Vraag & Antwoord

Beveiliging & privacy

Hijack Logje Checken Graag

Anoniem
V-J
7 antwoorden
  • Elke start onnodige Internet Explorer Popup

    Alvast Bedankt

    Logfile of HijackThis v1.99.1
    Scan saved at 14:34:16, on 11-10-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SYSTEM32\rundll32.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\WINDOWS\iexplore.exe
    C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\p0n8la5u1d.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
  • Hallo,


    Start HJT opnieuw en doe een systemscan only, vink onderstaande regel aan sluit alle vensters behalve HJT en klik op fix checked.

    [b:ae4642b449]R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
    O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\p0n8la5u1d.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)[/b:ae4642b449]

    start verkenner en zoek naar onderstaande map dikgedrukt en verwijder die.

    C:\Program Files\Common Files\[b:ae4642b449]{3C985221-063C-1043-0309-06051124001f}[/b:ae4642b449]
    C:\Program Files\[b:ae4642b449]ToolBar888\MyToolBar.dll[/b:ae4642b449]
    C:\WINDOWS\system32\[b:ae4642b449]p0n8la5u1d.dll[/b:ae4642b449]




    Download [b:ae4642b449]Combofix[/b:ae4642b449] naar je Bureaublad.[list:ae4642b449]
    Dubbelklik [b:ae4642b449]Combofix.exe[/b:ae4642b449]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:ae4642b449]NIET[/b:ae4642b449] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:ae4642b449]
    Wanneer de fix voltooid is en na herstart, zal de log [b:ae4642b449]combofix.txt[/b:ae4642b449] openen.
    [i:ae4642b449]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:ae4642b449]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren

    succes
    Juisterr
  • Jevithan - 06-10-11 19:22:06,12 Service Pack 2
    ComboFix 06.10.11 - Running from: "C:\Documents and Settings\Jevithan\Bureaublad"

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37AC27C9-F0A9-4F67-9307-19062817848F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\xnnput9_1_0.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DDE78090-9A83-44A3-BD61-E766E47DEBDF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dawsockx.dll"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    FILES REMOVED:

    C:\WINDOWS\system32\dawsockx.dll
    C:\WINDOWS\system32\g0lm0a31ed.dll
    C:\WINDOWS\system32\t6r80g9ue6.dll
    C:\WINDOWS\system32\xnnput9_1_0.dll




    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\QTGHSTIF\dfndrff_e_uit[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\CHUVCTIJ\drsmartload45a[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\drsmartload833a[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\C1I3W1MN\MTE3NDI6ODoxNgV2[1].exe
    C:\Documents and Settings\Jevithan\Local Settings\Temporary Internet Files\Content.IE5\U761SJQ3\nwnmff_e[1].exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-11 to 2006-10-11 ))))))))))))))))))))))))))))))))))


