Vraag & Antwoord

Beveiliging & privacy

Extreem hardnekkige spy en-adware

Anoniem
None
42 antwoorden
  • (Ik had Ad-Aware SE Pro en Spybot al)Ik heb voor het opstartn in de veilige modus nog eens gescand:niets gevonden.In veilige modus:nog een stuk of 8 items in totaal.Ik denk dat globosearch wel weg is.Bedankt iedereen voor jullie hulp!
  • Helaas…Ik krijg nog steeds pop-ups met de titel: "Your System Infected"
    Ik vraag me af waneer er eigenlijk nieuwe definities komen voor Ad-Aware die dit probleem kuneen oplossen.
  • klinkt eerder als een trojan, die zich voordoet als een system file.


    doe is een online scan http://housecall.trendmicro.com/
  • Staat je messenger service wel uit in je services.msc?
    Die staat namelijk standaard aan in Windows XP.

    Pas bij Service pack 2 staat ie standaard uit
  • Ik heb de messenger service uitgezet maar de popup verschijnt nog steeds.
  • Heeft die online scan resultaat gehad? Probeer hem anders een bij bitdefender:
    http://www.bitdefender.com/scan/licence.php
  • Scan een keer met een geupdate Ad-Aware SE
    Instructies vind je hier.

    Als je dit gedaan hebt, herstart je de computer.
    Zorg dat Ad-aware en eventueel Ad-watch afgesloten worden.
    Download en installeer de VX2plugin voor Ad-Aware SE: http://download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe
    Start Ad-aware.
    Klik op de knop "Add-ons".
    Selecteer de VX2 Cleaner en klik op de knop "Uitvoeren".
    Als de computer niet geïnfecteerd is met deze malware, klik je op de knop "Close".
    Als de computer wel geïnfecteerd is doe je het volgende:
    Klik op de knop "Clean System".
    Start de computer opnieuw.
    Scan de computer met een geupdate Ad-Aware.
    Verwijder alle VX2 objecten die gevonden worden.
    Start de computer opnieuw.
    Gebruik opnieuw de VX2 Cleaner om te controleren of alle bestanden verwijderd zijn.

    Meldt het resultaat.
  • VX2:geen resultaat
    Ad-Aware scan:Hotoffers hijacker

    Elke keer als ik scan vind de Hotoffers hijacker terug.Waarschijnlijk word die telkens geinstalleerd al die popup tevorrschijn komt.Van dit soort dingen word ik echt aggressief;ik wil nu gewoon die mensen die spyware maken vreselijk ernstig chronisch letsel aanbrengen!! :evil:
  • Plaats een nieuwe Hijackthislog.
  • Hier is mijn log:

    [list:8e99c05574]
    Logfile of HijackThis v1.99.0
    Scan saved at 4:56:13 PM, on 1/8/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    E:\Program Files\Adobe\Distillr\acrotray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Mijn documenten\Program Files\Hijack This!\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nintendo-europe.com/NOE/nl/NL/home/index.do
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Distillr\acrotray.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: RoboForm Werkbalk &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Werkbalk &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102431714010
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

    [/list:u:8e99c05574]
  • Ik heb even de hele thread doorgenomen.

    Zorg dat alle verborgen bestanden weergegeven worden.
    Controleer of dit bestand aanwezig is: c\windows\system32\systr.dll

    Start HijackThis. Ga naar Config – Misc Tools.
    Plaats een vinkje bij:
    - List also Minor sections (full)
    - List Empty sections (complete)
    Klik op de knop ”Generate Startuplist log”.
    Er wordt een bestand aangemaakt: startuplist.txt.
    Post de inhoud van dit bestand.
  • hallo wincustomize rulezzzz,

