Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Zou iemand naar deze Hijacthis-log willen kijken?

Abraham54
36 antwoorden
  • Windows XP prof.
    Deze probleem computer is van een bevriende relatie. Heeft waarschijnlijk nogal wat virus problemen.
    De comp. heeft wel Kaparsky geïnstalleerd maar is niet geactiveerd. Ik weet de code niet.
    Ik heb Avast virusscanner en Kerio Firewall geïnstalleerd.
    Maar het bleek dat AVAST alle Internet verkeer blokkeerde. Tot drie ker toe geprobeerd, uninstall/install.
    Maar ook IE6.0 komt om de haverklap met een bericht dat er een probleem is opgetreden en moet worden gesloten. Ik wilde daarom IE8.0 installeren maar ook dat loopt mis. Hij wil updaten en als ik dat open moet ik IE8 opnieuw downloaden. Met die is het weer hetzelfde geval.

    In eerste instantie eerst MBAM geïnstalleerd, update gedaan en een run.
    Hier is de log van van deze scan:
    *************************************
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.25.07

    Windows XP Service Pack 2 x86 FAT32
    Internet Explorer 6.0.2900.2180
    Chancanza :: CHANCANZA-PC [administrator]

    01-01-2006 14:30:48
    mbam-log-2006-01-01 (14-30-48).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 315052
    Time elapsed: 1 hour(s), 30 minute(s), 35 second(s)

    Memory Processes Detected: 1
    C:\Documents and Settings\Chancanza\wiiif.exe (Trojan.Dropper.Gen) -> 1808 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wiiif (Trojan.Dropper.Gen) -> Data: C:\Documents and Settings\Chancanza\wiiif.exe /g -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Detected: 6
    C:\Documents and Settings\Chancanza\wiiif.exe (Trojan.Dropper.Gen) -> Delete on reboot.
    C:\System Volume Information\_restore{CF86BC69-E3DB-4EA0-BAA3-DDA551EA9E6E}\RP5\A0006535.exe (Trojan.Downloader.F) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CF86BC69-E3DB-4EA0-BAA3-DDA551EA9E6E}\RP5\A0006567.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Nelo\FLASH 09.08.11\CRAks\Se7en Activator v3\Se7en Activator v3.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Chancanza\wiiifx.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
    ***********************************

    Zo te zien dus 9 viruses verwijderd.
    Daarna HijactThis gedownload en runned.
    Hier is de log van deze scan:
    ***********************************
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:30:53, on 01-01-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\programa instalado\Winamp\winampa.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Carambis\Driver Updater\dupdater.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\programa instalado\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [taenau] C:\Documents and Settings\Chancanza\taenau.exe /v
    O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe


    End of file - 5374 bytes
    ********************************
    Verder kan ik nog melden dat ook de HD een probleem heeft.
    Die is verdeeld in 3 partities.
    C: soms en E: altijd wordt bij iedere boot door Windows een CHKDSK check gedaan.
    Verder ziet het bootscherm er zo uit:

    Phoenix TrustedCore™ Desktop SP2 for ThinkCentre.U
    Copyright 1985-2005 Phoenix Technology Ltd.
    All Rights Reserved

    System BIOS shadowed
    Video BIOS xhadowed
    ATAPI CD-ROM TSSTcorp CDW/DVD TS-H492C
    Fixed Diso 0: SAMSUNG SP0802N
    Mouse initialized
    ERROR
    0662: Configuratioon Change Has Occured
    ERROR
    0162: Configuration Error - Default configuration used
    ERROR
    1298: Systen Security - Unauthorized BIOS Update Attemped


    Press <F1> to SetUp, <F2> to resume

    Dit bericht verstuurd vanaf een computer die wel behoorlijk werkt
    Zou iemand mij verder willen helpen om dit op te lossen?

    perloc
  • Avast indien de Free-versie zal het internetverkeer niet hebben geblokkeerd, omdat Avast geen firewall heeft.
    Eerder zal dat komen door de firewall van Kaspersky en of ook de nog aktieve Windows firewall.
    Een en ander is weer het vervolg van conflicten tussen Kaspersky en Avast.

    Een van die twee zal er eerst uit moeten!

    [b:8bf2b71024]Welk programma[/b:8bf2b71024]: [b:8bf2b71024]OTL.com[/b:8bf2b71024][/color:8bf2b71024]
    [b:8bf2b71024]Waarvoor/waarom[/b:8bf2b71024]: multifunktioneel tool - analyse en fix
    [b:8bf2b71024]Moeilijkheidsgraad[/b:8bf2b71024]: geen.
    [b:8bf2b71024]Download[/b:8bf2b71024]: [b:8bf2b71024]OTL[/color:8bf2b71024][/b:8bf2b71024] en plaats het bestand op het bureaublad.

    [b:8bf2b71024]OTL.com[/color:8bf2b71024] gebruiken[/b:8bf2b71024]:
    [list:8bf2b71024][*:8bf2b71024] [b:8bf2b71024]Sluit nu eerst alle nog openstaande programmavensters![/color:8bf2b71024][/b:8bf2b71024]
    [list:8bf2b71024][*:8bf2b71024]Dubblklik op [img:8bf2b71024]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:8bf2b71024]
    [/list:u:8bf2b71024][/list:u:8bf2b71024]
    [list:8bf2b71024][*:8bf2b71024]Zet een vinkje bij [b:8bf2b71024]Scan All Users[/b:8bf2b71024][/color:8bf2b71024].
    [*:8bf2b71024]Klik op [img:8bf2b71024]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:8bf2b71024].
    [*:8bf2b71024]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:8bf2b71024]De scan zal niet heel erg lang duren.
    [list:8bf2b71024][*:8bf2b71024]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:8bf2b71024]OTL.Txt[/b:8bf2b71024] en [b:8bf2b71024]Extras.txt[/b:8bf2b71024].
    [*:8bf2b71024]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:8bf2b71024]
    [*:8bf2b71024][b:8bf2b71024]Notabene:[/b:8bf2b71024][/color:8bf2b71024] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:8bf2b71024]
  • Opdracht uitgevoerd. Hier zijn de twee logs.
    Het is nogal bewerkelijk omdat ik een en ander via een USB key moet heen en weer overbrengen. IE6 werkt niet zoals in mijn bericht gemeld.
    *******************************
    OTL logfile created on: 02-02-2006 23:36:59 - Run 1
    OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Chancanza\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    502,04 Mb Total Physical Memory | 196,86 Mb Available Physical Memory | 39,21% Memory free
    1,19 Gb Paging File | 0,74 Gb Available in Paging File | 61,79% Paging File free
    Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 30,26 Gb Total Space | 3,33 Gb Free Space | 11,02% Space Free | Partition Type: FAT32
    Drive D: | 30,27 Gb Total Space | 11,43 Gb Free Space | 37,75% Space Free | Partition Type: NTFS
    Drive E: | 14,00 Gb Total Space | 9,38 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
    Drive F: | 171,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive G: | 121,01 Mb Total Space | 11,83 Mb Free Space | 9,78% Space Free | Partition Type: FAT32

    Computer Name: CHANCANZA-PC | User Name: Chancanza | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:61cae3ddeb]

    PRC - [2012-04-27 13:59:54 | 000,595,968 | —- | M] (OldTimer Tools) – C:\Documents and Settings\Chancanza\Desktop\OTL - Copy.com
    PRC - [2011-09-27 09:11:00 | 004,871,264 | —- | M] (MEDIA FOG LTD) – C:\Program Files\Carambis\Driver Updater\dupdater.exe
    PRC - [2010-11-02 22:06:06 | 000,365,336 | —- | M] (Kaspersky Lab ZAO) – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
    PRC - [2010-10-05 20:26:46 | 000,129,720 | —- | M] (Kaspersky Lab ZAO) – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
    PRC - [2006-05-25 19:35:48 | 000,035,328 | —- | M] () – C:\programa instalado\Winamp\winampa.exe
    PRC - [2004-08-03 22:56:50 | 001,032,192 | —- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
    PRC - [2003-04-30 16:43:32 | 000,389,120 | —- | M] (Kerio Technologies) – C:\Program Files\Kerio\Personal Firewall\PERSFW.exe


    ========== Modules (No Company Name) ==========[/color:61cae3ddeb]

    MOD - [2011-09-27 09:11:00 | 000,066,048 | —- | M] () – C:\Program Files\Carambis\Driver Updater\CrashRpt.dll
    MOD - [2010-10-05 20:26:52 | 002,111,160 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avzkrnl.dll
    MOD - [2006-05-25 19:35:48 | 000,035,328 | —- | M] () – C:\programa instalado\Winamp\winampa.exe
    MOD - [2004-01-22 18:36:28 | 000,120,832 | —- | M] () – C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========[/color:61cae3ddeb]

    SRV - [2010-11-02 22:06:06 | 000,365,336 | —- | M] (Kaspersky Lab ZAO) [Auto | Running] – C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe – (AVP)
    SRV - [2003-04-30 16:43:32 | 000,389,120 | —- | M] (Kerio Technologies) [Auto | Running] – C:\Program Files\Kerio\Personal Firewall\PERSFW.exe – (PersFw)


    ========== Driver Services (SafeList) ==========[/color:61cae3ddeb]

    DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
    DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] – – (Changer)
    DRV - [2011-11-21 13:31:16 | 000,475,736 | —- | M] (Kaspersky Lab) [File_System | System | Running] – C:\WINDOWS\system32\drivers\klif.sys – (KLIF)
    DRV - [2010-06-09 16:43:52 | 000,011,352 | —- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\kl2.sys – (kl2)
    DRV - [2010-06-09 16:43:50 | 000,132,184 | —- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\kl1.sys – (KL1)
    DRV - [2010-05-07 11:06:26 | 000,032,856 | —- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\klim5.sys – (klim5)
    DRV - [2010-04-19 15:42:40 | 000,105,856 | R— | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ZTEusbser6k.sys – (ZTEusbser6k)
    DRV - [2010-04-19 15:42:40 | 000,105,856 | R— | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ZTEusbnmea.sys – (ZTEusbnmea)
    DRV - [2010-04-19 15:42:38 | 000,105,856 | R— | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\zteusbvoice.sys – (ZTEusbvoice)
    DRV - [2010-04-19 15:42:38 | 000,105,856 | R— | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys – (ZTEusbmdm6k)
    DRV - [2010-03-25 18:09:48 | 000,114,688 | R— | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ZTEusbnet.sys – (ZTEusbnet)
    DRV - [2009-11-02 19:27:24 | 000,019,472 | —- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\klmouflt.sys – (klmouflt)
    DRV - [2006-01-01 14:30:12 | 000,040,776 | —- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\mbamswissarmy.sys – (MBAMSwissArmy)
    DRV - [2005-03-16 08:23:54 | 000,013,696 | R— | M] (BIOSTAR Group) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\BIOS.sys – (BIOS)
    DRV - [2005-01-07 17:07:16 | 000,145,920 | —- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Hdaudio.sys – (HdAudAddService)
    DRV - [2004-08-03 22:31:34 | 000,020,992 | —- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004-03-02 16:37:50 | 000,125,184 | —- | M] (Ahead Software AG) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\imagesrv.sys – (imagesrv)
    DRV - [2004-03-02 16:37:48 | 000,005,504 | —- | M] (Ahead Software AG) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\drivers\imagedrv.sys – (imagedrv)
    DRV - [2002-04-15 12:28:32 | 000,102,912 | —- | M] () [Kernel | System | Running] – C:\WINDOWS\system32\drivers\FWDRV.SYS – (fwdrv)


    ========== Standard Registry (SafeList) ==========[/color:61cae3ddeb]


    ========== Internet Explorer ==========[/color:61cae3ddeb]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1482476501-329068152-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-1482476501-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2006-01-02 16:03:52 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011-11-21 13:32:28 | 000,000,000 | —D | M]


