Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

[HJT Log] wie wil mij helpen met mijn logfile?

Stylo
19 antwoorden
  • Hallo,

    Wie wil er kijken naar mijn HJT logfile.
    De computer is sinds begin deze week traag en start slecht op.
    Ik heb 2 account en ik kreeg v/d week een DEP en een AVP.exe foutmelding en kon verder niks meer doen. Bureaublad was leeg en geen STARTmenu. Tevens krijg ik nu berichten over onveilige PROXY.
    Wie helpt mij?

    Alvast bedankt,
    Gr. Laurens

    LOG:


    Logfile of HijackThis v1.99.1
    Scan saved at 12:33:49, on 16-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Eset
    od32krn.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe
    C:\WINDOWS\system32\??mantec
    ?tepad.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Laurens\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [Cast] "C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" -vt ndrv
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Wrkkh] C:\WINDOWS\system32\??mantec
    ?tepad.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
    O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Broken Internet access because of LSP provider 'winrnr2.dll' missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - K:\CyberLink\Shared Files\RichVideo.exe (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)





  • Download SDFix naar je bureaublad.
    [list:5ca9f837f8]
    Dubbelklikken op SDFix.exe om het uit te pakken.
    Print onderstaande instrukties uit of kopieer ze naar een .txt bestand.
    Start op in Veilige modus
    Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik [b:5ca9f837f8]RunThis.bat[/b:5ca9f837f8] om het script te starten.
    Typ [b:5ca9f837f8]Y[/b:5ca9f837f8] om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is.
    De computer zal herstarten. Dit duurt langer dan gewoonlijk.
    SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken.
    Het Bureaublad zal verschijnen en er zal een logje openen.
    Bewaar de inhoud van dit logje tijdelijk
    [/list:u:5ca9f837f8]


    Download Combofix naar je Bureaublad.
    [list:5ca9f837f8]
    Dubbelklik [b:5ca9f837f8]Combofix.exe[/b:5ca9f837f8]
    Volg de instructies, aanvaard de disclaimer door "[b:5ca9f837f8]1[/b:5ca9f837f8]" te typen en te bevestigen via "[b:5ca9f837f8]Enter[/b:5ca9f837f8]".
    Tijdens het runnen van de fix, [b:5ca9f837f8]NIET[/b:5ca9f837f8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:5ca9f837f8]

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    [i:5ca9f837f8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:5ca9f837f8]

    [b:5ca9f837f8]Note:[/b:5ca9f837f8] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.


    Plaats nu het logje van SDfix, die van combofix en een vers Hijackthis log in je volgende bericht.

    Succes!
    Pim
  • Beste Pim,

    Bedankt voor je hulp.
    Hierbij de logs.
    Gr. Laurens

    Logfile of HijackThis v1.99.1
    Scan saved at 14:20:58, on 16-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\spoolsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\ComboFix
    ircmd.cfexe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hijackthis.exe
    C:\Documents and Settings\Laurens\Mijn documenten\HijackThis.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Hkdhhtgi\kiuupsur.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC} - C:\WINDOWS\system32\kxvgihv.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe
    O4 - HKCU\..\Run: [Cast] "C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" -vt ndrv
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Wrkkh] C:\WINDOWS\system32\??mantec
    ?tepad.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Broken Internet access because of LSP provider 'winrnr2.dll' missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O20 - Winlogon Notify: byvspom - byvspom.dll (file missing)
    O20 - Winlogon Notify: winpya32 - winpya32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - K:\CyberLink\Shared Files\RichVideo.exe (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



    ComboFix 07-11-08.3 - Laurens 2007-11-16 14:11:59.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.522 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    Onmogelijk Systeem Rechten te verkrijgen

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Laurens\Menu Start\Programma's\Outerinfo
    C:\Documents and Settings\Laurens\Menu Start\Programma's\Outerinfo\Terms.lnk
    C:\Documents and Settings\Laurens\Menu Start\Programma's\Outerinfo\Uninstall.lnk
    C:\Program Files\Common Files\fnts~1
    C:\Program Files\Common Files\fnts~1\F?nts\
    C:\Program Files\Common Files\fnts~1\wuauboot.exe
    C:\Program Files\Common Files\smbols~1
    C:\WINDOWS\system32\drivers\LYV66.sys
    C:\WINDOWS\system32\fibagbia
    C:\WINDOWS\system32\fibagbia\bg1.gif
    C:\WINDOWS\system32\fibagbia\bgtop.gif
    C:\WINDOWS\system32\fibagbia\bottom1.gif
    C:\WINDOWS\system32\fibagbia\essentials.gif
    C:\WINDOWS\system32\fibagbia\fibagbia1.exe
    C:\WINDOWS\system32\fibagbia\fibagbia2.exe
    C:\WINDOWS\system32\fibagbia\fibagbia3.exe
    C:\WINDOWS\system32\fibagbia\icon1.ico
    C:\WINDOWS\system32\fibagbia\install1.gif
    C:\WINDOWS\system32\fibagbia\left1.gif
    C:\WINDOWS\system32\fibagbia\li.gif
    C:\WINDOWS\system32\fibagbia\logo.gif
    C:\WINDOWS\system32\fibagbia\main.htm
    C:\WINDOWS\system32\fibagbia\mainframe.htm
    C:\WINDOWS\system32\fibagbia\reinstall1.gif
    C:\WINDOWS\system32\fibagbia\right1.gif
    C:\WINDOWS\system32\fibagbia\s1.htm
    C:\WINDOWS\system32\fibagbia\s2.htm
    C:\WINDOWS\system32\fibagbia\s3.htm
    C:\WINDOWS\system32\fibagbia\SMTop1.gif
    C:\WINDOWS\system32\fibagbia\SMTop2.gif
    C:\WINDOWS\system32\fibagbia\SMTop3.gif
    C:\WINDOWS\system32\fibagbia\SMTop4.gif
    C:\WINDOWS\system32\fibagbia\soft1_off.gif
    C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft1_on.gif
    C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
    C:\WINDOWS\system32\fibagbia\soft2_off.gif
    C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft2_on.gif
    C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
    C:\WINDOWS\system32\fibagbia\soft3_off.gif
    C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
    C:\WINDOWS\system32\fibagbia\soft3_on.gif
    C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
    C:\WINDOWS\system32\fibagbia\softbottom_off.gif
    C:\WINDOWS\system32\fibagbia\softbottom_on.gif
    C:\WINDOWS\system32\fibagbia\softleft_off.gif
    C:\WINDOWS\system32\fibagbia\softleft_on.gif
    C:\WINDOWS\system32\fibagbia\top1.gif
    C:\WINDOWS\system32\fibagbia\top2.gif
    C:\WINDOWS\system32\fibagbia\turnoff1.gif
    C:\WINDOWS\system32\fibagbia\turnon1.gif
    C:\WINDOWS\system32\firewall.exe
    C:\WINDOWS\system32\mantec~1
    C:\WINDOWS\system32\mantec~1
    ?tepad.exe
    C:\WINDOWS\system32\mlllkif.dll
    C:\WINDOWS\system32\mlnmp.bak1
    C:\WINDOWS\system32\mlnmp.bak2
    C:\WINDOWS\system32\mlnmp.ini
    C:\WINDOWS\system32\mlnmp.ini2
    C:\WINDOWS\system32\pmnlm.dll
    C:\WINDOWS\system32\wnstsicom32.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    ——-\LEGACY_LYV66
    ——-\LEGACY_RUNTIME
    ——-\LEGACY_RUNTIME2


    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))
    .

    2007-11-16 13:46 <DIR> d——– C:\WINDOWS\ERUNT
    2007-11-16 11:01 2,432 –a—— C:\WINDOWS\system32\unpr.sys
    2007-11-15 22:57 <DIR> d——– C:\Documents and Settings\Jeannet\Application Data\SurfRight
    2007-11-15 21:02 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-11-15 21:01 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-11-15 21:01 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-11-15 21:01 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-11-15 20:04 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\SurfRight
    2007-11-15 19:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-15 19:28 2,560 –a—— C:\WINDOWS\system32\drivers\mchInjDrv.sys
    2007-11-15 19:27 <DIR> d——– C:\Program Files\SurfRight
    2007-11-15 19:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-15 18:44 <DIR> d——– C:\Program Files\MalwareAlarm
    2007-11-15 12:23 87,424 –a—— C:\WINDOWS\system32\drivers\irda.sys
    2007-11-15 12:23 87,424 –a–c— C:\WINDOWS\system32\dllcache\irda.sys
    2007-11-15 12:23 19,584 –a—— C:\WINDOWS\system32\drivers\rasirda.sys
    2007-11-15 12:23 19,584 –a–c— C:\WINDOWS\system32\dllcache\rasirda.sys
    2007-11-15 12:23 18,688 –a—— C:\WINDOWS\system32\drivers\irsir.sys
    2007-11-15 12:23 18,688 –a–c— C:\WINDOWS\system32\dllcache\irsir.sys
    2007-11-14 19:04 179,200 –a—— C:\WINDOWS\system32\drivers\symavc32.sys
    2007-11-14 19:03 122,880 –a—— C:\WINDOWS\system32\winrnr2.dll
    2007-11-14 19:03 65,536 –a—— C:\oaif.exe
    2007-11-14 19:03 8,704 –a—— C:\WINDOWS\system32\sporder.dll
    2007-11-13 16:22 294,912 ——— C:\WINDOWS\SETUP1.EXE
    2007-11-13 16:22 80,384 –a—— C:\WINDOWS\ST6UNST.EXE
    2007-11-11 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\espionServerData
    2007-11-07 15:04 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-11-07 14:43 <DIR> d——– C:\Program Files\Opera
    2007-11-07 14:41 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MAGIX
    2007-11-07 14:39 <DIR> d——– C:\Program Files\Common Files\MAGIX Shared
    2007-11-07 14:38 <DIR> d——– C:\Program Files\MAGIX
    2007-11-07 14:38 1,089,536 –a—— C:\WINDOWS\system32\ROBOEX32.DLL
    2007-11-07 14:38 85,504 –a—— C:\WINDOWS\system32\HtmlWH.dll
    2007-11-07 14:38 49,152 –a—— C:\WINDOWS\system32\INETWH32.dll
    2007-11-07 14:37 <DIR> d——– C:\WINDOWS\system32\MAGIX
    2007-11-07 14:37 663,552 –a—— C:\WINDOWS\system32\mgxoschk.dll
    2007-11-07 14:36 <DIR> d——– C:\WINDOWS\system32\Adobe
    2007-11-07 14:36 24,576 –a—— C:\WINDOWS\system32\FileOps.exe
    2007-11-07 14:35 <DIR> d——– C:\Program Files\Namo
    2007-11-07 14:33 <DIR> d——– C:\Program Files\Bonjour
    2007-11-07 14:29 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-11-07 14:25 <DIR> d——– C:\Program Files\OO Software
    2007-11-07 14:08 116,736 ——— C:\WINDOWS\system32\pxinsi64.exe
    2007-11-07 14:08 115,712 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2007-10-30 15:19 <DIR> d——– C:\Program Files\Common Files\AutoDesk Shared
    2007-10-30 15:19 <DIR> d——– C:\Program Files\ColorByNumbers
    2007-10-26 16:41 <DIR> d——– C:\Program Files\Deep Sleep
    2007-10-26 16:37 <DIR> d——– C:\Program Files\SmartFTP Client
    2007-10-26 16:37 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\SmartFTP
    2007-10-22 16:29 <DIR> d——– C:\Program Files\RealVNC
    2007-10-21 11:23 <DIR> d——– C:\Program Files\DVD Audio Ripper Plus

