Vraag & Antwoord

Beveiliging & privacy

[HJT Log] wie wil mij helpen met mijn logfile?

19 antwoorden
  • Hallo, Wie wil er kijken naar mijn HJT logfile. De computer is sinds begin deze week traag en start slecht op. Ik heb 2 account en ik kreeg v/d week een DEP en een AVP.exe foutmelding en kon verder niks meer doen. Bureaublad was leeg en geen STARTmenu. Tevens krijg ik nu berichten over onveilige PROXY. Wie helpt mij? Alvast bedankt, Gr. Laurens LOG: Logfile of HijackThis v1.99.1 Scan saved at 12:33:49, on 16-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe C:\WINDOWS\system32\??mantec\n?tepad.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Laurens\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [smgr] mgrs.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKCU\..\Run: [Cast] "C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" -vt ndrv O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Wrkkh] C:\WINDOWS\system32\??mantec\n?tepad.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Broken Internet access because of LSP provider 'winrnr2.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - K:\CyberLink\Shared Files\RichVideo.exe (file missing) O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  • Download [url=http://downloads.andymanchesta.com/RemovalTools/SDFix.exe]SDFix[/url] naar je bureaublad. [list:5ca9f837f8] Dubbelklikken op SDFix.exe om het uit te pakken. Print onderstaande instrukties uit of kopieer ze naar een .txt bestand. Start op in [url=http://www.virushelp.nl/veilige_modus.htm]Veilige modus[/url] Open de uitgepakte SDFix folder (meestal hier te vinden: C:\SDFix) en dubbelklik [b:5ca9f837f8]RunThis.bat[/b:5ca9f837f8] om het script te starten. Typ [b:5ca9f837f8]Y[/b:5ca9f837f8] om de fix te beginnen en volg de instructie's. Druk op een toets als het nodig is. De computer zal herstarten. Dit duurt langer dan gewoonlijk. SDFix zal verder gaan met het verwijderen. Wacht tot er wordt gevraagt om op een toets te drukken. Het Bureaublad zal verschijnen en er zal een logje openen. Bewaar de inhoud van dit logje tijdelijk [/list:u:5ca9f837f8] Download [url=http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe]Combofix[/url] naar je Bureaublad. [list:5ca9f837f8] Dubbelklik [b:5ca9f837f8]Combofix.exe[/b:5ca9f837f8] Volg de instructies, aanvaard de disclaimer door "[b:5ca9f837f8]1[/b:5ca9f837f8]" te typen en te bevestigen via "[b:5ca9f837f8]Enter[/b:5ca9f837f8]". Tijdens het runnen van de fix, [b:5ca9f837f8]NIET[/b:5ca9f837f8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:5ca9f837f8] Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen. [i:5ca9f837f8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:5ca9f837f8] [b:5ca9f837f8]Note:[/b:5ca9f837f8] Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren. Plaats nu het logje van SDfix, die van combofix en een vers Hijackthis log in je volgende bericht. Succes! Pim
  • Beste Pim, Bedankt voor je hulp. Hierbij de logs. Gr. Laurens Logfile of HijackThis v1.99.1 Scan saved at 14:20:58, on 16-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\ComboFix\nircmd.cfexe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hijackthis.exe C:\Documents and Settings\Laurens\Mijn documenten\HijackThis.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Hkdhhtgi\kiuupsur.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC} - C:\WINDOWS\system32\kxvgihv.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe O4 - HKCU\..\Run: [Cast] "C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" -vt ndrv O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Wrkkh] C:\WINDOWS\system32\??mantec\n?tepad.exe O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Broken Internet access because of LSP provider 'winrnr2.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O20 - Winlogon Notify: byvspom - byvspom.dll (file missing) O20 - Winlogon Notify: winpya32 - winpya32.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - K:\CyberLink\Shared Files\RichVideo.exe (file missing) O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) ComboFix 07-11-08.3 - Laurens 2007-11-16 14:11:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.522 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . Onmogelijk Systeem Rechten te verkrijgen (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Laurens\Menu Start\Programma's\Outerinfo C:\Documents and Settings\Laurens\Menu Start\Programma's\Outerinfo\Terms.lnk C:\Documents and Settings\Laurens\Menu Start\Programma's\Outerinfo\Uninstall.lnk C:\Program Files\Common Files\fnts~1 C:\Program Files\Common Files\fnts~1\F?nts\ C:\Program Files\Common Files\fnts~1\wuauboot.exe C:\Program Files\Common Files\smbols~1 C:\WINDOWS\system32\drivers\LYV66.sys C:\WINDOWS\system32\fibagbia C:\WINDOWS\system32\fibagbia\bg1.gif C:\WINDOWS\system32\fibagbia\bgtop.gif C:\WINDOWS\system32\fibagbia\bottom1.gif C:\WINDOWS\system32\fibagbia\essentials.gif C:\WINDOWS\system32\fibagbia\fibagbia1.exe C:\WINDOWS\system32\fibagbia\fibagbia2.exe C:\WINDOWS\system32\fibagbia\fibagbia3.exe C:\WINDOWS\system32\fibagbia\icon1.ico C:\WINDOWS\system32\fibagbia\install1.gif C:\WINDOWS\system32\fibagbia\left1.gif C:\WINDOWS\system32\fibagbia\li.gif C:\WINDOWS\system32\fibagbia\logo.gif C:\WINDOWS\system32\fibagbia\main.htm C:\WINDOWS\system32\fibagbia\mainframe.htm C:\WINDOWS\system32\fibagbia\reinstall1.gif C:\WINDOWS\system32\fibagbia\right1.gif C:\WINDOWS\system32\fibagbia\s1.htm C:\WINDOWS\system32\fibagbia\s2.htm C:\WINDOWS\system32\fibagbia\s3.htm C:\WINDOWS\system32\fibagbia\SMTop1.gif C:\WINDOWS\system32\fibagbia\SMTop2.gif C:\WINDOWS\system32\fibagbia\SMTop3.gif C:\WINDOWS\system32\fibagbia\SMTop4.gif C:\WINDOWS\system32\fibagbia\soft1_off.gif C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif C:\WINDOWS\system32\fibagbia\soft1_on.gif C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif C:\WINDOWS\system32\fibagbia\soft2_off.gif C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif C:\WINDOWS\system32\fibagbia\soft2_on.gif C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif C:\WINDOWS\system32\fibagbia\soft3_off.gif C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif C:\WINDOWS\system32\fibagbia\soft3_on.gif C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif C:\WINDOWS\system32\fibagbia\softbottom_off.gif C:\WINDOWS\system32\fibagbia\softbottom_on.gif C:\WINDOWS\system32\fibagbia\softleft_off.gif C:\WINDOWS\system32\fibagbia\softleft_on.gif C:\WINDOWS\system32\fibagbia\top1.gif C:\WINDOWS\system32\fibagbia\top2.gif C:\WINDOWS\system32\fibagbia\turnoff1.gif C:\WINDOWS\system32\fibagbia\turnon1.gif C:\WINDOWS\system32\firewall.exe C:\WINDOWS\system32\mantec~1 C:\WINDOWS\system32\mantec~1\n?tepad.exe C:\WINDOWS\system32\mlllkif.dll C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\wnstsicom32.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_LYV66 -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 (((((((((((((((((((( Bestanden Gemaakt van 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))) . 2007-11-16 13:46 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-16 11:01 2,432 --a------ C:\WINDOWS\system32\unpr.sys 2007-11-15 22:57 <DIR> d-------- C:\Documents and Settings\Jeannet\Application Data\SurfRight 2007-11-15 21:02 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-15 21:01 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-15 21:01 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-15 21:01 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-15 20:04 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\SurfRight 2007-11-15 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-15 19:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-11-15 19:27 <DIR> d-------- C:\Program Files\SurfRight 2007-11-15 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-15 18:44 <DIR> d-------- C:\Program Files\MalwareAlarm 2007-11-15 12:23 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-11-15 12:23 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2007-11-15 12:23 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-11-15 12:23 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys 2007-11-15 12:23 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys 2007-11-15 12:23 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2007-11-14 19:04 179,200 --a------ C:\WINDOWS\system32\drivers\symavc32.sys 2007-11-14 19:03 122,880 --a------ C:\WINDOWS\system32\winrnr2.dll 2007-11-14 19:03 65,536 --a------ C:\oaif.exe 2007-11-14 19:03 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-11-13 16:22 294,912 --------- C:\WINDOWS\SETUP1.EXE 2007-11-13 16:22 80,384 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-11 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData 2007-11-07 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-07 14:43 <DIR> d-------- C:\Program Files\Opera 2007-11-07 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX 2007-11-07 14:39 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared 2007-11-07 14:38 <DIR> d-------- C:\Program Files\MAGIX 2007-11-07 14:38 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2007-11-07 14:38 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2007-11-07 14:38 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2007-11-07 14:37 <DIR> d-------- C:\WINDOWS\system32\MAGIX 2007-11-07 14:37 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll 2007-11-07 14:36 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-11-07 14:36 24,576 --a------ C:\WINDOWS\system32\FileOps.exe 2007-11-07 14:35 <DIR> d-------- C:\Program Files\Namo 2007-11-07 14:33 <DIR> d-------- C:\Program Files\Bonjour 2007-11-07 14:29 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-07 14:25 <DIR> d-------- C:\Program Files\OO Software 2007-11-07 14:08 116,736 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-11-07 14:08 115,712 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-10-30 15:19 <DIR> d-------- C:\Program Files\Common Files\AutoDesk Shared 2007-10-30 15:19 <DIR> d-------- C:\Program Files\ColorByNumbers 2007-10-26 16:41 <DIR> d-------- C:\Program Files\Deep Sleep 2007-10-26 16:37 <DIR> d-------- C:\Program Files\SmartFTP Client 2007-10-26 16:37 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\SmartFTP 2007-10-22 16:29 <DIR> d-------- C:\Program Files\RealVNC 2007-10-21 11:23 <DIR> d-------- C:\Program Files\DVD Audio Ripper Plus . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 13:08 --------- d-----w C:\Program Files\Hitman Pro 2007-11-16 12:38 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Juniper Networks 2007-11-15 21:28 --------- d-----w C:\Program Files\Lavasoft 2007-11-15 21:28 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Lavasoft 2007-11-15 21:21 --------- d-----w C:\Program Files\Spyware Doctor 2007-11-15 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-15 19:00 --------- d-----w C:\Program Files\Lx_cats 2007-11-15 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks 2007-11-07 13:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-07 13:36 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-07 13:07 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-10-31 21:51 --------- d-----w C:\Documents and Settings\Laurens\Application Data\LimeWire 2007-10-28 11:36 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Skype 2007-10-21 20:49 --------- d-----w C:\Program Files\Mp3 Knife 2007-10-21 10:43 --------- d-----w C:\Program Files\ImTOO 2007-10-21 10:38 --------- d-----w C:\Program Files\Xilisoft 2007-10-21 10:38 --------- d-----w C:\Documents and Settings\Laurens\Application Data\dvdcss 2007-10-18 11:36 --------- d-----w C:\Documents and Settings\Jeannet\Application Data\FaxCtr 2007-10-13 12:26 --------- d-----w C:\Documents and Settings\Laurens\Application Data\PC Suite 2007-10-13 12:24 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Nokia 2007-10-13 12:21 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Nokia Multimedia Player 2007-10-13 10:34 --------- d-----w C:\Program Files\DIFX 2007-10-13 10:34 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-10-13 10:34 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-13 10:33 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-10-13 10:33 --------- d-----w C:\Program Files\Nokia 2007-10-13 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-10-10 21:03 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-08 20:16 --------- d-----w C:\Program Files\LimeWire 2007-09-30 17:10 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Apple Computer 2007-09-25 20:29 --------- d-----w C:\Program Files\Apple Software Update 2007-09-25 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-09-22 18:46 --------- d-----w C:\Documents and Settings\Jeannet\Application Data\Apple Computer 2007-09-22 17:38 --------- d-----w C:\Program Files\QuickTime 2007-09-22 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-06-19 08:55 167 ----a-w C:\Documents and Settings\Laurens\4467.bat 2007-04-27 15:01 7,288 ----a-w C:\Program Files\hijackthis.log 2007-04-17 17:03 8 ----a-w C:\Documents and Settings\Laurens\Application Data\usb.dat.bin 2006-10-08 18:08 41,152 ----a-w C:\Documents and Settings\Laurens\Application Data\GDIPFONTCACHEV1.DAT 2006-09-12 22:33 41,152 ----a-w C:\Documents and Settings\Jeannet\Application Data\GDIPFONTCACHEV1.DAT 2005-02-16 09:06 227,328 ----a-w C:\Program Files\HijackThis.exe 2004-08-09 21:30 49,152 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}] C:\Program Files\Hkdhhtgi\kiuupsur.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC}] C:\WINDOWS\system32\kxvgihv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 07:51] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] "Spooler SubSystem App"="C:\WINDOWS\system32\spoolsvc.exe" [2004-08-04 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cast"="C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03] "Wrkkh"="C:\WINDOWS\system32\??mantec\n?tepad.exe" [] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 12:54] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 12:54:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byvspom] byvspom.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpya32] winpya32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap C:\WINDOWS\system32\pmnlm.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R1 tvtool;tvtool;\??\C:\Program Files\TVTool\tvtool.sys R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\Laurens\LOCALS~1\Temp\iMSPCLOj.