    Bingo.
    Herstart je computer een keer en maak eens een nieuwe startuplist.
  • StartupList report, 1/9/2005, 2:32:20 PM
    StartupList version: 1.52.2
    Started from : E:\Mijn documenten\Program Files\Hijack This!\HijackThis.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    E:\Program Files\Adobe\Distillr\acrotray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    E:\Mijn documenten\Program Files\Hijack This!\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Rodney Guthman\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    [C:\Documents and Settings\Rodney Guthman\Start Menu\Programs\Startup]
    *No files*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Acrobat Assistant.lnk = E:\Program Files\Adobe\Distillr\acrotray.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    1A:Stardock TrayMonitor = C:\Program Files\Common Files\Stardock\TrayServer.exe
    MsmqIntCert = regsvr32 /s mqrt.dll
    avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    MSPCLOCK = rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    [StartupFaster]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    [0001]
    WinTools = C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
    TBPS = C:\PROGRA~1\Toolbar\TBPS.exe /boot

    [0002]
    InstallShieldSetup = C:\PROGRA~1\INSTAL~1\{3BE48~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{3BE48~1\reboot.ini -l0x9
    MSPCLOCK = rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
    MSPQM = rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
    MSKSSRV = rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
    WDM_SYSAUDIO = rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
    WDM_DRMKAUD0 = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
    WDM_DRMKAUD1 = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
    WDM_DRMKAUD2 = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
    WDM_KMIXER0 = rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
    WDM_KMIXER1 = rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
    WDM_AEC0 = rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
    WDM_AEC1 = rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
    WDM_AEC2 = rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
    WDM_SWMIDI0 = rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
    WDM_SWMIDI1 = rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
    WDM_SWMIDI2 = rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
    WDM_DMUSIC0 = rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
    WDM_DMUSIC1 = rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
    WDM_DMUSIC2 = rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
    WDM_WDMAUD = rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
    WDM_SPLITTER0 = rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
    WDM_SPLITTER1 = rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
    wextract_cleanup0 = rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\RODNEY~1\LOCALS~1\Temp\IXP000.TMP"
    Winnt32RunOnceWarning = user.exe
    TS WMI tscfgwmi = regsvr32.exe /s tscfgwmi.dll
    BrandClearStubs = RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs MICROS
    IE - 00 = rundll32.exe msnsspc.dll,SspcCreateSspiReg
    IE - 01 = rundll32.exe msapsspc.dll,SspcCreateSspiReg
    IE - 02 = C:\WINDOWS\System32\mshta.exe /register
    IE - 03 = fixmapi.exe
    MDAC_InstODBCDrivers = C:\WINDOWS\System32\odbcconf @C:\WINDOWS\System32\odbcconf.rsp
    SchedulingAgent = C:\WINDOWS\System32\mstinit.exe /setup
    RunOnceEx = rundll32.exe C:\WINDOWS\System32\iernonce.dll,RunOnceExProcess
    TshootDLL_Reg = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\help\TShoot.dll
    SstubDLL_Reg = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\help\sstub.dll
    SniffpolDLL_Reg = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\help\sniffpol.dll
    OE_WMPDRM_Install_1 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmstor.dll
    OE_WMPDRM_Install_2 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmclien.dll
    OE_WMPDRM_Install_3 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\asfsipc.dll
    OE_WMPDRM_Install_4 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmv2clt.dll