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 13:08 ——— d—–w C:\Program Files\Hitman Pro
    2007-11-16 12:38 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Juniper Networks
    2007-11-15 21:28 ——— d—–w C:\Program Files\Lavasoft
    2007-11-15 21:28 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Lavasoft
    2007-11-15 21:21 ——— d—–w C:\Program Files\Spyware Doctor
    2007-11-15 21:18 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-15 19:00 ——— d—–w C:\Program Files\Lx_cats
    2007-11-15 12:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\Juniper Networks
    2007-11-07 13:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-07 13:36 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-11-07 13:07 20,640 ——w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-10-31 21:51 ——— d—–w C:\Documents and Settings\Laurens\Application Data\LimeWire
    2007-10-28 11:36 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Skype
    2007-10-21 20:49 ——— d—–w C:\Program Files\Mp3 Knife
    2007-10-21 10:43 ——— d—–w C:\Program Files\ImTOO
    2007-10-21 10:38 ——— d—–w C:\Program Files\Xilisoft
    2007-10-21 10:38 ——— d—–w C:\Documents and Settings\Laurens\Application Data\dvdcss
    2007-10-18 11:36 ——— d—–w C:\Documents and Settings\Jeannet\Application Data\FaxCtr
    2007-10-13 12:26 ——— d—–w C:\Documents and Settings\Laurens\Application Data\PC Suite
    2007-10-13 12:24 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Nokia
    2007-10-13 12:21 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Nokia Multimedia Player
    2007-10-13 10:34 ——— d—–w C:\Program Files\DIFX
    2007-10-13 10:34 ——— d—–w C:\Program Files\Common Files\PCSuite
    2007-10-13 10:34 ——— d—–w C:\Program Files\Common Files\Nokia
    2007-10-13 10:33 ——— d—–w C:\Program Files\PC Connectivity Solution
    2007-10-13 10:33 ——— d—–w C:\Program Files\Nokia
    2007-10-13 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
    2007-10-10 21:03 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2007-10-08 20:16 ——— d—–w C:\Program Files\LimeWire
    2007-09-30 17:10 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Apple Computer
    2007-09-25 20:29 ——— d—–w C:\Program Files\Apple Software Update
    2007-09-25 20:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-22 18:46 ——— d—–w C:\Documents and Settings\Jeannet\Application Data\Apple Computer
    2007-09-22 17:38 ——— d—–w C:\Program Files\QuickTime
    2007-09-22 17:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-06-19 08:55 167 —-a-w C:\Documents and Settings\Laurens\4467.bat
    2007-04-27 15:01 7,288 —-a-w C:\Program Files\hijackthis.log
    2007-04-17 17:03 8 —-a-w C:\Documents and Settings\Laurens\Application Data\usb.dat.bin
    2006-10-08 18:08 41,152 —-a-w C:\Documents and Settings\Laurens\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-12 22:33 41,152 —-a-w C:\Documents and Settings\Jeannet\Application Data\GDIPFONTCACHEV1.DAT
    2005-02-16 09:06 227,328 —-a-w C:\Program Files\HijackThis.exe
    2004-08-09 21:30 49,152 —-a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
    C:\Program Files\Hkdhhtgi\kiuupsur.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC}]
    C:\WINDOWS\system32\kxvgihv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RegistryMechanic"="" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 07:51]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]
    "Spooler SubSystem App"="C:\WINDOWS\system32\spoolsvc.exe" [2004-08-04 00:03]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cast"="C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
    "Wrkkh"="C:\WINDOWS\system32\??mantec
    ?tepad.exe" []
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 12:54]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 12:54:58]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\byvspom]
    byvspom.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winpya32]
    winpya32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\pmnlm.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
    R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    R1 tvtool;tvtool;\??\C:\Program Files\TVTool\tvtool.sys
    R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
    R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
    R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
    R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
    S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\Laurens\LOCALS~1\Temp\iMSPCLOj.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-13 17:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 14:17:47
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    C:\WINDOWS\MSCompPackV1.log 3338 bytes
    C:\WINDOWS\msdfmap.ini 1405 bytes
    C:\WINDOWS\msgsocm.log 40153 bytes
    C:\WINDOWS\msicpl.ini 0 bytes
    C:\WINDOWS\msmqinst.log 264548 bytes
    C:\WINDOWS\mui
    C:\WINDOWS\NeroDigital.ini 116 bytes
    C:\WINDOWS
    etfxocm.log 133432 bytes
    C:\WINDOWS\NetwkCfg.txt 87 bytes
    C:\WINDOWS
    ircmd.exe 58368 bytes executable
    C:\WINDOWS
    otepad.exe 77312 bytes executable
    C:\WINDOWS
    sreg.dat 0 bytes
    C:\WINDOWS\NSREX.INI 0 bytes
    C:\WINDOWS
    sw.log 446 bytes
    C:\WINDOWS
    tbtlog.txt 711688 bytes
    C:\WINDOWS
    tdtcsetup.log 165503 bytes
    C:\WINDOWS\NuNinst.cfg 46017 bytes
    C:\WINDOWS\NuNinst.exe 1298432 bytes executable
    C:\WINDOWS
    view
    C:\WINDOWS\ocgen.log 416911 bytes
    C:\WINDOWS\SHELLNEW
    C:\WINDOWS\slrundll.exe 41058 bytes executable
    C:\WINDOWS\SoftwareDistribution
    C:\WINDOWS\SoundMan.exe 94208 bytes executable
    C:\WINDOWS\sprof32.dll 133120 bytes executable
    C:\WINDOWS\spupdsvc.log 78117 bytes
    C:\WINDOWS\SpywareDoctor5Install.log 126 bytes
    C:\WINDOWS\srchasst
    C:\WINDOWS\ssleay32.dll 155648 bytes executable
    C:\WINDOWS\ST6UNST.EXE 80384 bytes executable
    C:\WINDOWS\Stekkie.bmp 17336 bytes
    C:\WINDOWS\Sti_Trace.log 0 bytes
    C:\WINDOWS\Sun
    C:\WINDOWS\svcpack.log 484510 bytes
    C:\WINDOWS\swacnfg.ini 237 bytes
    C:\WINDOWS\system.ini 227 bytes
    C:\WINDOWS\system.tmp 227 bytes
    C:\WINDOWS\system32
    C:\WINDOWS\tabletoc.log 36826 bytes
    C:\WINDOWS\TASKMAN.EXE 23040 bytes executable
    C:\WINDOWS\taskmen32.pif 99 bytes
    C:\WINDOWS\Tasks
    C:\WINDOWS\Temp
    C:\WINDOWS\TemplateWizard.INI 20 bytes
    C:\WINDOWS\WgaNotify.log 13892 bytes
    C:\WINDOWS\wiadebug.log 159 bytes
    C:\WINDOWS\wiaservc.log 313 bytes
    C:\WINDOWS\win.ini 917 bytes
    C:\WINDOWS\win.tmp 917 bytes
    C:\WINDOWS\Windows Update.log 23132 bytes
    C:\WINDOWS\WindowsShell.Manifest 749 bytes
    C:\WINDOWS\WindowsUpdate.log 1053063 bytes
    C:\WINDOWS\winhelp.exe 257072 bytes
    C:\WINDOWS\winhlp32.exe 294400 bytes executable
    C:\WINDOWS\wininit.ini 214 bytes
    C:\WINDOWS\winnt.bmp 48680 bytes
    C:\WINDOWS\winnt256.bmp 48680 bytes
    C:\WINDOWS\WinSxS
    C:\WINDOWS\WMFDist11.log 23344 bytes
    C:\WINDOWS\regopt.log 1672 bytes
    C:\WINDOWS\repair
    C:\WINDOWS\resetlog.txt 6675 bytes
    C:\WINDOWS\Resources
    C:\WINDOWS\Rhododendron.bmp 17362 bytes
    C:\WINDOWS\Rivier Sumida.bmp 26680 bytes
    C:\WINDOWS\RTHDCPL.exe 14863360 bytes executable
    C:\WINDOWS\RTLCPL.exe 9719808 bytes executable
    C:\WINDOWS\RtlExUpd.dll 487424 bytes executable
    C:\WINDOWS\RtlUpd.exe 364544 bytes executable
    C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes
    C:\WINDOWS\SchedLgU.Txt 32606 bytes
    C:\WINDOWS\sct101.log 21 bytes
    C:\WINDOWS\security
    C:\WINDOWS\ServicePackFiles
    C:\WINDOWS\sessmgr.setup.log 1277 bytes
    C:\WINDOWS\SET3.tmp 1085938 bytes
    C:\WINDOWS\SET7.tmp 13923 bytes
    C:\WINDOWS\SETUP1.EXE 294912 bytes executable
    C:\WINDOWS\setupact.log 170755 bytes
    C:\WINDOWS\setupapi.log 796347 bytes
    C:\WINDOWS\setuperr.log 0 bytes
    C:\WINDOWS\DtcInstall.log 360 bytes
    C:\WINDOWS\EHome
    C:\WINDOWS\erdnt
    C:\WINDOWS\ERUNT
    C:\WINDOWS\explorer.exe 1042944 bytes executable
    C:\WINDOWS\explorer.scf 80 bytes
    C:\WINDOWS\FaxSetup.log 760421 bytes
    C:\WINDOWS\Fonts
    C:\WINDOWS\ftpcache
    C:\WINDOWS\KB898461.log 6889 bytes
    C:\WINDOWS\KB911564.log 17840 bytes
    C:\WINDOWS\KB918899.log 21696 bytes
    C:\WINDOWS\KB926239.log 4989 bytes
    C:\WINDOWS\KB935840.log 12614 bytes
    C:\WINDOWS\msapps
    C:\WINDOWS\ocmsn.log 49196 bytes
    C:\WINDOWS\setuplog.txt 845897 bytes
    C:\WINDOWS\tsoc.log 370549 bytes
    C:\WINDOWS\Web
    C:\WINDOWS\DirectX.log 79189 bytes
    C:\WINDOWS\DJ2000.ini 1301 bytes
    C:\WINDOWS\Downloaded Installations
    C:\WINDOWS\Downloaded Program Files
    C:\WINDOWS\DPINST.LOG 51766 bytes
    C:\WINDOWS\Driver Cache
    C:\WINDOWS\isRS-000.tmp 689152 bytes executable
    C:\WINDOWS\IsUn0413.exe 317952 bytes executable
    C:\WINDOWS\IsUninst.exe 313856 bytes executable
    C:\WINDOWS\iTouch.ini 51 bytes
    C:\WINDOWS\java
    C:\WINDOWS\KB821253.log 437 bytes
    C:\WINDOWS\KB873339.log 25976 bytes
    C:\WINDOWS\KB884020.log 1072 bytes
    C:\WINDOWS\KB885250.log 27755 bytes
    C:\WINDOWS\KB885835.log 27940 bytes
    C:\WINDOWS\KB885836.log 26947 bytes
    C:\WINDOWS\KB885884.log 9931 bytes
    C:\WINDOWS\KB886185.log 12502 bytes
    C:\WINDOWS\KB887472.log 25985 bytes
    C:\WINDOWS\KB887742.log 26587 bytes
    C:\WINDOWS\KB888111.log 4440 bytes
    C:\WINDOWS\KB888113.log 26032 bytes
    C:\WINDOWS\KB888302.log 18668 bytes
    C:\WINDOWS\KB890046.log 20625 bytes
    C:\WINDOWS\KB890859.log 17491 bytes
    C:\WINDOWS\KB891781.log 23437 bytes
    C:\WINDOWS\KB893756.log 27425 bytes
    C:\WINDOWS\KB893803v2.log 5544 bytes
    C:\WINDOWS\KB894391.log 17393 bytes
    C:\WINDOWS\KB896358.log 27015 bytes
    C:\WINDOWS\KB896422.log 28118 bytes
    C:\WINDOWS\KB896423.log 25749 bytes
    C:\WINDOWS\KB896424.log 27800 bytes
    C:\WINDOWS\KB896428.log 16729 bytes
    C:\WINDOWS\KB899587.log 29001 bytes
    C:\WINDOWS\KB899589.log 20031 bytes
    C:\WINDOWS\KB899591.log 27613 bytes
    C:\WINDOWS\KB900485.log 11647 bytes
    C:\WINDOWS\KB900725.log 20411 bytes
    C:\WINDOWS\KB901017.log 27289 bytes
    C:\WINDOWS\KB901105.log 1556 bytes
    C:\WINDOWS\KB901214.log 19287 bytes
    C:\WINDOWS\KB902400.log 28705 bytes
    C:\WINDOWS\KB904706.log 17323 bytes
    C:\WINDOWS\KB905414.log 20352 bytes
    C:\WINDOWS\KB905749.log 17940 bytes
    C:\WINDOWS\KB905915.log 29403 bytes
    C:\WINDOWS\KB908519.log 15139 bytes
    C:\WINDOWS\KB908531.log 14945 bytes
    C:\WINDOWS\KB909394.log 5277 bytes
    C:\WINDOWS\KB910437.log 21601 bytes
    C:\WINDOWS\KB911280.log 11029 bytes
    C:\WINDOWS\KB911562.log 14178 bytes
    C:\WINDOWS\twain.dll 94784 bytes
    C:\WINDOWS\twain_32
    C:\WINDOWS\twain_32.dll 50688 bytes executable
    C:\WINDOWS\twunk_16.exe 49680 bytes
    C:\WINDOWS\twunk_32.exe 32768 bytes executable
    C:\WINDOWS\uninst.exe 305664 bytes executable
    C:\WINDOWS\UninstAdmin.isu 599315 bytes
    C:\WINDOWS\UNNeroVision.cfg 81261 bytes
    C:\WINDOWS\UNNeroVision.exe 1298432 bytes executable
    C:\WINDOWS\updspapi.log 44414 bytes
    C:\WINDOWS\vb.ini 36 bytes
    C:\WINDOWS\vbaddin.ini 63 bytes
    C:\WINDOWS\vmmreg32.dll 18944 bytes executable
    C:\WINDOWS\KB911565.log 8837 bytes
    C:\WINDOWS\KB911567.log 10580 bytes
    C:\WINDOWS\KB911927.log 27805 bytes
    C:\WINDOWS\KB912812.log 16310 bytes
    C:\WINDOWS\KB912919.log 18137 bytes
    C:\WINDOWS\KB913446.log 11325 bytes
    C:\WINDOWS\KB913580.log 11674 bytes
    C:\WINDOWS\KB914388.log 12347 bytes
    C:\WINDOWS\KB914389.log 11477 bytes
    C:\WINDOWS\KB916281.log 17664 bytes
    C:\WINDOWS\KB916595.log 10394 bytes
    C:\WINDOWS\KB917159.log 11805 bytes
    C:\WINDOWS\KB917344.log 13924 bytes
    C:\WINDOWS\KB917422.log 12174 bytes
    C:\WINDOWS\KB917734.log 10111 bytes
    C:\WINDOWS\KB917953.log 13688 bytes
    C:\WINDOWS\KB918118.log 14197 bytes
    C:\WINDOWS\KB918439.log 13567 bytes
    C:\WINDOWS\KB919007.log 11448 bytes
    C:\WINDOWS\KB920213.log 14289 bytes
    C:\WINDOWS\KB920214.log 20056 bytes
    C:\WINDOWS\KB920670.log 12011 bytes
    C:\WINDOWS\KB920683.log 12395 bytes
    C:\WINDOWS\KB920685.log 11313 bytes
    C:\WINDOWS\KB920872.log 13497 bytes
    C:\WINDOWS\KB921398.log 18672 bytes
    C:\WINDOWS\KB921883.log 19009 bytes
    C:\WINDOWS\KB922582.log 7767 bytes
    C:\WINDOWS\KB922616.log 19089 bytes
    C:\WINDOWS\KB922760.log 17528 bytes
    C:\WINDOWS\KB922819.log 11772 bytes
    C:\WINDOWS\KB923191.log 5406 bytes
    C:\WINDOWS\KB923414.log 10928 bytes
    C:\WINDOWS\KB923689.log 14024 bytes
    C:\WINDOWS\KB923980.log 21711 bytes
    C:\WINDOWS\KB924191.log 6828 bytes
    C:\WINDOWS\KB924270.log 21351 bytes
    C:\WINDOWS\KB924496.log 11260 bytes
    C:\WINDOWS\KB924667.log 18804 bytes
    C:\WINDOWS\KB925398.log 17302 bytes
    C:\WINDOWS\KB925486.log 15426 bytes
    C:\WINDOWS\KB925902.log 17217 bytes
    C:\WINDOWS\ODBC.INI 859 bytes
    C:\WINDOWS\ODBCINST.INI 4207 bytes
    C:\WINDOWS\OEWABLog.txt 1859 bytes
    C:\WINDOWS\Offline Web Pages
    C:\WINDOWS\Patroon.bmp 16730 bytes
    C:\WINDOWS\PCDLIB32.DLL 212480 bytes executable
    C:\WINDOWS\PCHEALTH
    C:\WINDOWS\peernet
    C:\WINDOWS\pfpick.dll 58368 bytes executable
    C:\WINDOWS\PIF
    C:\WINDOWS\Prairie.bmp 65954 bytes
    C:\WINDOWS\Prefetch
    C:\WINDOWS\provisioning
    C:\WINDOWS\pss
    C:\WINDOWS\Q828026.log 3155 bytes
    C:\WINDOWS\QTFont.for 1409 bytes
    C:\WINDOWS\QTFont.qfn 54156 bytes
    C:\WINDOWS\regedit.exe 160256 bytes executable
    C:\WINDOWS\RegisteredPackages
    C:\WINDOWS\Registration
    C:\WINDOWS\wmp11.log 16407 bytes
    C:\WINDOWS\WMPrfNld.prx 32964 bytes
    C:\WINDOWS\WMPrfSve.prx 33314 bytes
    C:\WINDOWS\wmsetup.log 321887 bytes
    C:\WINDOWS\wmsetup10.log 9967 bytes
    C:\WINDOWS\WMSysPr9.prx 316640 bytes
    C:\WINDOWS\WMSysPrx.prx 299552 bytes
    C:\WINDOWS\WRUninstall.dll 478720 bytes executable
    C:\WINDOWS\Wudf01000Inst.log 9740 bytes
    C:\WINDOWS\xpsp1hfm.log 2082 bytes
    C:\WINDOWS\Zapotec.bmp 9522 bytes
    C:\WINDOWS\Zeepbellen.bmp 65978 bytes
    C:\WINDOWS\_default.pif 707 bytes
    C:\WINDOWS\KB926255.log 14287 bytes
    C:\WINDOWS\KB926436.log 15053 bytes
    C:\WINDOWS\KB927779.log 25629 bytes
    C:\WINDOWS\KB927802.log 22631 bytes
    C:\WINDOWS\KB927891.log 15171 bytes
    C:\WINDOWS\KB928255.log 22325 bytes
    C:\WINDOWS\KB928843.log 11800 bytes
    C:\WINDOWS\KB929123.log 15955 bytes
    C:\WINDOWS\KB929969.log 21352 bytes
    C:\WINDOWS\KB930178.log 15366 bytes
    C:\WINDOWS\KB930916.log 12437 bytes
    C:\WINDOWS\KB931261.log 19508 bytes
    C:\WINDOWS\KB931784.log 22778 bytes
    C:\WINDOWS\KB931836.log 29537 bytes
    C:\WINDOWS\KB932168.log 16001 bytes
    C:\WINDOWS\KB933566.log 23974 bytes
    C:\WINDOWS\KB935448.log 15516 bytes
    C:\WINDOWS\KB935839.log 12539 bytes
    C:\WINDOWS\gc401.cnf 42 bytes
    C:\WINDOWS\Groensteen.bmp 26582 bytes
    C:\WINDOWS\gsc401.cnf 1736 bytes
    C:\WINDOWS\Help
    C:\WINDOWS\hh.exe 17920 bytes executable
    C:\WINDOWS\icccodes.dll 20992 bytes executable
    C:\WINDOWS\iccsigs.dat 40129 bytes
    C:\WINDOWS\IE4 Error Log.txt 1043 bytes
    C:\WINDOWS\ie7_main.log 1391 bytes
    C:\WINDOWS\iis6.log 957719 bytes
    C:\WINDOWS\ime
    C:\WINDOWS\imsins.BAK 1355 bytes
    C:\WINDOWS\imsins.log 1355 bytes
    C:\WINDOWS\InCD
    C:\WINDOWS\inf
    C:\WINDOWS\Installer
    C:\WINDOWS\Internet Logs
    C:\WINDOWS\Kopje koffie.bmp 17062 bytes
    C:\WINDOWS\KPCMS.INI 173 bytes
    C:\WINDOWS\kpcp32.dll 197120 bytes executable
    C:\WINDOWS\kpsys32.dll 37376 bytes executable
    C:\WINDOWS\LDM.log 180 bytes
    C:\WINDOWS\libeay32.dll 684032 bytes executable
    C:\WINDOWS\medctroc.Log 56286 bytes
    C:\WINDOWS\Media
    C:\WINDOWS\mgxoschk.ini 6289 bytes
    C:\WINDOWS\MicCal.exe 2150400 bytes executable
    C:\WINDOWS\Microsoft.MIF 2510 bytes
    C:\WINDOWS\Minidump
    C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt 6874 bytes
    C:\WINDOWS\mozver.dat 2414 bytes
    C:\WINDOWS\msagent