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys . Inhoud van de 'Gedeelde Taken' map "2007-11-13 17:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 14:17:47 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\WINDOWS\MSCompPackV1.log 3338 bytes C:\WINDOWS\msdfmap.ini 1405 bytes C:\WINDOWS\msgsocm.log 40153 bytes C:\WINDOWS\msicpl.ini 0 bytes C:\WINDOWS\msmqinst.log 264548 bytes C:\WINDOWS\mui C:\WINDOWS\NeroDigital.ini 116 bytes C:\WINDOWS\netfxocm.log 133432 bytes C:\WINDOWS\NetwkCfg.txt 87 bytes C:\WINDOWS\nircmd.exe 58368 bytes executable C:\WINDOWS\notepad.exe 77312 bytes executable C:\WINDOWS\nsreg.dat 0 bytes C:\WINDOWS\NSREX.INI 0 bytes C:\WINDOWS\nsw.log 446 bytes C:\WINDOWS\ntbtlog.txt 711688 bytes C:\WINDOWS\ntdtcsetup.log 165503 bytes C:\WINDOWS\NuNinst.cfg 46017 bytes C:\WINDOWS\NuNinst.exe 1298432 bytes executable C:\WINDOWS\nview C:\WINDOWS\ocgen.log 416911 bytes C:\WINDOWS\SHELLNEW C:\WINDOWS\slrundll.exe 41058 bytes executable C:\WINDOWS\SoftwareDistribution C:\WINDOWS\SoundMan.exe 94208 bytes executable C:\WINDOWS\sprof32.dll 133120 bytes executable C:\WINDOWS\spupdsvc.log 78117 bytes C:\WINDOWS\SpywareDoctor5Install.log 126 bytes C:\WINDOWS\srchasst C:\WINDOWS\ssleay32.dll 155648 bytes executable C:\WINDOWS\ST6UNST.EXE 80384 bytes executable C:\WINDOWS\Stekkie.bmp 17336 bytes C:\WINDOWS\Sti_Trace.log 0 bytes C:\WINDOWS\Sun C:\WINDOWS\svcpack.log 484510 bytes C:\WINDOWS\swacnfg.ini 237 bytes C:\WINDOWS\system.ini 227 bytes C:\WINDOWS\system.tmp 227 bytes C:\WINDOWS\system32 C:\WINDOWS\tabletoc.log 36826 bytes C:\WINDOWS\TASKMAN.EXE 23040 bytes executable C:\WINDOWS\taskmen32.pif 99 bytes C:\WINDOWS\Tasks C:\WINDOWS\Temp C:\WINDOWS\TemplateWizard.INI 20 bytes C:\WINDOWS\WgaNotify.log 13892 bytes C:\WINDOWS\wiadebug.log 159 bytes C:\WINDOWS\wiaservc.log 313 bytes C:\WINDOWS\win.ini 917 bytes C:\WINDOWS\win.tmp 917 bytes C:\WINDOWS\Windows Update.log 23132 bytes C:\WINDOWS\WindowsShell.Manifest 749 bytes C:\WINDOWS\WindowsUpdate.log 1053063 bytes C:\WINDOWS\winhelp.exe 257072 bytes C:\WINDOWS\winhlp32.exe 294400 bytes executable C:\WINDOWS\wininit.ini 214 bytes C:\WINDOWS\winnt.bmp 48680 bytes C:\WINDOWS\winnt256.bmp 48680 bytes C:\WINDOWS\WinSxS C:\WINDOWS\WMFDist11.log 23344 bytes C:\WINDOWS\regopt.log 1672 bytes C:\WINDOWS\repair C:\WINDOWS\resetlog.txt 6675 bytes C:\WINDOWS\Resources C:\WINDOWS\Rhododendron.bmp 17362 bytes C:\WINDOWS\Rivier Sumida.bmp 26680 bytes C:\WINDOWS\RTHDCPL.exe 14863360 bytes executable C:\WINDOWS\RTLCPL.exe 9719808 bytes executable C:\WINDOWS\RtlExUpd.dll 487424 bytes executable C:\WINDOWS\RtlUpd.exe 364544 bytes executable C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes C:\WINDOWS\SchedLgU.Txt 32606 bytes C:\WINDOWS\sct101.log 21 bytes C:\WINDOWS\security C:\WINDOWS\ServicePackFiles C:\WINDOWS\sessmgr.setup.log 1277 bytes C:\WINDOWS\SET3.tmp 1085938 bytes C:\WINDOWS\SET7.tmp 13923 bytes C:\WINDOWS\SETUP1.EXE 294912 bytes executable C:\WINDOWS\setupact.log 170755 bytes C:\WINDOWS\setupapi.log 796347 bytes C:\WINDOWS\setuperr.log 0 bytes C:\WINDOWS\DtcInstall.log 360 bytes C:\WINDOWS\EHome C:\WINDOWS\erdnt C:\WINDOWS\ERUNT C:\WINDOWS\explorer.exe 1042944 bytes executable C:\WINDOWS\explorer.scf 80 bytes C:\WINDOWS\FaxSetup.log 760421 bytes C:\WINDOWS\Fonts C:\WINDOWS\ftpcache C:\WINDOWS\KB898461.log 6889 bytes C:\WINDOWS\KB911564.log 17840 bytes C:\WINDOWS\KB918899.log 21696 bytes C:\WINDOWS\KB926239.log 4989 bytes C:\WINDOWS\KB935840.log 12614 bytes C:\WINDOWS\msapps C:\WINDOWS\ocmsn.log 49196 bytes C:\WINDOWS\setuplog.txt 845897 bytes C:\WINDOWS\tsoc.log 370549 bytes C:\WINDOWS\Web C:\WINDOWS\DirectX.log 79189 bytes C:\WINDOWS\DJ2000.ini 1301 bytes C:\WINDOWS\Downloaded Installations C:\WINDOWS\Downloaded Program Files C:\WINDOWS\DPINST.LOG 51766 bytes C:\WINDOWS\Driver Cache C:\WINDOWS\isRS-000.tmp 689152 bytes executable C:\WINDOWS\IsUn0413.exe 317952 bytes executable C:\WINDOWS\IsUninst.exe 313856 bytes executable C:\WINDOWS\iTouch.ini 51 bytes C:\WINDOWS\java C:\WINDOWS\KB821253.log 437 bytes C:\WINDOWS\KB873339.log 25976 bytes C:\WINDOWS\KB884020.log 1072 bytes C:\WINDOWS\KB885250.log 27755 bytes C:\WINDOWS\KB885835.log 27940 bytes C:\WINDOWS\KB885836.log 26947 bytes C:\WINDOWS\KB885884.log 9931 bytes C:\WINDOWS\KB886185.log 12502 bytes C:\WINDOWS\KB887472.log 25985 bytes C:\WINDOWS\KB887742.log 26587 bytes C:\WINDOWS\KB888111.log 4440 bytes C:\WINDOWS\KB888113.log 26032 bytes C:\WINDOWS\KB888302.log 18668 bytes C:\WINDOWS\KB890046.log 20625 bytes C:\WINDOWS\KB890859.log 17491 bytes C:\WINDOWS\KB891781.log 23437 bytes C:\WINDOWS\KB893756.log 27425 bytes C:\WINDOWS\KB893803v2.log 5544 bytes C:\WINDOWS\KB894391.log 17393 bytes C:\WINDOWS\KB896358.log 27015 bytes C:\WINDOWS\KB896422.log 28118 bytes C:\WINDOWS\KB896423.log 25749 bytes C:\WINDOWS\KB896424.log 27800 bytes C:\WINDOWS\KB896428.log 16729 bytes C:\WINDOWS\KB899587.log 29001 bytes C:\WINDOWS\KB899589.log 20031 bytes C:\WINDOWS\KB899591.log 27613 bytes C:\WINDOWS\KB900485.log 11647 bytes C:\WINDOWS\KB900725.log 20411 bytes C:\WINDOWS\KB901017.log 27289 bytes C:\WINDOWS\KB901105.log 1556 bytes C:\WINDOWS\KB901214.log 19287 bytes C:\WINDOWS\KB902400.log 28705 bytes C:\WINDOWS\KB904706.log 17323 bytes C:\WINDOWS\KB905414.log 20352 bytes C:\WINDOWS\KB905749.log 17940 bytes C:\WINDOWS\KB905915.log 29403 bytes C:\WINDOWS\KB908519.log 15139 bytes C:\WINDOWS\KB908531.log 14945 bytes C:\WINDOWS\KB909394.log 5277 bytes C:\WINDOWS\KB910437.log 21601 bytes C:\WINDOWS\KB911280.log 11029 bytes C:\WINDOWS\KB911562.log 14178 bytes C:\WINDOWS\twain.dll 94784 bytes C:\WINDOWS\twain_32 C:\WINDOWS\twain_32.dll 50688 bytes executable C:\WINDOWS\twunk_16.exe 49680 bytes C:\WINDOWS\twunk_32.exe 32768 bytes executable C:\WINDOWS\uninst.exe 305664 bytes executable C:\WINDOWS\UninstAdmin.isu 599315 bytes C:\WINDOWS\UNNeroVision.cfg 81261 bytes C:\WINDOWS\UNNeroVision.exe 1298432 bytes executable C:\WINDOWS\updspapi.log 44414 bytes C:\WINDOWS\vb.ini 36 bytes C:\WINDOWS\vbaddin.ini 63 bytes C:\WINDOWS\vmmreg32.dll 18944 bytes executable C:\WINDOWS\KB911565.log 8837 bytes C:\WINDOWS\KB911567.log 10580 bytes C:\WINDOWS\KB911927.log 27805 bytes C:\WINDOWS\KB912812.log 16310 bytes C:\WINDOWS\KB912919.log 18137 bytes C:\WINDOWS\KB913446.log 11325 bytes C:\WINDOWS\KB913580.log 11674 bytes C:\WINDOWS\KB914388.log 12347 bytes C:\WINDOWS\KB914389.log 11477 bytes C:\WINDOWS\KB916281.log 17664 bytes C:\WINDOWS\KB916595.log 10394 bytes C:\WINDOWS\KB917159.log 11805 bytes C:\WINDOWS\KB917344.log 13924 bytes C:\WINDOWS\KB917422.log 12174 bytes C:\WINDOWS\KB917734.log 10111 bytes C:\WINDOWS\KB917953.log 13688 bytes C:\WINDOWS\KB918118.log 14197 bytes C:\WINDOWS\KB918439.log 13567 bytes C:\WINDOWS\KB919007.log 11448 bytes C:\WINDOWS\KB920213.log 14289 bytes C:\WINDOWS\KB920214.log 20056 bytes C:\WINDOWS\KB920670.log 12011 bytes C:\WINDOWS\KB920683.log 12395 bytes C:\WINDOWS\KB920685.log 11313 bytes C:\WINDOWS\KB920872.log 13497 bytes C:\WINDOWS\KB921398.log 18672 bytes C:\WINDOWS\KB921883.log 19009 bytes C:\WINDOWS\KB922582.log 7767 bytes C:\WINDOWS\KB922616.log 19089 bytes C:\WINDOWS\KB922760.log 17528 bytes C:\WINDOWS\KB922819.log 11772 bytes C:\WINDOWS\KB923191.log 5406 bytes C:\WINDOWS\KB923414.log 10928 bytes C:\WINDOWS\KB923689.log 14024 bytes C:\WINDOWS\KB923980.log 21711 bytes C:\WINDOWS\KB924191.log 6828 bytes C:\WINDOWS\KB924270.log 21351 bytes C:\WINDOWS\KB924496.log 11260 bytes C:\WINDOWS\KB924667.log 18804 bytes C:\WINDOWS\KB925398.log 17302 bytes C:\WINDOWS\KB925486.log 15426 bytes C:\WINDOWS\KB925902.log 17217 bytes C:\WINDOWS\ODBC.INI 859 bytes C:\WINDOWS\ODBCINST.INI 4207 bytes C:\WINDOWS\OEWABLog.txt 1859 bytes C:\WINDOWS\Offline Web Pages C:\WINDOWS\Patroon.bmp 16730 bytes C:\WINDOWS\PCDLIB32.DLL 212480 bytes executable C:\WINDOWS\PCHEALTH C:\WINDOWS\peernet C:\WINDOWS\pfpick.dll 58368 bytes executable C:\WINDOWS\PIF C:\WINDOWS\Prairie.bmp 65954 bytes C:\WINDOWS\Prefetch C:\WINDOWS\provisioning C:\WINDOWS\pss C:\WINDOWS\Q828026.log 3155 bytes C:\WINDOWS\QTFont.for 1409 bytes C:\WINDOWS\QTFont.qfn 54156 bytes C:\WINDOWS\regedit.exe 160256 bytes executable C:\WINDOWS\RegisteredPackages C:\WINDOWS\Registration C:\WINDOWS\wmp11.log 16407 bytes C:\WINDOWS\WMPrfNld.prx 32964 bytes C:\WINDOWS\WMPrfSve.prx 33314 bytes C:\WINDOWS\wmsetup.log 321887 bytes C:\WINDOWS\wmsetup10.log 9967 bytes C:\WINDOWS\WMSysPr9.prx 316640 bytes C:\WINDOWS\WMSysPrx.prx 299552 bytes C:\WINDOWS\WRUninstall.dll 478720 bytes executable C:\WINDOWS\Wudf01000Inst.log 9740 bytes C:\WINDOWS\xpsp1hfm.log 2082 bytes C:\WINDOWS\Zapotec.bmp 9522 bytes C:\WINDOWS\Zeepbellen.bmp 65978 bytes C:\WINDOWS\_default.pif 707 bytes C:\WINDOWS\KB926255.log 14287 bytes C:\WINDOWS\KB926436.log 15053 bytes C:\WINDOWS\KB927779.log 25629 bytes C:\WINDOWS\KB927802.log 22631 bytes C:\WINDOWS\KB927891.log 15171 bytes C:\WINDOWS\KB928255.log 22325 bytes C:\WINDOWS\KB928843.log 11800 bytes C:\WINDOWS\KB929123.log 15955 bytes C:\WINDOWS\KB929969.log 21352 bytes C:\WINDOWS\KB930178.log 15366 bytes C:\WINDOWS\KB930916.log 12437 bytes C:\WINDOWS\KB931261.log 19508 bytes C:\WINDOWS\KB931784.log 22778 bytes C:\WINDOWS\KB931836.log 29537 bytes C:\WINDOWS\KB932168.log 16001 bytes C:\WINDOWS\KB933566.log 23974 bytes C:\WINDOWS\KB935448.log 15516 bytes C:\WINDOWS\KB935839.log 12539 bytes C:\WINDOWS\gc401.cnf 42 bytes C:\WINDOWS\Groensteen.bmp 26582 bytes C:\WINDOWS\gsc401.cnf 1736 bytes C:\WINDOWS\Help C:\WINDOWS\hh.exe 17920 bytes executable C:\WINDOWS\icccodes.dll 20992 bytes executable C:\WINDOWS\iccsigs.dat 40129 bytes C:\WINDOWS\IE4 Error Log.txt 1043 bytes C:\WINDOWS\ie7_main.log 1391 bytes C:\WINDOWS\iis6.log 957719 bytes C:\WINDOWS\ime C:\WINDOWS\imsins.BAK 1355 bytes C:\WINDOWS\imsins.log 1355 bytes C:\WINDOWS\InCD C:\WINDOWS\inf C:\WINDOWS\Installer C:\WINDOWS\Internet Logs C:\WINDOWS\Kopje koffie.bmp 17062 bytes C:\WINDOWS\KPCMS.INI 173 bytes C:\WINDOWS\kpcp32.dll 197120 bytes executable C:\WINDOWS\kpsys32.dll 37376 bytes executable C:\WINDOWS\LDM.log 180 bytes C:\WINDOWS\libeay32.dll 684032 bytes executable C:\WINDOWS\medctroc.Log 56286 bytes C:\WINDOWS\Media C:\WINDOWS\mgxoschk.ini 6289 bytes C:\WINDOWS\MicCal.exe 2150400 bytes executable C:\WINDOWS\Microsoft.MIF 2510 bytes C:\WINDOWS\Minidump C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt 6874 bytes C:\WINDOWS\mozver.dat 2414 bytes C:\WINDOWS\msagent Scan succesvol afgerond verborgen bestanden: 292 ************************************************************************** . Voltooingstijd: 2007-11-16 14:19:11 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-23 13:12 C:\ComboFix2.txt ... 2007-06-23 13:12 . --- E O F --- SDFix: Version 1.114 Run by Laurens on vr 16-11-2007 at 13:46 Microsoft Windows XP [versie 5.1.2600] Running From: C:\DOCUME~1\Laurens\BUREAU~1\SDFix Safe Mode: Checking Services: Infected ip6fw.sys Found! ip6fw.sys File Locations: "C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys" 29056 03-08-2004 22:00 "C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 03-08-2004 22:00 "C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 03-08-2004 22:00 Infected File Listed Below: C:\WINDOWS\system32\drivers\ip6fw.sys Trojan File copied to Backups Folder Attempting to replace ip6fw.sys with original version... Original ip6fw.sys Restored Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing SharedAccess Service Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\Program Files\hlpsrv.exe - Deleted C:\d.exe - Deleted C:\WINDOWS\system32\2_exception.nls - Deleted C:\WINDOWS\system32\csrs.exe - Deleted C:\WINDOWS\system32\explorer.exe - Deleted C:\WINDOWS\system32\spoolsvc.exe - Deleted C:\WINDOWS\system32\winIogon.exe - Deleted C:\WINDOWS\system32\xpdx.sys - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 14:01:09 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00081b84e23a] "00124700c655"=hex:1d,12,71,45,82,45,ea,cc,93,e7,e1,fa,71,d7,53,37 "0012620292f0"=hex:ab,74,2f,0b,52,34,f4,f7,f9,36,4e,2f,eb,a3,7f,ef "001d983fa43d"=hex:ec,50,bc,dd,ff,4e,e4,7b,b6,0f,0e,ea,45,3b,90,b2 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lyv66] "Type"=dword:00000001 "Tag"=dword:00000001 "Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0" "ErrorControl"=dword:00000001 "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00081b84e23a] "00124700c655"=hex:1d,12,71,45,82,45,ea,cc,93,e7,e1,fa,71,d7,53,37 "0012620292f0"=hex:ab,74,2f,0b,52,34,f4,f7,f9,36,4e,2f,eb,a3,7f,ef "001d983fa43d"=hex:ec,50,bc,dd,ff,4e,e4,7b,b6,0f,0e,ea,45,3b,90,b2 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Lyv66] "Type"=dword:00000001 "Tag"=dword:00000001 "Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0" "ErrorControl"=dword:00000001 "Start"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00081b84e23a] "00124700c655"=hex:1d,12,71,45,82,45,ea,cc,93,e7,e1,fa,71,d7,53,37 "0012620292f0"=hex:ab,74,2f,0b,52,34,f4,f7,f9,36,4e,2f,eb,a3,7f,ef "001d983fa43d"=hex:ec,50,bc,dd,ff,4e,e4,7b,b6,0f,0e,ea,45,3b,90,b2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lyv66] "Type"=dword:00000001 "Tag"=dword:00000001 "Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0" "ErrorControl"=dword:00000001 "Start"=dword:00000000 scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\MSCompPackV1.log 3338 bytes C:\WINDOWS\msdfmap.ini 1405 bytes C:\WINDOWS\msgsocm.log 40153 bytes C:\WINDOWS\msicpl.ini 0 bytes C:\WINDOWS\msmqinst.log 264548 bytes C:\WINDOWS\mui C:\WINDOWS\NeroDigital.ini 116 bytes C:\WINDOWS\netfxocm.log 133432 bytes C:\WINDOWS\NetwkCfg.txt 87 bytes C:\WINDOWS\nircmd.exe 56320 bytes executable C:\WINDOWS\notepad.exe 77312 bytes executable C:\WINDOWS\nsreg.dat 0 bytes C:\WINDOWS\NSREX.INI 0 bytes C:\WINDOWS\nsw.log 446 bytes C:\WINDOWS\ntbtlog.txt 711688 bytes C:\WINDOWS\ntdtcsetup.log 165503 bytes C:\WINDOWS\NuNinst.cfg 46017 bytes C:\WINDOWS\NuNinst.exe 1298432 bytes executable C:\WINDOWS\nview C:\WINDOWS\nview\default.tvp 53768 bytes C:\WINDOWS\ocgen.log 416911 bytes C:\WINDOWS\SHELLNEW C:\WINDOWS\SHELLNEW\ACCESS9.MDB 98304 bytes C:\WINDOWS\SHELLNEW\EXCEL9.XLS 13824 bytes C:\WINDOWS\SHELLNEW\MSPROJ11.MPP 114176 bytes C:\WINDOWS\SHELLNEW\MSPUB.PUB 34816 bytes C:\WINDOWS\SHELLNEW\PWRPNT11.POT 12800 bytes C:\WINDOWS\SHELLNEW\WINWORD8.DOC 10752 bytes C:\WINDOWS\slrundll.exe 41058 bytes executable C:\WINDOWS\SoftwareDistribution C:\WINDOWS\SoftwareDistribution\AuthCabs C:\WINDOWS\SoftwareDistribution\DataStore C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb 6299648 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk 8192 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log 131072 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0008F.log 131072 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res1.log 131072 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log 131072 bytes C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes C:\WINDOWS\SoftwareDistribution\Download C:\WINDOWS\SoftwareDistribution\Download\07248c1ff7d0ded8444f29e05c4b99068d79c1e9 35846 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\bitsinst.exe 34304 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\bitsprx2.dll 7680 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\bitsprx3.dll 7168 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\obrs0413.dll 192512 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\qmgr.dll 360448 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\qmgrprxy.dll 17408 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\sp1qfe\winhttp.dll 331776 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\spmsg.dll 8192 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\spuninst.exe 166912 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\branches.inf 390 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\eula.txt 4386 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\KB842773.CAT 