    O1 HOSTS File: ([2001-08-23 15:00:00 | 000,000,734 | —- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [WinampAgent] C:\programa instalado\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-1482476501-329068152-839522115-1003..\Run: [Driver Updater] C:\Program Files\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD)
    O4 - HKU\S-1-5-21-1482476501-329068152-839522115-1003..\Run: [taenau] C:\Documents and Settings\Chancanza\taenau.exe /v File not found
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1482476501-329068152-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
    O24 - Desktop WallPaper: C:\Documents and Settings\Chancanza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chancanza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007-12-31 12:48:30 | 000,000,000 | —- | M] () - C:\AUTOEXEC.BAT – [ FAT32 ]
    O33 - MountPoints2\{6751d8ff-9129-11e0-a2fe-990f89fcad21}\Shell - "" = AutoRun
    O33 - MountPoints2\{6751d8ff-9129-11e0-a2fe-990f89fcad21}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6751d8ff-9129-11e0-a2fe-990f89fcad21}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
    O33 - MountPoints2\{a60b7fd6-7276-11e0-a2a1-cdb5cf44c3ca}\Shell - "" = AutoRun
    O33 - MountPoints2\{a60b7fd6-7276-11e0-a2a1-cdb5cf44c3ca}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a60b7fd6-7276-11e0-a2a1-cdb5cf44c3ca}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O33 - MountPoints2\{a60b7fd7-7276-11e0-a2a1-cdb5cf44c3ca}\Shell\AutoRun\command - "" = J:\TAenau.EXe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = comfile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========[/color:61cae3ddeb]