    Scan succesvol afgerond
    verborgen bestanden: 292

    **************************************************************************
    .
    Voltooingstijd: 2007-11-16 14:19:11 - machine was rebooted
    C:\ComboFix-quarantined-files.txt … 2007-06-23 13:12
    C:\ComboFix2.txt … 2007-06-23 13:12
    .
    — E O F —




    SDFix: Version 1.114

    Run by Laurens on vr 16-11-2007 at 13:46

    Microsoft Windows XP [versie 5.1.2600]

    Running From: C:\DOCUME~1\Laurens\BUREAU~1\SDFix

    Safe Mode:
    Checking Services:


    Infected ip6fw.sys Found!

    ip6fw.sys File Locations:

    "C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys" 29056 03-08-2004 22:00
    "C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 03-08-2004 22:00
    "C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 03-08-2004 22:00

    Infected File Listed Below:

    C:\WINDOWS\system32\drivers\ip6fw.sys

    Trojan File copied to Backups Folder
    Attempting to replace ip6fw.sys with original version…

    Original ip6fw.sys Restored


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing SharedAccess Service

    Rebooting…


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Program Files\hlpsrv.exe - Deleted
    C:\d.exe - Deleted
    C:\WINDOWS\system32\2_exception.nls - Deleted
    C:\WINDOWS\system32\csrs.exe - Deleted
    C:\WINDOWS\system32\explorer.exe - Deleted
    C:\WINDOWS\system32\spoolsvc.exe - Deleted
    C:\WINDOWS\system32\winIogon.exe - Deleted
    C:\WINDOWS\system32\xpdx.sys - Deleted



    Removing Temp Files…

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32
    toskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 14:01:09
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scanning hidden processes …

    scanning hidden services & system hive …

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00081b84e23a]
    "00124700c655"=hex:1d,12,71,45,82,45,ea,cc,93,e7,e1,fa,71,d7,53,37
    "0012620292f0"=hex:ab,74,2f,0b,52,34,f4,f7,f9,36,4e,2f,eb,a3,7f,ef
    "001d983fa43d"=hex:ec,50,bc,dd,ff,4e,e4,7b,b6,0f,0e,ea,45,3b,90,b2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lyv66]
    "Type"=dword:00000001
    "Tag"=dword:00000001
    "Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00081b84e23a]
    "00124700c655"=hex:1d,12,71,45,82,45,ea,cc,93,e7,e1,fa,71,d7,53,37
    "0012620292f0"=hex:ab,74,2f,0b,52,34,f4,f7,f9,36,4e,2f,eb,a3,7f,ef
    "001d983fa43d"=hex:ec,50,bc,dd,ff,4e,e4,7b,b6,0f,0e,ea,45,3b,90,b2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Lyv66]
    "Type"=dword:00000001
    "Tag"=dword:00000001
    "Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00081b84e23a]
    "00124700c655"=hex:1d,12,71,45,82,45,ea,cc,93,e7,e1,fa,71,d7,53,37
    "0012620292f0"=hex:ab,74,2f,0b,52,34,f4,f7,f9,36,4e,2f,eb,a3,7f,ef
    "001d983fa43d"=hex:ec,50,bc,dd,ff,4e,e4,7b,b6,0f,0e,ea,45,3b,90,b2
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lyv66]
    "Type"=dword:00000001
    "Tag"=dword:00000001
    "Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000000