11900 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\spcustom.dll 22016 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\update.exe 626176 bytes executable C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\update.ver 602 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\updatebr.inf 389 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\update\update_SP1QFE.inf 24564 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_downloadprogress_.state 4 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_file_to_execute_.txt 17 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_unpacked_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\09c3c541ebad104c92cc446aebe4d40f\_useselfcontained_.state 50 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7 C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\backup C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2gdr C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2gdr\rmcast.sys 202240 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2qfe C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\sp2qfe\rmcast.sys 202496 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\spmsg.dll 15584 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\spuninst.exe 216800 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\susdl.rq0 269 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\branches.inf 705 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\eula.txt 893 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\KB919007.cat 10925 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\spcustom.dll 22752 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update.exe 725728 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update.url 5324 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update.ver 288 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\updatebr.inf 592 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update_SP1QFE.inf 8684 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update_SP2GDR.inf 10352 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\update_SP2QFE.inf 19212 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\update\updspapi.dll 389856 bytes executable C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\WindowsXP-KB919007-x86-NLD.psm 224 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\_downloadprogress_.state 4 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\_unpacked_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\902f573b942e6b80b5d01fa8a14275e7\_usedelta_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\d64d0e6d3b1d62b5b40b54899332395c3e02675d 569144 bytes executable C:\WINDOWS\SoftwareDistribution\Download\d95bb0c392f840a390e7c560f64718f979b18251 14462 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240 C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\backup C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr\kmixer.sys 172416 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr\splitter.sys 6400 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2gdr\wdmaud.sys 82944 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe\kmixer.sys 172416 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe\splitter.sys 6272 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\sp2qfe\wdmaud.sys 82944 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\spmsg.dll 15584 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\spuninst.exe 216800 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\susdl.rq0 633 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\branches.inf 705 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\eula.txt 893 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\KB920872.cat 11857 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\spcustom.dll 22752 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update.exe 725728 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update.url 5324 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update.ver 568 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\updatebr.inf 496 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update_SP2GDR.inf 10857 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\update_SP2QFE.inf 19453 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\update\updspapi.dll 389856 bytes executable C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\WindowsXP-KB920872-x86-NLD.psm 447 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\_downloadprogress_.state 4 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\_unpacked_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\df1547c54125a6c40bfb437bae3c5240\_usedelta_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\eb63b51986ac4a7b6b0d05f30c4afb5409d2af90 1214 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8 C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\backup C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2gdr C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2gdr\ciodm.dll 69120 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2gdr\query.dll 1440768 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2qfe C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2qfe\ciodm.dll 69120 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\sp2qfe\query.dll 1440768 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\spmsg.dll 15584 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\spuninst.exe 216800 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\susdl.rq0 436 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\branches.inf 705 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\eula.txt 893 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\KB920685.cat 11929 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\spcustom.dll 22752 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update.exe 725728 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update.url 5324 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update.ver 552 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\updatebr.inf 592 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update_SP1QFE.inf 8752 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update_SP2GDR.inf 10420 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\update_SP2QFE.inf 19280 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\update\updspapi.dll 389856 bytes executable C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\WindowsXP-KB920685-x86-NLD.psm 655 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\_downloadprogress_.state 4 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\_unpacked_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\1047a205d0d946b092d3591c780d31e8\_usedelta_.state 34 bytes C:\WINDOWS\SoftwareDistribution\Download\3dc0e8d0eb37b9ae9023d0b42af874a3779fc6de 1270 bytes C:\WINDOWS\SoftwareDistribution\Download\4bf44df7c57d8a66ec4611a13ae5d9d001969f4a 742824 bytes executable C:\WINDOWS\SoftwareDistribution\Download\4c505f6fa698c236054c179df29ff6562c56def6 1356 bytes C:\WINDOWS\SoftwareDistribution\Download\56e35031315fda3b4ec34e431ab78088a1c1b32a 20920 bytes C:\WINDOWS\SoftwareDistribution\Download\75cbb5d04284f479cbb28306074c4bf9bcc6e6ed 11168 bytes C:\WINDOWS\SoftwareDistribution\EventCache C:\WINDOWS\SoftwareDistribution\EventCache\{00EE9DFC-FE70-464B-BD86-5B43AAED483C}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{0267FD1B-808D-4275-8910-E02F89A0FA08}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{06338C2E-F322-4A0E-8B8D-6F3F9F6A4C5D}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{09888A8F-E2E7-4D37-BFE3-F99303744919}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{0BAD93F5-C291-4063-9E3C-9E452E01C6AE}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{0EC8BA5A-D910-4786-9294-9F70CFD1770A}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{12779C85-CCEF-4E22-A204-83E6EF3C6D7A}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{14230197-3908-42CC-ACB9-4DB216AFE207}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{159D4390-ABA5-45ED-98C6-B5504A45F086}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{17BDC3C3-72EC-492D-92BB-AEB3EBB86DE0}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{1A547776-45E5-4607-9E08-66E88D9F31DE}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{1B64689E-4B49-475D-9896-55BCA75E1789}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{1DE32651-59CD-4B2E-892C-CD637D76220C}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{5A6B6E60-5253-4FD5-BC32-D1087F7FDCA4}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{5DDE4925-96B0-4EB7-8725-F90854399487}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{61892E79-EE45-4FCE-98AD-1EA879DDB1D5}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{6ABBC577-EC39-4DCF-B889-7ADA9B824164}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{6EBF07FC-A763-44BE-A2D5-D68BE14812DC}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{6ED3BA05-A9BC-4E73-BA19-74523AF76FBD}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{710015CD-7FA1-4551-8D1A-C30D796026C6}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{72CD9172-DAA9-4F66-BA8C-D8EE8EB006B2}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{741B1B4C-E814-43CA-9B3C-6EB0B88E5154}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{76DF499C-0D09-4DBE-A19E-5A147ED595B4}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{A67A19EC-4D55-4935-90A2-F9DA09431738}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{B6DDF6EC-B638-44CA-B738-1F05F939BE70}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{B83B8316-89FE-4110-B226-5A1189EE59A4}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{B9ED7F6F-402C-4809-9061-A818575EB887}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{BACC5125-DAB1-4E61-BE65-FCF05AB924C5}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{BD0A7CC4-CAB1-4D9A-9655-6AD5985F5031}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{BD838C9B-80B9-4B5E-BB3C-9E185D99E34C}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{C62FF92D-5F26-4F08-9CD6-416B6BCDB9F0}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{C9B66B63-0302-4A29-91C0-27E18D450F51}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{CA384A86-AA4A-4B98-896F-F030E16249CB}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{CE9B4710-111D-40F1-97E9-708A2E695EF7}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{22B0B44D-8552-410A-8F84-525A68331E7F}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{237A0EFF-34BC-45BC-BB23-7D6EE44C7D9D}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{239B7B9C-A1FB-4837-BF70-C832A60176CA}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{29C440C1-4476-4AF3-9048-0B0575130A9D}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{2B4A4D0A-4D2B-474A-9BD5-D38387679242}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{2D362C17-FD19-43A1-BD6D-72A4536F28E2}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{2EDC9A2A-7A88-4D8F-9431-29847202B268}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{207E274C-4968-442C-BFBA-54BA3B9B663F}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{58E9AA2C-F6CE-4A19-8F70-0B222144F563}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{961EC523-8DA9-494E-B1A7-C3B3B66F3BFB}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{D3640A34-72B5-402D-BA85-450252092C2E}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{8954820C-DA9E-47CA-A11F-26BCFF359E9B}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{8C1F0343-ACF2-4766-8017-FCBFCC8A1D26}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{8F4AF69B-2D04-4EB2-8414-A65038F9A791}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{8F83F344-51F0-4F94-9059-3F064F842E2A}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{92FE8A0A-B44F-4ED1-9CDE-A09C8E2BA5E2}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{936AC07F-CCCA-4E64-ABAB-7BFF66643464}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{94412F9F-9885-4DF2-A986-E8CA3E9A1E81}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{D46F0C3D-3B32-48B1-9E7F-AB7804F6E554}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{D709A3F3-7BD4-4700-A01D-C2803D787A04}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{DB941CA8-3A25-4543-B2AB-FCC4F6D21798}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{DBDBABAE-12A1-48A8-A09A-AA1A408A4366}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{DE5CFCAF-FCCE-4FBC-8F1E-55B8B7F8E3C8}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{E288F493-C951-4A79-A1C5-739A3D88221C}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{E2DF3018-3971-4932-BF8F-0C71E838F9AF}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{E3DE1B25-492A-4F71-81E5-F0A35E6D5ED4}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{E47E56F2-53DF-4D29-93B6-64DBB78C21DA}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{F0928177-8A02-4511-86FA-A0D0AB3E78D8}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{F43F41EA-3086-431E-8E08-C1D394AFEEF3}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{F926B845-FB8C-46D4-9C54-2DFB28C8E707}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{31F6A085-9575-48F8-A4C9-642839C829FA}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{3252D404-F8A0-44B1-BA9A-43BE58C38A7F}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{386FA3F1-4002-4749-B5A3-6EE44D3FEBB4}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{3AF5F63C-29C2-4A26-8D66-2B1A6C2B5012}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{483D2444-B793-4EA9-AED7-3C54EB5C9C64}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{4AC95FE5-7E8D-4F1F-897E-46CFBB7E7104}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{507D6E83-0BCF-4D50-A4B0-6ACDC8CEF1AE}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{972807D5-6F33-4C77-AFAC-84059764378D}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{99BE0956-FC60-4472-A607-046C3038280B}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{9B452857-8904-4C31-89F2-9ADF2DA73E8B}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{9B75EF91-50E0-4B1D-8D8E-CF3491FDC4A6}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{9C15493D-6E82-4FC6-9E85-25FC9D9FA938}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{A217B6F3-CAD6-42F8-A489-B8C439C28FE9}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\EventCache\{A51D256B-5A15-4704-A2F8-A3CA74B1023A}.bin 8 bytes C:\WINDOWS\SoftwareDistribution\ReportingEvents.log 591614 bytes C:\WINDOWS\SoftwareDistribution\SelfUpdate C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab 25384 bytes C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cat 48256 bytes C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 13043 bytes C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab 10144 bytes C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.txt 1192 bytes C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered C:\WINDOWS\SoftwareDistribution\WuRedir C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77 C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab 10040 bytes C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.xml 617 bytes C:\WINDOWS\SoundMan.exe 94208 bytes executable C:\WINDOWS\sprof32.dll 133120 bytes executable C:\WINDOWS\spupdsvc.log 78117 bytes C:\WINDOWS\SpywareDoctor5Install.log 126 bytes C:\WINDOWS\srchasst C:\WINDOWS\srchasst\chars C:\WINDOWS\srchasst\chars\courtney.acs 816535 bytes C:\WINDOWS\srchasst\chars\earl.acs 1472718 bytes C:\WINDOWS\srchasst\chars\rover.acs 1861820 bytes C:\WINDOWS\srchasst\msgr3en.dll 3166208 bytes executable C:\WINDOWS\srchasst\mui C:\WINDOWS\srchasst\mui\0413 C:\WINDOWS\srchasst\mui\0413\balloon.xsl 34671 bytes C:\WINDOWS\srchasst\mui\0413\bar.xsl 34643 bytes C:\WINDOWS\srchasst\mui\0413\charchsr.xml 236 bytes C:\WINDOWS\srchasst\mui\0413\charctxt.xml 499 bytes C:\WINDOWS\srchasst\mui\0413\error.xml 100 bytes C:\WINDOWS\srchasst\mui\0413\finish.xml 1082 bytes C:\WINDOWS\srchasst\mui\0413\indxsvc.xml 1438 bytes C:\WINDOWS\srchasst\mui\0413\inetfind.xml 797 bytes C:\WINDOWS\srchasst\mui\0413\inetopts.xml 1457 bytes C:\WINDOWS\srchasst\mui\0413\inetpref.xml 2830 bytes C:\WINDOWS\srchasst\mui\0413\inetsrch.xml 1137 bytes C:\WINDOWS\srchasst\mui\0413\intents.xml 590 bytes C:\WINDOWS\srchasst\mui\0413\intro.xml 506 bytes C:\WINDOWS\srchasst\mui\0413\lcladv.xml 5626 bytes C:\WINDOWS\srchasst\mui\0413\lcladvd.xml 5571 bytes C:\WINDOWS\srchasst\mui\0413\lcladvdf.xml 5944 bytes C:\WINDOWS\srchasst\mui\0413\lcladvmm.xml 6760 bytes C:\WINDOWS\srchasst\mui\0413\lclcomp.xml 782 bytes C:\WINDOWS\srchasst\mui\0413\lcldate.xml 2018 bytes C:\WINDOWS\srchasst\mui\0413\lcldocs.xml 2514 bytes C:\WINDOWS\srchasst\mui\0413\lclkwrds.xml 448 bytes C:\WINDOWS\srchasst\mui\0413\lcllook.xml 347 bytes C:\WINDOWS\srchasst\mui\0413\lclmm.xml 2379 bytes C:\WINDOWS\srchasst\mui\0413\lclmode.xml 544 bytes C:\WINDOWS\srchasst\mui\0413\lclother.xml 684 bytes C:\WINDOWS\srchasst\mui\0413\lclprog.xml 2061 bytes C:\WINDOWS\srchasst\mui\0413\lclrfine.xml 6263 bytes C:\WINDOWS\srchasst\mui\0413\lclsize.xml 1541 bytes C:\WINDOWS\srchasst\mui\0413\lclsrch.xml 1276 bytes