    [2012-06-18 20:09:26 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\My Documents
    ex bee
    [2012-06-18 18:41:02 | 000,000,000 | -HSD | C] – C:\FOUND.074
    [2012-06-16 15:25:17 | 000,000,000 | —D | C] – C:\WINDOWS\Prefetch
    [2012-06-16 15:17:33 | 000,079,872 | —- | C] (Ricoh Co., Ltd.) – C:\WINDOWS\System32\dllcache\rwia330.dll
    [2012-06-16 15:17:33 | 000,079,872 | —- | C] (Ricoh Co., Ltd.) – C:\WINDOWS\System32\dllcache\rwia001.dll
    [2012-06-16 15:17:33 | 000,026,624 | —- | C] (Ricoh Co., Ltd.) – C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2012-06-16 15:16:02 | 000,054,528 | —- | C] (Philips Semiconductors GmbH) – C:\WINDOWS\System32\dllcache\cap7146.sys
    [2012-06-15 10:20:34 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\My Documents\Copy of My Videos
    [2012-06-15 10:20:34 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\My Documents\Copy of My Pictures
    [2012-06-15 10:20:34 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\My Documents\Copy of My Music
    [2012-06-06 11:16:16 | 000,000,000 | -HSD | C] – C:\FOUND.073
    [2012-05-29 20:55:38 | 000,000,000 | -HSD | C] – C:\FOUND.072
    [2011-12-11 19:48:16 | 000,000,000 | -HSD | C] – C:\FOUND.071
    [2011-12-03 20:46:35 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\carlota
    [2011-11-27 16:07:36 | 000,000,000 | -HSD | C] – C:\FOUND.070
    [2011-11-21 13:33:11 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Kaspersky Anti-Virus 2011
    [2011-11-21 13:31:43 | 000,000,000 | —D | C] – C:\Program Files\Kaspersky Lab
    [2011-11-21 13:31:43 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
    [2011-11-21 13:31:14 | 000,475,736 | —- | C] (Kaspersky Lab) – C:\WINDOWS\System32\drivers\klif.sys
    [2011-11-21 13:29:47 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
    [2011-11-19 10:33:46 | 000,000,000 | -HSD | C] – C:\FOUND.069
    [2011-11-19 07:31:46 | 000,000,000 | -HSD | C] – C:\FOUND.068
    [2011-11-18 13:11:32 | 000,000,000 | -HSD | C] – C:\FOUND.067
    [2011-11-16 08:06:43 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\REALTEK Gigabit and Fast Ethernet NIC Driver
    [2011-11-16 08:06:16 | 000,000,000 | —D | C] – C:\WINDOWS\vnDrvBas
    [2011-11-16 08:05:49 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\WINDOWS
    [2011-11-16 08:03:43 | 000,000,000 | -H-D | C] – C:\Program Files\InstallShield Installation Information
    [2011-11-16 08:03:43 | 000,000,000 | —D | C] – C:\WINDOWS\OPTIONS
    [2011-11-16 08:03:32 | 000,000,000 | —D | C] – C:\Program Files\Common Files\InstallShield
    [2011-11-16 08:02:02 | 000,013,696 | R— | C] (BIOSTAR Group) – C:\WINDOWS\System32\drivers\BIOS.sys
    [2011-11-16 08:00:24 | 000,053,248 | —- | C] (Windows XP Bundled build C-Centric Single User) – C:\WINDOWS\System32\CSVer.dll
    [2011-11-16 08:00:24 | 000,000,000 | —D | C] – C:\Program Files\Intel
    [2011-11-16 07:59:22 | 000,000,000 | —D | C] – C:\WINDOWS\System32\ReinstallBackups
    [2011-11-16 07:53:31 | 000,000,000 | —D | C] – C:\WINDOWS\SxsCaPendDel
    [2011-11-16 07:10:52 | 000,000,000 | -HSD | C] – C:\FOUND.066
    [2011-11-14 09:05:30 | 000,000,000 | -HSD | C] – C:\FOUND.065
    [2011-11-08 17:02:16 | 000,000,000 | -HSD | C] – C:\FOUND.064
    [2011-11-07 10:49:22 | 000,000,000 | -HSD | C] – C:\FOUND.063
    [2011-11-05 10:09:16 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\CDTECNICO
    [2011-11-04 13:39:10 | 000,000,000 | -HSD | C] – C:\FOUND.062
    [2011-10-30 22:52:56 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\vlc
    [2011-10-30 22:51:17 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\VideoLAN
    [2011-10-30 22:51:02 | 000,000,000 | —D | C] – C:\Program Files\VideoLAN
    [2011-10-30 22:33:52 | 000,000,000 | -HSD | C] – C:\FOUND.061
    [2011-10-25 07:42:08 | 000,000,000 | -HSD | C] – C:\FOUND.060
    [2011-10-22 10:34:16 | 000,000,000 | -HSD | C] – C:\FOUND.059
    [2011-10-21 10:00:32 | 000,000,000 | -HSD | C] – C:\FOUND.058
    [2011-10-20 15:52:41 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Start Menu\Programs\Winamp
    [2011-10-20 15:52:33 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\Winamp
    [2011-10-20 15:44:04 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Winamp
    [2011-10-19 19:43:06 | 000,000,000 | -HSD | C] – C:\FOUND.057
    [2011-10-19 10:20:08 | 000,000,000 | -HSD | C] – C:\FOUND.056
    [2011-10-19 10:17:01 | 000,000,000 | —D | C] – C:\WINDOWS\System32\appmgmt
    [2011-10-18 07:23:26 | 000,000,000 | -HSD | C] – C:\FOUND.055
    [2011-10-14 17:38:24 | 000,000,000 | -HSD | C] – C:\FOUND.054
    [2011-10-14 16:18:56 | 000,000,000 | -HSD | C] – C:\FOUND.053
    [2011-10-12 22:47:44 | 000,000,000 | -HSD | C] – C:\FOUND.052
    [2011-10-11 20:57:22 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\PCHealth
    [2011-10-10 09:18:06 | 000,000,000 | -HSD | C] – C:\FOUND.051
    [2011-10-04 21:02:44 | 000,000,000 | -HSD | C] – C:\FOUND.050
    [2011-10-03 17:55:36 | 000,000,000 | -HSD | C] – C:\FOUND.049
    [2011-10-01 17:00:52 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\charles
    [2011-09-30 10:12:36 | 000,000,000 | -HSD | C] – C:\FOUND.048
    [2011-09-26 11:15:55 | 000,000,000 | -H-D | C] – C:\WINDOWS\PIF
    [2011-09-24 18:23:25 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\elvinho
    [2011-09-21 15:49:28 | 000,000,000 | -HSD | C] – C:\FOUND.047
    [2011-09-20 08:13:00 | 000,000,000 | -HSD | C] – C:\FOUND.046
    [2011-09-20 07:55:16 | 000,000,000 | -HSD | C] – C:\FOUND.045
    [2011-09-18 13:00:12 | 000,000,000 | -HSD | C] – C:\FOUND.044
    [2011-07-15 23:08:28 | 000,000,000 | -HSD | C] – C:\FOUND.043
    [2011-07-13 16:27:22 | 000,000,000 | -HSD | C] – C:\FOUND.042
    [2011-07-13 13:58:04 | 000,000,000 | -HSD | C] – C:\FOUND.041
    [2011-07-12 14:57:20 | 000,000,000 | -HSD | C] – C:\FOUND.040
    [2011-07-11 15:48:50 | 000,000,000 | -HSD | C] – C:\FOUND.039
    [2011-07-11 11:00:14 | 000,000,000 | -HSD | C] – C:\FOUND.038
    [2011-07-10 15:19:58 | 000,000,000 | -HSD | C] – C:\FOUND.037
    [2011-07-04 17:46:40 | 000,000,000 | -HSD | C] – C:\FOUND.036
    [2011-07-03 15:29:32 | 000,000,000 | -HSD | C] – C:\FOUND.035
    [2011-06-28 08:40:36 | 000,000,000 | -HSD | C] – C:\FOUND.034
    [2011-06-22 09:29:18 | 000,000,000 | -HSD | C] – C:\FOUND.033
    [2011-06-22 09:14:14 | 000,000,000 | -HSD | C] – C:\FOUND.032
    [2011-06-22 08:34:18 | 000,000,000 | -HSD | C] – C:\FOUND.031
    [2011-06-21 16:18:24 | 000,000,000 | -HSD | C] – C:\FOUND.030
    [2011-06-19 08:33:04 | 000,000,000 | —D | C] – C:\WINDOWS\Minidump
    [2011-06-19 08:32:48 | 000,000,000 | -HSD | C] – C:\FOUND.029
    [2011-06-16 18:05:08 | 000,000,000 | -HSD | C] – C:\FOUND.028
    [2011-06-13 19:27:46 | 000,000,000 | -HSD | C] – C:\FOUND.027
    [2011-06-13 16:42:28 | 000,000,000 | -HSD | C] – C:\FOUND.026
    [2011-06-13 08:52:28 | 000,000,000 | -HSD | C] – C:\FOUND.025
    [2011-06-12 16:03:06 | 000,000,000 | -HSD | C] – C:\FOUND.024
    [2011-06-10 14:43:26 | 000,000,000 | —D | C] – C:\AFlora
    [2011-06-10 14:21:38 | 000,000,000 | -HSD | C] – C:\FOUND.023
    [2011-06-09 06:14:50 | 000,000,000 | -HSD | C] – C:\FOUND.022
    [2011-06-08 13:16:18 | 000,000,000 | -HSD | C] – C:\FOUND.021
    [2011-06-07 19:18:45 | 000,114,688 | R— | C] (ZTE Corporation) – C:\WINDOWS\System32\drivers\ZTEusbnet.sys
    [2011-06-07 19:18:42 | 000,105,856 | R— | C] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
    [2011-06-07 19:18:38 | 000,105,856 | R— | C] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\zteusbvoice.sys
    [2011-06-07 19:18:34 | 000,105,856 | R— | C] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
    [2011-06-07 19:18:30 | 000,105,856 | R— | C] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
    [2011-06-07 19:17:46 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\Vodafone
    [2011-06-07 19:17:15 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Vodafone
    [2011-06-07 19:17:10 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
    [2011-06-07 19:16:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\{FA6F1E64-A6BD-4822-A094-03171A37E8C6}
    [2011-06-07 19:14:49 | 000,000,000 | R-SD | C] – C:\WINDOWS\assembly
    [2011-06-07 19:14:22 | 000,000,000 | —D | C] – C:\WINDOWS\Microsoft.NET
    [2011-06-07 19:13:38 | 000,000,000 | -H-D | C] – C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    [2011-06-02 20:15:50 | 000,000,000 | -HSD | C] – C:\FOUND.020
    [2011-06-01 18:19:56 | 000,000,000 | -HSD | C] – C:\FOUND.019
    [2011-05-23 10:27:18 | 000,000,000 | -HSD | C] – C:\FOUND.018
    [2011-05-21 07:44:40 | 000,000,000 | -HSD | C] – C:\FOUND.017
    [2011-05-20 08:15:14 | 000,000,000 | -HSD | C] – C:\FOUND.016
    [2011-05-14 16:35:24 | 000,000,000 | -HSD | C] – C:\FOUND.015
    [2011-05-13 06:42:02 | 000,000,000 | -HSD | C] – C:\FOUND.014
    [2011-05-10 18:07:34 | 000,000,000 | -HSD | C] – C:\FOUND.013
    [2011-05-08 15:17:42 | 000,000,000 | -HSD | C] – C:\FOUND.012
    [2011-05-06 10:12:44 | 000,000,000 | -HSD | C] – C:\FOUND.011
    [2011-05-03 18:36:41 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\Help
    [2011-05-03 18:36:41 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\Help
    [2011-05-03 18:01:45 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero
    [2011-05-02 21:57:54 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\Recent
    [2011-05-01 14:01:28 | 000,000,000 | -HSD | C] – C:\FOUND.010
    [2011-04-29 18:08:01 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\monografia
    [2011-04-29 17:38:01 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\U3
    [2011-04-29 07:44:54 | 000,000,000 | -HSD | C] – C:\FOUND.009
    [2011-04-27 09:55:48 | 000,000,000 | -HSD | C] – C:\FOUND.008
    [2011-04-26 11:06:26 | 000,000,000 | -HSD | C] – C:\FOUND.007
    [2011-04-24 07:27:04 | 000,000,000 | -HSD | C] – C:\FOUND.006
    [2011-04-23 13:50:56 | 000,000,000 | -HSD | C] – C:\FOUND.005
    [2011-04-22 12:58:34 | 000,000,000 | -HSD | C] – C:\FOUND.004
    [2011-04-20 19:02:13 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\WMTools Downloaded Files
    [2011-04-20 19:02:12 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\My Documents\My Videos
    [2011-04-20 12:01:49 | 000,000,000 | —D | C] – C:\WINDOWS\SOFTDISK
    [2011-04-19 23:19:53 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\Ahead
    [2011-04-19 21:02:13 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\Adobe
    [2011-04-19 20:53:28 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\outra
    [2011-04-19 20:53:24 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Nod32 Agosto 09
    [2011-04-19 20:49:19 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Nelo
    [2011-04-19 20:47:29 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Michael
    [2011-04-19 20:47:28 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Maryto - Realatório Final
    [2011-04-19 20:47:28 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\leonilde
    [2011-04-19 20:45:54 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Flash Novo Nelo
    [2011-04-19 20:45:33 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Flash Antigo Nelo
    [2011-04-19 20:45:23 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\Afro Man
    [2011-04-19 20:44:33 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\100SANPH
    [2011-04-19 20:44:29 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\pasta cunhada
    [2011-04-19 20:44:29 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Desktop\pasta chacanza
    [2011-04-19 20:34:12 | 000,106,496 | —- | C] (Pegasus Software) – C:\WINDOWS\System32\TwnLib20.dll
    [2011-04-19 20:34:10 | 001,568,768 | —- | C] (Pegasus Imaging Corp.) – C:\WINDOWS\System32\ImagX7.dll
    [2011-04-19 20:34:10 | 000,476,320 | —- | C] (Pegasus Imaging Corp.) – C:\WINDOWS\System32\ImagXpr7.dll
    [2011-04-19 20:34:10 | 000,471,040 | —- | C] (Pegasus Imaging Corp.) – C:\WINDOWS\System32\ImagXRA7.dll
    [2011-04-19 20:34:10 | 000,262,144 | —- | C] (Pegasus Imaging Corp.) – C:\WINDOWS\System32\ImagXR7.dll
    [2011-04-19 20:34:09 | 000,155,648 | —- | C] (Ahead Software Gmbh) – C:\WINDOWS\System32\NeroCheck.exe
    [2011-04-19 20:34:09 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Ahead
    [2011-04-19 20:34:05 | 000,000,000 | —D | C] – C:\Program Files\Ahead
    [2011-04-19 20:32:20 | 000,000,000 | —D | C] – C:\Program Files\Winamp
    [2011-04-19 20:29:49 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\Adobe
    [2011-04-19 20:29:09 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Start Menu\Programs\WinRAR
    [2011-04-19 20:29:09 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
    [2011-04-19 20:28:59 | 000,000,000 | —D | C] – C:\Program Files\WinRAR
    [2011-04-19 20:28:50 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
    [2011-04-19 20:28:43 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Adobe
    [2011-04-19 20:28:43 | 000,000,000 | —D | C] – C:\Program Files\Adobe
    [2011-04-19 20:22:13 | 000,000,000 | —D | C] – C:\WINDOWS\System32\DRVSTORE
    [2011-04-19 20:22:11 | 000,000,000 | —D | C] – C:\WINDOWS\System32\Lang
    [2011-04-19 20:21:43 | 000,000,000 | —D | C] – C:\Intel
    [2011-04-19 20:14:15 | 000,000,000 | —D | C] – C:\WINDOWS\System32\NtmsData
    [2011-04-19 19:58:24 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Office
    [2011-04-19 19:52:50 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Works
    [2011-04-19 19:52:12 | 000,000,000 | —D | C] – C:\Program Files\MSBuild
    [2011-04-19 19:51:02 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Visual Studio
    [2011-04-19 19:51:01 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DESIGNER
    [2011-04-19 19:45:48 | 000,000,000 | -H-D | C] – C:\WINDOWS\ShellNew
    [2011-04-19 19:45:04 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\Microsoft Help
    [2011-04-19 19:43:11 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Office
    [2011-04-19 19:42:39 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    [2011-04-19 19:41:11 | 000,000,000 | RH-D | C] – C:\MSOCache
    [2011-04-19 19:13:26 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\Identities
    [2011-04-19 19:13:21 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\My Documents\My Pictures
    [2011-04-19 19:13:21 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\My Documents\My Music
    [2011-04-19 19:13:18 | 000,000,000 | –SD | C] – C:\Documents and Settings\Chancanza\Cookies
    [2011-04-19 19:13:18 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\Start Menu\Programs\Startup
    [2011-04-19 19:13:18 | 000,000,000 | R–D | C] – C:\Documents and Settings\Chancanza\Start Menu\Programs\Accessories
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\Templates
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\Start Menu
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\SendTo
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\PrintHood
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\NetHood
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\My Documents
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\Favorites
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\Desktop
    [2011-04-19 19:13:18 | 000,000,000 | -HSD | C] – C:\Documents and Settings\Chancanza\Application Data
    [2011-04-19 19:13:18 | 000,000,000 | -H-D | C] – C:\Documents and Settings\Chancanza\Local Settings
    [2011-04-19 19:13:18 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Local Settings\Application Data\Microsoft
    [2011-04-19 19:13:18 | 000,000,000 | —D | C] – C:\Documents and Settings\Chancanza\Application Data\Microsoft
    [2011-04-19 19:06:10 | 000,000,000 | -HSD | C] – C:\Documents and Settings\All Users.WINDOWS\DRM
    [2011-04-19 19:04:40 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
    [2011-04-19 19:04:19 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
    [2011-04-19 19:03:58 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
    [2011-04-19 19:03:52 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
    [2011-04-19 19:02:59 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
    [2011-04-19 19:02:41 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
    [2011-04-19 18:56:58 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
    [2011-04-19 18:56:58 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Start Menu
    [2011-04-19 18:56:58 | 000,000,000 | R–D | C] – C:\Documents and Settings\All Users.WINDOWS\Documents
    [2011-04-19 18:56:58 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users.WINDOWS\Templates
    [2011-04-19 18:56:58 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Favorites
    [2011-04-19 18:56:58 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Desktop
    [2011-04-19 18:56:40 | 000,000,000 | –SD | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
    [2011-04-19 18:56:40 | 000,000,000 | RH-D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data
    [2011-04-12 22:46:10 | 000,000,000 | -HSD | C] – C:\FOUND.003
    [2011-03-19 14:16:02 | 000,000,000 | —D | C] – C:\Nelo
    [2010-10-05 20:27:04 | 000,228,024 | —- | C] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\klogon.dll
    [2010-06-09 16:43:52 | 000,011,352 | —- | C] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\drivers\kl2.sys
    [2010-06-09 16:43:50 | 000,132,184 | —- | C] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\drivers\kl1.sys
    [2010-05-07 11:06:26 | 000,032,856 | —- | C] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\drivers\klim5.sys
    [2009-11-08 14:44:50 | 000,000,000 | RHSD | C] – C:\cache
    [2009-11-08 12:14:58 | 000,000,000 | -HSD | C] – C:\FOUND.002
    [2009-11-02 19:27:24 | 000,019,472 | —- | C] (Kaspersky Lab) – C:\WINDOWS\System32\drivers\klmouflt.sys
    [2009-05-29 18:07:12 | 000,000,000 | -HSD | C] – C:\FOUND.001
    [2009-05-20 12:49:27 | 000,000,000 | -H-D | C] – C:\Program Files\Uninstall Information
    [2009-05-20 12:47:34 | 000,000,000 | —D | C] – C:\WINDOWS\SoftwareDistribution
    [2009-05-20 12:47:32 | 000,000,000 | –SD | C] – C:\WINDOWS\System32\Microsoft
    [2009-05-20 12:47:31 | 000,000,000 | –SD | C] – C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009-05-20 12:47:31 | 000,000,000 | —D | C] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009-05-20 12:47:17 | 000,000,000 | –SD | C] – C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2009-05-20 12:47:17 | 000,000,000 | —D | C] – C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009-05-20 12:39:16 | 000,000,000 | —D | C] – C:\WINDOWS\System32\xircom
    [2009-05-20 12:39:16 | 000,000,000 | —D | C] – C:\Program Files\xerox
    [2009-05-20 12:39:16 | 000,000,000 | —D | C] – C:\Program Files\microsoft frontpage
    [2009-05-20 12:37:58 | 000,000,000 | –SD | C] – C:\WINDOWS\Downloaded Program Files
    [2009-05-20 12:37:58 | 000,000,000 | R–D | C] – C:\WINDOWS\Offline Web Pages
    [2009-05-20 12:37:48 | 000,000,000 | -H-D | C] – C:\Program Files\WindowsUpdate
    [2009-05-20 12:37:33 | 000,000,000 | —D | C] – C:\WINDOWS\System32\DirectX
    [2009-05-20 12:37:08 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Services
    [2009-05-20 12:37:06 | 000,000,000 | –SD | C] – C:\WINDOWS\Tasks
    [2009-05-20 12:37:05 | 000,000,000 | —D | C] – C:\Program Files\Common Files\MSSoap
    [2009-05-20 12:37:02 | 000,000,000 | —D | C] – C:\WINDOWS\srchasst
    [2009-05-20 12:37:01 | 000,000,000 | —D | C] – C:\WINDOWS\System32\Macromed
    [2009-05-20 12:36:54 | 000,000,000 | —D | C] – C:\Program Files\Movie Maker
    [2009-05-20 12:36:48 | 000,000,000 | —D | C] – C:\WINDOWS\System32\Restore
    [2009-05-20 12:36:44 | 000,000,000 | —D | C] – C:\Program Files\NetMeeting
    [2009-05-20 12:36:42 | 000,000,000 | —D | C] – C:\Program Files\Outlook Express
    [2009-05-20 12:36:36 | 000,000,000 | —D | C] – C:\Program Files\Common Files\System
    [2009-05-20 12:36:36 | 000,000,000 | —D | C] – C:\Program Files\Internet Explorer
    [2009-05-20 12:35:58 | 000,000,000 | —D | C] – C:\Program Files\ComPlus Applications
    [2009-05-20 12:35:53 | 000,000,000 | —D | C] – C:\WINDOWS\Registration
    [2009-05-20 12:35:47 | 000,000,000 | —D | C] – C:\Program Files\Windows Media Player
    [2009-05-20 12:35:47 | 000,000,000 | —D | C] – C:\Program Files\Online Services
    [2009-05-20 12:35:42 | 000,000,000 | —D | C] – C:\Program Files\Messenger
    [2009-05-20 12:35:39 | 000,000,000 | —D | C] – C:\Program Files\MSN Gaming Zone
    [2009-05-20 12:35:09 | 000,000,000 | —D | C] – C:\Program Files\MSN
    [2009-05-20 12:35:08 | 000,281,088 | —- | C] (Cinematronics) – C:\WINDOWS\System32\dllcache\pinball.exe
    [2009-05-20 12:35:07 | 000,000,000 | —D | C] – C:\Program Files\Windows NT
    [2009-05-20 12:35:05 | 000,000,000 | —D | C] – C:\WINDOWS\System32\MsDtc
    [2009-05-20 12:35:03 | 000,000,000 | —D | C] – C:\WINDOWS\System32\Com
    [2009-05-20 00:37:49 | 000,000,000 | -HSD | C] – C:\WINDOWS\Installer
    [2009-05-20 00:37:48 | 000,000,000 | —D | C] – C:\Program Files\Common Files\ODBC
    [2009-05-20 00:37:44 | 000,000,000 | R–D | C] – C:\Program Files
    [2009-05-20 00:37:44 | 000,000,000 | —D | C] – C:\Program Files\Common Files\SpeechEngines
    [2009-05-20 00:37:44 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Microsoft Shared
    [2009-05-20 00:37:44 | 000,000,000 | —D | C] – C:\Program Files\Common Files
    [2009-05-20 00:37:04 | 000,000,000 | —D | C] – C:\WINDOWS\System32\CatRoot2
    [2009-05-20 00:37:04 | 000,000,000 | —D | C] – C:\WINDOWS\System32\CatRoot
    [2009-05-20 00:36:35 | 000,000,000 | -HSD | C] – C:\Documents and Settings
    [2009-05-20 00:30:59 | 000,000,000 | R-SD | C] – C:\WINDOWS\Fonts
    [2009-05-20 00:30:59 | 000,000,000 | RHSD | C] – C:\WINDOWS\System32\dllcache
    [2009-05-20 00:30:59 | 000,000,000 | R–D | C] – C:\WINDOWS\Web
    [2009-05-20 00:30:59 | 000,000,000 | -H-D | C] – C:\WINDOWS\inf
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\WinSxS
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\wins
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\wbem
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\usmt
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\twain_32
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Temp
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\system32
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\system
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\spool
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\ShellExt
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\Setup
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\security
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Resources
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\repair
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\ras
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Provisioning
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\PeerNet
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\pchealth
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\oobe
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32
    pp
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\mui
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\mui
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\msapps
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\msagent
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Media
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\java
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\inetsrv
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\IME
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\ime
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\icsxml
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\ias
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Help
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\export
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\drivers\etc
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\ehome
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\drivers
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Driver Cache
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\drivers\disdn
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\dhcp
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Debug
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Cursors
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Connection Wizard
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\config
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\Config
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\AppPatch
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\addins
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\3com_dmi
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\3076
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\2052
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1054
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1042
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1041
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1037
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1033
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1031
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1028
    [2009-05-20 00:30:59 | 000,000,000 | —D | C] – C:\WINDOWS\System32\1025
    [2008-10-19 18:26:18 | 000,000,000 | RHSD | C] – C:\RECYCLER
    [2008-06-22 14:48:38 | 000,000,000 | —D | C] – C:\programa instalado
    [2008-05-31 09:27:31 | 000,000,000 | —D | C] – C:\clips Guida
    [2008-04-04 14:31:42 | 000,000,000 | R–D | C] – C:\Formula1
    [2008-02-25 18:34:46 | 000,000,000 | -HSD | C] – C:\FOUND.000
    [2007-12-31 13:42:28 | 000,000,000 | -HSD | C] – C:\Recycled
    [2007-12-31 13:30:52 | 000,000,000 | —D | C] – C:\Chacanza computers
    [2007-12-31 12:55:17 | 000,000,000 | -HSD | C] – C:\System Volume Information
    [2006-02-02 23:35:51 | 000,595,968 | —- | C] (OldTimer Tools) – C:\Documents and Settings\Chancanza\Desktop\OTL - Copy.com
    [2 C:\Documents and Settings\Chancanza\My Documents\*.tmp files -> C:\Documents and Settings\Chancanza\My Documents\*.tmp -> ]
    [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========[/color:61cae3ddeb]