    scanning hidden registry entries …

    scanning hidden files …

    C:\WINDOWS\MSCompPackV1.log 3338 bytes
    C:\WINDOWS\msdfmap.ini 1405 bytes
    C:\WINDOWS\msgsocm.log 40153 bytes
    C:\WINDOWS\msicpl.ini 0 bytes
    C:\WINDOWS\msmqinst.log 264548 bytes
    C:\WINDOWS\mui
    C:\WINDOWS\NeroDigital.ini 116 bytes
    C:\WINDOWS
    etfxocm.log 133432 bytes
    C:\WINDOWS\NetwkCfg.txt 87 bytes
    C:\WINDOWS
    ircmd.exe 56320 bytes executable
    C:\WINDOWS
    otepad.exe 77312 bytes executable
    C:\WINDOWS
    sreg.dat 0 bytes
    C:\WINDOWS\NSREX.INI 0 bytes
    C:\WINDOWS
    sw.log 446 bytes
    C:\WINDOWS
    tbtlog.txt 711688 bytes
    C:\WINDOWS
    tdtcsetup.log 165503 bytes
    C:\WINDOWS\NuNinst.cfg 46017 bytes
    C:\WINDOWS\NuNinst.exe 1298432 bytes executable
    C:\WINDOWS
    view
    C:\WINDOWS
    view\default.tvp 53768 bytes
    C:\WINDOWS\ocgen.log 416911 bytes
    C:\WINDOWS\SHELLNEW
    C:\WINDOWS\SHELLNEW\ACCESS9.MDB 98304 bytes
    C:\WINDOWS\SHELLNEW\EXCEL9.XLS 13824 bytes
    C:\WINDOWS\SHELLNEW\MSPROJ11.MPP 114176 bytes
    C:\WINDOWS\SHELLNEW\MSPUB.PUB 34816 bytes
    C:\WINDOWS\SHELLNEW\PWRPNT11.POT 12800 bytes
    C:\WINDOWS\SHELLNEW\WINWORD8.DOC 10752 bytes
    C:\WINDOWS\slrundll.exe 41058 bytes executable
    C:\WINDOWS\SoftwareDistribution
    C:\WINDOWS\SoftwareDistribution\AuthCabs
    C:\WINDOWS\SoftwareDistribution\DataStore
    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb 6299648 bytes
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk 8192 bytes
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log 131072 bytes
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0008F.log 131072 bytes
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res1.log 131072 bytes
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log 131072 bytes
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes
    C:\WINDOWS\SoftwareDistribution\Download
    C:\WINDOWS\SoftwareDistribution\Download\07248c1ff7d0ded8444f29e05c4b99068d79c1e9 35846 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\bitsinst.exe 34304 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\bitsprx2.dll 7680 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\bitsprx3.dll 7168 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\obrs0413.dll 192512 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\qmgr.dll 360448 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\qmgrprxy.dll 17408 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\winhttp.dll 331776 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\spmsg.dll 8192 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\spuninst.exe 166912 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\branches.inf 390 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\eula.txt 4386 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\KB842773.CAT 11900 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\spcustom.dll 22016 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\update.exe 626176 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\update.ver 602 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\updatebr.inf 389 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\update_SP1QFE.inf 24564 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_downloadprogress_.state 4 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_file_to_execute_.txt 17 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_unpacked_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_useselfcontained_.state 50 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\backup
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2gdr
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2gdr\rmcast.sys 202240 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2qfe
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2qfe\rmcast.sys 202496 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\spmsg.dll 15584 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\spuninst.exe 216800 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\susdl.rq0 269 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\branches.inf 705 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\eula.txt 893 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\KB919007.cat 10925 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\spcustom.dll 22752 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update.exe 725728 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update.url 5324 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update.ver 288 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\updatebr.inf 592 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update_SP1QFE.inf 8684 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update_SP2GDR.inf 10352 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update_SP2QFE.inf 19212 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\updspapi.dll 389856 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\WindowsXP-KB919007-x86-NLD.psm 224 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\_downloadprogress_.state 4 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\_unpacked_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\_usedelta_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\d64d0e6d3b1d62b5b40b54899332395c3e02675d 569144 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\d95bb0c392f840a390e7c560f64718f979b18251 14462 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\backup
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr\kmixer.sys 172416 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr\splitter.sys 6400 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr\wdmaud.sys 82944 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe\kmixer.sys 172416 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe\splitter.sys 6272 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe\wdmaud.sys 82944 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\spmsg.dll 15584 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\spuninst.exe 216800 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\susdl.rq0 633 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\branches.inf 705 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\eula.txt 893 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\KB920872.cat 11857 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\spcustom.dll 22752 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update.exe 725728 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update.url 5324 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update.ver 568 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\updatebr.inf 496 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update_SP2GDR.inf 10857 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update_SP2QFE.inf 19453 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\updspapi.dll 389856 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\WindowsXP-KB920872-x86-NLD.psm 447 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\_downloadprogress_.state 4 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\_unpacked_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\_usedelta_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\eb63b51986ac4a7b6b0d05f30c4afb5409d2af90 1214 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\backup
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2gdr
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2gdr\ciodm.dll 69120 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2gdr\query.dll 1440768 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2qfe
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2qfe\ciodm.dll 69120 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2qfe\query.dll 1440768 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\spmsg.dll 15584 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\spuninst.exe 216800 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\susdl.rq0 436 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\branches.inf 705 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\eula.txt 893 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\KB920685.cat 11929 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\spcustom.dll 22752 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update.exe 725728 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update.url 5324 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update.ver 552 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\updatebr.inf 592 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update_SP1QFE.inf 8752 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update_SP2GDR.inf 10420 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update_SP2QFE.inf 19280 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\updspapi.dll 389856 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\WindowsXP-KB920685-x86-NLD.psm 655 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\_downloadprogress_.state 4 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\_unpacked_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\_usedelta_.state 34 bytes
    C:\WINDOWS\SoftwareDistribution\Download\3dc0e8d0eb37b9ae9023d0b42af874a3779fc6de 1270 bytes
    C:\WINDOWS\SoftwareDistribution\Download\4bf44df7c57d8a66ec4611a13ae5d9d001969f4a 742824 bytes executable
    C:\WINDOWS\SoftwareDistribution\Download\4c505f6fa698c236054c179df29ff6562c56def6 1356 bytes
    C:\WINDOWS\SoftwareDistribution\Download\56e35031315fda3b4ec34e431ab78088a1c1b32a 20920 bytes
    C:\WINDOWS\SoftwareDistribution\Download\75cbb5d04284f479cbb28306074c4bf9bcc6e6ed 11168 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache
    C:\WINDOWS\SoftwareDistribution\EventCache\{00EE9DFC-FE70-464B-BD86-5B43AAED483C}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{0267FD1B-808D-4275-8910-E02F89A0FA08}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{06338C2E-F322-4A0E-8B8D-6F3F9F6A4C5D}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{09888A8F-E2E7-4D37-BFE3-F99303744919}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{0BAD93F5-C291-4063-9E3C-9E452E01C6AE}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{0EC8BA5A-D910-4786-9294-9F70CFD1770A}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{12779C85-CCEF-4E22-A204-83E6EF3C6D7A}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{14230197-3908-42CC-ACB9-4DB216AFE207}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{159D4390-ABA5-45ED-98C6-B5504A45F086}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{17BDC3C3-72EC-492D-92BB-AEB3EBB86DE0}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{1A547776-45E5-4607-9E08-66E88D9F31DE}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{1B64689E-4B49-475D-9896-55BCA75E1789}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{1DE32651-59CD-4B2E-892C-CD637D76220C}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{5A6B6E60-5253-4FD5-BC32-D1087F7FDCA4}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{5DDE4925-96B0-4EB7-8725-F90854399487}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{61892E79-EE45-4FCE-98AD-1EA879DDB1D5}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{6ABBC577-EC39-4DCF-B889-7ADA9B824164}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{6EBF07FC-A763-44BE-A2D5-D68BE14812DC}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{6ED3BA05-A9BC-4E73-BA19-74523AF76FBD}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{710015CD-7FA1-4551-8D1A-C30D796026C6}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{72CD9172-DAA9-4F66-BA8C-D8EE8EB006B2}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{741B1B4C-E814-43CA-9B3C-6EB0B88E5154}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{76DF499C-0D09-4DBE-A19E-5A147ED595B4}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{A67A19EC-4D55-4935-90A2-F9DA09431738}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{B6DDF6EC-B638-44CA-B738-1F05F939BE70}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{B83B8316-89FE-4110-B226-5A1189EE59A4}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{B9ED7F6F-402C-4809-9061-A818575EB887}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{BACC5125-DAB1-4E61-BE65-FCF05AB924C5}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{BD0A7CC4-CAB1-4D9A-9655-6AD5985F5031}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{BD838C9B-80B9-4B5E-BB3C-9E185D99E34C}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{C62FF92D-5F26-4F08-9CD6-416B6BCDB9F0}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{C9B66B63-0302-4A29-91C0-27E18D450F51}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{CA384A86-AA4A-4B98-896F-F030E16249CB}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{CE9B4710-111D-40F1-97E9-708A2E695EF7}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{22B0B44D-8552-410A-8F84-525A68331E7F}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{237A0EFF-34BC-45BC-BB23-7D6EE44C7D9D}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{239B7B9C-A1FB-4837-BF70-C832A60176CA}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{29C440C1-4476-4AF3-9048-0B0575130A9D}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{2B4A4D0A-4D2B-474A-9BD5-D38387679242}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{2D362C17-FD19-43A1-BD6D-72A4536F28E2}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{2EDC9A2A-7A88-4D8F-9431-29847202B268}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{207E274C-4968-442C-BFBA-54BA3B9B663F}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{58E9AA2C-F6CE-4A19-8F70-0B222144F563}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{961EC523-8DA9-494E-B1A7-C3B3B66F3BFB}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{D3640A34-72B5-402D-BA85-450252092C2E}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{8954820C-DA9E-47CA-A11F-26BCFF359E9B}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{8C1F0343-ACF2-4766-8017-FCBFCC8A1D26}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{8F4AF69B-2D04-4EB2-8414-A65038F9A791}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{8F83F344-51F0-4F94-9059-3F064F842E2A}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{92FE8A0A-B44F-4ED1-9CDE-A09C8E2BA5E2}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{936AC07F-CCCA-4E64-ABAB-7BFF66643464}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{94412F9F-9885-4DF2-A986-E8CA3E9A1E81}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{D46F0C3D-3B32-48B1-9E7F-AB7804F6E554}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{D709A3F3-7BD4-4700-A01D-C2803D787A04}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{DB941CA8-3A25-4543-B2AB-FCC4F6D21798}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{DBDBABAE-12A1-48A8-A09A-AA1A408A4366}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{DE5CFCAF-FCCE-4FBC-8F1E-55B8B7F8E3C8}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{E288F493-C951-4A79-A1C5-739A3D88221C}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{E2DF3018-3971-4932-BF8F-0C71E838F9AF}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{E3DE1B25-492A-4F71-81E5-F0A35E6D5ED4}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{E47E56F2-53DF-4D29-93B6-64DBB78C21DA}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{F0928177-8A02-4511-86FA-A0D0AB3E78D8}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{F43F41EA-3086-431E-8E08-C1D394AFEEF3}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{F926B845-FB8C-46D4-9C54-2DFB28C8E707}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{31F6A085-9575-48F8-A4C9-642839C829FA}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{3252D404-F8A0-44B1-BA9A-43BE58C38A7F}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{386FA3F1-4002-4749-B5A3-6EE44D3FEBB4}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{3AF5F63C-29C2-4A26-8D66-2B1A6C2B5012}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{483D2444-B793-4EA9-AED7-3C54EB5C9C64}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{4AC95FE5-7E8D-4F1F-897E-46CFBB7E7104}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{507D6E83-0BCF-4D50-A4B0-6ACDC8CEF1AE}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{972807D5-6F33-4C77-AFAC-84059764378D}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{99BE0956-FC60-4472-A607-046C3038280B}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{9B452857-8904-4C31-89F2-9ADF2DA73E8B}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{9B75EF91-50E0-4B1D-8D8E-CF3491FDC4A6}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{9C15493D-6E82-4FC6-9E85-25FC9D9FA938}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{A217B6F3-CAD6-42F8-A489-B8C439C28FE9}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\EventCache\{A51D256B-5A15-4704-A2F8-A3CA74B1023A}.bin 8 bytes
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log 591614 bytes
    C:\WINDOWS\SoftwareDistribution\SelfUpdate
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab 25384 bytes
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cat 48256 bytes
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 13043 bytes
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab 10144 bytes
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.txt 1192 bytes
    C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered
    C:\WINDOWS\SoftwareDistribution\WuRedir
    C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77
    C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab 10040 bytes
    C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.xml 617 bytes
    C:\WINDOWS\SoundMan.exe 94208 bytes executable
    C:\WINDOWS\sprof32.dll 133120 bytes executable
    C:\WINDOWS\spupdsvc.log 78117 bytes
    C:\WINDOWS\SpywareDoctor5Install.log 126 bytes
    C:\WINDOWS\srchasst
    C:\WINDOWS\srchasst\chars
    C:\WINDOWS\srchasst\chars\courtney.acs 816535 bytes
    C:\WINDOWS\srchasst\chars\earl.acs 1472718 bytes
    C:\WINDOWS\srchasst\chars\rover.acs 1861820 bytes
    C:\WINDOWS\srchasst\msgr3en.dll 3166208 bytes executable
    C:\WINDOWS\srchasst\mui
    C:\WINDOWS\srchasst\mui\0413
    C:\WINDOWS\srchasst\mui\0413\balloon.xsl 34671 bytes
    C:\WINDOWS\srchasst\mui\0413\bar.xsl 34643 bytes
    C:\WINDOWS\srchasst\mui\0413\charchsr.xml 236 bytes
    C:\WINDOWS\srchasst\mui\0413\charctxt.xml 499 bytes
    C:\WINDOWS\srchasst\mui\0413\error.xml 100 bytes
    C:\WINDOWS\srchasst\mui\0413\finish.xml 1082 bytes
    C:\WINDOWS\srchasst\mui\0413\indxsvc.xml 1438 bytes
    C:\WINDOWS\srchasst\mui\0413\inetfind.xml 797 bytes
    C:\WINDOWS\srchasst\mui\0413\inetopts.xml 1457 bytes
    C:\WINDOWS\srchasst\mui\0413\inetpref.xml 2830 bytes
    C:\WINDOWS\srchasst\mui\0413\inetsrch.xml 1137 bytes
    C:\WINDOWS\srchasst\mui\0413\intents.xml 590 bytes
    C:\WINDOWS\srchasst\mui\0413\intro.xml 506 bytes
    C:\WINDOWS\srchasst\mui\0413\lcladv.xml 5626 bytes
    C:\WINDOWS\srchasst\mui\0413\lcladvd.xml 5571 bytes
    C:\WINDOWS\srchasst\mui\0413\lcladvdf.xml 5944 bytes
    C:\WINDOWS\srchasst\mui\0413\lcladvmm.xml 6760 bytes
    C:\WINDOWS\srchasst\mui\0413\lclcomp.xml 782 bytes
    C:\WINDOWS\srchasst\mui\0413\lcldate.xml 2018 bytes
    C:\WINDOWS\srchasst\mui\0413\lcldocs.xml 2514 bytes
    C:\WINDOWS\srchasst\mui\0413\lclkwrds.xml 448 bytes
    C:\WINDOWS\srchasst\mui\0413\lcllook.xml 347 bytes
    C:\WINDOWS\srchasst\mui\0413\lclmm.xml 2379 bytes
    C:\WINDOWS\srchasst\mui\0413\lclmode.xml 544 bytes
    C:\WINDOWS\srchasst\mui\0413\lclother.xml 684 bytes
    C:\WINDOWS\srchasst\mui\0413\lclprog.xml 2061 bytes
    C:\WINDOWS\srchasst\mui\0413\lclrfine.xml 6263 bytes
    C:\WINDOWS\srchasst\mui\0413\lclsize.xml 1541 bytes
    C:\WINDOWS\srchasst\mui\0413\lclsrch.xml 1276 bytes




























  • dubbel :?
  • nog een keer dubbel :? :?
  • Er zit nog wat zooi op hoor:

    1. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:
    [b:dcfeb27b81]
    O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Hkdhhtgi\kiuupsur.dll (file missing)
    O2 - BHO: (no name) - {BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC} - C:\WINDOWS\system32\kxvgihv.dll (file missing)
    O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe
    O4 - HKCU\..\Run: [Cast] "C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" -vt ndrv
    O4 - HKCU\..\Run: [Wrkkh] C:\WINDOWS\system32\??mantec
    ?tepad.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
    O20 - Winlogon Notify: byvspom - byvspom.dll (file missing)
    O20 - Winlogon Notify: winpya32 - winpya32.dll (file missing)
    [/b:dcfeb27b81]

    Sluit alle openstaande vensters, behalve Hijackthis en klik op 'fix checked'.

    2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:dcfeb27b81]
    File::
    C:\WINDOWS\system32\unpr.sys
    C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe
    C:\WINDOWS\system32\spoolsvc.exe
    C:\WINDOWS\SETUP1.EXE

    Folder::
    C:\Program Files\Hkdhhtgi
    C:\WINDOWS\system32\??mantec
    C:\Program Files\MalwareAlarm\

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\byvspom]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\winpya32]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\00
    [/b:dcfeb27b81]

    Sla dit op op je Bureaublad als [b:dcfeb27b81]CFScript.txt[/b:dcfeb27b81]

    Sleep [b:dcfeb27b81]CFScript.txt[/b:dcfeb27b81] in [b:dcfeb27b81]ComboFix.exe[/b:dcfeb27b81] zoals getoond in onderstaand voorbeeld :
    [img:dcfeb27b81]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:dcfeb27b81]

    Dit zal [b:dcfeb27b81]ComboFix[/b:dcfeb27b81] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

    Pim


  • Beste Pim,

    Het verbaast me elke keer weer dat er mensen zijn die van dit soort zaken zoveel af weten. Het is voor mij niet te begrijpen. De vraag is ook hoe je aan die rommel komt, die elke keer weer je systeem beinvloeden.
    Maar goed. Ik ben je zeer dankbaar voor je hulp.
    Hierbij nog wat LOGS.

    Gr. Laurens

    Logfile of HijackThis v1.99.1
    Scan saved at 17:24:42, on 16-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\System32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\spoolsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Laurens\Mijn documenten\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O10 - Broken Internet access because of LSP provider 'winrnr2.dll' missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
    O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset
    od32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
    vsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - K:\CyberLink\Shared Files\RichVideo.exe (file missing)
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)



    ComboFix 07-11-08.3 - Laurens 2007-11-16 17:18:16.2 - NTFSx86
    Gestart vanuit: C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Laurens\Bureaublad\CFScript.txt
    * Nieuw herstelpunt werd aangemaakt

    FILE
    C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe
    C:\WINDOWS\SETUP1.EXE
    C:\WINDOWS\system32\spoolsvc.exe
    C:\WINDOWS\system32\unpr.sys
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\MalwareAlarm\
    C:\Program Files\MalwareAlarm\\MalwareAlarm.exe
    C:\Program Files\MalwareAlarm\\MalwareAlarm.lic
    C:\Program Files\MalwareAlarm\\MalwareAlarm0.ma
    C:\Program Files\MalwareAlarm\\MalwareAlarm1.ma
    C:\Program Files\MalwareAlarm\\Uninstall.exe
    C:\WINDOWS\SETUP1.EXE
    C:\WINDOWS\system32\drivers\symavc32.sys
    C:\WINDOWS\system32\spoolsvc.exe
    C:\WINDOWS\system32\unpr.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))
    .