  • dubbel :?
  • nog een keer dubbel :? :?
  • Er zit nog wat zooi op hoor: 1. Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan: [b:dcfeb27b81] O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Hkdhhtgi\kiuupsur.dll (file missing) O2 - BHO: (no name) - {BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC} - C:\WINDOWS\system32\kxvgihv.dll (file missing) O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\system32\spoolsvc.exe O4 - HKCU\..\Run: [Cast] "C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe" -vt ndrv O4 - HKCU\..\Run: [Wrkkh] C:\WINDOWS\system32\??mantec\n?tepad.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O20 - Winlogon Notify: byvspom - byvspom.dll (file missing) O20 - Winlogon Notify: winpya32 - winpya32.dll (file missing) [/b:dcfeb27b81] Sluit alle openstaande vensters, behalve Hijackthis en klik op 'fix checked'. 2. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster: [b:dcfeb27b81] File:: C:\WINDOWS\system32\unpr.sys C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\SETUP1.EXE Folder:: C:\Program Files\Hkdhhtgi C:\WINDOWS\system32\??mantec C:\Program Files\MalwareAlarm\ Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF5FD38-17F7-6C0F-D85B-4CE603F50DCC}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byvspom] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winpya32] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\00 [/b:dcfeb27b81] Sla dit op op je Bureaublad als [b:dcfeb27b81]CFScript.txt[/b:dcfeb27b81] Sleep [b:dcfeb27b81]CFScript.txt[/b:dcfeb27b81] in [b:dcfeb27b81]ComboFix.exe[/b:dcfeb27b81] zoals getoond in onderstaand voorbeeld : [img:dcfeb27b81]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:dcfeb27b81] Dit zal [b:dcfeb27b81]ComboFix[/b:dcfeb27b81] doen herstarten. Start opnieuw op als daarom gevraagd wordt en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje. Pim
  • Beste Pim, Het verbaast me elke keer weer dat er mensen zijn die van dit soort zaken zoveel af weten. Het is voor mij niet te begrijpen. De vraag is ook hoe je aan die rommel komt, die elke keer weer je systeem beinvloeden. Maar goed. Ik ben je zeer dankbaar voor je hulp. Hierbij nog wat LOGS. Gr. Laurens Logfile of HijackThis v1.99.1 Scan saved at 17:24:42, on 16-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SurfRight\Caretaker\CaretakerService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Laurens\Mijn documenten\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.planet.nl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - blank O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Broken Internet access because of LSP provider 'winrnr2.dll' missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://84.41.135.154/WinWebPush.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpninst.bbnv.nl/dana-cached/setup/JuniperSetupSP1.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - K:\CyberLink\Shared Files\RichVideo.exe (file missing) O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) ComboFix 07-11-08.3 - Laurens 2007-11-16 17:18:16.2 - NTFSx86 Gestart vanuit: C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe Command switches used :: C:\Documents and Settings\Laurens\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt FILE C:\PROGRA~1\COMMON~1\FNTS~1\wuauboot.exe C:\WINDOWS\SETUP1.EXE C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\system32\unpr.sys . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\MalwareAlarm\ C:\Program Files\MalwareAlarm\\MalwareAlarm.exe C:\Program Files\MalwareAlarm\\MalwareAlarm.lic C:\Program Files\MalwareAlarm\\MalwareAlarm0.ma C:\Program Files\MalwareAlarm\\MalwareAlarm1.ma C:\Program Files\MalwareAlarm\\Uninstall.exe C:\WINDOWS\SETUP1.EXE C:\WINDOWS\system32\drivers\symavc32.sys C:\WINDOWS\system32\spoolsvc.exe C:\WINDOWS\system32\unpr.sys . (((((((((((((((((((( Bestanden Gemaakt van 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))) . 2007-11-16 13:46 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-15 22:57 <DIR> d-------- C:\Documents and Settings\Jeannet\Application Data\SurfRight 2007-11-15 21:02 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-15 21:01 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-11-15 21:01 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-11-15 21:01 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-15 20:04 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\SurfRight 2007-11-15 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-15 19:28 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-11-15 19:27 <DIR> d-------- C:\Program Files\SurfRight 2007-11-15 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SurfRight 2007-11-15 12:23 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-11-15 12:23 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys 2007-11-15 12:23 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-11-15 12:23 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys 2007-11-15 12:23 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys 2007-11-15 12:23 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys 2007-11-14 19:03 122,880 --a------ C:\WINDOWS\system32\winrnr2.dll 2007-11-14 19:03 65,536 --a------ C:\oaif.exe 2007-11-14 19:03 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-11-13 16:22 80,384 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-11 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData 2007-11-07 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-07 14:43 <DIR> d-------- C:\Program Files\Opera 2007-11-07 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX 2007-11-07 14:39 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared 2007-11-07 14:38 <DIR> d-------- C:\Program Files\MAGIX 2007-11-07 14:38 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2007-11-07 14:38 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2007-11-07 14:38 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2007-11-07 14:37 <DIR> d-------- C:\WINDOWS\system32\MAGIX 2007-11-07 14:37 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll 2007-11-07 14:36 <DIR> d-------- C:\WINDOWS\system32\Adobe 2007-11-07 14:36 24,576 --a------ C:\WINDOWS\system32\FileOps.exe 2007-11-07 14:35 <DIR> d-------- C:\Program Files\Namo 2007-11-07 14:33 <DIR> d-------- C:\Program Files\Bonjour 2007-11-07 14:29 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-07 14:25 <DIR> d-------- C:\Program Files\OO Software 2007-11-07 14:08 116,736 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-11-07 14:08 115,712 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-10-30 15:19 <DIR> d-------- C:\Program Files\Common Files\AutoDesk Shared 2007-10-30 15:19 <DIR> d-------- C:\Program Files\ColorByNumbers 2007-10-26 16:41 <DIR> d-------- C:\Program Files\Deep Sleep 2007-10-26 16:37 <DIR> d-------- C:\Program Files\SmartFTP Client 2007-10-26 16:37 <DIR> d-------- C:\Documents and Settings\Laurens\Application Data\SmartFTP 2007-10-22 16:29 <DIR> d-------- C:\Program Files\RealVNC 2007-10-21 11:23 <DIR> d-------- C:\Program Files\DVD Audio Ripper Plus . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 13:18 --------- d-----w C:\Program Files\Hitman Pro 2007-11-16 12:38 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Juniper Networks 2007-11-15 21:28 --------- d-----w C:\Program Files\Lavasoft 2007-11-15 21:28 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Lavasoft 2007-11-15 21:21 --------- d-----w C:\Program Files\Spyware Doctor 2007-11-15 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-15 19:00 --------- d-----w C:\Program Files\Lx_cats 2007-11-15 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks 2007-11-07 13:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-07 13:36 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-07 13:07 20,640 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-10-31 21:51 --------- d-----w C:\Documents and Settings\Laurens\Application Data\LimeWire 2007-10-28 11:36 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Skype 2007-10-21 20:49 --------- d-----w C:\Program Files\Mp3 Knife 2007-10-21 10:43 --------- d-----w C:\Program Files\ImTOO 2007-10-21 10:38 --------- d-----w C:\Program Files\Xilisoft 2007-10-21 10:38 --------- d-----w C:\Documents and Settings\Laurens\Application Data\dvdcss 2007-10-18 11:36 --------- d-----w C:\Documents and Settings\Jeannet\Application Data\FaxCtr 2007-10-13 12:26 --------- d-----w C:\Documents and Settings\Laurens\Application Data\PC Suite 2007-10-13 12:24 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Nokia 2007-10-13 12:21 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Nokia Multimedia Player 2007-10-13 10:34 --------- d-----w C:\Program Files\DIFX 2007-10-13 10:34 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-10-13 10:34 --------- d-----w C:\Program Files\Common Files\Nokia 2007-10-13 10:33 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-10-13 10:33 --------- d-----w C:\Program Files\Nokia 2007-10-13 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-10-10 21:03 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-08 20:16 --------- d-----w C:\Program Files\LimeWire 2007-09-30 17:10 --------- d-----w C:\Documents and Settings\Laurens\Application Data\Apple Computer 2007-09-25 20:29 --------- d-----w C:\Program Files\Apple Software Update 2007-09-25 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-09-22 18:46 --------- d-----w C:\Documents and Settings\Jeannet\Application Data\Apple Computer 2007-09-22 17:38 --------- d-----w C:\Program Files\QuickTime 2007-09-22 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-06-19 08:55 167 ----a-w C:\Documents and Settings\Laurens\4467.bat 2007-04-27 15:01 7,288 ----a-w C:\Program Files\hijackthis.log 2007-04-17 17:03 8 ----a-w C:\Documents and Settings\Laurens\Application Data\usb.dat.bin 2006-10-08 18:08 41,152 ----a-w C:\Documents and Settings\Laurens\Application Data\GDIPFONTCACHEV1.DAT 2006-09-12 22:33 41,152 ----a-w C:\Documents and Settings\Jeannet\Application Data\GDIPFONTCACHEV1.DAT 2005-02-16 09:06 227,328 ----a-w C:\Program Files\HijackThis.exe 2004-08-09 21:30 49,152 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RegistryMechanic"="" [] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 07:51] "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 12:54] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-25 12:54:58] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys R1 mchInjDrv;madCodeHook DLL injection driver;\??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys R1 tvtool;tvtool;\??\C:\Program Files\TVTool\tvtool.sys R2 CaretakerSvc;Caretaker Service;"C:\Program Files\SurfRight\Caretaker\CaretakerService.exe" R2 CaretakerUpdate;Caretaker Updater;"C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe" R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\Laurens\LOCALS~1\Temp\iMSPCLOj.sys S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys . Inhoud van de 'Gedeelde Taken' map "2007-11-13 17:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 17:21:19 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwOpenFile scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\WINDOWS\MSCompPackV1.log 3338 bytes C:\WINDOWS\msdfmap.ini 1405 bytes C:\WINDOWS\msgsocm.log 40153 bytes C:\WINDOWS\msicpl.ini 0 bytes C:\WINDOWS\msmqinst.log 264548 bytes C:\WINDOWS\mui C:\WINDOWS\NeroDigital.ini 116 bytes C:\WINDOWS\netfxocm.log 133432 bytes C:\WINDOWS\NetwkCfg.txt 87 bytes C:\WINDOWS\nircmd.exe 58368 bytes executable C:\WINDOWS\notepad.exe 77312 bytes executable C:\WINDOWS\nsreg.dat 0 bytes C:\WINDOWS\NSREX.INI 0 bytes C:\WINDOWS\nsw.log 446 bytes C:\WINDOWS\ntbtlog.txt 711688 bytes C:\WINDOWS\ntdtcsetup.log 165503 bytes C:\WINDOWS\NuNinst.cfg 46017 bytes C:\WINDOWS\NuNinst.exe 1298432 bytes executable C:\WINDOWS\nview C:\WINDOWS\ocgen.log 416911 bytes C:\WINDOWS\SHELLNEW C:\WINDOWS\slrundll.exe 41058 bytes executable C:\WINDOWS\SoftwareDistribution C:\WINDOWS\SoundMan.exe 94208 bytes executable C:\WINDOWS\sprof32.dll 133120 bytes executable C:\WINDOWS\spupdsvc.log 78117 bytes C:\WINDOWS\SpywareDoctor5Install.log 126 bytes C:\WINDOWS\srchasst C:\WINDOWS\ssleay32.dll 155648 bytes executable C:\WINDOWS\ST6UNST.EXE 80384 bytes executable C:\WINDOWS\Stekkie.bmp 17336 bytes C:\WINDOWS\Sti_Trace.log 0 bytes C:\WINDOWS\Sun C:\WINDOWS\svcpack.log 484510 bytes C:\WINDOWS\swacnfg.ini 237 bytes C:\WINDOWS\system.ini 227 bytes C:\WINDOWS\system.tmp 227 bytes C:\WINDOWS\system32 C:\WINDOWS\tabletoc.log 36826 bytes C:\WINDOWS\TASKMAN.EXE 23040 bytes executable C:\WINDOWS\taskmen32.pif 99 bytes C:\WINDOWS\Tasks C:\WINDOWS\Temp C:\WINDOWS\TemplateWizard.INI 20 bytes C:\WINDOWS\WgaNotify.log 13892 bytes C:\WINDOWS\wiadebug.log 159 bytes C:\WINDOWS\wiaservc.log 313 bytes C:\WINDOWS\win.ini 917 bytes C:\WINDOWS\win.tmp 917 bytes C:\WINDOWS\Windows Update.log 23132 bytes C:\WINDOWS\WindowsShell.Manifest 749 bytes C:\WINDOWS\WindowsUpdate.log 1055564 bytes C:\WINDOWS\winhelp.exe 257072 bytes C:\WINDOWS\winhlp32.exe 294400 bytes executable C:\WINDOWS\wininit.ini 214 bytes C:\WINDOWS\winnt.bmp 48680 bytes C:\WINDOWS\winnt256.bmp 48680 bytes