    OE_WMPDRM_Install_5 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\blackbox.dll
    OE_WMPDRM_Install_6 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\msnetobj.dll
    OE_WMPMIndex_Install_1 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msisam11.dll"
    OE_WMPMIndex_Install_2 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mindex.dll"
    OE_WMPWMDM_Install_1 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mswmdm.dll"
    OE_WMPWMDM_Install_2 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msscp.dll"
    OE_WMPWMDM_Install_3 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mspmsp.dll"
    OE_WMPWMDM_Install_4 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmdmps.dll"
    OE_WMPWMDM_Install_5 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmdmlog.dll"
    OE_WMPWMDM_Install_6 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\cewmdm.dll"
    OE_WMPWMDM_Install_7 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\mspmspsv.dll
    OE_WMPWMFSDK_Install_1 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmstream.dll"
    OE_WMPWMFSDK_Install_2 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmnetmgr.dll"
    OE_WMPWMFSDK_Install_3 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmidx.ocx"
    OE_WMPWMFSDK_Install_4 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvdmod.dll"
    OE_WMPWMFSDK_Install_5 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvdmoe.dll"
    OE_WMPWMFSDK_Install_6 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmadmod.dll"
    OE_WMPWMFSDK_Install_7 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmadmoe.dll"
    OE_WMPWMFSDK_Install_8 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mpg4dmod.dll"
    OE_WMPWMFSDK_Install_9 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmod.dll"
    OE_WMPWMFSDK_Install_10 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmoe.dll"
    OE_WMPWMFSDK_Install_11 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\laprxy.dll"
    OE_WMPWMFSDK_Install_12 = "C:\WINDOWS\System32\logagent.exe" /RegServer
    OE_WMPWMFSDK_Install_13 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvcore.dll"
    OE_WMPWMPCodec_ivf = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\ivfsrc.ax"
    OE_WMPWMPCodec_wmvax = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvds32.ax"
    OE_WMPWMPCodec_msscrnax = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msscds32.ax"
    OE_WMPWMPCodec_wmv8ax = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmv8ds32.ax"
    OE_WMPWMPCodec_wmv8dmo = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmv8dmod.dll"
    OE_WMPWMP6_Install_1 = C:\WINDOWS\INF\unregmp2.exe /PreInstall
    OE_WMPWMP6_Install_2 = C:\WINDOWS\INF\unregmp2.exe /RegUniv
    OE_WMPWMP6_Install_3 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\msdxm.ocx
    OE_WMPWMP6_Install_4 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\dxmasf.dll
    OE_WMPWMP7_Install_0 = C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary
    OE_WMPWMP7_Install_1 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpcore.dll
    OE_WMPWMP7_Install_2 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpui.dll
    OE_WMPWMP7_Install_3 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmp.ocx
    OE_WMPWMP7_Install_4 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmclien.dll
    OE_WMPWMP7_Install_5 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmstor.dll
    OE_WMPWMP7_Install_6 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\asfsipc.dll
    OE_WMPWMP7_Install_7 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmv2clt.dll
    OE_WMPWMP7_Install_8 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\blackbox.dll
    OE_WMPWMP7_Install_9 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpcd.dll
    OE_WMPWMP7_Install_10 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpshell.dll
    OE_WMPWMP7_Install_11 = C:\WINDOWS\System32\wmpstub.exe /RegServer
    OE_WMPWMP7_Install_12 = C:\WINDOWS\System32\regsvr32 /s "C:\Program Files\Windows Media Player\wmpvis.dll"
    OE_WMPWMP7_Install_13 = "C:\Program Files\Windows Media Player\wmplayer.exe" /RegServer
    OE_WMPWMP7_Install_20 = C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
    GrpConv = grpconv -u