    2007-11-16 13:46 <DIR> d——– C:\WINDOWS\ERUNT
    2007-11-15 22:57 <DIR> d——– C:\Documents and Settings\Jeannet\Application Data\SurfRight
    2007-11-15 21:02 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-11-15 21:01 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-11-15 21:01 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-11-15 21:01 15,424 –a—— C:\WINDOWS\system32\drivers
    od32drv.sys
    2007-11-15 20:04 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\SurfRight
    2007-11-15 19:34 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-15 19:28 2,560 –a—— C:\WINDOWS\system32\drivers\mchInjDrv.sys
    2007-11-15 19:27 <DIR> d——– C:\Program Files\SurfRight
    2007-11-15 19:27 <DIR> d——– C:\Documents and Settings\All Users\Application Data\SurfRight
    2007-11-15 12:23 87,424 –a—— C:\WINDOWS\system32\drivers\irda.sys
    2007-11-15 12:23 87,424 –a–c— C:\WINDOWS\system32\dllcache\irda.sys
    2007-11-15 12:23 19,584 –a—— C:\WINDOWS\system32\drivers\rasirda.sys
    2007-11-15 12:23 19,584 –a–c— C:\WINDOWS\system32\dllcache\rasirda.sys
    2007-11-15 12:23 18,688 –a—— C:\WINDOWS\system32\drivers\irsir.sys
    2007-11-15 12:23 18,688 –a–c— C:\WINDOWS\system32\dllcache\irsir.sys
    2007-11-14 19:03 122,880 –a—— C:\WINDOWS\system32\winrnr2.dll
    2007-11-14 19:03 65,536 –a—— C:\oaif.exe
    2007-11-14 19:03 8,704 –a—— C:\WINDOWS\system32\sporder.dll
    2007-11-13 16:22 80,384 –a—— C:\WINDOWS\ST6UNST.EXE
    2007-11-11 14:53 <DIR> d——– C:\Documents and Settings\All Users\Application Data\espionServerData
    2007-11-07 15:04 <DIR> d——– C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-11-07 14:43 <DIR> d——– C:\Program Files\Opera
    2007-11-07 14:41 <DIR> d——– C:\Documents and Settings\All Users\Application Data\MAGIX
    2007-11-07 14:39 <DIR> d——– C:\Program Files\Common Files\MAGIX Shared
    2007-11-07 14:38 <DIR> d——– C:\Program Files\MAGIX
    2007-11-07 14:38 1,089,536 –a—— C:\WINDOWS\system32\ROBOEX32.DLL
    2007-11-07 14:38 85,504 –a—— C:\WINDOWS\system32\HtmlWH.dll
    2007-11-07 14:38 49,152 –a—— C:\WINDOWS\system32\INETWH32.dll
    2007-11-07 14:37 <DIR> d——– C:\WINDOWS\system32\MAGIX
    2007-11-07 14:37 663,552 –a—— C:\WINDOWS\system32\mgxoschk.dll
    2007-11-07 14:36 <DIR> d——– C:\WINDOWS\system32\Adobe
    2007-11-07 14:36 24,576 –a—— C:\WINDOWS\system32\FileOps.exe
    2007-11-07 14:35 <DIR> d——– C:\Program Files\Namo
    2007-11-07 14:33 <DIR> d——– C:\Program Files\Bonjour
    2007-11-07 14:29 <DIR> d——– C:\Program Files\Common Files\Macrovision Shared
    2007-11-07 14:25 <DIR> d——– C:\Program Files\OO Software
    2007-11-07 14:08 116,736 ——— C:\WINDOWS\system32\pxinsi64.exe
    2007-11-07 14:08 115,712 ——— C:\WINDOWS\system32\pxcpyi64.exe
    2007-10-30 15:19 <DIR> d——– C:\Program Files\Common Files\AutoDesk Shared
    2007-10-30 15:19 <DIR> d——– C:\Program Files\ColorByNumbers
    2007-10-26 16:41 <DIR> d——– C:\Program Files\Deep Sleep
    2007-10-26 16:37 <DIR> d——– C:\Program Files\SmartFTP Client
    2007-10-26 16:37 <DIR> d——– C:\Documents and Settings\Laurens\Application Data\SmartFTP
    2007-10-22 16:29 <DIR> d——– C:\Program Files\RealVNC
    2007-10-21 11:23 <DIR> d——– C:\Program Files\DVD Audio Ripper Plus

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-16 13:18 ——— d—–w C:\Program Files\Hitman Pro
    2007-11-16 12:38 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Juniper Networks
    2007-11-15 21:28 ——— d—–w C:\Program Files\Lavasoft
    2007-11-15 21:28 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Lavasoft
    2007-11-15 21:21 ——— d—–w C:\Program Files\Spyware Doctor
    2007-11-15 21:18 ——— d—–w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-15 19:00 ——— d—–w C:\Program Files\Lx_cats
    2007-11-15 12:39 ——— d—–w C:\Documents and Settings\All Users\Application Data\Juniper Networks
    2007-11-07 13:37 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2007-11-07 13:36 ——— d—–w C:\Program Files\Common Files\Adobe
    2007-11-07 13:07 20,640 ——w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-10-31 21:51 ——— d—–w C:\Documents and Settings\Laurens\Application Data\LimeWire
    2007-10-28 11:36 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Skype
    2007-10-21 20:49 ——— d—–w C:\Program Files\Mp3 Knife
    2007-10-21 10:43 ——— d—–w C:\Program Files\ImTOO
    2007-10-21 10:38 ——— d—–w C:\Program Files\Xilisoft
    2007-10-21 10:38 ——— d—–w C:\Documents and Settings\Laurens\Application Data\dvdcss
    2007-10-18 11:36 ——— d—–w C:\Documents and Settings\Jeannet\Application Data\FaxCtr
    2007-10-13 12:26 ——— d—–w C:\Documents and Settings\Laurens\Application Data\PC Suite
    2007-10-13 12:24 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Nokia
    2007-10-13 12:21 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Nokia Multimedia Player
    2007-10-13 10:34 ——— d—–w C:\Program Files\DIFX
    2007-10-13 10:34 ——— d—–w C:\Program Files\Common Files\PCSuite
    2007-10-13 10:34 ——— d—–w C:\Program Files\Common Files\Nokia
    2007-10-13 10:33 ——— d—–w C:\Program Files\PC Connectivity Solution
    2007-10-13 10:33 ——— d—–w C:\Program Files\Nokia
    2007-10-13 10:33 ——— d—–w C:\Documents and Settings\All Users\Application Data\Installations
    2007-10-10 21:03 ——— d—–w C:\Program Files\Microsoft ActiveSync
    2007-10-08 20:16 ——— d—–w C:\Program Files\LimeWire
    2007-09-30 17:10 ——— d—–w C:\Documents and Settings\Laurens\Application Data\Apple Computer
    2007-09-25 20:29 ——— d—–w C:\Program Files\Apple Software Update
    2007-09-25 20:29 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-22 18:46 ——— d—–w C:\Documents and Settings\Jeannet\Application Data\Apple Computer
    2007-09-22 17:38 ——— d—–w C:\Program Files\QuickTime
    2007-09-22 17:37 ——— d—–w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-06-19 08:55 167 —-a-w C:\Documents and Settings\Laurens\4467.bat
    2007-04-27 15:01 7,288 —-a-w C:\Program Files\hijackthis.log
    2007-04-17 17:03 8 —-a-w C:\Documents and Settings\Laurens\Application Data\usb.dat.bin
    2006-10-08 18:08 41,152 —-a-w C:\Documents and Settings\Laurens\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-12 22:33 41,152 —-a-w C:\Documents and Settings\Jeannet\Application Data\GDIPFONTCACHEV1.DAT
    2005-02-16 09:06 227,328 —-a-w C:\Program Files\HijackThis.exe
    2004-08-09 21:30 49,152 —-a-w C:\Program Files\Uninstall_CDS.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RegistryMechanic"="" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 07:51]
    "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 12:54]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 12:54:58]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys
    R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
    R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
    R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
    R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    R1 tvtool;tvtool;\??\C:\Program Files\TVTool\tvtool.sys
    R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe"
    R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe"
    R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
    R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys
    R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
    S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\Laurens\LOCALS~1\Temp\iMSPCLOj.sys
    S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-11-13 17:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-16 17:21:19
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    C:\WINDOWS\MSCompPackV1.log 3338 bytes
    C:\WINDOWS\msdfmap.ini 1405 bytes
    C:\WINDOWS\msgsocm.log 40153 bytes
    C:\WINDOWS\msicpl.ini 0 bytes
    C:\WINDOWS\msmqinst.log 264548 bytes
    C:\WINDOWS\mui
    C:\WINDOWS\NeroDigital.ini 116 bytes
    C:\WINDOWS
    etfxocm.log 133432 bytes
    C:\WINDOWS\NetwkCfg.txt 87 bytes
    C:\WINDOWS
    ircmd.exe 58368 bytes executable
    C:\WINDOWS
    otepad.exe 77312 bytes executable
    C:\WINDOWS
    sreg.dat 0 bytes
    C:\WINDOWS\NSREX.INI 0 bytes
    C:\WINDOWS
    sw.log 446 bytes
    C:\WINDOWS
    tbtlog.txt 711688 bytes
    C:\WINDOWS
    tdtcsetup.log 165503 bytes
    C:\WINDOWS\NuNinst.cfg 46017 bytes
    C:\WINDOWS\NuNinst.exe 1298432 bytes executable
    C:\WINDOWS
    view
    C:\WINDOWS\ocgen.log 416911 bytes
    C:\WINDOWS\SHELLNEW
    C:\WINDOWS\slrundll.exe 41058 bytes executable
    C:\WINDOWS\SoftwareDistribution
    C:\WINDOWS\SoundMan.exe 94208 bytes executable
    C:\WINDOWS\sprof32.dll 133120 bytes executable
    C:\WINDOWS\spupdsvc.log 78117 bytes
    C:\WINDOWS\SpywareDoctor5Install.log 126 bytes
    C:\WINDOWS\srchasst
    C:\WINDOWS\ssleay32.dll 155648 bytes executable
    C:\WINDOWS\ST6UNST.EXE 80384 bytes executable
    C:\WINDOWS\Stekkie.bmp 17336 bytes
    C:\WINDOWS\Sti_Trace.log 0 bytes
    C:\WINDOWS\Sun
    C:\WINDOWS\svcpack.log 484510 bytes
    C:\WINDOWS\swacnfg.ini 237 bytes
    C:\WINDOWS\system.ini 227 bytes
    C:\WINDOWS\system.tmp 227 bytes
    C:\WINDOWS\system32
    C:\WINDOWS\tabletoc.log 36826 bytes
    C:\WINDOWS\TASKMAN.EXE 23040 bytes executable
    C:\WINDOWS\taskmen32.pif 99 bytes
    C:\WINDOWS\Tasks
    C:\WINDOWS\Temp
    C:\WINDOWS\TemplateWizard.INI 20 bytes
    C:\WINDOWS\WgaNotify.log 13892 bytes
    C:\WINDOWS\wiadebug.log 159 bytes
    C:\WINDOWS\wiaservc.log 313 bytes
    C:\WINDOWS\win.ini 917 bytes
    C:\WINDOWS\win.tmp 917 bytes
    C:\WINDOWS\Windows Update.log 23132 bytes
    C:\WINDOWS\WindowsShell.Manifest 749 bytes
    C:\WINDOWS\WindowsUpdate.log 1055564 bytes
    C:\WINDOWS\winhelp.exe 257072 bytes
    C:\WINDOWS\winhlp32.exe 294400 bytes executable
    C:\WINDOWS\wininit.ini 214 bytes
    C:\WINDOWS\winnt.bmp 48680 bytes
    C:\WINDOWS\winnt256.bmp 48680 bytes
    C:\WINDOWS\WinSxS
    C:\WINDOWS\WMFDist11.log 23344 bytes
    C:\WINDOWS\regopt.log 1672 bytes
    C:\WINDOWS\repair
    C:\WINDOWS\resetlog.txt 6675 bytes
    C:\WINDOWS\Resources
    C:\WINDOWS\Rhododendron.bmp 17362 bytes
    C:\WINDOWS\Rivier Sumida.bmp 26680 bytes
    C:\WINDOWS\RTHDCPL.exe 14863360 bytes executable
    C:\WINDOWS\RTLCPL.exe 9719808 bytes executable
    C:\WINDOWS\RtlExUpd.dll 487424 bytes executable
    C:\WINDOWS\RtlUpd.exe 364544 bytes executable
    C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes
    C:\WINDOWS\SchedLgU.Txt 32606 bytes
    C:\WINDOWS\sct101.log 21 bytes
    C:\WINDOWS\security
    C:\WINDOWS\ServicePackFiles
    C:\WINDOWS\sessmgr.setup.log 1277 bytes
    C:\WINDOWS\SET3.tmp 1085938 bytes
    C:\WINDOWS\SET7.tmp 13923 bytes
    C:\WINDOWS\setupact.log 170755 bytes
    C:\WINDOWS\setupapi.log 796347 bytes
    C:\WINDOWS\setuperr.log 0 bytes
    C:\WINDOWS\DtcInstall.log 360 bytes
    C:\WINDOWS\EHome
    C:\WINDOWS\erdnt
    C:\WINDOWS\ERUNT
    C:\WINDOWS\explorer.exe 1042944 bytes executable
    C:\WINDOWS\explorer.scf 80 bytes
    C:\WINDOWS\FaxSetup.log 760421 bytes
    C:\WINDOWS\Fonts
    C:\WINDOWS\ftpcache
    C:\WINDOWS\KB898461.log 6889 bytes
    C:\WINDOWS\KB911564.log 17840 bytes
    C:\WINDOWS\KB918899.log 21696 bytes
    C:\WINDOWS\KB926239.log 4989 bytes
    C:\WINDOWS\KB935840.log 12614 bytes
    C:\WINDOWS\msapps
    C:\WINDOWS\ocmsn.log 49196 bytes
    C:\WINDOWS\setuplog.txt 845897 bytes
    C:\WINDOWS\tsoc.log 370549 bytes
    C:\WINDOWS\Web
    C:\WINDOWS\DirectX.log 79189 bytes
    C:\WINDOWS\DJ2000.ini 1301 bytes
    C:\WINDOWS\Downloaded Installations
    C:\WINDOWS\Downloaded Program Files
    C:\WINDOWS\DPINST.LOG 51766 bytes
    C:\WINDOWS\Driver Cache
    C:\WINDOWS\isRS-000.tmp 689152 bytes executable
    C:\WINDOWS\IsUn0413.exe 317952 bytes executable
    C:\WINDOWS\IsUninst.exe 313856 bytes executable
    C:\WINDOWS\iTouch.ini 51 bytes
    C:\WINDOWS\java
    C:\WINDOWS\KB821253.log 437 bytes
    C:\WINDOWS\KB873339.log 25976 bytes
    C:\WINDOWS\KB884020.log 1072 bytes
    C:\WINDOWS\KB885250.log 27755 bytes
    C:\WINDOWS\KB885835.log 27940 bytes
    C:\WINDOWS\KB885836.log 26947 bytes
    C:\WINDOWS\KB885884.log 9931 bytes
    C:\WINDOWS\KB886185.log 12502 bytes
    C:\WINDOWS\KB887472.log 25985 bytes
    C:\WINDOWS\KB887742.log 26587 bytes
    C:\WINDOWS\KB888111.log 4440 bytes
    C:\WINDOWS\KB888113.log 26032 bytes
    C:\WINDOWS\KB888302.log 18668 bytes
    C:\WINDOWS\KB890046.log 20625 bytes
    C:\WINDOWS\KB890859.log 17491 bytes
    C:\WINDOWS\KB891781.log 23437 bytes
    C:\WINDOWS\KB893756.log 27425 bytes
    C:\WINDOWS\KB893803v2.log 5544 bytes
    C:\WINDOWS\KB894391.log 17393 bytes
    C:\WINDOWS\KB896358.log 27015 bytes
    C:\WINDOWS\KB896422.log 28118 bytes
    C:\WINDOWS\KB896423.log 25749 bytes
    C:\WINDOWS\KB896424.log 27800 bytes
    C:\WINDOWS\KB896428.log 16729 bytes
    C:\WINDOWS\KB899587.log 29001 bytes
    C:\WINDOWS\KB899589.log 20031 bytes
    C:\WINDOWS\KB899591.log 27613 bytes
    C:\WINDOWS\KB900485.log 11647 bytes
    C:\WINDOWS\KB900725.log 20411 bytes
    C:\WINDOWS\KB901017.log 27289 bytes
    C:\WINDOWS\KB901105.log 1556 bytes
    C:\WINDOWS\KB901214.log 19287 bytes
    C:\WINDOWS\KB902400.log 28705 bytes
    C:\WINDOWS\KB904706.log 17323 bytes
    C:\WINDOWS\KB905414.log 20352 bytes
    C:\WINDOWS\KB905749.log 17940 bytes
    C:\WINDOWS\KB905915.log 29403 bytes
    C:\WINDOWS\KB908519.log 15139 bytes
    C:\WINDOWS\KB908531.log 14945 bytes
    C:\WINDOWS\KB909394.log 5277 bytes
    C:\WINDOWS\KB910437.log 21601 bytes
    C:\WINDOWS\KB911280.log 11029 bytes
    C:\WINDOWS\KB911562.log 14178 bytes
    C:\WINDOWS\twain.dll 94784 bytes
    C:\WINDOWS\twain_32
    C:\WINDOWS\twain_32.dll 50688 bytes executable
    C:\WINDOWS\twunk_16.exe 49680 bytes
    C:\WINDOWS\twunk_32.exe 32768 bytes executable
    C:\WINDOWS\uninst.exe 305664 bytes executable
    C:\WINDOWS\UninstAdmin.isu 599315 bytes
    C:\WINDOWS\UNNeroVision.cfg 81261 bytes
    C:\WINDOWS\UNNeroVision.exe 1298432 bytes executable
    C:\WINDOWS\updspapi.log 44414 bytes
    C:\WINDOWS\vb.ini 36 bytes
    C:\WINDOWS\vbaddin.ini 63 bytes
    C:\WINDOWS\vmmreg32.dll 18944 bytes executable
    C:\WINDOWS\KB911565.log 8837 bytes
    C:\WINDOWS\KB911567.log 10580 bytes
    C:\WINDOWS\KB911927.log 27805 bytes
    C:\WINDOWS\KB912812.log 16310 bytes
    C:\WINDOWS\KB912919.log 18137 bytes
    C:\WINDOWS\KB913446.log 11325 bytes
    C:\WINDOWS\KB913580.log 11674 bytes
    C:\WINDOWS\KB914388.log 12347 bytes
    C:\WINDOWS\KB914389.log 11477 bytes
    C:\WINDOWS\KB916281.log 17664 bytes
    C:\WINDOWS\KB916595.log 10394 bytes
    C:\WINDOWS\KB917159.log 11805 bytes
    C:\WINDOWS\KB917344.log 13924 bytes
    C:\WINDOWS\KB917422.log 12174 bytes
    C:\WINDOWS\KB917734.log 10111 bytes
    C:\WINDOWS\KB917953.log 13688 bytes
    C:\WINDOWS\KB918118.log 14197 bytes
    C:\WINDOWS\KB918439.log 13567 bytes
    C:\WINDOWS\KB919007.log 11448 bytes
    C:\WINDOWS\KB920213.log 14289 bytes
    C:\WINDOWS\KB920214.log 20056 bytes
    C:\WINDOWS\KB920670.log 12011 bytes
    C:\WINDOWS\KB920683.log 12395 bytes
    C:\WINDOWS\KB920685.log 11313 bytes
    C:\WINDOWS\KB920872.log 13497 bytes
    C:\WINDOWS\KB921398.log 18672 bytes
    C:\WINDOWS\KB921883.log 19009 bytes
    C:\WINDOWS\KB922582.log 7767 bytes
    C:\WINDOWS\KB922616.log 19089 bytes
    C:\WINDOWS\KB922760.log 17528 bytes
    C:\WINDOWS\KB922819.log 11772 bytes
    C:\WINDOWS\KB923191.log 5406 bytes
    C:\WINDOWS\KB923414.log 10928 bytes
    C:\WINDOWS\KB923689.log 14024 bytes
    C:\WINDOWS\KB923980.log 21711 bytes
    C:\WINDOWS\KB924191.log 6828 bytes
    C:\WINDOWS\KB924270.log 21351 bytes
    C:\WINDOWS\KB924496.log 11260 bytes
    C:\WINDOWS\KB924667.log 18804 bytes
    C:\WINDOWS\KB925398.log 17302 bytes
    C:\WINDOWS\KB925486.log 15426 bytes
    C:\WINDOWS\KB925902.log 17217 bytes
    C:\WINDOWS\ODBC.INI 859 bytes
    C:\WINDOWS\ODBCINST.INI 4207 bytes
    C:\WINDOWS\OEWABLog.txt 1859 bytes
    C:\WINDOWS\Offline Web Pages
    C:\WINDOWS\Patroon.bmp 16730 bytes
    C:\WINDOWS\PCDLIB32.DLL 212480 bytes executable
    C:\WINDOWS\PCHEALTH
    C:\WINDOWS\peernet
    C:\WINDOWS\pfpick.dll 58368 bytes executable
    C:\WINDOWS\PIF
    C:\WINDOWS\Prairie.bmp 65954 bytes
    C:\WINDOWS\Prefetch
    C:\WINDOWS\provisioning
    C:\WINDOWS\pss
    C:\WINDOWS\Q828026.log 3155 bytes
    C:\WINDOWS\QTFont.for 1409 bytes
    C:\WINDOWS\QTFont.qfn 54156 bytes
    C:\WINDOWS\regedit.exe 160256 bytes executable
    C:\WINDOWS\RegisteredPackages
    C:\WINDOWS\Registration
    C:\WINDOWS\wmp11.log 16407 bytes
    C:\WINDOWS\WMPrfNld.prx 32964 bytes
    C:\WINDOWS\WMPrfSve.prx 33314 bytes
    C:\WINDOWS\wmsetup.log 321887 bytes
    C:\WINDOWS\wmsetup10.log 9967 bytes
    C:\WINDOWS\WMSysPr9.prx 316640 bytes
    C:\WINDOWS\WMSysPrx.prx 299552 bytes
    C:\WINDOWS\WRUninstall.dll 478720 bytes executable
    C:\WINDOWS\Wudf01000Inst.log 9740 bytes
    C:\WINDOWS\xpsp1hfm.log 2082 bytes
    C:\WINDOWS\Zapotec.bmp 9522 bytes
    C:\WINDOWS\Zeepbellen.bmp 65978 bytes
    C:\WINDOWS\_default.pif 707 bytes
    C:\WINDOWS\KB926255.log 14287 bytes
    C:\WINDOWS\KB926436.log 15053 bytes
    C:\WINDOWS\KB927779.log 25629 bytes
    C:\WINDOWS\KB927802.log 22631 bytes
    C:\WINDOWS\KB927891.log 15171 bytes
    C:\WINDOWS\KB928255.log 22325 bytes
    C:\WINDOWS\KB928843.log 11800 bytes
    C:\WINDOWS\KB929123.log 15955 bytes
    C:\WINDOWS\KB929969.log 21352 bytes
    C:\WINDOWS\KB930178.log 15366 bytes
    C:\WINDOWS\KB930916.log 12437 bytes
    C:\WINDOWS\KB931261.log 19508 bytes
    C:\WINDOWS\KB931784.log 22778 bytes
    C:\WINDOWS\KB931836.log 29537 bytes
    C:\WINDOWS\KB932168.log 16001 bytes
    C:\WINDOWS\KB933566.log 23974 bytes
    C:\WINDOWS\KB935448.log 15516 bytes
    C:\WINDOWS\KB935839.log 12539 bytes
    C:\WINDOWS\gc401.cnf 42 bytes
    C:\WINDOWS\Groensteen.bmp 26582 bytes
    C:\WINDOWS\gsc401.cnf 1736 bytes
    C:\WINDOWS\Help
    C:\WINDOWS\hh.exe 17920 bytes executable
    C:\WINDOWS\icccodes.dll 20992 bytes executable
    C:\WINDOWS\iccsigs.dat 40129 bytes
    C:\WINDOWS\IE4 Error Log.txt 1043 bytes
    C:\WINDOWS\ie7_main.log 1391 bytes
    C:\WINDOWS\iis6.log 957719 bytes
    C:\WINDOWS\ime
    C:\WINDOWS\imsins.BAK 1355 bytes
    C:\WINDOWS\imsins.log 1355 bytes
    C:\WINDOWS\InCD
    C:\WINDOWS\inf
    C:\WINDOWS\Installer
    C:\WINDOWS\Internet Logs
    C:\WINDOWS\Kopje koffie.bmp 17062 bytes
    C:\WINDOWS\KPCMS.INI 173 bytes
    C:\WINDOWS\kpcp32.dll 197120 bytes executable
    C:\WINDOWS\kpsys32.dll 37376 bytes executable
    C:\WINDOWS\LDM.log 180 bytes
    C:\WINDOWS\libeay32.dll 684032 bytes executable
    C:\WINDOWS\medctroc.Log 56286 bytes
    C:\WINDOWS\Media
    C:\WINDOWS\mgxoschk.ini 6289 bytes
    C:\WINDOWS\MicCal.exe 2150400 bytes executable
    C:\WINDOWS\Microsoft.MIF 2510 bytes
    C:\WINDOWS\Minidump
    C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt 6874 bytes
    C:\WINDOWS\mozver.dat 2414 bytes
    C:\WINDOWS\msagent