C:\WINDOWS\WinSxS C:\WINDOWS\WMFDist11.log 23344 bytes C:\WINDOWS\regopt.log 1672 bytes C:\WINDOWS\repair C:\WINDOWS\resetlog.txt 6675 bytes C:\WINDOWS\Resources C:\WINDOWS\Rhododendron.bmp 17362 bytes C:\WINDOWS\Rivier Sumida.bmp 26680 bytes C:\WINDOWS\RTHDCPL.exe 14863360 bytes executable C:\WINDOWS\RTLCPL.exe 9719808 bytes executable C:\WINDOWS\RtlExUpd.dll 487424 bytes executable C:\WINDOWS\RtlUpd.exe 364544 bytes executable C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes C:\WINDOWS\SchedLgU.Txt 32606 bytes C:\WINDOWS\sct101.log 21 bytes C:\WINDOWS\security C:\WINDOWS\ServicePackFiles C:\WINDOWS\sessmgr.setup.log 1277 bytes C:\WINDOWS\SET3.tmp 1085938 bytes C:\WINDOWS\SET7.tmp 13923 bytes C:\WINDOWS\setupact.log 170755 bytes C:\WINDOWS\setupapi.log 796347 bytes C:\WINDOWS\setuperr.log 0 bytes C:\WINDOWS\DtcInstall.log 360 bytes C:\WINDOWS\EHome C:\WINDOWS\erdnt C:\WINDOWS\ERUNT C:\WINDOWS\explorer.exe 1042944 bytes executable C:\WINDOWS\explorer.scf 80 bytes C:\WINDOWS\FaxSetup.log 760421 bytes C:\WINDOWS\Fonts C:\WINDOWS\ftpcache C:\WINDOWS\KB898461.log 6889 bytes C:\WINDOWS\KB911564.log 17840 bytes C:\WINDOWS\KB918899.log 21696 bytes C:\WINDOWS\KB926239.log 4989 bytes C:\WINDOWS\KB935840.log 12614 bytes C:\WINDOWS\msapps C:\WINDOWS\ocmsn.log 49196 bytes C:\WINDOWS\setuplog.txt 845897 bytes C:\WINDOWS\tsoc.log 370549 bytes C:\WINDOWS\Web C:\WINDOWS\DirectX.log 79189 bytes C:\WINDOWS\DJ2000.ini 1301 bytes C:\WINDOWS\Downloaded Installations C:\WINDOWS\Downloaded Program Files C:\WINDOWS\DPINST.LOG 51766 bytes C:\WINDOWS\Driver Cache C:\WINDOWS\isRS-000.tmp 689152 bytes executable C:\WINDOWS\IsUn0413.exe 317952 bytes executable C:\WINDOWS\IsUninst.exe 313856 bytes executable C:\WINDOWS\iTouch.ini 51 bytes C:\WINDOWS\java C:\WINDOWS\KB821253.log 437 bytes C:\WINDOWS\KB873339.log 25976 bytes C:\WINDOWS\KB884020.log 1072 bytes C:\WINDOWS\KB885250.log 27755 bytes C:\WINDOWS\KB885835.log 27940 bytes C:\WINDOWS\KB885836.log 26947 bytes C:\WINDOWS\KB885884.log 9931 bytes C:\WINDOWS\KB886185.log 12502 bytes C:\WINDOWS\KB887472.log 25985 bytes C:\WINDOWS\KB887742.log 26587 bytes C:\WINDOWS\KB888111.log 4440 bytes C:\WINDOWS\KB888113.log 26032 bytes C:\WINDOWS\KB888302.log 18668 bytes C:\WINDOWS\KB890046.log 20625 bytes C:\WINDOWS\KB890859.log 17491 bytes C:\WINDOWS\KB891781.log 23437 bytes C:\WINDOWS\KB893756.log 27425 bytes C:\WINDOWS\KB893803v2.log 5544 bytes C:\WINDOWS\KB894391.log 17393 bytes C:\WINDOWS\KB896358.log 27015 bytes C:\WINDOWS\KB896422.log 28118 bytes C:\WINDOWS\KB896423.log 25749 bytes C:\WINDOWS\KB896424.log 27800 bytes C:\WINDOWS\KB896428.log 16729 bytes C:\WINDOWS\KB899587.log 29001 bytes C:\WINDOWS\KB899589.log 20031 bytes C:\WINDOWS\KB899591.log 27613 bytes C:\WINDOWS\KB900485.log 11647 bytes C:\WINDOWS\KB900725.log 20411 bytes C:\WINDOWS\KB901017.log 27289 bytes C:\WINDOWS\KB901105.log 1556 bytes C:\WINDOWS\KB901214.log 19287 bytes C:\WINDOWS\KB902400.log 28705 bytes C:\WINDOWS\KB904706.log 17323 bytes C:\WINDOWS\KB905414.log 20352 bytes C:\WINDOWS\KB905749.log 17940 bytes C:\WINDOWS\KB905915.log 29403 bytes C:\WINDOWS\KB908519.log 15139 bytes C:\WINDOWS\KB908531.log 14945 bytes C:\WINDOWS\KB909394.log 5277 bytes C:\WINDOWS\KB910437.log 21601 bytes C:\WINDOWS\KB911280.log 11029 bytes C:\WINDOWS\KB911562.log 14178 bytes C:\WINDOWS\twain.dll 94784 bytes C:\WINDOWS\twain_32 C:\WINDOWS\twain_32.dll 50688 bytes executable C:\WINDOWS\twunk_16.exe 49680 bytes C:\WINDOWS\twunk_32.exe 32768 bytes executable C:\WINDOWS\uninst.exe 305664 bytes executable C:\WINDOWS\UninstAdmin.isu 599315 bytes C:\WINDOWS\UNNeroVision.cfg 81261 bytes C:\WINDOWS\UNNeroVision.exe 1298432 bytes executable C:\WINDOWS\updspapi.log 44414 bytes C:\WINDOWS\vb.ini 36 bytes C:\WINDOWS\vbaddin.ini 63 bytes C:\WINDOWS\vmmreg32.dll 18944 bytes executable C:\WINDOWS\KB911565.log 8837 bytes C:\WINDOWS\KB911567.log 10580 bytes C:\WINDOWS\KB911927.log 27805 bytes C:\WINDOWS\KB912812.log 16310 bytes C:\WINDOWS\KB912919.log 18137 bytes C:\WINDOWS\KB913446.log 11325 bytes C:\WINDOWS\KB913580.log 11674 bytes C:\WINDOWS\KB914388.log 12347 bytes C:\WINDOWS\KB914389.log 11477 bytes C:\WINDOWS\KB916281.log 17664 bytes C:\WINDOWS\KB916595.log 10394 bytes C:\WINDOWS\KB917159.log 11805 bytes C:\WINDOWS\KB917344.log 13924 bytes C:\WINDOWS\KB917422.log 12174 bytes C:\WINDOWS\KB917734.log 10111 bytes C:\WINDOWS\KB917953.log 13688 bytes C:\WINDOWS\KB918118.log 14197 bytes C:\WINDOWS\KB918439.log 13567 bytes C:\WINDOWS\KB919007.log 11448 bytes C:\WINDOWS\KB920213.log 14289 bytes C:\WINDOWS\KB920214.log 20056 bytes C:\WINDOWS\KB920670.log 12011 bytes C:\WINDOWS\KB920683.log 12395 bytes C:\WINDOWS\KB920685.log 11313 bytes C:\WINDOWS\KB920872.log 13497 bytes C:\WINDOWS\KB921398.log 18672 bytes C:\WINDOWS\KB921883.log 19009 bytes C:\WINDOWS\KB922582.log 7767 bytes C:\WINDOWS\KB922616.log 19089 bytes C:\WINDOWS\KB922760.log 17528 bytes C:\WINDOWS\KB922819.log 11772 bytes C:\WINDOWS\KB923191.log 5406 bytes C:\WINDOWS\KB923414.log 10928 bytes C:\WINDOWS\KB923689.log 14024 bytes C:\WINDOWS\KB923980.log 21711 bytes C:\WINDOWS\KB924191.log 6828 bytes C:\WINDOWS\KB924270.log 21351 bytes C:\WINDOWS\KB924496.log 11260 bytes C:\WINDOWS\KB924667.log 18804 bytes C:\WINDOWS\KB925398.log 17302 bytes C:\WINDOWS\KB925486.log 15426 bytes C:\WINDOWS\KB925902.log 17217 bytes C:\WINDOWS\ODBC.INI 859 bytes C:\WINDOWS\ODBCINST.INI 4207 bytes C:\WINDOWS\OEWABLog.txt 1859 bytes C:\WINDOWS\Offline Web Pages C:\WINDOWS\Patroon.bmp 16730 bytes C:\WINDOWS\PCDLIB32.DLL 212480 bytes executable C:\WINDOWS\PCHEALTH C:\WINDOWS\peernet C:\WINDOWS\pfpick.dll 58368 bytes executable C:\WINDOWS\PIF C:\WINDOWS\Prairie.bmp 65954 bytes C:\WINDOWS\Prefetch C:\WINDOWS\provisioning C:\WINDOWS\pss C:\WINDOWS\Q828026.log 3155 bytes C:\WINDOWS\QTFont.for 1409 bytes C:\WINDOWS\QTFont.qfn 54156 bytes C:\WINDOWS\regedit.exe 160256 bytes executable C:\WINDOWS\RegisteredPackages C:\WINDOWS\Registration C:\WINDOWS\wmp11.log 16407 bytes C:\WINDOWS\WMPrfNld.prx 32964 bytes C:\WINDOWS\WMPrfSve.prx 33314 bytes C:\WINDOWS\wmsetup.log 321887 bytes C:\WINDOWS\wmsetup10.log 9967 bytes C:\WINDOWS\WMSysPr9.prx 316640 bytes C:\WINDOWS\WMSysPrx.prx 299552 bytes C:\WINDOWS\WRUninstall.dll 478720 bytes executable C:\WINDOWS\Wudf01000Inst.log 9740 bytes C:\WINDOWS\xpsp1hfm.log 2082 bytes C:\WINDOWS\Zapotec.bmp 9522 bytes C:\WINDOWS\Zeepbellen.bmp 65978 bytes C:\WINDOWS\_default.pif 707 bytes C:\WINDOWS\KB926255.log 14287 bytes C:\WINDOWS\KB926436.log 15053 bytes C:\WINDOWS\KB927779.log 25629 bytes C:\WINDOWS\KB927802.log 22631 bytes C:\WINDOWS\KB927891.log 15171 bytes C:\WINDOWS\KB928255.log 22325 bytes C:\WINDOWS\KB928843.log 11800 bytes C:\WINDOWS\KB929123.log 15955 bytes C:\WINDOWS\KB929969.log 21352 bytes C:\WINDOWS\KB930178.log 15366 bytes C:\WINDOWS\KB930916.log 12437 bytes C:\WINDOWS\KB931261.log 19508 bytes C:\WINDOWS\KB931784.log 22778 bytes C:\WINDOWS\KB931836.log 29537 bytes C:\WINDOWS\KB932168.log 16001 bytes C:\WINDOWS\KB933566.log 23974 bytes C:\WINDOWS\KB935448.log 15516 bytes C:\WINDOWS\KB935839.log 12539 bytes C:\WINDOWS\gc401.cnf 42 bytes C:\WINDOWS\Groensteen.bmp 26582 bytes C:\WINDOWS\gsc401.cnf 1736 bytes C:\WINDOWS\Help C:\WINDOWS\hh.exe 17920 bytes executable C:\WINDOWS\icccodes.dll 20992 bytes executable C:\WINDOWS\iccsigs.dat 40129 bytes C:\WINDOWS\IE4 Error Log.txt 1043 bytes C:\WINDOWS\ie7_main.log 1391 bytes C:\WINDOWS\iis6.log 957719 bytes C:\WINDOWS\ime C:\WINDOWS\imsins.BAK 1355 bytes C:\WINDOWS\imsins.log 1355 bytes C:\WINDOWS\InCD C:\WINDOWS\inf C:\WINDOWS\Installer C:\WINDOWS\Internet Logs C:\WINDOWS\Kopje koffie.bmp 17062 bytes C:\WINDOWS\KPCMS.INI 173 bytes C:\WINDOWS\kpcp32.dll 197120 bytes executable C:\WINDOWS\kpsys32.dll 37376 bytes executable C:\WINDOWS\LDM.log 180 bytes C:\WINDOWS\libeay32.dll 684032 bytes executable C:\WINDOWS\medctroc.Log 56286 bytes C:\WINDOWS\Media C:\WINDOWS\mgxoschk.ini 6289 bytes C:\WINDOWS\MicCal.exe 2150400 bytes executable C:\WINDOWS\Microsoft.MIF 2510 bytes C:\WINDOWS\Minidump C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt 6874 bytes C:\WINDOWS\mozver.dat 2414 bytes C:\WINDOWS\msagent Scan succesvol afgerond verborgen bestanden: 291 ************************************************************************** . Voltooingstijd: 2007-11-16 17:21:58 C:\ComboFix-quarantined-files.txt ... 2007-06-23 13:12 C:\ComboFix2.txt ... 2007-11-16 14:19 C:\ComboFix3.txt ... 2007-06-23 13:12 . --- E O F ---
  • Beste Pim, Ik moet zeggen dat ik geen pop-ups meer krijg, het opstarten van WIN XP gaat wel vlot. Het openen van programma's en IE gaat nog met vertraging. Gr. Laurens
  • Pim, Misschien wil je nog even kijken. De pc is vrij traag. Gr. Laurens
  • Hoi Laurens, Ik ben in het weekend minder actief. Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF Cleaner[/url] (by Atribune) Dubbelklik op ATF cleaner om het programma te starten. Op het tabblad "Main", plaats je een vinkje bij [b:88757d4a7a]Select All[/b:88757d4a7a]. Klik op de knop [b:88757d4a7a]Empty Selected[/b:88757d4a7a]. Het volgende doen als je ook [u:88757d4a7a]FireFox[/u:88757d4a7a] als browser hebt: Klik op tabblad "Firefox", plaats een vinkje bij [b:88757d4a7a]Select All[/b:88757d4a7a]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:88757d4a7a]Empty Selected.[/b:88757d4a7a] Het volgende doen als je ook [u:88757d4a7a]Opera[/u:88757d4a7a] als browser hebt: Klik op tabblad "Opera", plaats een vinkje bij [b:88757d4a7a]Select All[/b:88757d4a7a]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:88757d4a7a]Empty Selected[/b:88757d4a7a]. Ga naar het tabblad "Main" en klik op de knop [b:88757d4a7a]Exit[/b:88757d4a7a] om het programma af te sluiten. Download [url=ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe]Dr.Web Cureit[/url] naar je bureaublad. [list:88757d4a7a] * Dubbelklik [b:88757d4a7a]drweb-cureit.exe[/b:88757d4a7a] en sta het toe om de express scan te starten. * Indien een popup verschijnt met het voorstel tot kopen/50% korting, mag je deze sluiten met het kruisje. * Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de [b:88757d4a7a]Yes to all[/b:88757d4a7a] knop bij de vraag 'cure it?'. Dit is enkel een korte scan. * Kies bovenaan in het menu voor [b:88757d4a7a]Language/Taal[/b:88757d4a7a] en wijzig deze naar [b:88757d4a7a]Dutch (Nederlands)[/b:88757d4a7a] indien deze bij jou anders staat ingesteld. * Druk op [b:88757d4a7a]F9[/b:88757d4a7a] en kies daarna voor [b:88757d4a7a]Acties[/b:88757d4a7a] en stel daar het volgende in onder [b:88757d4a7a]Malware[/b:88757d4a7a] : o Adware: [b:88757d4a7a]Verplaats[/b:88757d4a7a] Dialers: [b:88757d4a7a]Verplaats[/b:88757d4a7a] Jokes: [b:88757d4a7a]Rapportage[/b:88757d4a7a] Riskware: [b:88757d4a7a]Rapportage[/b:88757d4a7a] Hacktools: [b:88757d4a7a]Verplaats[/b:88757d4a7a] Haal dan het [b:88757d4a7a]vinkje weg bij "Prompt bij actie"[/b:88757d4a7a]. Druk dan op [b:88757d4a7a]OK[/b:88757d4a7a]. * Druk op [b:88757d4a7a]F9[/b:88757d4a7a] en kies daarna voor [b:88757d4a7a]Scan[/b:88757d4a7a] en verwijder het vinkje bij [b:88757d4a7a]Heuristische analyse[/b:88757d4a7a] en klik op [b:88757d4a7a]OK[/b:88757d4a7a]. * Eenmaal de korte scan is beeïndigd, kan je de drives selecteren die je wilt laten scannen (Selecteer stations). * Selecteer hier [b:88757d4a7a]alle stations[/b:88757d4a7a]. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen. * Klik daarna de [color=green:88757d4a7a]groene pijl[/color:88757d4a7a] rechts om de scan te starten. * Gevonden bestanden worden naar de "%userprofile%\DoctorWeb\quarantaine-map" verplaatst, indien herstel niet mogelijk is. * Nadat de scan gedaan is, in het menu bovenaan, klik [b:88757d4a7a]Bestand[/b:88757d4a7a] en kies [b:88757d4a7a]Rapportage lijst opslaan[/b:88757d4a7a]. Bewaar het op je Bureaublad. * Sluit daarna Dr.Web Cureit. * [b:88757d4a7a]Herstart[/b:88757d4a7a] je computer!! [i:88757d4a7a]Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.[/i:88757d4a7a] * Na het herstarten, [b:88757d4a7a]kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.[/b:88757d4a7a] [/list:u:88757d4a7a] Pim
  • Hoi Pim, Ik heb het eea gedaan. Ik kan je het volgende melden. Ik krijg foutmeldingsschermen: DEP windowsaanmeldingsscherm (deze is niet weg te klikken) logonui.exe fout wrij.exe en yfnc.exe beide in system32 regedit toepassingsfout. Tijdens de scan kreeg ik twee keer een blauw beeld met witte letters, dat er iets niet goed ging en de pc startte vanzelf weer op. Ik zie er programma's hieronder bij staan die gerepareerd zijn, waar ik vol van verbazing ben. Maar goed. Hieronder logfile: winvnc4.exe c:\program files\realvnc\vnc4 Program.RemoteAdmin.origin dumprep.exe c:\windows\system32 Win32.Virut.30 Gerepareerd. ssqrpmm.dll c:\windows\system32 Adware.Duncan.origin taskmgr.exe c:\windows\system32 Win32.Virut.30 Gerepareerd. wrij.exe c:\windows\system32 Trojan.DownLoader.origin yfnc.exe c:\windows\system32 Waarschijnlijk BACKDOOR.Trojan AcroRd32Info.exe E:\Adobe\Acrobat 7.0\Reader Win32.Virut.30 Gerepareerd. reader_sl.exe E:\Adobe\Acrobat 7.0\Reader Win32.Virut.30 Gerepareerd. setup.exe E:\Adobe\Acrobat 7.0\Setup Files\RdrBig709\NLD Win32.Virut.30 Gerepareerd. AdobeReg32.exe E:\Adobe\Illustrator 8.0\Register Win32.Virut.30 Gerepareerd. Multi-Size Save.exe E:\Adobe\Photoshop 5.5\Goodies\Adobe ImageReady Only\Droplets Win32.Virut.30 Gerepareerd. AdobeReg32.exe E:\Adobe\Photoshop 5.5\Registration Win32.Virut.30 Gerepareerd. AdobeUpdateManager.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd. apdproxy.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd. ComponentLauncher.