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    [StartupFaster]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] *
    StubPath = rundll32 iesetup.dll,IEAccessUserInst

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - E:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - E:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

    ————————————————–

    Enumerating Task Scheduler jobs:

    *No jobs found*

    ————————————————–

    Enumerating Download Program Files:

    [{3334504D-9980-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB

    [{556DDE35-E955-11D0-A707-000000521957}]
    CODEBASE = http://www.xblock.com/download/xclean_micro.exe

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\System32\wuweb.dll
    CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102431714010

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    [AvxScanOnline Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
    CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

    [Java Plug-in 1.5.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [Java Plug-in 1.5.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    a347bus: System32\DRIVERS\a347bus.sys (system)
    a347scsi: System32\Drivers\a347scsi.sys (system)
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
    Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart)
    avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
    avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (disabled)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    IIS Admin: C:\WINDOWS\System32\inetsrv\inetinfo.exe (autostart)
    IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    IPSEC driver: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    TCP/IP Print Server: %SystemRoot%\System32\tcpsvcs.exe (manual start)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (disabled)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    Message Queuing access control: \??\C:\WINDOWS\System32\drivers\mqac.sys (manual start)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    FTP Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (disabled)
    Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Message Queuing: C:\WINDOWS\System32\mqsvc.exe (disabled)
    Message Queuing Triggers: C:\WINDOWS\System32\mqtgsvc.exe (disabled)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    Parallel port driver: System32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    PCTEL Speaker Phone: %SystemRoot%\system32\pctspk.exe (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    PCTEL Serial Device Driver for PCI: System32\DRIVERS\ptserlp.sys (manual start)
    PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Reliable Multicast Protocol driver: \??\C:\WINDOWS\System32\drivers\RMCast.sys (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (autostart)
    SiS300i: System32\DRIVERS\sis300ip.sys (manual start)
    SiS315: System32\DRIVERS\sisgrp.sys (manual start)
    Service for AC'97 Sample Driver (WDM): system32\drivers\ac97sis.sys (manual start)
    SiS AGP Filter: System32\DRIVERS\sisagp.sys (system)
    SiSide: System32\DRIVERS\siside.sys (system)
    sisidex: system32\drivers\sisidex.sys (system)
    SiSkp: system32\drivers\srvkp.sys (system)
    SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
    Add Performance Filter Driver: system32\drivers\sisperf.sys (system)
    Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\System32\inetsrv\inetinfo.exe (autostart)
    SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
    SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E58FA81A-AEE0-4D8C-B664-C78A8E4DBDCA} (manual start)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (manual start)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
    XP Vmodem: System32\DRIVERS\vmodem.sys (system)
    XP Vpctcom: System32\DRIVERS\vpctcom.sys (system)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    XP Vvoice: System32\DRIVERS\vvoice.sys (system)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Wide Web Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    0aMCPClient: C:\Program Files\Common Files\Stardock\MCPCore.dll
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    UPnPMonitor: C:\WINDOWS\System32\upnpui.dll

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 42,947 bytes
    Report generated in 2.735 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
  • controleer ook eens of dit bestand aanwezig is?
    c\windows\system32\popup_bl.dll

    Is er in het verleden een installatie van Media player / Media services misgelopen of afgebroken?

    Ben je vetrouwd met werken in het register of maken we best gebruik van extra hulpmiddelen?

    Wees even voorzichtig met surfen, want ik zie dat je weer een nieuwe infectie opgelopen hebt.
  • Dat bestand had ik al verwijderd.
    Ja, ik kan wel goed overweg met het register enz.
  • [quote:c1060ba938="M@rc"]
    Is er in het verleden een installatie van Media player / Media services misgelopen of afgebroken?[/quote:c1060ba938]

    Kan je deze vraag even beantwoorden?

    Heb je de nieuwe startuplist gemaakt na de computer opnieuw gestart te hebben?

    Maak voor alle zekerheid eerst een systeemherstelpunt aan. (Ik neem aan dat je weet hoe je dit doet?)

    Open de registereditor en navigeer naar deze sleutel: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    Rechtsklik er op en kies voor exporteren. Plaats deze op je buroblad en noem hem runonce.reg

    Download hier de Registery Search Tool.
    Unzip en run het script. Krijg je een reactie van je antivirusprogramma dan moet je Script blocking uitschakelen in het anti-virusprogramma. In het Zoekveld geef je het volgende in:
    [b:c1060ba938]systr.dll
    [/b:c1060ba938]
    Post het resultaat.
  • Er is nooit een installatie misgegaan.
    Er werden geen verwijzingen naar systr.dll, ik had iets gelezen over dit bestand op een ander forum en daarom heb ik het hernoemd naar systr.dll.virus.