    Scan succesvol afgerond
    verborgen bestanden: 291

    **************************************************************************
    .
    Voltooingstijd: 2007-11-16 17:21:58
    C:\ComboFix-quarantined-files.txt … 2007-06-23 13:12
    C:\ComboFix2.txt … 2007-11-16 14:19
    C:\ComboFix3.txt … 2007-06-23 13:12
    .
    — E O F —












  • Beste Pim,

    Ik moet zeggen dat ik geen pop-ups meer krijg, het opstarten van WIN XP gaat wel vlot. Het openen van programma's en IE gaat nog met vertraging.

    Gr. Laurens
  • Pim,

    Misschien wil je nog even kijken. De pc is vrij traag.

    Gr. Laurens
  • Hoi Laurens,

    Ik ben in het weekend minder actief.

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:88757d4a7a]Select All[/b:88757d4a7a].
    Klik op de knop [b:88757d4a7a]Empty Selected[/b:88757d4a7a].

    Het volgende doen als je ook [u:88757d4a7a]FireFox[/u:88757d4a7a] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:88757d4a7a]Select All[/b:88757d4a7a].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:88757d4a7a]Empty Selected.[/b:88757d4a7a]

    Het volgende doen als je ook [u:88757d4a7a]Opera[/u:88757d4a7a] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:88757d4a7a]Select All[/b:88757d4a7a].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:88757d4a7a]Empty Selected[/b:88757d4a7a].
    Ga naar het tabblad "Main" en klik op de knop [b:88757d4a7a]Exit[/b:88757d4a7a] om het programma af te sluiten.

    Download Dr.Web Cureit naar je bureaublad.
    [list:88757d4a7a]
    * Dubbelklik [b:88757d4a7a]drweb-cureit.exe[/b:88757d4a7a] en sta het toe om de express scan te starten.
    * Indien een popup verschijnt met het voorstel tot kopen/50% korting,
    mag je deze sluiten met het kruisje.
    * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt,
    klik de [b:88757d4a7a]Yes to all[/b:88757d4a7a] knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    * Kies bovenaan in het menu voor [b:88757d4a7a]Language/Taal[/b:88757d4a7a] en wijzig deze naar [b:88757d4a7a]Dutch (Nederlands)[/b:88757d4a7a] indien deze bij jou anders staat ingesteld.
    * Druk op [b:88757d4a7a]F9[/b:88757d4a7a] en kies daarna voor [b:88757d4a7a]Acties[/b:88757d4a7a] en stel daar het volgende in onder [b:88757d4a7a]Malware[/b:88757d4a7a] :
    o Adware: [b:88757d4a7a]Verplaats[/b:88757d4a7a]
    Dialers: [b:88757d4a7a]Verplaats[/b:88757d4a7a]
    Jokes: [b:88757d4a7a]Rapportage[/b:88757d4a7a]
    Riskware: [b:88757d4a7a]Rapportage[/b:88757d4a7a]
    Hacktools: [b:88757d4a7a]Verplaats[/b:88757d4a7a]
    Haal dan het [b:88757d4a7a]vinkje weg bij "Prompt bij actie"[/b:88757d4a7a].
    Druk dan op [b:88757d4a7a]OK[/b:88757d4a7a].
    * Druk op [b:88757d4a7a]F9[/b:88757d4a7a] en kies daarna voor [b:88757d4a7a]Scan[/b:88757d4a7a] en verwijder het vinkje bij [b:88757d4a7a]Heuristische analyse[/b:88757d4a7a] en klik op [b:88757d4a7a]OK[/b:88757d4a7a].
    * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations).
    * Selecteer hier [b:88757d4a7a]alle stations[/b:88757d4a7a]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    * Klik daarna de
  • Hoi Pim,

    Ik heb het eea gedaan. Ik kan je het volgende melden. Ik krijg foutmeldingsschermen:
    DEP windowsaanmeldingsscherm (deze is niet weg te klikken)
    logonui.exe fout
    wrij.exe en yfnc.exe beide in system32
    regedit toepassingsfout.