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd. PsaProxy.exe E:\Adobe\Photoshop Album Starter Edition\3.0\Apps Win32.Virut.30 Gerepareerd. Adobe Premiere Pro.exe E:\Adobe\Premiere Pro 1.5 Win32.Virut.30 Gerepareerd. pxhpinst.exe E:\Adobe\Premiere Pro 1.5 Win32.Virut.30 Gerepareerd. AAFx.exe E:\Adobe\Premiere Pro 1.5\Plug-ins\Common\AAF Win32.Virut.30 Gerepareerd. python.exe E:\Adobe\Premiere Pro 1.5\Plug-ins\Common\AAF Win32.Virut.30 Gerepareerd. Antimsblast.exe E:\Laurens\Diversen Win32.Virut.30 Gerepareerd. dvd2one140.exe E:\Laurens\Diversen Win32.Virut.30 Gerepareerd. CruzerLock2.exe E:\Laurens\gegevens usb stick cruzer\CruzerLock2 Win32.Virut.30 Gerepareerd. CruzerSync_v3_2_016.exe E:\Laurens\gegevens usb stick cruzer\CruzerSync Win32.Virut.30 Gerepareerd. CruzerPocketCache.exe E:\Laurens\gegevens usb stick cruzer\PocketCache Trial Version Win32.Virut.30 Gerepareerd. CopyFile.exe E:\Laurens\gegevens usb stick cruzer\SecurDataStorRM\Files Win32.Virut.30 Gerepareerd. SecurDataStor.exe E:\Laurens\gegevens usb stick cruzer\SecurDataStorRM\Files Win32.Virut.30 Gerepareerd. VisualGPSceInstall.exe E:\Laurens\pda\pda Win32.Virut.30 Gerepareerd. hpRUU.exe E:\Laurens\pda\pda rom upgrade Win32.Virut.30 Gerepareerd. SetupCheckPOInt5.exe E:\Laurens\pda\pda rom upgrade Win32.Virut.30 Gerepareerd. InstallTomTomHOME.exe E:\Laurens\pda\SD card PDA Win32.Virut.30 Gerepareerd. SetupCheckPOIntPOutlook_PPC2002.exe E:\Laurens\Tom Tom 5 + 5.1\EXTRA Win32.Virut.30 Gerepareerd. setup.exe E:\Laurens\Tom Tom 5 + 5.1\Stap 1\TomTom Navigator 5.00 Win32.Virut.30 Gerepareerd. SetupCheckPOInt5.exe E:\Laurens\Tom Tom 5 + 5.1\Stap 5 Win32.Virut.30 Gerepareerd. InstallTomTomHOME.exe E:\Laurens\Tom Tom 6\SD-Card Version\TT_6.010 Win32.Virut.30 Gerepareerd. Setup.exe E:\Laurens\Varel\050609_1152 (D)\Aics V6.05.019 ivs\Disk1 Win32.Virut.30 Gerepareerd. _ISDel.exe E:\Laurens\Varel\050609_1152 (D)\Aics V6.05.019 ivs\Disk1 Win32.Virut.30 Gerepareerd. setup.exe E:\Laurens\Varel\050609_1152 (D)\Dr InbouwPlus Win32.Virut.30 Gerepareerd. Setup.exe E:\Laurens\Varel\050609_1152 (D)\GMS-V5.01.042\GBR\Disk1 Win32.Virut.30 Gerepareerd. Autostart.exe E:\Laurens\Varel\050609_1152 (D)\NetworX NX 4,6,8,8plus Win32.Virut.30 Gerepareerd. UpdateDatabase.exe E:\Laurens\Varel\050609_1152 (D)\NetworX NX 4,6,8,8plus Win32.Virut.30 Gerepareerd. setup.exe E:\Laurens\Varel\050609_1152 (D)\Parsoft_V1_19_nl Win32.Virut.30 Gerepareerd. setup.exe E:\Laurens\Varel\050609_1152 (D)\Ram Mobile\DrInbouwPlus Win32.Virut.30 Gerepareerd. Setup.exe E:\Laurens\Varel\050609_1152 (D)\Titan V.01.04.05 Win32.Virut.30 Gerepareerd. _ISDel.exe E:\Laurens\Varel\050609_1152 (D)\Titan V.01.04.05 Win32.Virut.30 Gerepareerd. Autostart.exe E:\Laurens\Varel\050609_1152 (D)\UDX v2.02_IVS Win32.Virut.30 Gerepareerd. FileNames.exe E:\Laurens\Varel\050609_1152 (D)\UDX v2.02_IVS\Tools Win32.Virut.30 Gerepareerd. UpdateDatabase.exe E:\Laurens\Varel\050609_1152 (D)\UDX v2.02_IVS\Tools Win32.Virut.30 Gerepareerd. Setup.exe E:\Laurens\Varel\Titan ATS 1800 V1.04.01\SB077PB184 (D) Win32.Virut.30 Gerepareerd. _ISDel.exe E:\Laurens\Varel\Titan ATS 1800 V1.04.01\SB077PB184 (D) Win32.Virut.30 Gerepareerd. UNWISE.EXE E:\Laurens\X-box\XBConnect4 Win32.Virut.30 Gerepareerd. Player.exe E:\Laurens\X-box\XBConnect4\Chess Win32.Virut.30 Gerepareerd. UNWISE.EXE E:\Macromedia\Director 7 Win32.Virut.30 Gerepareerd. appletviewer_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. jar.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. jar_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. java.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javac.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javac_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javadoc.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javadoc_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javah_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javakey.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javakey_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javap.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javap_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javaverify_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javaw.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javaw_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. java_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. jdb.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. jdb_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. jre.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. jrew.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. native2ascii.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. native2ascii_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. rmic.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. rmic_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. rmiregistry_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. serialver_g.exe E:\Macromedia\Director 7\Xtras\Save As Java Files\JDK1.1.5\bin Win32.Virut.30 Gerepareerd. javac.exe E:\Macromedia\Dreamweaver 8\JVM\bin Win32.Virut.30 Gerepareerd. keytool.exe E:\Macromedia\Dreamweaver 8\JVM\bin Win32.Virut.30 Gerepareerd. javac.exe E:\Macromedia\Dreamweaver MX\JVM\bin Win32.Virut.30 Gerepareerd. keytool.exe E:\Macromedia\Dreamweaver MX\JVM\bin Win32.Virut.30 Gerepareerd. Extension Manager.exe E:\Macromedia\Extension Manager Win32.Virut.30 Gerepareerd. Replace.exe E:\Macromedia\Extension Manager Win32.Virut.30 Gerepareerd. FlashLiteBundler.exe E:\Macromedia\Flash 8 Win32.Virut.30 Gerepareerd. SAFlashPlayer.exe E:\Macromedia\Flash MX\Players\Debug Win32.Virut.30 Gerepareerd. A0010799.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010800.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010801.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010802.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010803.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010804.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010805.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010806.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010807.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010808.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010809.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010810.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010811.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010812.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010813.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010814.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010815.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010816.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010817.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010818.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010819.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010820.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010821.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010822.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010823.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010824.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010825.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010826.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010827.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010828.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010829.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010830.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010831.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010832.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010833.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010834.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010835.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010836.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010837.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010838.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010839.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010840.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010841.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010842.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010843.EXE E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010844.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010845.EXE E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010846.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010847.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010848.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010849.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010850.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010851.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010852.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010853.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010854.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010855.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010856.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010857.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010858.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010859.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010860.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010861.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010862.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010863.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010864.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010865.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010866.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010867.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010868.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010869.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010870.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010871.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010872.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010873.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010874.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010875.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010876.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010877.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010878.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010879.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. A0010880.exe E:\System Volume Information\_restore{E2B2588F-8454-4CBB-A5F5-CB766940080A}\RP9 Win32.Virut.30 Gerepareerd. [/img]
  • Hoi Laurens, Ik heb helaas slecht nieuws voor je :( Je bent geinfecteerd met het [url=http://www.symantec.com/security_response/writeup.jsp?docid=2007-090613-5727-99&tabid=2]Virut[/url] file infector. Deze infecteert bijna iedere .exe en .scr bestand aanwezig op je computer. Mede omdat dit een 'buggy' virus is die slecht geschreven is, is er geen beginnen aan om te desinfecteren. Daarom raad ik je aan om te formatteren en windows opnieuw te installeren. Zorg er dan wel voor dat je geen .exe en .scr bestanden gaat backuppen, want bij terugplaatsing van je backup zal je systeem opnieuw worden geinfecteerd. Succes! Pim
  • Beste Pim, Bedankt voor je antwoord en hulp. Hier zat ik dus niet echt op te wachten. Wat is nu voor mij het slimste om te doen? Ik heb een aantal prgramma's welke ik straks graag weer wil gebruiken, evenals mijn documenten. Ik heb meerdere harddisk in mijn pc. zijn deze ook geinfecteerd? Om WINXP weer draaiende te krijgen is niet zo'n probleem, maar mijn andere progs :cry: Enig idee? Bedankt voor je hulp. Gr. Laurens
  • Mijn documenten zou je moeten kunnen backuppen, zolang je maar geen .exe en .scr bestanden gaat backuppen. Of al je harde schijven zijn geinfecteerd durf ik niet meteen te zeggen, dit ga ik echter overleggen en zal ik zo spoedig mogelijk vertellen. Ik kom hier op terug. Pim
  • Met dank aan Miekiemoes :) Laat Drweb even alle harde schijven scannen en alle partities, alleen zo kom je te weten waar Virut heeft toegeslagen en ofdat je alles moet gaan formatteren.
  • Hoi Pim, Hartstikke fijn en bedankt voor de moeite. Ben momenteel aan het werk. IK ga het direct thuis proberen. Je hoort van me. Gr. Laurens
  • Beste Pim, Na vele pogingen om DrWeb te laten scannen (late avond geworden) geeft ik het op. de pc loopt steeds vast bij het scannen (start opnieuw op). Van een collega heb ik nog het prog. Virus Remover geprobeerd, zie log hieronder. Als ik een nieuwe install wil maken, kan ik dan mij huidige progm files naar een andere disk copien? Ik wil namelijk mijn progs wel blijven gebruiken. Ik weet niet of deze ook besmet zijn. In Mijn Documenten heb ik ook diverse udates en progs staan. Tevens op 2 andere harddisks. Kun je me vertellen hoe ik het beste een clean disk kan maken, dus alles verwijderen en C: correct formatteren? Ik dank je in iedere geval voor je hulp. Gr. Laurens log: ============ Remover for Win32/Virut =============== Date: 21.11.2007 00:59 C:\Adobe\Dimensions 3.0\ADRes.dll; OK C:\Adobe\Dimensions 3.0\AGMDim.dll; OK C:\Adobe\Dimensions 3.0\CoolTypeDim.dll; OK C:\Adobe\Dimensions 3.0\Dimensions.exe; OK C:\Adobe\Dimensions 3.0\Plug-ins\3DMF.adp; OK C:\Adobe\Dimensions 3.0\Plug-ins\Draft.adp; OK C:\Adobe\Dimensions 3.0\Plug-ins\Mixed.adp; OK C:\Adobe\Dimensions 3.0\Plug-ins\PS3.adp; OK C:\Adobe\Dimensions 3.0\Plug-ins\Raster.adp; OK C:\Adobe\Dimensions 3.0\Plug-ins\TIFF.adp; OK C:\Adobe\Dimensions 3.0\rwdl6a20.dll; OK C:\Adobe\Dimensions 3.0\rwdl6b20.dll; OK C:\Adobe\Dimensions 3.0\rwdl8a20.dll; OK C:\Adobe\Dimensions 3.0\rwdl8b20.dll; OK C:\Adobe\Dimensions 3.0\rwl20.dll; OK C:\Bdienst\2003\IB2003.exe; OK C:\Bdienst\2003\IB2003s.exe; OK C:\Bdienst\2003\IB2003u.exe; OK C:\Bdienst\2003\TJ2003.exe; OK C:\Bdienst\2003\TJ2003s.exe; OK C:\Bdienst\2003\TJ2003u.exe; OK C:\Bdienst\2004\IB2004.exe; OK C:\Bdienst\2004\IB2004s.exe; OK C:\Bdienst\2004\IB2004u.exe; OK C:\Bdienst\2004\VT2004.exe; OK C:\Bdienst\2004\VT2004s.exe; OK C:\Bdienst\2004\VT2004u.exe; OK C:\Bdienst\2005\IB2005.exe; OK C:\Bdienst\2005\ib2005d.exe; OK C:\Bdienst\2005\IB2005u.exe; OK C:\Bdienst\2006\ib2006.exe; OK C:\Bdienst\2006\ib2006d.exe; OK C:\Bdienst\2006\ib2006u.exe; OK C:\Bdienst\2006\vt2006_win_setup.exe; OK C:\Bdienst\2007\vt2007.exe; OK C:\Bdienst\2007\vt2007d.exe; OK C:\Bdienst\2007\vt2007u.exe; OK C:\Bdienst\ib2005_win_setup.exe; OK C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe; OK C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\5.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe; OK C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe; OK C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe; OK C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe; OK C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe; OK C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\Registration\plus_corporate.prg.old; OK C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\Registration\plus_home_office.prg.old; OK C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\backup\Registration\professional_corporate.prg.old; OK C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\new\Registration\plus_corporate.prg.new; OK C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\new\Registration\plus_home_office.prg.new; OK C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\update\new\Registration\professional_corporate.prg.new; OK C:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll; OK C:\Documents and Settings\Jeannet\Application Data\Microsoft\Clip Organizer\mstore10.mgc; OK C:\Documents and Settings\Jeannet\Application Data\Microsoft\Clip Organizer\Offic10.MGC; OK C:\Documents and Settings\Jeannet\Bureaublad\ib2006_win_setup(2).exe; OK C:\Documents and Settings\Jeannet\Bureaublad\ib2006_win_setup.exe; OK C:\Documents and Settings\Jeannet\Bureaublad\vt2007_win_setup.exe; OK C:\Documents and Settings\Jeannet\Mijn documenten\Mijn ontvangen bestanden\SCMPX.EXE; OK C:\Documents and Settings\Laurens\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_nl_NL.exe; OK C:\Documents and Settings\Laurens\Application Data\Adobe\Adobe GoLive\Settings9\Opera\plugins\PlugDef.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmf.exe; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_de.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_es.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_fr.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_ja.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_ko.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_zh.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\dsmmfres_zh_cn.