    [2012-06-22 07:50:46 | 000,002,515 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\Microsoft Office Word 2007 (8).lnk
    [2012-06-20 14:55:06 | 000,323,584 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\New Microsoft Office Access 2007 Database.accdb
    [2012-06-20 14:51:40 | 000,000,573 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\New Folder.lnk
    [2012-06-17 18:56:50 | 000,000,545 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\New Microsoft Office Word Document (4).lnk
    [2012-06-17 18:56:50 | 000,000,545 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\New Microsoft Office Word Document (13).lnk
    [2012-06-17 18:48:16 | 000,395,530 | —- | M] () – C:\WINDOWS\System32\perfh009.dat
    [2012-06-17 18:48:16 | 000,059,644 | —- | M] () – C:\WINDOWS\System32\perfc009.dat
    [2012-06-16 15:24:58 | 000,263,024 | —- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-06-16 15:20:04 | 000,049,415 | —- | M] () – C:\WINDOWS\System32\$winnt$.inf
    [2012-06-16 15:15:16 | 000,316,640 | —- | M] () – C:\WINDOWS\WMSysPr9.prx
    [2012-06-16 15:15:14 | 000,023,392 | —- | M] () – C:\WINDOWS\System32
    scompat.tlb
    [2012-06-16 15:15:14 | 000,016,832 | —- | M] () – C:\WINDOWS\System32\amcompat.tlb
    [2012-06-16 15:15:02 | 000,004,161 | —- | M] () – C:\WINDOWS\ODBCINST.INI
    [2012-06-16 15:13:16 | 000,022,748 | —- | M] () – C:\WINDOWS\System32\emptyregdb.dat
    [2012-06-16 15:11:22 | 000,000,210 | -HS- | M] () – C:\boot.ini
    [2012-06-16 14:29:36 | 000,532,984 | —- | M] () – C:\WINDOWS\setupapi.old
    [2012-06-15 10:30:58 | 000,000,393 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\VLC Media Player 1.0.0 NEW 2009 (6).lnk
    [2012-06-15 10:30:24 | 000,000,514 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\Shortcut to Joga Damas (8).lnk
    [2012-06-15 10:27:06 | 000,000,565 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\Shortcut to My Documents (5).lnk
    [2012-06-15 10:27:02 | 000,000,391 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\cv Emanuel.lnk
    [2012-06-15 10:27:02 | 000,000,369 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\AFORCE.lnk
    [2012-06-15 10:27:02 | 000,000,269 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\leonilde.lnk
    [2012-06-06 18:54:24 | 000,220,386 | —- | M] () – C:\WINDOWS\System32\spider.rar
    [2012-05-18 19:15:54 | 000,000,116 | —- | M] () – C:\WINDOWS\NeroDigital.ini
    [2012-04-27 13:59:54 | 000,595,968 | —- | M] (OldTimer Tools) – C:\Documents and Settings\Chancanza\Desktop\OTL - Copy.com
    [2012-04-04 15:56:40 | 000,022,344 | —- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
    [2011-11-22 10:04:16 | 000,028,672 | —- | M] () – C:\Documents and Settings\Chancanza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-11-21 13:31:16 | 000,475,736 | —- | M] (Kaspersky Lab) – C:\WINDOWS\System32\drivers\klif.sys
    [2011-11-20 15:23:46 | 000,000,452 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\spider.sav
    [2011-11-20 09:25:22 | 622,395,392 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\TempImage.nrg
    [2011-11-19 07:24:16 | 526,528,512 | —- | M] () – C:\WINDOWS\MEMORY.DMP
    [2011-11-17 05:11:16 | 000,031,744 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\Rescue.asd
    [2011-11-16 21:53:30 | 000,000,569 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\Pictures.lnk
    [2011-11-16 08:01:00 | 000,001,393 | —- | M] () – C:\WINDOWS\imsins.BAK
    [2011-11-13 20:23:24 | 000,000,595 | —- | M] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2011-10-23 10:59:54 | 033,831,275 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\My Music.rar
    [2011-10-17 10:09:18 | 000,000,571 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\Passwords.lnk
    [2011-10-09 07:05:54 | 000,000,000 | —- | M] () – C:\Documents and Settings\Chancanza\x.mpeg
    [2011-07-30 14:10:38 | 013,581,717 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\Chamillionaire- Ridin.mp4
    [2011-07-03 16:26:08 | 000,059,904 | —- | M] () – C:\Documents and Settings\Chancanza\My Documents\reserva de marromeu.pub
    [2011-06-06 18:13:22 | 000,000,851 | —- | M] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    [2011-05-02 16:11:54 | 000,000,447 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\Copy of Shortcut to F1D3D.lnk
    [2011-04-19 22:14:08 | 000,000,708 | —- | M] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011-04-19 20:34:58 | 000,001,161 | —- | M] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2011-04-19 20:34:58 | 000,001,143 | —- | M] () – C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart.lnk
    [2011-04-19 20:29:04 | 000,001,633 | —- | M] () – C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 8.lnk
    [2011-04-19 19:13:34 | 000,000,683 | —- | M] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011-04-19 19:13:32 | 000,000,079 | —- | M] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011-04-19 19:12:06 | 000,008,192 | —- | M] () – C:\WINDOWS\REGLOCS.OLD
    [2011-04-19 19:05:50 | 000,001,391 | —- | M] () – C:\Documents and Settings\Chancanza\Desktop\Windows Explorer.lnk
    [2010-10-05 20:27:04 | 000,228,024 | —- | M] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\klogon.dll
    [2010-06-09 16:43:52 | 000,011,352 | —- | M] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\drivers\kl2.sys
    [2010-06-09 16:43:50 | 000,132,184 | —- | M] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\drivers\kl1.sys
    [2010-05-07 11:06:26 | 000,032,856 | —- | M] (Kaspersky Lab ZAO) – C:\WINDOWS\System32\drivers\klim5.sys
    [2010-04-19 15:42:40 | 000,105,856 | R— | M] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
    [2010-04-19 15:42:40 | 000,105,856 | R— | M] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
    [2010-04-19 15:42:38 | 000,105,856 | R— | M] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\zteusbvoice.sys
    [2010-04-19 15:42:38 | 000,105,856 | R— | M] (ZTE Incorporated) – C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
    [2010-03-25 18:09:48 | 000,114,688 | R— | M] (ZTE Corporation) – C:\WINDOWS\System32\drivers\ZTEusbnet.sys
    [2009-11-02 19:27:24 | 000,019,472 | —- | M] (Kaspersky Lab) – C:\WINDOWS\System32\drivers\klmouflt.sys
    [2009-09-09 18:01:40 | 000,027,675 | —- | M] () – C:\WINDOWS\System32\drivers\klopp.dat
    [2009-08-26 15:04:30 | 000,053,248 | —- | M] (Windows XP Bundled build C-Centric Single User) – C:\WINDOWS\System32\CSVer.dll
    [2007-12-31 12:48:30 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS
    [2007-12-31 12:48:30 | 000,000,000 | RHS- | M] () – C:\IO.SYS
    [2007-12-31 12:48:30 | 000,000,000 | —- | M] () – C:\CONFIG.SYS
    [2007-12-31 12:48:30 | 000,000,000 | —- | M] () – C:\AUTOEXEC.BAT
    [2007-12-19 07:22:48 | 000,026,992 | R— | M] () – C:\WINDOWS\System32\igxpxs32.vp
    [2007-12-19 05:40:50 | 000,147,456 | R— | M] () – C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2007-12-19 05:32:02 | 001,843,784 | R— | M] () – C:\WINDOWS\System32\igklg400.dll
    [2007-12-19 05:32:02 | 001,399,880 | R— | M] () – C:\WINDOWS\System32\igklg450.dll
    [2007-12-19 05:32:02 | 000,104,636 | R— | M] () – C:\WINDOWS\System32\igmedcompkrn.dll
    [2007-12-19 05:01:06 | 000,002,096 | R— | M] () – C:\WINDOWS\System32\igxpxk32.vp
    [2007-10-23 09:45:40 | 001,336,632 | R— | M] () – C:\Documents and Settings\Chancanza\My Documents\LaunchU3.exe
    [2006-02-02 23:49:38 | 000,000,112 | -HS- | M] () – C:\WINDOWS\KLIF.spi
    [2006-02-02 23:04:18 | 000,002,048 | –S- | M] () – C:\WINDOWS\bootstat.dat
    [2006-02-02 21:09:46 | 000,002,206 | —- | M] () – C:\WINDOWS\System32\wpa.dbl
    [2 C:\Documents and Settings\Chancanza\My Documents\*.tmp files -> C:\Documents and Settings\Chancanza\My Documents\*.tmp -> ]
    [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========[/color:61cae3ddeb]