    Ik had mijn pc echt opnieuw opgestart voor het maken van de startuplist.Voor de zekerheid nog maar een keer opnieuw opgestart en hier is de nieuwe list:

    [list:2b694ec520]StartupList report, 1/9/2005, 9:32:03 PM
    StartupList version: 1.52.2
    Started from : E:\Mijn documenten\Program Files\Hijack This!\HijackThis.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\inetsrv\inetinfo.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    E:\Program Files\Adobe\Distillr\acrotray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
    C:\WINDOWS\System32\taskmgr.exe
    E:\Mijn documenten\Program Files\Hijack This!\HijackThis.exe

    ————————————————–

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Rodney Guthman\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    [C:\Documents and Settings\Rodney Guthman\Start Menu\Programs\Startup]
    *No files*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Acrobat Assistant.lnk = E:\Program Files\Adobe\Distillr\acrotray.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    ————————————————–

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    1A:Stardock TrayMonitor = C:\Program Files\Common Files\Stardock\TrayServer.exe
    MsmqIntCert = regsvr32 /s mqrt.dll
    avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    MSPQM = rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
    MSKSSRV = rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
    WDM_SYSAUDIO = rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
    WDM_DRMKAUD0 = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
    WDM_DRMKAUD1 = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
    WDM_DRMKAUD2 = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
    WDM_KMIXER0 = rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
    WDM_KMIXER1 = rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
    WDM_AEC0 = rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
    WDM_AEC1 = rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
    WDM_AEC2 = rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
    WDM_SWMIDI0 = rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
    WDM_SWMIDI1 = rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
    WDM_SWMIDI2 = rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
    WDM_DMUSIC0 = rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
    WDM_DMUSIC1 = rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
    WDM_DMUSIC2 = rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
    WDM_WDMAUD = rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
    WDM_SPLITTER0 = rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
    WDM_SPLITTER1 = rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
    wextract_cleanup0 = rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\RODNEY~1\LOCALS~1\Temp\IXP000.TMP"
    Winnt32RunOnceWarning = user.exe
    TS WMI tscfgwmi = regsvr32.exe /s tscfgwmi.dll
    BrandClearStubs = RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs MICROS
    IE - 00 = rundll32.exe msnsspc.dll,SspcCreateSspiReg
    IE - 01 = rundll32.exe msapsspc.dll,SspcCreateSspiReg
    IE - 02 = C:\WINDOWS\System32\mshta.exe /register
    IE - 03 = fixmapi.exe
    MDAC_InstODBCDrivers = C:\WINDOWS\System32\odbcconf @C:\WINDOWS\System32\odbcconf.rsp
    SchedulingAgent = C:\WINDOWS\System32\mstinit.exe /setup
    RunOnceEx = rundll32.exe C:\WINDOWS\System32\iernonce.dll,RunOnceExProcess
    TshootDLL_Reg = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\help\TShoot.dll
    SstubDLL_Reg = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\help\sstub.dll
    SniffpolDLL_Reg = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\help\sniffpol.dll
    OE_WMPDRM_Install_1 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmstor.dll
    OE_WMPDRM_Install_2 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmclien.dll
    OE_WMPDRM_Install_3 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\asfsipc.dll
    OE_WMPDRM_Install_4 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmv2clt.dll
    OE_WMPDRM_Install_5 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\blackbox.dll