    Tijdens de scan kreeg ik twee keer een blauw beeld met witte letters, dat er iets niet goed ging en de pc startte vanzelf weer op.

    Ik zie er programma's hieronder bij staan die gerepareerd zijn, waar ik vol van verbazing ben.

    Maar goed.

    Hieronder logfile:

    winvnc4.exe c:\program files\realvnc\vnc4 Program.RemoteAdmin.origin
    dumprep.exe c:\windows\system32 Win32.Virut.30 Gerepareerd.
    ssqrpmm.dll c:\windows\system32 Adware.Duncan.origin
    taskmgr.exe c:\windows\system32 Win32.Virut.30 Gerepareerd.
    wrij.exe c:\windows\system32 Trojan.DownLoader.origin
    yfnc.exe c:\windows\system32 Waarschijnlijk BACKDOOR.Trojan
    AcroRd32Info.exe E:\Adobe\Acrobat 7.0\Reader Win32.Virut.30 Gerepareerd.
    reader_sl.exe E:\Adobe\Acrobat 7.0\Reader Win32.Virut.30 Gerepareerd.
    setup.exe E:\Adobe\Acrobat 7.0\Setup Files\RdrBig709\NLD Win32.Virut.30 Gerepareerd.
    AdobeReg32.exe E:\Adobe\Illustrator 8.0\Register Win32.Virut.30 Gerepareerd.
    Multi-Size Save.exe E:\Adobe\Photoshop 5.5\Goodies\Adobe ImageReady Only\Droplets Win32.Virut.30 Gerepareerd.
    AdobeReg32.exe E:\Adobe\Photoshop 5.5\Registration Win32.Virut.30 Gerepareerd.
    AdobeUpdateManager.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd.
    apdproxy.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd.
    ComponentLauncher.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd.
    PsaProxy.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd.
    Adobe Premiere Pro.exe E:\Adobe\Premiere Pro 1.5 Win32.Virut.30 Gerepareerd.
    pxhpinst.exe E:\Adobe\Premiere Pro 1.5 Win32.Virut.30 Gerepareerd.
    AAFx.exe E:\Adobe\Premiere Pro 1.5\Plug-ins\Common\AAF Win32.Virut.30 Gerepareerd.
    python.exe E:\Adobe\Premiere Pro 1.5\Plug-ins\Common\AAF Win32.Virut.30 Gerepareerd.
    Antimsblast.exe E:\Laurens\Diversen Win32.Virut.30 Gerepareerd.
    dvd2one140.exe E:\Laurens\Diversen Win32.Virut.30 Gerepareerd.
    CruzerLock2.exe E:\Laurens\gegevens usb stick cruzer\CruzerLock2 Win32.Virut.30 Gerepareerd.
    CruzerSync_v3_2_016.exe E:\Laurens\gegevens usb stick cruzer\CruzerSync Win32.Virut.30 Gerepareerd.
    CruzerPocketCache.exe E:\Laurens\gegevens usb stick cruzer\PocketCache Trial Version Win32.Virut.30 Gerepareerd.
    CopyFile.exe E:\Laurens\gegevens usb stick cruzer\SecurDataStorRM\Files Win32.Virut.30 Gerepareerd.
    SecurDataStor.exe E:\Laurens\gegevens usb stick cruzer\SecurDataStorRM\Files Win32.Virut.30 Gerepareerd.
    VisualGPSceInstall.exe E:\Laurens\pda\pda Win32.Virut.30 Gerepareerd.
    hpRUU.exe E:\Laurens\pda\pda rom upgrade Win32.Virut.30 Gerepareerd.
    SetupCheckPOInt5.exe E:\Laurens\pda\pda rom upgrade Win32.Virut.30 Gerepareerd.
    InstallTomTomHOME.exe E:\Laurens\pda\SD card PDA Win32.Virut.30 Gerepareerd.
    SetupCheckPOIntPOutlook_PPC2002.exe E:\Laurens\Tom Tom 5 + 5.1\EXTRA Win32.Virut.30 Gerepareerd.
    setup.exe E:\Laurens\Tom Tom 5 + 5.1\Stap 1\TomTom Navigator 5.00 Win32.Virut.30 Gerepareerd.
    SetupCheckPOInt5.exe E:\Laurens\Tom Tom 5 + 5.1\Stap 5 Win32.Virut.30 Gerepareerd.
    InstallTomTomHOME.exe E:\Laurens\Tom Tom 6\SD-Card Version\TT_6.010 Win32.Virut.30 Gerepareerd.
    Setup.exe E:\Laurens\Varel\050609_1152 (D)\Aics V6.05.019 ivs\Disk1 Win32.Virut.30 Gerepareerd.
    _ISDel.exe E:\Laurens\Varel\050609_1152 (D)\Aics V6.05.019 ivs\Disk1 Win32.Virut.30 Gerepareerd.
    setup.exe E:\Laurens\Varel\050609_1152 (D)\Dr InbouwPlus Win32.Virut.30 Gerepareerd.
    Setup.exe E:\Laurens\Varel\050609_1152 (D)\GMS-V5.01.042\GBR\Disk1 Win32.Virut.30 Gerepareerd.
    Autostart.exe E:\Laurens\Varel\050609_1152 (D)\NetworX NX 4,6,8,8plus Win32.Virut.30 Gerepareerd.
    UpdateDatabase.exe E:\Laurens\Varel\050609_1152 (D)\NetworX NX 4,6,8,8plus Win32.Virut.30 Gerepareerd.
    setup.exe E:\Laurens\Varel\050609_1152 (D)\Parsoft_V1_19_nl Win32.Virut.30 Gerepareerd.
    setup.exe E:\Laurens\Varel\050609_1152 (D)\Ram Mobile\DrInbouwPlus Win32.Virut.30 Gerepareerd.
    Setup.exe E:\Laurens\Varel\050609_1152 (D)\Titan V.01.04.05 Win32.Virut.30 Gerepareerd.
    _ISDel.exe E:\Laurens\Varel\050609_1152 (D)\Titan V.01.04.05 Win32.Virut.30 Gerepareerd.
    Autostart.exe E:\Laurens\Varel\050609_1152 (D)\UDX v2.02_IVS Win32.Virut.30 Gerepareerd.
    FileNames.exe E:\Laurens\Varel\050609_1152 (D)\UDX v2.02_IVS\Tools Win32.Virut.30 Gerepareerd.
    UpdateDatabase.exe E:\Laurens\Varel\050609_1152 (D)\UDX v2.02_IVS\Tools Win32.Virut.30 Gerepareerd.
    Setup.exe E:\Laurens\Varel\Titan ATS 1800 V1.04.01\SB077PB184 (D) Win32.Virut.30 Gerepareerd.
    _ISDel.exe E:\Laurens\Varel\Titan ATS 1800 V1.04.01\SB077PB184 (D) Win32.Virut.30 Gerepareerd.
    UNWISE.EXE E:\Laurens\X-box\XBConnect4 Win32.Virut.30 Gerepareerd.
    Player.exe E:\Laurens\X-box\XBConnect4\Chess Win32.Virut.30 Gerepareerd.
    UNWISE.EXE E:\Macromedia\Director 7 Win32.Virut.30 Gerepareerd.
    appletviewer_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    jar.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    jar_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    java.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javac.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javac_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javadoc.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javadoc_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javah_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javakey.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javakey_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javap.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javap_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javaverify_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javaw.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javaw_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    java_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    jdb.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    jdb_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    jre.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    jrew.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    native2ascii.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    native2ascii_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    rmic.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    rmic_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    rmiregistry_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    serialver_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd.
    javac.exe E:\Macromedia\Dreamweaver 8\JVM\bin Win32.Virut.30 Gerepareerd.
    keytool.exe E:\Macromedia\Dreamweaver 8\JVM\bin Win32.Virut.30 Gerepareerd.
    javac.exe E:\Macromedia\Dreamweaver MX\JVM\bin Win32.Virut.30 Gerepareerd.
    keytool.exe E:\Macromedia\Dreamweaver MX\JVM\bin Win32.Virut.30 Gerepareerd.
    Extension Manager.exe E:\Macromedia\Extension Manager Win32.Virut.30 Gerepareerd.
    Replace.exe E:\Macromedia\Extension Manager Win32.Virut.30 Gerepareerd.
    FlashLiteBundler.exe E:\Macromedia\Flash 8 Win32.Virut.30 Gerepareerd.
    SAFlashPlayer.exe E:\Macromedia\Flash MX\Players\Debug Win32.Virut.30 Gerepareerd.
    A0010799.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010800.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010801.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010802.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010803.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010804.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010805.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010806.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010807.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010808.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010809.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010810.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010811.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010812.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010813.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010814.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010815.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010816.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010817.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010818.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010819.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010820.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010821.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010822.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010823.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010824.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010825.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010826.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010827.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010828.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010829.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010830.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010831.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010832.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010833.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010834.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010835.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010836.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010837.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010838.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010839.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010840.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010841.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010842.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010843.EXE E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010844.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010845.EXE E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010846.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010847.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010848.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010849.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010850.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010851.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010852.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010853.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010854.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010855.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010856.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010857.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010858.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010859.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010860.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010861.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010862.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010863.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010864.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010865.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010866.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010867.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010868.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010869.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010870.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010871.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010872.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010873.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010874.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010875.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010876.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010877.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010878.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010879.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
    A0010880.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd.
  • Hoi Laurens,

    Ik heb helaas slecht nieuws voor je :( Je bent geinfecteerd met het Virut file infector.

    Deze infecteert bijna iedere .exe en .scr bestand aanwezig op je computer. Mede omdat dit een 'buggy' virus is die slecht geschreven is, is er geen beginnen aan om te desinfecteren. Daarom raad ik je aan om te formatteren en windows opnieuw te installeren. Zorg er dan wel voor dat je geen .exe en .scr bestanden gaat backuppen, want bij terugplaatsing van je backup zal je systeem opnieuw worden geinfecteerd.

    Succes!

    Pim
  • Beste Pim,

    Bedankt voor je antwoord en hulp.
    Hier zat ik dus niet echt op te wachten.
    Wat is nu voor mij het slimste om te doen?
    Ik heb een aantal prgramma's welke ik straks graag weer wil gebruiken, evenals mijn documenten. Ik heb meerdere harddisk in mijn pc.
    zijn deze ook geinfecteerd?
    Om WINXP weer draaiende te krijgen is niet zo'n probleem, maar mijn andere progs :cry:
    Enig idee?

    Bedankt voor je hulp.

    Gr. Laurens
  • Mijn documenten zou je moeten kunnen backuppen, zolang je maar geen .exe en .scr bestanden gaat backuppen. Of al je harde schijven zijn geinfecteerd durf ik niet meteen te zeggen, dit ga ik echter overleggen en zal ik zo spoedig mogelijk vertellen.

    Ik kom hier op terug.

    Pim
  • Met dank aan Miekiemoes :)

    Laat Drweb even alle harde schijven scannen en alle partities, alleen zo kom je te weten waar Virut heeft toegeslagen en ofdat je alles moet gaan formatteren.
  • Hoi Pim,

    Hartstikke fijn en bedankt voor de moeite.
    Ben momenteel aan het werk. IK ga het direct thuis proberen.
    Je hoort van me.

    Gr. Laurens
  • Beste Pim,

    Na vele pogingen om DrWeb te laten scannen (late avond geworden) geeft ik het op. de pc loopt steeds vast bij het scannen (start opnieuw op).
    Van een collega heb ik nog het prog. Virus Remover geprobeerd, zie log hieronder.

    Als ik een nieuwe install wil maken, kan ik dan mij huidige progm files naar een andere disk copien? Ik wil namelijk mijn progs wel blijven gebruiken. Ik weet niet of deze ook besmet zijn. In Mijn Documenten heb ik ook diverse udates en progs staan. Tevens op 2 andere harddisks.

    Kun je me vertellen hoe ik het beste een clean disk kan maken, dus alles verwijderen en C: correct formatteren?

    Ik dank je in iedere geval voor je hulp.