    [2012-06-16 15:17:25 | 000,175,104 | —- | C] () – C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2012-06-16 15:16:58 | 001,158,818 | —- | C] () – C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2012-06-16 15:16:46 | 000,059,392 | —- | C] () – C:\WINDOWS\System32\dllcache\imscinst.exe
    [2012-06-16 15:16:45 | 000,196,665 | —- | C] () – C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2012-06-16 15:16:42 | 000,134,339 | —- | C] () – C:\WINDOWS\System32\dllcache\imekr.lex
    [2012-06-16 15:16:30 | 013,463,552 | —- | C] () – C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2012-06-16 15:16:25 | 000,108,827 | —- | C] () – C:\WINDOWS\System32\dllcache\hanja.lex
    [2012-06-16 15:16:19 | 000,094,208 | —- | C] () – C:\WINDOWS\System32\dllcache\fpencode.dll
    [2012-06-16 15:16:05 | 000,173,568 | —- | C] () – C:\WINDOWS\System32\dllcache\chtskf.dll
    [2012-06-15 10:30:57 | 000,002,515 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\Microsoft Office Word 2007 (8).lnk
    [2012-06-15 10:30:57 | 000,000,545 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\New Microsoft Office Word Document (13).lnk
    [2012-06-15 10:30:57 | 000,000,393 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\VLC Media Player 1.0.0 NEW 2009 (6).lnk
    [2012-06-15 10:30:23 | 000,000,514 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\Shortcut to Joga Damas (8).lnk
    [2012-06-15 10:27:04 | 000,000,565 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\Shortcut to My Documents (5).lnk
    [2012-06-15 10:27:04 | 000,000,545 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\New Microsoft Office Word Document (4).lnk
    [2012-06-15 10:27:01 | 000,000,391 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\cv Emanuel.lnk
    [2012-06-15 10:27:01 | 000,000,369 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\AFORCE.lnk
    [2012-06-15 10:27:01 | 000,000,269 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\leonilde.lnk
    [2012-06-06 18:54:23 | 000,220,386 | —- | C] () – C:\WINDOWS\System32\spider.rar
    [2012-06-06 17:43:59 | 000,000,447 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\Copy of Shortcut to F1D3D.lnk
    [2012-05-26 16:09:51 | 000,323,584 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\New Microsoft Office Access 2007 Database.accdb
    [2011-12-11 20:07:58 | 000,000,573 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\New Folder.lnk
    [2011-11-21 13:32:59 | 000,115,369 | —- | C] () – C:\WINDOWS\System32\drivers\klin.dat
    [2011-11-21 13:32:59 | 000,097,961 | —- | C] () – C:\WINDOWS\System32\drivers\klick.dat
    [2011-11-20 15:23:44 | 000,000,452 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\spider.sav
    [2011-11-20 09:25:20 | 622,395,392 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\TempImage.nrg
    [2011-11-17 05:11:14 | 000,031,744 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\Rescue.asd
    [2011-11-16 09:25:23 | 000,000,164 | —- | C] () – C:\Documents and Settings\Chancanza\WINDOWS.lnk
    [2011-11-16 08:02:56 | 000,005,824 | —- | C] () – C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2011-11-16 07:21:53 | 000,141,702 | —- | C] () – C:\WINDOWS\System32\dllcache
    etfx.cat
    [2011-11-16 07:21:53 | 000,110,116 | —- | C] () – C:\WINDOWS\System32\dllcache\tabletpc.cat
    [2011-11-16 07:21:53 | 000,031,965 | —- | C] () – C:\WINDOWS\System32\dllcache\mediactr.cat
    [2011-11-16 07:21:53 | 000,024,209 | —- | C] () – C:\WINDOWS\System32\dllcache\msn7.cat
    [2011-11-16 07:21:53 | 000,011,651 | —- | C] () – C:\WINDOWS\System32\dllcache\msn9.cat
    [2011-11-16 07:21:53 | 000,008,574 | —- | C] () – C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2011-11-16 07:21:53 | 000,007,382 | —- | C] () – C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2011-11-16 07:21:53 | 000,007,334 | —- | C] () – C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2011-11-16 07:21:53 | 000,007,245 | —- | C] () – C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [2011-11-16 07:21:52 | 002,012,670 | —- | C] () – C:\WINDOWS\System32\dllcache\NT5.CAT
    [2011-11-16 07:21:52 | 001,042,903 | —- | C] () – C:\WINDOWS\System32\dllcache\SP2.CAT
    [2011-11-16 07:21:52 | 000,797,189 | —- | C] () – C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2011-11-16 07:21:52 | 000,502,724 | —- | C] () – C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [2011-11-16 07:21:52 | 000,399,645 | —- | C] () – C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2011-11-16 07:21:52 | 000,037,484 | —- | C] () – C:\WINDOWS\System32\dllcache\MW770.CAT
    [2011-11-16 07:21:52 | 000,031,281 | —- | C] () – C:\WINDOWS\System32\dllcache\FP4.CAT
    [2011-11-16 07:21:52 | 000,013,753 | —- | C] () – C:\WINDOWS\System32\dllcache\IMS.CAT
    [2011-11-16 07:21:52 | 000,013,472 | —- | C] () – C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2011-11-16 07:21:52 | 000,009,581 | —- | C] () – C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [2011-11-16 07:15:15 | 526,528,512 | —- | C] () – C:\WINDOWS\MEMORY.DMP
    [2011-11-13 20:23:23 | 000,001,148 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\50 FREE MP3s from eMusic!.lnk
    [2011-11-13 20:23:22 | 000,000,595 | —- | C] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
    [2011-10-31 08:42:06 | 001,336,632 | R— | C] () – C:\Documents and Settings\Chancanza\My Documents\LaunchU3.exe
    [2011-10-30 10:25:58 | 000,000,182 | —- | C] () – C:\Documents and Settings\Chancanza\Application Data.lnk
    [2011-10-30 10:25:58 | 000,000,170 | —- | C] () – C:\Documents and Settings\Chancanza\New Folder.lnk
    [2011-10-30 10:25:58 | 000,000,168 | —- | C] () – C:\Documents and Settings\Chancanza\Passwords.lnk
    [2011-10-30 10:25:58 | 000,000,168 | —- | C] () – C:\Documents and Settings\Chancanza\Favorites.lnk
    [2011-10-30 10:25:58 | 000,000,168 | —- | C] () – C:\Documents and Settings\Chancanza\Documents.lnk
    [2011-10-30 10:25:58 | 000,000,166 | —- | C] () – C:\Documents and Settings\Chancanza\Pictures.lnk
    [2011-10-30 10:25:58 | 000,000,164 | —- | C] () – C:\Documents and Settings\Chancanza\NetHood.lnk
    [2011-10-30 10:25:58 | 000,000,164 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop.lnk
    [2011-10-30 10:25:58 | 000,000,164 | —- | C] () – C:\Documents and Settings\Chancanza\Cookies.lnk
    [2011-10-30 10:25:58 | 000,000,162 | —- | C] () – C:\Documents and Settings\Chancanza\Recent.lnk
    [2011-10-30 10:25:58 | 000,000,160 | —- | C] () – C:\Documents and Settings\Chancanza\Video.lnk
    [2011-10-30 10:25:58 | 000,000,160 | —- | C] () – C:\Documents and Settings\Chancanza\Music.lnk
    [2011-10-30 10:25:57 | 000,000,178 | —- | C] () – C:\Documents and Settings\Chancanza\Local Settings.lnk
    [2011-10-30 10:25:57 | 000,000,174 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents.lnk
    [2011-10-30 10:25:57 | 000,000,170 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu.lnk
    [2011-10-30 10:25:57 | 000,000,168 | —- | C] () – C:\Documents and Settings\Chancanza\Templates.lnk
    [2011-10-30 10:25:57 | 000,000,168 | —- | C] () – C:\Documents and Settings\Chancanza\PrintHood.lnk
    [2011-10-30 10:25:57 | 000,000,162 | —- | C] () – C:\Documents and Settings\Chancanza\SendTo.lnk
    [2011-10-30 10:25:57 | 000,000,154 | —- | C] () – C:\Documents and Settings\Chancanza\…lnk
    [2011-10-30 10:25:57 | 000,000,152 | —- | C] () – C:\Documents and Settings\Chancanza\..lnk
    [2011-10-19 06:12:01 | 000,017,505 | R— | C] () – C:\DBI.EXE
    [2011-10-13 20:23:31 | 000,000,571 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\Passwords.lnk
    [2011-10-13 20:23:31 | 000,000,569 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\Pictures.lnk
    [2011-10-09 07:05:52 | 000,000,000 | —- | C] () – C:\Documents and Settings\Chancanza\x.mpeg
    [2011-10-09 07:05:51 | 000,000,696 | RHS- | C] () – C:\Documents and Settings\Chancanza\autorun.inf
    [2011-10-06 11:15:14 | 013,581,717 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\Chamillionaire- Ridin.mp4
    [2011-09-21 20:29:13 | 033,831,275 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\My Music.rar
    [2011-07-03 16:26:07 | 000,059,904 | —- | C] () – C:\Documents and Settings\Chancanza\My Documents\reserva de marromeu.pub
    [2011-06-06 18:13:21 | 000,000,851 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    [2011-04-20 12:29:43 | 000,028,672 | —- | C] () – C:\Documents and Settings\Chancanza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011-04-20 12:29:42 | 000,000,116 | —- | C] () – C:\WINDOWS\NeroDigital.ini
    [2011-04-19 22:14:07 | 000,000,708 | —- | C] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011-04-19 20:34:57 | 000,001,161 | —- | C] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
    [2011-04-19 20:34:57 | 000,001,143 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Desktop\Nero StartSmart.lnk
    [2011-04-19 20:29:03 | 000,001,633 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 8.lnk
    [2011-04-19 20:29:02 | 000,001,804 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Adobe Reader 8.lnk
    [2011-04-19 20:22:44 | 000,147,456 | R— | C] () – C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2011-04-19 20:22:42 | 000,192,512 | R— | C] () – C:\WINDOWS\System32\igfxrdeu.lrc
    [2011-04-19 20:22:39 | 000,104,636 | R— | C] () – C:\WINDOWS\System32\igmedcompkrn.dll
    [2011-04-19 20:22:38 | 001,843,784 | R— | C] () – C:\WINDOWS\System32\igklg400.dll
    [2011-04-19 20:22:38 | 001,399,880 | R— | C] () – C:\WINDOWS\System32\igklg450.dll
    [2011-04-19 20:22:38 | 000,026,992 | R— | C] () – C:\WINDOWS\System32\igxpxs32.vp
    [2011-04-19 20:22:38 | 000,002,096 | R— | C] () – C:\WINDOWS\System32\igxpxk32.vp
    [2011-04-19 19:13:31 | 000,000,079 | —- | C] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2011-04-19 19:13:26 | 000,000,642 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\Outlook Express.lnk
    [2011-04-19 19:13:24 | 000,000,683 | —- | C] () – C:\Documents and Settings\Chancanza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011-04-19 19:13:24 | 000,000,671 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\Internet Explorer.lnk
    [2011-04-19 19:13:19 | 000,001,391 | —- | C] () – C:\Documents and Settings\Chancanza\Desktop\Windows Explorer.lnk
    [2011-04-19 19:13:18 | 000,001,503 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\Remote Assistance.lnk
    [2011-04-19 19:13:18 | 000,000,696 | —- | C] () – C:\Documents and Settings\Chancanza\Start Menu\Programs\Windows Media Player.lnk
    [2011-04-19 19:12:04 | 000,008,192 | —- | C] () – C:\WINDOWS\REGLOCS.OLD
    [2011-04-19 19:11:07 | 000,002,048 | –S- | C] () – C:\WINDOWS\bootstat.dat
    [2011-04-19 19:07:04 | 000,002,577 | —- | C] () – C:\WINDOWS\System32\CONFIG.NT
    [2011-04-19 19:07:00 | 000,023,392 | —- | C] () – C:\WINDOWS\System32
    scompat.tlb
    [2011-04-19 19:07:00 | 000,016,832 | —- | C] () – C:\WINDOWS\System32\amcompat.tlb
    [2011-04-19 19:06:58 | 000,316,640 | —- | C] () – C:\WINDOWS\WMSysPr9.prx
    [2011-04-19 19:05:51 | 000,000,690 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Movie Maker.lnk
    [2011-04-19 19:05:40 | 004,399,505 | —- | C] () – C:\WINDOWS\System32\dllcache
    ls302en.lex
    [2011-04-19 19:05:14 | 000,048,680 | -HS- | C] () – C:\WINDOWS\winnt256.bmp
    [2011-04-19 19:05:14 | 000,048,680 | -HS- | C] () – C:\WINDOWS\winnt.bmp
    [2011-04-19 19:05:09 | 000,000,984 | —- | C] () – C:\WINDOWS\System32\dllcache\srframe.mmf
    [2011-04-19 19:04:53 | 000,376,320 | —- | C] () – C:\WINDOWS\System32\dllcache\msinfo.dll
    [2011-04-19 19:04:20 | 000,000,609 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows Messenger.lnk
    [2011-04-19 19:04:18 | 000,022,748 | —- | C] () – C:\WINDOWS\System32\emptyregdb.dat
    [2011-04-19 19:03:52 | 000,001,890 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN.lnk
    [2011-04-19 19:03:35 | 000,065,832 | —- | C] () – C:\WINDOWS\Santa Fe Stucco.bmp
    [2011-04-19 19:03:35 | 000,009,522 | —- | C] () – C:\WINDOWS\Zapotec.bmp
    [2011-04-19 19:03:34 | 000,065,978 | —- | C] () – C:\WINDOWS\Soap Bubbles.bmp
    [2011-04-19 19:03:34 | 000,065,954 | —- | C] () – C:\WINDOWS\Prairie Wind.bmp
    [2011-04-19 19:03:34 | 000,026,680 | —- | C] () – C:\WINDOWS\River Sumida.bmp
    [2011-04-19 19:03:34 | 000,026,582 | —- | C] () – C:\WINDOWS\Greenstone.bmp
    [2011-04-19 19:03:34 | 000,017,362 | —- | C] () – C:\WINDOWS\Rhododendron.bmp
    [2011-04-19 19:03:34 | 000,017,336 | —- | C] () – C:\WINDOWS\Gone Fishing.bmp
    [2011-04-19 19:03:34 | 000,017,062 | —- | C] () – C:\WINDOWS\Coffee Bean.bmp
    [2011-04-19 19:03:34 | 000,016,730 | —- | C] () – C:\WINDOWS\FeatherTexture.bmp
    [2011-04-19 19:03:34 | 000,001,272 | —- | C] () – C:\WINDOWS\Blue Lace 16.bmp
    [2011-04-19 19:03:31 | 000,003,286 | —- | C] () – C:\WINDOWS\System32\tslabels.h
    [2011-04-19 19:03:31 | 000,001,161 | —- | C] () – C:\WINDOWS\System32\usrlogon.cmd
    [2011-04-19 19:03:30 | 000,000,768 | —- | C] () – C:\WINDOWS\System32\msdtcprf.h
    [2011-04-19 19:03:24 | 000,063,488 | —- | C] () – C:\WINDOWS\System32\wmimgmt.msc
    [2011-04-19 18:57:26 | 000,001,393 | —- | C] () – C:\WINDOWS\imsins.BAK
    [2011-04-19 18:57:22 | 000,004,161 | —- | C] () – C:\WINDOWS\ODBCINST.INI
    [2011-04-19 18:57:07 | 000,001,688 | —- | C] () – C:\WINDOWS\System32\AUTOEXEC.NT
    [2011-04-19 18:56:40 | 000,532,984 | —- | C] () – C:\WINDOWS\setupapi.old
    [2011-04-19 18:56:19 | 000,263,024 | —- | C] () – C:\WINDOWS\System32\FNTCACHE.DAT
    [2011-04-19 18:54:15 | 000,049,415 | —- | C] () – C:\WINDOWS\System32\$winnt$.inf
    [2009-09-09 18:01:40 | 000,027,675 | —- | C] () – C:\WINDOWS\System32\drivers\klopp.dat
    [2009-05-20 12:36:59 | 000,004,639 | —- | C] () – C:\WINDOWS\System32\dllcache\mplayer2.exe
    [2009-05-20 00:37:46 | 001,685,606 | —- | C] () – C:\WINDOWS\System32\dllcache\sam.spd
    [2009-05-20 00:37:46 | 000,000,888 | —- | C] () – C:\WINDOWS\System32\dllcache\sam.sdf
    [2009-05-20 00:37:45 | 000,643,717 | —- | C] () – C:\WINDOWS\System32\dllcache\ltts1033.lxa
    [2009-05-20 00:37:45 | 000,605,050 | —- | C] () – C:\WINDOWS\System32\dllcache\r1033tts.lxa
    [2007-12-31 12:48:29 | 000,000,000 | RHS- | C] () – C:\MSDOS.SYS
    [2007-12-31 12:48:29 | 000,000,000 | RHS- | C] () – C:\IO.SYS
    [2007-12-31 12:48:29 | 000,000,000 | —- | C] () – C:\CONFIG.
  • Ik zie dat ie niet compleet is.
    Hier verder:
    ****************************************
    [2007-12-31 12:48:29 | 000,000,000 | —- | C] () – C:\AUTOEXEC.BAT
    [2007-12-31 12:04:26 | 000,000,210 | -HS- | C] () – C:\boot.ini
    [2006-01-01 18:50:29 | 000,102,912 | —- | C] () – C:\WINDOWS\System32\drivers\FWDRV.SYS
    [2006-01-01 02:42:30 | 000,004,998 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Application Data\mtbjfghn.xbe
    [2004-08-03 23:07:22 | 000,001,788 | —- | C] () – C:\WINDOWS\System32\Dcache.bin
    [2004-08-03 22:56:44 | 000,081,920 | —- | C] () – C:\WINDOWS\System32\ieencode.dll
    [2004-08-02 12:20:40 | 000,004,569 | —- | C] () – C:\WINDOWS\System32\secupd.dat
    [2004-07-17 09:36:38 | 000,027,440 | —- | C] () – C:\WINDOWS\System32\drivers\secdrv.sys