    OE_WMPDRM_Install_6 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\msnetobj.dll
    OE_WMPMIndex_Install_1 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msisam11.dll"
    OE_WMPMIndex_Install_2 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mindex.dll"
    OE_WMPWMDM_Install_1 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mswmdm.dll"
    OE_WMPWMDM_Install_2 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msscp.dll"
    OE_WMPWMDM_Install_3 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mspmsp.dll"
    OE_WMPWMDM_Install_4 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmdmps.dll"
    OE_WMPWMDM_Install_5 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmdmlog.dll"
    OE_WMPWMDM_Install_6 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\cewmdm.dll"
    OE_WMPWMDM_Install_7 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\mspmspsv.dll
    OE_WMPWMFSDK_Install_1 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmstream.dll"
    OE_WMPWMFSDK_Install_2 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmnetmgr.dll"
    OE_WMPWMFSDK_Install_3 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmidx.ocx"
    OE_WMPWMFSDK_Install_4 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvdmod.dll"
    OE_WMPWMFSDK_Install_5 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvdmoe.dll"
    OE_WMPWMFSDK_Install_6 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmadmod.dll"
    OE_WMPWMFSDK_Install_7 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmadmoe.dll"
    OE_WMPWMFSDK_Install_8 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\mpg4dmod.dll"
    OE_WMPWMFSDK_Install_9 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmod.dll"
    OE_WMPWMFSDK_Install_10 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmsdmoe.dll"
    OE_WMPWMFSDK_Install_11 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\laprxy.dll"
    OE_WMPWMFSDK_Install_12 = "C:\WINDOWS\System32\logagent.exe" /RegServer
    OE_WMPWMFSDK_Install_13 = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvcore.dll"
    OE_WMPWMPCodec_ivf = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\ivfsrc.ax"
    OE_WMPWMPCodec_wmvax = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmvds32.ax"
    OE_WMPWMPCodec_msscrnax = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\msscds32.ax"
    OE_WMPWMPCodec_wmv8ax = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmv8ds32.ax"
    OE_WMPWMPCodec_wmv8dmo = C:\WINDOWS\System32\regsvr32 /s "C:\WINDOWS\System32\wmv8dmod.dll"
    OE_WMPWMP6_Install_1 = C:\WINDOWS\INF\unregmp2.exe /PreInstall
    OE_WMPWMP6_Install_2 = C:\WINDOWS\INF\unregmp2.exe /RegUniv
    OE_WMPWMP6_Install_3 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\msdxm.ocx
    OE_WMPWMP6_Install_4 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\dxmasf.dll
    OE_WMPWMP7_Install_0 = C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary
    OE_WMPWMP7_Install_1 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpcore.dll
    OE_WMPWMP7_Install_2 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpui.dll
    OE_WMPWMP7_Install_3 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmp.ocx
    OE_WMPWMP7_Install_4 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmclien.dll
    OE_WMPWMP7_Install_5 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmstor.dll
    OE_WMPWMP7_Install_6 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\asfsipc.dll
    OE_WMPWMP7_Install_7 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\drmv2clt.dll
    OE_WMPWMP7_Install_8 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\blackbox.dll
    OE_WMPWMP7_Install_9 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpcd.dll
    OE_WMPWMP7_Install_10 = C:\WINDOWS\System32\regsvr32 /s C:\WINDOWS\System32\wmpshell.dll
    OE_WMPWMP7_Install_11 = C:\WINDOWS\System32\wmpstub.exe /RegServer
    OE_WMPWMP7_Install_12 = C:\WINDOWS\System32\regsvr32 /s "C:\Program Files\Windows Media Player\wmpvis.dll"
    OE_WMPWMP7_Install_13 = "C:\Program Files\Windows Media Player\wmplayer.exe" /RegServer
    OE_WMPWMP7_Install_20 = C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts
    GrpConv = grpconv -u