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\JuniperSetupApp.exe; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\JuniperSetupDLL.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\NeoterisSetup.ocx; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_de.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_en.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_es.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_fr.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_ja.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_ko.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_zh.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\setupResource_zh_cn.dll; OK C:\Documents and Settings\Laurens\Application Data\Juniper Networks\Setup\uninstall.exe; OK C:\Documents and Settings\Laurens\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound\DirectSound.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset\Flash Asset.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontAsset\Font Asset.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FontXtra\Font Xtra.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix\MacroMix.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MixServices\Mix Services.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\Shockwave3dAsset\Shockwave 3d Asset.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl\Sound Control.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\swadcmpr.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\SWASTRM.X32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextAsset\Text Asset.x32; OK C:\Documents and Settings\Laurens\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\TextXtra\TextXtra.x32; OK C:\Documents and Settings\Laurens\Application Data\Microsoft\Clip Organizer\mstore10.mgc; OK C:\Documents and Settings\Laurens\Application Data\Microsoft\Clip Organizer\Offic10.MGC; OK C:\Documents and Settings\Laurens\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll; OK C:\Documents and Settings\Laurens\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe; OK C:\Documents and Settings\Laurens\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe; OK C:\Documents and Settings\Laurens\Application Data\Microsoft\Outlook\Default Outlook Profile.srs; Can't open C:\Documents and Settings\Laurens\Application Data\Microsoft\Templates\Normal.dot; Can't open C:\Documents and Settings\Laurens\Bureaublad\ATF-Cleaner.exe; OK C:\Documents and Settings\Laurens\Bureaublad\ComboFix.exe; OK C:\Documents and Settings\Laurens\Bureaublad\drweb-cureit.exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\GrabIt162b.exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\nl_setup(2).exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\nl_setup(3).exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\nl_setup.exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\nl_setup_beta.exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\QuickPar-0.9.1.0-NLD.exe; OK C:\Documents and Settings\Laurens\Bureaublad\gedownloade bestanden\RemoteControlUpdate5.x_5.3.2.6.exe; OK C:\Documents and Settings\Laurens\Bureaublad\hitmanpro26.exe; OK C:\Documents and Settings\Laurens\Bureaublad\rmvirut.exe; OK C:\Documents and Settings\Laurens\Bureaublad\rmvirut.nt; OK C:\Documents and Settings\Laurens\Bureaublad\RVAXO.exe; OK C:\Documents and Settings\Laurens\Bureaublad\RVAXO1; OK C:\Documents and Settings\Laurens\Bureaublad\RVAXO3; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\cliptext.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\download.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\dummy.sys; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\ERDNT.E_E; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\ERUNT.EXE; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\FixPath.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\isadmin.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\LS.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\MD5File.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\moveex.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Process.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\procs.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\psservice.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\RegDACL.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\regedit.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\w2k\null.sys; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\W2K.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\xp\null.sys; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\Replace\XP.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\RestartIt!.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\sc.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\SF.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\shutdown.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\swreg.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\swsc.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\unzip.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\WINMSG.EXE; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\apps\zip.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\attrib.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\find.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\findstr.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\backups\regedit.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\catchme.exe; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\dummy.sys; OK C:\Documents and Settings\Laurens\Bureaublad\SDFix\SDFix.exe; OK C:\Documents and Settings\Laurens\Cookies\index.dat; Can't open C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006526.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006543.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006636.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006729.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006731.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006810.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006812.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006946.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006948.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006990.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0006993.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007055.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007057.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007159.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007162.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007180.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007182.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007211.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007213.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007231.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007233.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007319.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007322.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007354.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007356.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007454.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007456.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0007628.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0015025.EXE; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028134.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028135.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028139.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028143.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028308.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028309.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028311.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028412.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0028413.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\A0029245.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\mshtml2.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\process.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\restart.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\setupdrv.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\SetupPoker.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\vncviewer.exe; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\winrnr2.dll; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\winrnr2.dllrtyrty; OK C:\Documents and Settings\Laurens\DoctorWeb\Quarantine\wrij.exe; OK C:\Documents and Settings\Laurens\Local Settings\Application Data\Apple\Apple Software Update\iTunesSetupAdmin.exe; OK C:\Documents and Settings\Laurens\Local Settings\Application Data\Macromedia\Flash 8\en\Configuration\External Libraries\FLfile.dll; OK C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Outlook\Default Outlook Profileimap.strato-mail.net-00000014.pst; Can't open C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst; Can't open C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat; Can't open C:\Documents and Settings\Laurens\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG; Can't open C:\Documents and Settings\Laurens\Local Settings\Geschiedenis\History.IE5\index.dat; Can't open C:\Documents and Settings\Laurens\Local Settings\Geschiedenis\History.IE5\MSHist012007112120071122\index.dat; Can't open C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\dwebio32.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\dwebllio.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\setup.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\setup.exe; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX0\_start.exe; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\dwebio32.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\dwebllio.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\setup.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\setup.exe; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX1\_start.exe; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\dwebio32.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\dwebllio.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\setup.dll; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\setup.exe; OK C:\Documents and Settings\Laurens\Local Settings\Temp\RarSFX3\_start.exe; OK C:\Documents and Settings\Laurens\Local Settings\Temp\~DF3B95.tmp; Can't open C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\AHUHUXOB\rmvirut[1].nt; OK C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\GPU381QN\drweb-cureit[1].exe; OK C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\index.dat; Can't open C:\Documents and Settings\Laurens\Local Settings\Temporary Internet Files\Content.IE5\UX4BSJ2V\rmvirut[1].exe; OK C:\Documents and Settings\Laurens\Mijn documenten\HijackThis.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\backups\backup-20050306-211203-518.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\backups\backup-20050307-184421-822-Startup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Handleidingen\DC-202 Router_NED.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\aaw2007.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\aawsepersonal.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\AdbeRdr707_nl_NL.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Antivirus_2.1.94.1460.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ArchivePlayer.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\async.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ATF-Cleaner.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\audacity-win-1.2.4b.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\BitTorrent-4.26.0.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\blazeftp.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\bulletproof.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\bulletproofftp.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cpu-z-127.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cpuz.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cureit.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\cuteftp.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Dartcounter.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Dartscore.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\DC-202 Router_NED.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\demotour.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\DMsetup_nl.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Dutch.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dutch_languagepack_5-11.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvd-audio-ripper.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\drivers 3 com\3c905c_4_41.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\DV-PlayerLite Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\HlDriver\hldinst.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\PlayerLite\DV-PlayerLite Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\DVMessageServer.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\DVRec.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\DVStartUp.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\AddUser.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\MenuAdd.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\RegCopy.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\Extra\SetSystemColors.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\Program\KH\DVRec.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\WdDriver\wdreg.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\DVRec Technology\WdDriver\windrvr.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\instmsiw.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\Drivers\xpress.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\DVRWDog.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\Hlprog.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\intrada.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\matchlib.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS1.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS2.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESS3.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPRESSM.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\System32\XPSW.DLL; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\Tools\DV-Aspi.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\dvrec\dvrec\Tools\Intel Application Accelerator.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\edonkey.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\FileZilla_Server_0_9_9.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Firefox Setup 1.5.0.7.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\FirefoxSetup-0.9.3.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\FSViewerSetup230Dutch.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Extras\Acrobat\Win9x_NT_2k\ar505enu.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Install\instmsia.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Install\instmsiw.