    ========== LOP Check ==========[/color:69cfb9ce3e]

    [2011-06-07 19:17:16 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Vodafone
    [2011-06-07 19:17:38 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Vodafone
    [2011-06-07 19:17:48 | 000,000,000 | —D | M] – C:\Documents and Settings\Chancanza\Application Data\Vodafone
    [2006-01-01 02:41:58 | 000,000,000 | —D | M] – C:\Documents and Settings\Chancanza\Application Data\Carambis

    ========== Purity Check ==========[/color:69cfb9ce3e]



    < End of report >
    ***************

    NU DE ANDERE

    **************
    OTL Extras logfile created on: 02-02-2006 23:36:59 - Run 1
    OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Chancanza\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

    502,04 Mb Total Physical Memory | 196,86 Mb Available Physical Memory | 39,21% Memory free
    1,19 Gb Paging File | 0,74 Gb Available in Paging File | 61,79% Paging File free
    Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 30,26 Gb Total Space | 3,33 Gb Free Space | 11,02% Space Free | Partition Type: FAT32
    Drive D: | 30,27 Gb Total Space | 11,43 Gb Free Space | 37,75% Space Free | Partition Type: NTFS
    Drive E: | 14,00 Gb Total Space | 9,38 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
    Drive F: | 171,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive G: | 121,01 Mb Total Space | 11,83 Mb Free Space | 9,78% Space Free | Partition Type: FAT32

    Computer Name: CHANCANZA-PC | User Name: Chancanza | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:69cfb9ce3e]


    ========== File Associations ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] – rundll32.exe shdocvw.dll,OpenURL %l

    ========== Shell Spawning ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] – "%1" %*
    InternetShortcut [open] – rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] – C:\Program Files\VideoLAN\VLC\vlc.exe –started-from-file –playlist-enqueue "%1" ()
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] – C:\Program Files\VideoLAN\VLC\vlc.exe –started-from-file –no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] – "C:\programa instalado\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] – "C:\programa instalado\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] – "C:\programa instalado\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:69cfb9ce3e]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{51C8741C-4A91-42A6-B6A2-CB891F7398A1}" = Kerio Personal Firewall 2.1.5
    "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
    "{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "Driver Updater" = Carambis Driver Updater
    "eMusic Promotion" = eMusic - 50 Free MP3 offer
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
    "VLC media player" = VLC media player 1.0.0-git-20080927-0008
    "Winamp" = Winamp (remove only)
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========[/color:69cfb9ce3e]

    [ Application Events ]
    Error - 09-02-2012 1:57:58 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 13-05-2012 0:21:55 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 13-05-2012 12:19:36 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 17-05-2012 14:37:11 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 17-05-2012 15:45:16 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 18-05-2012 12:30:47 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 18-05-2012 13:07:03 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 20-05-2012 13:35:16 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 26-05-2012 9:50:11 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 28-05-2012 3:40:31 | Computer Name = CHANCANZA-PC | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    [ OSession Events ]
    Error - 11-10-2011 14:57:24 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11-10-2011 14:57:31 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11-10-2011 14:57:36 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11-10-2011 14:57:45 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11-10-2011 14:57:49 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 11-10-2011 14:58:15 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 17-10-2011 4:28:05 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 17-10-2011 4:28:10 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 17-10-2011 4:28:12 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 17-10-2011 4:28:16 | Computer Name = CHANCANZA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 26-06-2012 7:33:50 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus
    Service service to connect.

