [*:0f92c64512]De pagina zal herladen.
    [*:0f92c64512]Klik op de link om [i:0f92c64512]Windows [b:0f92c64512]Offline[/b:0f92c64512] Installation[/i:0f92c64512] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
    [*:0f92c64512]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:0f92c64512]Ga dan naar [b:0f92c64512]Start[/b:0f92c64512] > [b:0f92c64512]Configuratiescherm[/b:0f92c64512] > [b:0f92c64512]Software[/b:0f92c64512] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:0f92c64512]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:0f92c64512]Klik dan op [b:0f92c64512]Verwijderen[/b:0f92c64512] of op de [b:0f92c64512]Wijzig/Verwijder[/b:0f92c64512] knop.
    [*:0f92c64512]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:0f92c64512]Na het verwijderen van alle oudere versies, [b:0f92c64512]herstart[/b:0f92c64512] je pc.
    [*:0f92c64512]Dubbelkik vervolgens op [b:0f92c64512]jre-1_5_0_09-windows-i586-p.exe[/b:0f92c64512] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:0f92c64512]

    Aub een nieuw HJT logje en het AVG report
  • Beantwoord deze vraag

    Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.