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Install\setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\ncdstart.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\cdrw.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\clone_ip.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\fw_1394.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\gwizard.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\index.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\map_drv.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ghost\Tutorials\recovery.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\HamachiSetup-1.0.0.61-en.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hcw21nova-t.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hijackthis.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro214.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro221.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro231.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro243.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro25.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\hitmanpro26.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\holddemo.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\installspeedfan417.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\install_flash_player.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Install_Messenger_Beta.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\INSTALL_MSN_MESSENGER_DL.EXE; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\it222nld.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\iTunesSetup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\kasp1.7.130_anti-hackernl.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\lame.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\lame_enc.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\ldm.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\limewire-nl.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\LimeWireWin.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\MediaMonkey_Setup_2_5_3.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\MK.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\mm20nld.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Morpheus.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\mp3gain-win-full-1_2_3.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\MSASYNC.EXE; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Content\Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\incdrm.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\nt4\incdrm.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\EasyWrite Reader\Version.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Common Files\Lib\apreg.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Common Files\Lib\DriveLocker.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\InCD\InCDL.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\InCD\incdshx.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\nt4\incdfs.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\nt4\incdpass.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Redist\mfc42.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Redist\msvcrt.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\InCD.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdapi.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdrec.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdsrv.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\sharedNT\incdunt.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w2k\incdfs.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w2k\incdpass.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w9x\InCD.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w9x\incdapi.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\InCD 4\w9x\incdu95.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\Aac.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\aacenc32.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\aacmp32.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\Aiff.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\DefConvertor.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\mp3PRO.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\mp3PRO_dmo.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\mp3PRO_hlp.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\msa.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\msa7\msa.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\Vqf.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\VqfDecLib.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\VqfEncLib.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\VqfEncLib1.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\AudioPlugins\wav.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeAudio.ax; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeFileSrc.ax; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeRender.ax; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeroIPP.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\DSFilters\NeVideo.ax; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\Lib\apreg.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\Lib\DriveLocker.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Common Files\Lib\NeroCBUI.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\CoverDesigner\CoverDes.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\CoverDesigner\CoverEdCtrl.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\IDriveSetup.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\ImageDrive.cpl; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\ImageDrive.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\imagedrv.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\imagedrv.mpd; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\ImageDrive\imagedrv.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\AudioPluginMgr.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\CDCopy.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cdr100.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cdr50s.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\CDROM.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cdu920.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\cr2200cs.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Drweb32.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\DVDREALLOC.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Dws114x.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Equalize.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\GENCUSH.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\Generatr.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\geniso.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\GenUDF.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\image.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ImageGen.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ims.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ISOFS.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\KARAOKE.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\MMC.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\MPGEnc.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeCon.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeHDBlkAccess.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeMP3Dmo.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeMP3Hlp.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\nero.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\neroAPI.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\nerocdNT.sys; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeroCmd.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeroCom.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\neroDB.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\neroErr.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeroMediaCon.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\neroscsi.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\neroshx.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\neRSDB.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\NeVCDEngine.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\newtrf.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ReadHD32.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\ro1420c.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\UDFImporter.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\VCDMenu.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\VMPEGEnc.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero\WNASPI32.DLL; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\nero backitup\BackItUp.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\nero backitup\NBJ.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\nero backitup\NBR.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\nero soundtrax\EffectCtrl.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\nero soundtrax\SoundTrax.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero StartSmart\NeroStartSmart.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Toolkit\CDSpeed.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Toolkit\DriveSpeed.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Toolkit\InfoTool.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\AudioControls2.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\Axis.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\LEDMeter.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\Recording.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\vfft.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\vPlugIns.wpl; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\waveedit.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Nero Wave Editor\WaveEdit.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\MSVCP60.DLL; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\msvcrt.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\WMFADist.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Redist\wmfdist.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\setup\shortcut.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\atl.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\imagr5.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\imagx5.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\ImagXpr5.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\NeroCheck.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\System\picn20.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\WMPBurn\NeroBurnPlugin.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6 Ultra Edition\WMPBurn\WMPBurn.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\Nero 6_Keygen.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroBurnRights.cpl; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroBurnRights.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroBurnRightsHelp.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\NeroCo.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroBurnRights\Setup.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Aac.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\aacenc32.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Aiff.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\DefConvertor.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Downloaders.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\midi.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\mp3PRO.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\mp3PRO_dmo.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\mp3PRO_hlp.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\msa.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\msa7\msa.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\NeroIPP.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\video.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\Vqf.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\VqfDecLib.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\VqfEncLib.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\VqfEncLib1.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\AudioPlugins\wav.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\Common Files\Lib\DriveLocker.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\CoverDesigner\CoverDes.exe; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\CoverDesigner\CoverEdCtrl.ocx; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\CDCopy.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cdr100.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cdr50s.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\CDROM.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cdu920.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\cr2200cs.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\Dws114x.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\Generatr.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\geniso.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\image.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\ImageGen.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\ims.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\ISOFS.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Nero.Burning.Rom.6.0.Ultra.Edition.incl.keygen.&.serial\NeroMIX\NeroMix\API\MMC.dll; OK C:\Documents and Settings\Laurens\Mijn documenten\Mijn ontvangen bestanden\Programma's\Nero\Ner
  • Volgens mij zat ik aan het limiet van een bericht. :roll:
  • Aan bovenstaand logfile te zien zit Virut ook je Mijn Documenten map wat niet zo fijn is. Deze kan je backuppen, behalve de .exe en .scr files hierin. De programma's die je allemaal gebruikt zal je opnieuw moeten installeren. Je huidige map Program Files naar een andere schijf kopieeren is niet zo'n goed plan, omdat wanneer je deze terugplaatst het virus terug actief is en je dan overnieuw kan beginnen. De enige oplossing is dus door alle .exe files opnieuw te installeren op een schone installatie. Films, foto's, mp3 files etc kan je [b:c0183996ca]wel[/b:c0183996ca] behouden, alleen files die eindigen op .exe zijn geinfecteerd. Helaas zit er niks anders op. Laat dit enkel een wijze les voor je zijn door te stoppen met downloaden op cracks, serials etc. Virut wordt op deze website's veel verspreid. Hoe ik het in jou sitatie zou doen. Bestanden die ik kan behouden, dus films, foto's etc. naar de harde schijf kopieren waar Virut opstaat zodat je uiteindelijk een lege schijf hebt. Deze via een Windows opstart CD-rom helemaal formatteren (niet snelformatteren!). Vervolgens dingen die je kan bewaren op de pas geformatteerde schijf zetten en de overige schijven formatteren. Dan alles inrichten naar wens. Nogmaals: Let op dat je geen .exe en .scr files meeneemt, anders kan je opnieuw beginnen! Lees hier ook eens over het herinstalleren van Windows: http://www.jawwi.nl/nederlands/tips/installeren/installeren.html Succes ermee! Pim

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.