    Error - 26-06-2012 7:33:50 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7000
    Description = The Kaspersky Anti-Virus Service service failed to start due to the
    following error: %%1053

    Error - 26-06-2012 7:34:44 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error - 26-06-2012 7:34:46 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error - 26-06-2012 7:35:53 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error - 26-06-2012 7:35:55 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for Type with the following error:
    %%5

    Error - 26-06-2012 7:38:31 | Computer Name = CHANCANZA-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 26-06-2012 7:38:31 | Computer Name = CHANCANZA-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume E:.

    Error - 26-06-2012 7:38:54 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus
    Service service to connect.

    Error - 26-06-2012 7:38:54 | Computer Name = CHANCANZA-PC | Source = Service Control Manager | ID = 7000
    Description = The Kaspersky Anti-Virus Service service failed to start due to the
    following error: %%1053


    < End of report >
    *****************

    DUS IN TWEE KEER.
    Dank voor de aandacht!!
    perloc
  • Hallo Perlox, er zit een drver-update tool in die Windows.
    Graag deïnstalleren.
    [b:fb63655a51]Carambis Driver Updater[/b:fb63655a51]


    [b:fb63655a51]Sluit voordat OTL[/color:fb63655a51] de fix laat doen, eerst alle andere openstaande vensters![/b:fb63655a51]

    [list:fb63655a51][*:fb63655a51]Dubblklik op [img:fb63655a51]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:fb63655a51]
    [*:fb63655a51]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:fb63655a51]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:fb63655a51]

    [b:fb63655a51]
    :OTL
    [2 C:\Documents and Settings\Chancanza\My Documents\*.tmp files -> C:\Documents and Settings\Chancanza\My Documents\*.tmp -> ]
    [14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    :Services


    :Reg


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
    [reboot][/color:fb63655a51][/b:fb63655a51]


    [*:fb63655a51]Klik daarna bovenaan op [img:fb63655a51]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:fb63655a51]
    [*:fb63655a51]Laat het programma ongestoord zijn werk doen.
    [*:fb63655a51][b:fb63655a51]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:fb63655a51][/color:fb63655a51]
    [*:fb63655a51]Klik op [b:fb63655a51]OK[/b:fb63655a51]
    [*:fb63655a51]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
    [*:fb63655a51]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:fb63655a51]
  • Carambis verwijderd.
    Opdracht uitgevoerd.
    Na de reboor kreeg ik de melding "Invalid System Disk"!
    Daar schrok ik toch wel even van!
    Nogmaals boot en de compter startte op.
    Hier is de log:
    **********************
    All processes killed
    ========== OTL ==========
    C:\Documents and Settings\Chancanza\My Documents\~WRL0005.tmp deleted successfully.
    C:\Documents and Settings\Chancanza\My Documents\Copy of ~WRL0005.tmp deleted successfully.
    C:\WINDOWS\SET29.tmp deleted successfully.
    C:\WINDOWS\SET2C.tmp deleted successfully.
    C:\WINDOWS\SET38.tmp deleted successfully.
    C:\WINDOWS\SET3C.tmp deleted successfully.
    C:\WINDOWS\SET3F.tmp deleted successfully.
    C:\WINDOWS\SET4B.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\DUMP5d91.tmp deleted successfully.
    C:\WINDOWS\DUMP6050.tmp deleted successfully.
    C:\WINDOWS\DUMP5d71.tmp deleted successfully.
    C:\WINDOWS\DUMP5c1a.tmp deleted successfully.
    C:\WINDOWS\DUMP66b8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >[/color:445e36f910]
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Chancanza\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Chancanza\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: CHACANZA E CANDEADO
    ->Temp folder emptied: 2244118 bytes
    ->Temporary Internet Files folder emptied: 664042 bytes

    User: All Users.WINDOWS

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Chancanza
    ->Temp folder emptied: 194524784 bytes
    ->Temporary Internet Files folder emptied: 46953920 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4393149 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 46145205 bytes

    Total Files Cleaned = 281,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: NetworkService

    User: LocalService

    User: CHACANZA E CANDEADO

    User: All Users.WINDOWS

    User: NetworkService.NT AUTHORITY

    User: LocalService.NT AUTHORITY

    User: Chancanza

    User: Default User.WINDOWS

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: NetworkService

    User: LocalService

    User: CHACANZA E CANDEADO

    User: All Users.WINDOWS

    User: NetworkService.NT AUTHORITY

    User: LocalService.NT AUTHORITY

    User: Chancanza

    User: Default User.WINDOWS

    Total Flash Files Cleaned = 0,00 mb

    Unable to start System Restore Service. Error code 1056

    OTL by OldTimer - Version 3.2.42.1 log created on 02032006_023317

    Files\Folders moved on Reboot…
    File\Folder C:\WINDOWS\temp\kls3EF1.tmp not found!

    Registry entries deleted on Reboot…
    *******************

    perloc
  • Vertel hoe het nu gaat.
  • Er is verbetering.
    Twee foutmeldingen bij het boot scherm zijn verdwenen.
    Er is nog steeds de foutmelding:
    0198: System Security - Unauthoraized BIOS Update Attempt.
    (Dat moet ik met een foto van het scherm te weten komen omdat het snel verdwijnt).

    CHKDSK voor drive C: is bij opstarten verdwenen, voor drive E: persisteert bij elke boot.
    Wat betreft aan-/afwezigheid van viruses kan ik natuurlijk niets zeggen, maar bovenstaande doet vermoeden…..

    Verder krijg ik IE8 niet geinstalleerd - IE6 heeft nog steeds dezelfde fouit: loopt vast bij nieuwe pagina.
    Ik zou graag Karpinsky willen verwijderen maar dat lukt niet: na de laatste druk op de knop "Remove" loopt ook deze zaak vast.
    Verder zou ik C: met FAT32 willen overzetten naar NTFS, maar daar kan ik wel een tool voor vinden op Internet.
    Dat blijkt niet te gaan met Diskmgmt.msc

    Hé!! Karpinski is tóch aan het werk gegaan. Dus misschien lukt dat nu wel! Heeft vele minuten geduurd voor dit opstartte. Is gelukt!!

    Op dit moment verder niets meer zover ik zie.
    perloc
  • Update en verbetering.
    Ik heb voor drive E: in een MS-DOS window het commando gegeven:
    CHKDSK E: /f

    Dat heeft ook partitie E: beter gemaakt, geen check meer bij opstart en er is ineens aanmerkelijk >50% ruimte op drive E: !!

    Verder is het installeren van IE8 een loop: bij opstart komt de mededeling dat hij van Internet updates moet halen maar dat blijkt uit een lijst een volledige download, die bij install weer hetzelfde doet: weer een download van IE8
    Hoe doorbreek ik dat?

    perloc
  • Als IE6 beschadigd laat zich daardoor IE8 mogelijk ook niet installeren.
    Ook kan het zijn dat een spywareprogramma dwarszit bij de installatie.

    Overigens is Firefox een betere en veiligere oplossing!
  • Het is nog lang niet goed!!
    Bij boot is nog steeds die foutmelding van een "attempt to update de BIOS" te zien. Om door te starten moet ik op de F2 toets drukken.
    Verder krijg ik IE8 niet geinstalleerd. Wel een keer of 6 geprobeerd.
    De update gevonden en nu begint hij met installeren zonder te melden dat hij updates moet downloaden. Dat gaat als volgt:
    - Run IE8-WindowsXP-x86-ENU.exe
    - IE8 Window met files transfer
    - Remove Previous version
    - Knop: reboot for further installation
    - reboot en tot 2x toe een melding: invalid Disk, Replace en hit key
    - 3de keer start hij op en begint opnieuw met installeren van IE8
    - aut. logging off en reboot
    - Na opstart: geen IE logo op desktop en ook geen ie8 of Internet Explorer application te vinden, in de computer.

    Dus ik heb nog steeds geen Internet op deze computer. Alles moet nog via mijn eigen laptop.
    Hoe moet dit verder?
    SP 3 is geinstalleerd, want dat moest voor installatie van IE8

    perloc
  • Hoe oud is dat computerkreng al?
  • Geen idee zeg!
    Het is een Lenovo (MOBO - desktop)
    Ik zal eens kijken welke processor erin zit. Even wachten dus….
    Ehhhh…. dat is een x86 family 15 model 6 Stepping 4 GuineIntel ~2793 Mhz processor. Geen moderne dus maar ook geen idee hoe oud…
    Available memory 512 MByte, dus ook niet veel.
    Ik vind dat ding nog redelijk snel reageren, zo bij opstart.

    En natuurlijk met een illegale Windows, zoals vrijwel alle desktops die ik gezien heb in de loop van de jaren dat ik hier ben (> 25!). En het maakt weinig uit waar ze staan, bij het gouvernement, ziekenhuis (waar ik beiden intensief mee te maken heb gehad) of van studenten van de Universiteit.
    Alleen de laptops zijn altijd legaal uitgerust met een plakker, maar ja, dat kan ook haast niet anders….
    Als ik Windows er opnieuw op moet zetten heb ik nog twee legale (gekocht en betaald) OEM licentie plakkers liggen voor WinXP prof.
    Maar dat wordt dan een dure reparatie voor hem!!

    perloc
  • Doe het volgende:

    [b:ede6e03739]Welk programma[/b:ede6e03739]: CrystalDiskInfo
    [b:ede6e03739]Waarvoor/waarom[/b:ede6e03739]: controle van van SMART-gegevens van de harddisk(s)
    [b:ede6e03739]Moeilijkheidsgraad[/b:ede6e03739]: geen.
    [b:ede6e03739]Download CrystalDiskInfo[/b:ede6e03739] [b:ede6e03739]hier[/b:ede6e03739]


    [img:ede6e03739]http://www.imgdumper.nl/uploads4/4df870efec9f5/4df870efeba86-CrystalDiskInfo.png[/img:ede6e03739]


    Installeer het tool en start vervolgens CrystalDiskInfo

    Het tool leest daarop de SMART-gegevens van de aangesloten harddisks.
    Is de kleur Blauw - dan volledig gezond.
    Is de kleur Geel - dan zijn er problemen.
    Is de kleur Rood - dan de HD z.s.m. vervangen.

    Bij SSD's wordt ook de gezondheidstoestand van de SSD's vermeld (Health)

    [b:ede6e03739]Notabene:[/b:ede6e03739][/color:ede6e03739] tijdens de installatie wordt je aangeboden ook de AVG Internet Security Linkscanner te installeren.
    Beter is het dan ook de vinkjes eerst te verwijderen.
  • Blauw!
    Maar klopt het dat de test in een oogwenk is gebeurd?
    Gelijk na opstarten kwam hij al hiermee. Alle "bullits" waren blauw.

    perloc
  • Welnu, we kunne dan de HD uitvlakken wat betreft de problemen.
    En ja, Crystal DiskInfo leest enkel de S.M.A.R.T.-gegeven van de HD en dat gaat normaal gesproken altijd snel.

    We gaan nu dieper kijken:

    [b:19fba7619f]Stap •1•[/b:19fba7619f][/color:19fba7619f]
    [b:19fba7619f]Welk programma[/b:19fba7619f]: [b:19fba7619f]TDSSStarter.exe[/b:19fba7619f]
    [b:19fba7619f]Waarvoor/waarom[/b:19fba7619f]: Rootkitscanner
    [b:19fba7619f]Moeilijkheidsgraad[/b:19fba7619f]: geen
    Download [b:19fba7619f]TDSSStarter[/b:19fba7619f] naar het bureaublad.