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    [StartupFaster]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    [StartupFaster]
    *No values found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    ————————————————–

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    ————————————————–

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    ————————————————–

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    ————————————————–

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    ————————————————–

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] *
    StubPath = rundll32 iesetup.dll,IEAccessUserInst

    ————————————————–

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    ————————————————–

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    ————————————————–

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    ————————————————–

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    ————————————————–

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    ————————————————–

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    ————————————————–

    Enumerating Browser Helper Objects:

    (no name) - E:\Program Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - E:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

    ————————————————–

    Enumerating Task Scheduler jobs:

    *No jobs found*

    ————————————————–

    Enumerating Download Program Files:

    [{3334504D-9980-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB

    [{556DDE35-E955-11D0-A707-000000521957}]
    CODEBASE = http://www.xblock.com/download/xclean_micro.exe

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\System32\wuweb.dll
    CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102431714010

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
    CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

    [AvxScanOnline Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCX
    CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab

    [Java Plug-in 1.5.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [Java Plug-in 1.5.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    ————————————————–

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll

    ————————————————–

    Enumerating Windows NT/2000/XP services

    a347bus: System32\DRIVERS\a347bus.sys (system)
    a347scsi: System32\Drivers\a347scsi.sys (system)
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
    Service for Avance AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart)
    avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
    avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (disabled)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    IIS Admin: C:\WINDOWS\System32\inetsrv\inetinfo.exe (autostart)
    IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    RIP Listener: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    IPSEC driver: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    TCP/IP Print Server: %SystemRoot%\System32\tcpsvcs.exe (manual start)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (disabled)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    Message Queuing access control: \??\C:\WINDOWS\System32\drivers\mqac.sys (manual start)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    FTP Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (disabled)
    Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Message Queuing: C:\WINDOWS\System32\mqsvc.exe (disabled)
    Message Queuing Triggers: C:\WINDOWS\System32\mqtgsvc.exe (disabled)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    Parallel port driver: System32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    PCTEL Speaker Phone: %SystemRoot%\system32\pctspk.exe (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    PCTEL Serial Device Driver for PCI: System32\DRIVERS\ptserlp.sys (manual start)
    PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Reliable Multicast Protocol driver: \??\C:\WINDOWS\System32\drivers\RMCast.sys (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Simple TCP/IP Services: %SystemRoot%\System32\tcpsvcs.exe (autostart)
    SiS300i: System32\DRIVERS\sis300ip.sys (manual start)
    SiS315: System32\DRIVERS\sisgrp.sys (manual start)
    Service for AC'97 Sample Driver (WDM): system32\drivers\ac97sis.sys (manual start)
    SiS AGP Filter: System32\DRIVERS\sisagp.sys (system)
    SiSide: System32\DRIVERS\siside.sys (system)
    sisidex: system32\drivers\sisidex.sys (system)
    SiSkp: system32\drivers\srvkp.sys (system)
    SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
    Add Performance Filter Driver: system32\drivers\sisperf.sys (system)
    Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\System32\inetsrv\inetinfo.exe (autostart)
    SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
    SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{E58FA81A-AEE0-4D8C-B664-C78A8E4DBDCA} (manual start)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (manual start)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    VIAPFD: \SystemRoot\System32\Drivers\VIAPFD.SYS (system)
    XP Vmodem: System32\DRIVERS\vmodem.sys (system)
    XP Vpctcom: System32\DRIVERS\vpctcom.sys (system)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    XP Vvoice: System32\DRIVERS\vvoice.sys (system)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    World Wide Web Publishing: %SystemRoot%\System32\inetsrv\inetinfo.exe (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)


    ————————————————–

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    ————————————————–

    Enumerating ShellServiceObjectDelayLoad items:

    0aMCPClient: C:\Program Files\Common Files\Stardock\MCPCore.dll
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    UPnPMonitor: C:\WINDOWS\System32\upnpui.dll

    ————————————————–
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    ————————————————–

    End of report, 42,619 bytes
    Report generated in 2.204 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    [/list:u:2b694ec520]
  • [quote:a23288cac9="wincustomize rulezzzz"]
    Er werden geen verwijzingen naar systr.dll, ik had iets gelezen over dit bestand op een ander forum en daarom heb ik het hernoemd naar systr.dll.virus.[/quote:a23288cac9]
    Is er nog iets dat ik moet weten?
    Ik wil je best helpen, maar dan vertel je me het hele verhaal van wat je doet of gedaan hebt….
    Anders houdt het op…
    Het is aan jou.
  • Ik heb de regkey opgeslagen, wat moet ik ermee doen?
  • Dat met die systr.dll kwam even weer naar boven toe drijven, maar verder heb ik niets verwijderd ofzo. :-?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.