    Gr. Laurens

    log:

    ============ Remover for Win32/Virut ===============
    Date: 21.11.2007 00:59
    C:\Adobe\Dimensions 3.0\ADRes.dll; OK
    C:\Adobe\Dimensions 3.0\AGMDim.dll; OK
    C:\Adobe\Dimensions 3.0\CoolTypeDim.dll; OK
    C:\Adobe\Dimensions 3.0\Dimensions.exe; OK
    C:\Adobe\Dimensions 3.0\Plug-ins\3DMF.adp; OK
    C:\Adobe\Dimensions 3.0\Plug-ins\Draft.adp; OK
    C:\Adobe\Dimensions 3.0\Plug-ins\Mixed.adp; OK
    C:\Adobe\Dimensions 3.0\Plug-ins\PS3.adp; OK
    C:\Adobe\Dimensions 3.0\Plug-ins\Raster.adp; OK
    C:\Adobe\Dimensions 3.0\Plug-ins\TIFF.adp; OK
    C:\Adobe\Dimensions 3.0\rwdl6a20.dll; OK
    C:\Adobe\Dimensions 3.0\rwdl6b20.dll; OK
    C:\Adobe\Dimensions 3.0\rwdl8a20.dll; OK
    C:\Adobe\Dimensions 3.0\rwdl8b20.dll; OK
    C:\Adobe\Dimensions 3.0\rwl20.dll; OK
    C:\Bdienst\2003\IB2003.exe; OK
    C:\Bdienst\2003\IB2003s.exe; OK
    C:\Bdienst\2003\IB2003u.exe; OK
    C:\Bdienst\2003\TJ2003.exe; OK
    C:\Bdienst\2003\TJ2003s.exe; OK
    C:\Bdienst\2003\TJ2003u.exe; OK
    C:\Bdienst\2004\IB2004.exe; OK
    C:\Bdienst\2004\IB2004s.exe; OK
    C:\Bdienst\2004\IB2004u.exe; OK
    C:\Bdienst\2004\VT2004.exe; OK
    C:\Bdienst\2004\VT2004s.exe; OK
    C:\Bdienst\2004\VT2004u.exe; OK
    C:\Bdienst\2005\IB2005.exe; OK
    C:\Bdienst\2005\ib2005d.exe; OK
    C:\Bdienst\2005\IB2005u.exe; OK
    C:\Bdienst\2006\ib2006.exe; OK
    C:\Bdienst\2006\ib2006d.exe; OK
    C:\Bdienst\2006\ib2006u.exe; OK
    C:\Bdienst\2006\vt2006_win_setup.exe; OK
    C:\Bdienst\2007\vt2007.exe; OK
    C:\Bdienst\2007\vt2007d.exe; OK
    C:\Bdienst\2007\vt2007u.exe; OK
    C:\Bdienst\ib2005_win_setup.exe; OK
    C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe; OK
    C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe; OK
    C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe; OK
    C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe; OK
    C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe; OK
    C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe; OK
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\Registration\plus_corporate.prg.old; OK
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\Registration\plus_home_office.prg.old; OK
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\Registration\professional_corporate.prg.old; OK
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update
    ew\Registration\plus_corporate.prg.new; OK
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update
    ew\Registration\plus_home_office.prg.new; OK
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update
    ew\Registration\professional_corporate.prg.new; OK
    C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll; OK
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Clip Organizer\mstore10.mgc; OK
    C:\Documents and Settings\Jeannet\Application Data\Microsoft\Clip Organizer\Offic10.MGC; OK
    C:\Documents and Settings\Jeannet\Bureaublad\ib2006_win_setup(2).exe; OK
    C:\Documents and Settings\Jeannet\Bureaublad\ib2006_win_setup.exe; OK
    C:\Documents and Settings\Jeannet\Bureaublad\vt2007_win_setup.exe; OK
    C:\Documents and Settings\Jeannet\Mijn documenten\Mijn ontvangen bestanden\SCMPX.EXE; OK
    C:\Documents and Settings\Laurens\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_nl_NL.exe; OK
    C:\Documents and Settings\Laurens\Application Data\Adobe\Adobe GoLive\Settings9\Opera\plugins\PlugDef.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmf.exe; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_de.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_es.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_fr.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_ja.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_ko.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_zh.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_zh_cn.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\JuniperSetupApp.exe; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\JuniperSetupDLL.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\NeoterisSetup.ocx; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_de.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_en.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_es.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_fr.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_ja.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_ko.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_zh.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_zh_cn.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\uninstall.exe; OK
    C:\Documents and Settings\Laurens\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound\DirectSound.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset\Flash Asset.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset\Font Asset.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra\Font Xtra.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix\MacroMix.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices\Mix Services.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset\Shockwave 3d Asset.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl\Sound Control.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\swadcmpr.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\SWASTRM.X32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset\Text Asset.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra\TextXtra.x32; OK
    C:\Documents and Settings\Laurens\Application Data\Microsoft\Clip Organizer\mstore10.mgc; OK
    C:\Documents and Settings\Laurens\Application Data\Microsoft\Clip Organizer\Offic10.MGC; OK
    C:\Documents and Settings\Laurens\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll; OK
    C:\Documents and Settings\Laurens\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe; OK
    C:\Documents and Settings\Laurens\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe; OK
    C:\Documents and Settings\Laurens\Application Data\Microsoft\Outlook\Default Outlook Profile.srs; Can't open
    C:\Documents and Settings\Laurens\Application Data\Microsoft\Templates\Normal.dot; Can't open
    C:\Documents and Settings\Laurens\Bureaublad\ATF-Cleaner.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\drweb-cureit.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\GrabIt162b.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden
    l_setup(2).exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden
    l_setup(3).exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden
    l_setup.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden
    l_setup_beta.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\QuickPar-0.9.1.0-NLD.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\RemoteControlUpdate5.x_5.3.2.6.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\hitmanpro26.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\rmvirut.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\rmvirut.nt; OK
    C:\Documents and Settings\Laurens\Bureaublad\RVAXO.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\RVAXO1; OK
    C:\Documents and Settings\Laurens\Bureaublad\RVAXO3; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\cliptext.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\download.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\dummy.sys; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\ERDNT.E_E; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\ERUNT.EXE; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\FixPath.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\isadmin.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\LS.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\MD5File.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\moveex.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Process.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\procs.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\psservice.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\RegDACL.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\regedit.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\w2k
    ull.sys; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\W2K.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\xp
    ull.sys; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\XP.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\RestartIt!.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\sc.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\SF.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\shutdown.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\swreg.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\swsc.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\unzip.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\WINMSG.EXE; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\zip.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\attrib.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\find.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\findstr.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\regedit.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\catchme.exe; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\dummy.sys; OK
    C:\Documents and Settings\Laurens\Bureaublad\SDFix\SDFix.exe; OK
    C:\Documents and Settings\Laurens\Cookies\index.dat; Can't open
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006526.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006543.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006636.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006729.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006731.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006810.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006812.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006946.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006948.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006990.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006993.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007055.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007057.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007159.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007162.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007180.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007182.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007211.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007213.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007231.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007233.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007319.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007322.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007354.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007356.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007454.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007456.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007628.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0015025.EXE; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028134.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028135.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028139.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028143.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028308.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028309.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028311.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028412.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028413.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0029245.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\mshtml2.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\process.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\restart.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\setupdrv.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\SetupPoker.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\vncviewer.exe; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\winrnr2.dll; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\winrnr2.dllrtyrty; OK
    C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\wrij.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Application Data\Macromedia\Flash 8\en\Configuration\External Libraries\FLfile.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Outlook\Default Outlook Profileimap.strato-mail.net-00000014.pst; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Geschiedenis\History.IE5\index.dat; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Geschiedenis\History.IE5\MSHist012007112120071122\index.dat; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\dwebio32.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\dwebllio.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\setup.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\setup.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\_start.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\dwebio32.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\dwebllio.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\setup.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\setup.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\_start.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\dwebio32.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\dwebllio.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\setup.dll; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\setup.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\_start.exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temp\~DF3B95.tmp; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\AHUHUXOB\rmvirut[1].nt; OK
    C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\GPU381QN\drweb-cureit[1].exe; OK
    C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\index.dat; Can't open
    C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\UX4BSJ2V\rmvirut[1].exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\HijackThis.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\backups\backup-20050306-211203-518.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\backups\backup-20050307-184421-822-Startup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Handleidingen\DC-202 Router_NED.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\aaw2007.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\aawsepersonal.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\AdbeRdr707_nl_NL.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Antivirus_2.1.94.1460.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ArchivePlayer.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\async.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ATF-Cleaner.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\audacity-win-1.2.4b.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\BitTorrent-4.26.0.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\blazeftp.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\bulletproof.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\bulletproofftp.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cpu-z-127.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cpuz.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cureit.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cuteftp.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Dartcounter.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Dartscore.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\DC-202 Router_NED.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\demotour.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\DMsetup_nl.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Dutch.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dutch_languagepack_5-11.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvd-audio-ripper.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\drivers 3 com\3c905c_4_41.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\DV-PlayerLite Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\HlDriver\hldinst.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\PlayerLite\DV-PlayerLite Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\DVMessageServer.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\DVRec.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\DVStartUp.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\AddUser.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\MenuAdd.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\RegCopy.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\SetSystemColors.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\KH\DVRec.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\WdDriver\wdreg.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\WdDriver\windrvr.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\instmsiw.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\Drivers\xpress.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\DVRWDog.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\Hlprog.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\intrada.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\matchlib.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS1.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS2.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS3.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESSM.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPSW.DLL; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\Tools\DV-Aspi.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\Tools\Intel Application Accelerator.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\edonkey.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\FileZilla_Server_0_9_9.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Firefox Setup 1.5.0.7.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\FirefoxSetup-0.9.3.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\FSViewerSetup230Dutch.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Extras\Acrobat\Win9x_NT_2k\ar505enu.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Install\instmsia.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Install\instmsiw.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Install\setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost
    cdstart.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\cdrw.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\clone_ip.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\fw_1394.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\gwizard.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\index.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\map_drv.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\recovery.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\HamachiSetup-1.0.0.61-en.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hcw21nova-t.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hijackthis.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro214.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro221.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro231.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro243.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro25.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro26.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\holddemo.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\installspeedfan417.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\install_flash_player.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Install_Messenger_Beta.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\INSTALL_MSN_MESSENGER_DL.EXE; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\it222nld.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\iTunesSetup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\kasp1.7.130_anti-hackernl.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\lame.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\lame_enc.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ldm.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\limewire-nl.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\LimeWireWin.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\MediaMonkey_Setup_2_5_3.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\MK.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\mm20nld.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Morpheus.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\mp3gain-win-full-1_2_3.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\MSASYNC.EXE; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Content\Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\incdrm.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader
    t4\incdrm.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\Version.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Common Files\Lib\apreg.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Common Files\Lib\DriveLocker.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\InCD\InCDL.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\InCD\incdshx.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4
    t4\incdfs.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4
    t4\incdpass.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Redist\mfc42.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Redist\msvcrt.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\InCD.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdapi.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdrec.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdsrv.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdunt.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w2k\incdfs.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w2k\incdpass.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w9x\InCD.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w9x\incdapi.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w9x\incdu95.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\Aac.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\aacenc32.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\aacmp32.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\Aiff.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\DefConvertor.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\mp3PRO.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\mp3PRO_dmo.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\mp3PRO_hlp.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\msa.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\msa7\msa.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\Vqf.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\VqfDecLib.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\VqfEncLib.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\VqfEncLib1.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\wav.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeAudio.ax; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeFileSrc.ax; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeRender.ax; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeroIPP.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeVideo.ax; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\Lib\apreg.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\Lib\DriveLocker.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\Lib\NeroCBUI.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\CoverDesigner\CoverDes.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\CoverDesigner\CoverEdCtrl.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\IDriveSetup.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\ImageDrive.cpl; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\ImageDrive.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\imagedrv.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\imagedrv.mpd; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\imagedrv.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\AudioPluginMgr.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\CDCopy.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cdr100.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cdr50s.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\CDROM.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cdu920.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cr2200cs.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Drweb32.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\DVDREALLOC.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Dws114x.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Equalize.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\GENCUSH.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Generatr.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\geniso.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\GenUDF.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\image.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ImageGen.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ims.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ISOFS.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\KARAOKE.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\MMC.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\MPGEnc.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeCon.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeHDBlkAccess.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeMP3Dmo.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeMP3Hlp.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    ero.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    eroAPI.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    erocdNT.sys; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeroCmd.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeroCom.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    eroDB.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    eroErr.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeroMediaCon.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    eroscsi.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    eroshx.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    eRSDB.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeVCDEngine.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero
    ewtrf.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ReadHD32.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ro1420c.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\UDFImporter.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\VCDMenu.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\VMPEGEnc.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\WNASPI32.DLL; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition
    ero backitup\BackItUp.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition
    ero backitup\NBJ.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition
    ero backitup\NBR.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition
    ero soundtrax\EffectCtrl.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition
    ero soundtrax\SoundTrax.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero StartSmart\NeroStartSmart.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Toolkit\CDSpeed.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Toolkit\DriveSpeed.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Toolkit\InfoTool.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\AudioControls2.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\Axis.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\LEDMeter.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\Recording.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\vfft.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\vPlugIns.wpl; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\waveedit.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\WaveEdit.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\MSVCP60.DLL; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\msvcrt.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\WMFADist.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\wmfdist.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\setup\shortcut.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\atl.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\imagr5.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\imagx5.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\ImagXpr5.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\picn20.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\WMPBurn\NeroBurnPlugin.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\WMPBurn\WMPBurn.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6_Keygen.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroBurnRights.cpl; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroBurnRights.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroBurnRightsHelp.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroCo.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\Setup.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Aac.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\aacenc32.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Aiff.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\DefConvertor.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Downloaders.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\midi.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\mp3PRO.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\mp3PRO_dmo.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\mp3PRO_hlp.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\msa.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\msa7\msa.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\NeroIPP.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\video.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Vqf.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\VqfDecLib.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\VqfEncLib.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\VqfEncLib1.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\wav.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\Lib\DriveLocker.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\CoverDesigner\CoverDes.exe; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\CoverDesigner\CoverEdCtrl.ocx; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\CDCopy.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cdr100.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cdr50s.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\CDROM.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cdu920.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cr2200cs.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\Dws114x.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\Generatr.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\geniso.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\image.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\ImageGen.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\ims.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\ISOFS.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\MMC.dll; OK
    C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Ner


























  • Volgens mij zat ik aan het limiet van een bericht. :roll:
  • Aan bovenstaand logfile te zien zit Virut ook je Mijn Documenten map wat niet zo fijn is.
    Deze kan je backuppen, behalve de .exe en .scr files hierin. De programma's die je allemaal
    gebruikt zal je opnieuw moeten installeren.

    Je huidige map Program Files naar een andere schijf kopieeren is niet zo'n goed plan,
    omdat wanneer je deze terugplaatst het virus terug actief is en je dan overnieuw kan beginnen.
    De enige oplossing is dus door alle .exe files opnieuw te installeren op een schone installatie.

    Films, foto's, mp3 files etc kan je [b:c0183996ca]wel[/b:c0183996ca] behouden, alleen files die eindigen op .exe zijn
    geinfecteerd. Helaas zit er niks anders op. Laat dit enkel een wijze les voor je zijn door te stoppen
    met downloaden op cracks, serials etc. Virut wordt op deze website's veel verspreid.

    Hoe ik het in jou sitatie zou doen. Bestanden die ik kan behouden, dus films, foto's etc.
    naar de harde schijf kopieren waar Virut opstaat zodat je uiteindelijk een lege schijf hebt.
    Deze via een Windows opstart CD-rom helemaal formatteren (niet snelformatteren!). Vervolgens
    dingen die je kan bewaren op de pas geformatteerde schijf zetten en de overige schijven formatteren.
    Dan alles inrichten naar wens.

    Nogmaals: Let op dat je geen .exe en .scr files meeneemt, anders kan je opnieuw beginnen!

    Lees hier ook eens over het herinstalleren van Windows:
    http://www.jawwi.nl/nederlands/tips/installeren/installeren.html

    Succes ermee!

    Pim

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.