    [b:19fba7619f]"TDSSSStarter.exe" gebruiken[/b:19fba7619f]:
    [list:19fba7619f][*:19fba7619f] [b:19fba7619f]Sluit nu eerst alle nog openstaande programmavensters![/color:19fba7619f][/b:19fba7619f]
    [list:19fba7619f][*:19fba7619f][b:19fba7619f]Windows 2000[/color:19fba7619f][/b:19fba7619f] en [b:19fba7619f]Windows XP[/b:19fba7619f][/color:19fba7619f]: start het tool middels dubbelklik op "[i:19fba7619f] TDSSStarter .exe[/i:19fba7619f]".
    [*:19fba7619f][b:19fba7619f]Windows Vista[/b:19fba7619f][/color:19fba7619f] en [b:19fba7619f]Windows 7[/b:19fba7619f][/color:19fba7619f]: start het tool middels rechtsklik op "[i:19fba7619f]TDSSStarter.exe[/i:19fba7619f]" en dan kiezen voor [i:19fba7619f][b:19fba7619f]Als Administrator uitvoeren[/b:19fba7619f][/i:19fba7619f].[/list:u:19fba7619f]

    [*:19fba7619f]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:19fba7619f]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:19fba7619f]


    [b:19fba7619f]Stap •2•[/b:19fba7619f][/color:19fba7619f]
    [b:19fba7619f]Welk programma[/b:19fba7619f]: ComboFix
    [b:19fba7619f]Waarvoor/waarom[/b:19fba7619f]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:19fba7619f]Moeilijkheidsgraad[/b:19fba7619f]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:19fba7619f]Downloadlokatie[/b:19fba7619f]: Dit programma absoluut naar het bureaublad downloaden!
    [b:19fba7619f]Download ComboFix via één van deze locaties[/b:19fba7619f]:
    [list:19fba7619f][*:19fba7619f][b:19fba7619f]Bleepingcomputer[/b:19fba7619f]
    [*:19fba7619f][b:19fba7619f]ForoSpyware[/b:19fba7619f]
    [*:19fba7619f][b:19fba7619f]Geekstogo[/b:19fba7619f][/list:u:19fba7619f]
    [b:19fba7619f]Hier[/b:19fba7619f] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:19fba7619f]Hier[/b:19fba7619f] en [b:19fba7619f]hier[/b:19fba7619f] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:19fba7619f]Voor alle duidelijkheid nogmaals[/b:19fba7619f]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:19fba7619f]Opmerkingen[/b:19fba7619f]:
    [list:19fba7619f][*:19fba7619f] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:19fba7619f]
    [b:19fba7619f]ComboFix opstarten[/b:19fba7619f]:
    [list:19fba7619f][*:19fba7619f] [b:19fba7619f]Sluit nu eerst alle nog openstaande programmavensters![/color:19fba7619f][/b:19fba7619f]
    [list:19fba7619f][*:19fba7619f][b:19fba7619f]Windows 2000[/color:19fba7619f][/b:19fba7619f] en [b:19fba7619f]Windows XP[/b:19fba7619f][/color:19fba7619f]: start ComboFix.exe middels dubbelklik op ComboFix.exe.
    [*:19fba7619f][b:19fba7619f]Windows Vista[/b:19fba7619f][/color:19fba7619f] en [b:19fba7619f]Windows 7[/b:19fba7619f][/color:19fba7619f]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor [i:19fba7619f][b:19fba7619f]Als Administrator uitvoeren[/b:19fba7619f][/i:19fba7619f].[/list:u:19fba7619f][/list:u:19fba7619f]
    [b:19fba7619f]ComboFix is opgestart[/b:19fba7619f]:
    [list:19fba7619f][*:19fba7619f]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:19fba7619f]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
    [*:19fba7619f]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:19fba7619f]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:19fba7619f]Post de inhoud van dit logbestand in je volgende bericht.
    [*:19fba7619f]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:19fba7619f]
    [b:19fba7619f]Belangrijke opmerking[/b:19fba7619f]:
    [list:19fba7619f][*:19fba7619f][b:19fba7619f]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:19fba7619f][/b:19fba7619f]
    [*:19fba7619f][b:19fba7619f]Illegal operation attempted on a registery key that has been marked for deletion.[/color:19fba7619f][/b:19fba7619f]
    [*:19fba7619f][b:19fba7619f]Start dan de computer opnieuw op.[/color:19fba7619f][/b:19fba7619f][/list:u:19fba7619f]

    [b:19fba7619f]Stap •3•[/b:19fba7619f][/color:19fba7619f]
    [b:19fba7619f]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:19fba7619f]
    [list:19fba7619f][*:19fba7619f] TDSSKStarter-log
    [*:19fba7619f] ComboFix.txt-log
    [/list:u:19fba7619f]

    Notabene: indien je de recoveryconsolei nstalleert, wordt gedectecteerd dat Windows illegitiem is.
  • Hier zijn de twee logs:
    *********************
    All processes killed
    ========== OTL ==========
    C:\Documents and Settings\Chancanza\My Documents\~WRL0005.tmp deleted successfully.
    C:\Documents and Settings\Chancanza\My Documents\Copy of ~WRL0005.tmp deleted successfully.
    C:\WINDOWS\SET29.tmp deleted successfully.
    C:\WINDOWS\SET2C.tmp deleted successfully.
    C:\WINDOWS\SET38.tmp deleted successfully.
    C:\WINDOWS\SET3C.tmp deleted successfully.
    C:\WINDOWS\SET3F.tmp deleted successfully.
    C:\WINDOWS\SET4B.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\DUMP5d91.tmp deleted successfully.
    C:\WINDOWS\DUMP6050.tmp deleted successfully.
    C:\WINDOWS\DUMP5d71.tmp deleted successfully.
    C:\WINDOWS\DUMP5c1a.tmp deleted successfully.
    C:\WINDOWS\DUMP66b8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >[/color:82b86439a5]
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Chancanza\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Chancanza\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: CHACANZA E CANDEADO
    ->Temp folder emptied: 2244118 bytes
    ->Temporary Internet Files folder emptied: 664042 bytes

    User: All Users.WINDOWS

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Chancanza
    ->Temp folder emptied: 194524784 bytes
    ->Temporary Internet Files folder emptied: 46953920 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4393149 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 46145205 bytes

    Total Files Cleaned = 281,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: NetworkService

    User: LocalService

    User: CHACANZA E CANDEADO

    User: All Users.WINDOWS

    User: NetworkService.NT AUTHORITY

    User: LocalService.NT AUTHORITY

    User: Chancanza

    User: Default User.WINDOWS

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: NetworkService

    User: LocalService

    User: CHACANZA E CANDEADO

    User: All Users.WINDOWS

    User: NetworkService.NT AUTHORITY

    User: LocalService.NT AUTHORITY

    User: Chancanza

    User: Default User.WINDOWS

    Total Flash Files Cleaned = 0,00 mb

    Unable to start System Restore Service. Error code 1056

    OTL by OldTimer - Version 3.2.42.1 log created on 02032006_023317

    Files\Folders moved on Reboot…
    File\Folder C:\WINDOWS\temp\kls3EF1.tmp not found!

    Registry entries deleted on Reboot…

    *********************
    ComboFix 12-04-29.01 - Chancanza 29-04-2012 18:20:40.1.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.170 [GMT 2:00]
    Running from: c:\documents and settings\Chancanza\Desktop\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 091127-1] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Chancanza\Cookies.lnk
    c:\documents and settings\Chancanza\taenau.exe /v
    c:\documents and settings\Chancanza\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-22 05:46 . 2008-04-13 22:09 14592 —-a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-06-18 16:41 . 2012-06-18 16:41 ——– d—–w- C:\FOUND.074
    2012-06-16 13:29 . 2007-12-19 03:06 172032 —-a-r- c:\windows\system32\igfxres.dll
    2012-06-16 13:18 . 2001-08-23 15:00 41600 —-a-w- c:\windows\system32\dllcache\weitekp9.dll
    2012-06-16 13:18 . 2001-08-23 15:00 31232 —-a-w- c:\windows\system32\dllcache\weitekp9.sys
    2012-06-16 13:16 . 2001-08-23 15:00 70656 —-a-w- c:\windows\system32\dllcache\korwbrkr.dll
    2012-06-16 13:15 . 2001-08-23 15:00 45568 —-a-w- c:\windows\system32\dllcache\browscap.dll
    2012-06-16 13:07 . 2001-08-23 15:00 24661 —-a-w- c:\windows\system32\spxcoins.dll
    2012-06-16 13:07 . 2001-08-23 15:00 24661 —-a-w- c:\windows\system32\dllcache\spxcoins.dll
    2012-06-16 13:07 . 2001-08-23 15:00 13312 —-a-w- c:\windows\system32\irclass.dll
    2012-06-16 13:07 . 2001-08-23 15:00 13312 —-a-w- c:\windows\system32\dllcache\irclass.dll
    2012-06-16 13:06 . 2012-06-16 13:06 ——– d–h–w- c:\documents and settings\Default User.WINDOWS
    2012-06-06 09:16 . 2012-06-06 09:16 ——– d—–w- C:\FOUND.073
    2012-05-29 18:55 . 2012-05-29 18:55 ——– d—–w- C:\FOUND.072
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 13:56 . 2006-01-01 05:04 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "WinampAgent"="c:\programa instalado\Winamp\winampa.exe" [2006-05-25 35328]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
    "avast!"="c:\progra~2\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    .
    c:\documents and settings\Chancanza\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/17/2011 8:02 PM 16024]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/3/2006 2:55 PM 114768]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/16/2011 8:02 AM 13696]
    R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [1/1/2006 6:50 PM 102912]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/3/2006 2:55 PM 20560]
    R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/17/2011 8:02 PM 220824]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/1/2006 2:30 PM 40776]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [6/7/2011 7:18 PM 114688]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [6/7/2011 7:18 PM 105856]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    ——- File Associations ——-
    .
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-taenau - c:\documents and settings\Chancanza\taenau.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-29 19:04
    Windows 5.1.2600 Service Pack 3 FAT NTAPI
    .
    scanning hidden processes …
    .
    scanning hidden autostart entries …
    .
    scanning hidden files …
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    ——————— LOCKED REGISTRY KEYS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "Licence0"="04F0D21-79D8-7A25-D702-433F"
    .
    ——————— DLLs Loaded Under Running Processes ———————
    .
    - - - - - - - > 'explorer.exe'(3604)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    .
    ———————— Other Running Processes ————————
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Kerio\Personal Firewall\persfw.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 19:05:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-29 17:05
    .
    Pre-Run: 2.824.716.288 bytes free
    Post-Run: 2.786.983.936 bytes free
    .
    - - End Of File - - 0ECFBD5637824FD0F67056C8AE2E4CF8
    ****************************


    Ik heb ook gemerkt dat de klok niet was gezet. Inmiddels gedaan.
    Tevens gevonden waardoor hij de melding dat er bij boot geen systeem is te vinden. Dat blijkt te gebeuren als er een flashkey inzit. Dus dat moet ik even in de BIOS disablen.

    perloc
  • Je hebt wederom het OTL-fix-log gepost en het log van TDSSStarter mist.
  • Ik meende al dat er iets mis was en nu weet ik het zeker.
    Nadat TDSStarter dat log op de desktop had heb ik het naar de desktop weggeschreven. Dat stond er, weet ik zeker!
    Toen is Combofix aan de gang gegaan en nadat hij klaar was is er een reboot gedaan.
    Het log van TDSS was van de desktop verdwenen!
    En ook de TDSStarter folder (op C:) is helemaal leeggehaald. Zou Combofix dat hebben gedaan?
    In plaats daavan is een hele rij folders gemaakt met als naam FOUND.nnn en als extentie van 000 tot 074
    Ik heb een van die folders geopend en er staan files in met de naam: FILEnnn waarbij nnn van 000 tot het aantal in de folder. Windows meldt dat dat "Recovered File fragments" zijn. Deze hebben er voordien zeker niet ingestaan. Wat moet ik ermee doen?
    De log van TDSStarter is niet meer te vinden en ik kan ook niet meer zoeken omdat ik de naam niet weet.

    perloc
  • Vreemd dat alles.

    Laat TDSSStarte.exe dan nogmaals een scan doen en post daarvan dan het log.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.