    2006-10-10 18:29 224,478 –a—— C:\WINDOWS\iexplore.exe
    2006-10-09 13:12 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2006-10-08 18:28 32,896 –a—— C:\WINDOWS\system32\APFTrans.sys
    2006-10-02 18:19 81,920 –a—— C:\WINDOWS\system32\AppToPort.dll
    2006-10-02 18:19 24,576 –a—— C:\WINDOWS\system32\hook1.dll
    2006-10-02 18:19 20,480 –a—— C:\WINDOWS\system32\hook2.dll
    2006-10-02 16:11 77,824 –a—— C:\WINDOWS\system32\driverif.dll
    2006-10-02 16:11 733,236 –a—— C:\WINDOWS\system32\vete.dll
    2006-10-02 16:11 541,733 –a—— C:\WINDOWS\system32\drivers\vetmonnt.sys
    2006-10-02 16:11 21,605 –a—— C:\WINDOWS\system32\drivers\vet-filt.sys
    2006-10-02 16:11 15,668 –a—— C:\WINDOWS\system32\drivers\vet-rec.sys
    2006-10-02 16:11 12,288 –a—— C:\WINDOWS\system32\vetntmsg.dll
    2006-10-02 16:11 108,453 –a—— C:\WINDOWS\system32\drivers\vetfddnt.sys
    2006-10-02 12:14 5,120 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2006-09-27 15:11 720,896 –a—— C:\WINDOWS\iun6002.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer_.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer.exe
    2006-09-26 16:05 3,082 –a—— C:\WINDOWS\system32\affv9553p6now.sys
    2006-09-26 15:59 395,776 –a—— C:\WINDOWS\system32\libmplayer.dll
    2006-09-26 15:59 34,820 –a—— C:\WINDOWS\system32\ffdshow.reg
    2006-09-26 15:59 262,144 –a—— C:\WINDOWS\system32\TomsMoComp_ff.dll
    2006-09-26 15:59 2,255,360 –a—— C:\WINDOWS\system32\libavcodec.dll
    2006-09-26 15:59 112,640 –a—— C:\WINDOWS\system32\libmpeg2_ff.dll
    2006-09-26 15:53 33,280 –a—— C:\WINDOWS\is-HAP4U.exe
    2006-09-21 18:54 1,003,520 –a—— C:\WINDOWS\system32\ltmm_n.dll
    2006-09-21 18:51 969,728 –a—— C:\WINDOWS\system32\libmcl-4.4.0.dll
    2006-09-21 18:51 8,192 –a—— C:\WINDOWS\system32\libcvr-1.0.0.dll
    2006-09-21 18:51 39,936 –a—— C:\WINDOWS\system32\libxpm-1.0.0.dll
    2006-09-21 18:51 301,056 –a—— C:\WINDOWS\system32\libtif-1.0.0.dll
    2006-09-21 18:51 30,720 –a—— C:\WINDOWS\system32\libdsw-1.0.0.dll
    2006-09-21 18:51 22,016 –a—— C:\WINDOWS\system32\libhav-1.0.0.dll
    2006-09-21 18:51 205,824 –a—— C:\WINDOWS\system32\libjp2-1.0.0.dll
    2006-09-21 18:51 16,384 –a—— C:\WINDOWS\system32\libgif-1.0.0.dll
    2006-09-21 18:51 149,504 –a—— C:\WINDOWS\system32\libpng-1.0.0.dll
    2006-09-21 18:51 110,592 –a—— C:\WINDOWS\system32\libjpg-1.0.0.dll
    2006-09-21 18:51 1,679,872 –a—— C:\WINDOWS\system32\libmpg-1.0.0.dll
    2006-09-21 18:51 1,185,280 –a—— C:\WINDOWS\system32\libogg-1.0.0.dll
    2006-09-18 13:19 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
    2006-09-14 15:08 94,208 ——— C:\WINDOWS\system32\mclsp.dll
    2006-09-14 15:08 32,768 –a—— C:\WINDOWS\system32\instlsp.exe
    2006-09-14 15:08 11,264 –a—— C:\WINDOWS\system32\sporder.dll
    2006-09-14 13:20 0 –a—— C:\WINDOWS\system32\Ultra.dll
    2006-09-14 10:47 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2006-09-14 10:47 40,960 –a—— C:\WINDOWS\system32\swsc.exe
    2006-09-14 10:47 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2006-09-14 10:47 135,168 –a—— C:\WINDOWS\system32\swreg.exe
    2006-09-13 12:11 10,193 -r-h—– C:\WINDOWS\system32\win_3.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-11 19:19 ——– d——– C:\Program Files\Common Files
    2006-10-11 19:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Azureus
    2006-10-11 19:03 ——– d——– C:\Program Files\ElcomSoft
    2006-10-11 16:48 ——– d——– C:\Program Files\WinRAR
    2006-10-11 14:22 ——– d——– C:\Program Files\Intelore
    2006-10-11 14:14 ——– d——– C:\Program Files\DC++
    2006-10-11 13:59 ——– d——– C:\Program Files\Xilisoft
    2006-10-10 19:08 ——– d——– C:\Documents and Settings\Jevithan\Application Data\NetPumper
    2006-10-10 18:57 ——– d——– C:\Program Files\7-Zip
    2006-10-10 16:06 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Media Player Classic
    2006-10-09 16:35 ——– d——– C:\Program Files\eMule
    2006-10-09 13:25 ——– d——– C:\Documents and Settings\Jevithan\Application Data\PC Tools
    2006-10-08 18:37 ——– d——– C:\Program Files\Common Files\Wise Installation Wizard
    2006-10-08 18:28 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-08 18:28 ——– d——– C:\Program Files\Armor2net
    2006-10-06 22:36 ——– d——– C:\Program Files\DreamCatcher
    2006-10-06 20:23 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.ABC
    2006-10-04 20:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Macromedia
    2006-10-04 15:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\SiteAdvisor
    2006-10-04 15:05 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee
    2006-10-04 14:59 ——– d——– C:\Program Files\Common Files\McAfee
    2006-10-02 18:58 ——– d——– C:\Program Files\File Recover
    2006-10-02 15:57 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Comodo
    2006-10-02 12:14 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-10-02 11:51 ——– d——– C:\Program Files\WinAVI VideoConverter
    2006-10-01 19:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Lavasoft
    2006-10-01 12:52 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Registry Booster
    2006-09-30 18:31 ——– d——– C:\Program Files\Azureus
    2006-09-30 18:14 ——– d——– C:\Program Files\TuneUp Utilities 2006
    2006-09-29 13:37 ——– d——– C:\Program Files\Gabest
    2006-09-23 18:08 5632 –ahs—- C:\Program Files\Thumbs.db
    2006-09-23 18:08 ——– d——– C:\Program Files\ShopInsite MMI
    2006-09-23 18:08 ——– d——– C:\Program Files\Messenger
    2006-09-23 18:08 ——– d——– C:\Program Files\A-one Video Joiner
    2006-09-22 12:05 ——– d——– C:\Program Files\Super Video Splitter
    2006-09-20 22:03 ——– d——– C:\Documents and Settings\Jevithan\Application Data\STOIK
    2006-09-20 16:11 ——– d—s—- C:\Documents and Settings\Jevithan\Application Data\Microsoft
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Designer
    2006-09-18 21:31 ——– d——– C:\Program Files\Microsoft Office
    2006-09-18 21:31 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Microsoft Web Folders
    2006-09-18 14:27 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.BitTornado
    2006-09-18 12:01 ——– d——– C:\Program Files\AliveMedia
    2006-09-15 14:21 ——– d——– C:\Documents and Settings\Jevithan\Application Data\LimeWire
    2006-09-14 16:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee.com Personal Firewall
    2006-09-14 15:07 15360 –a—— C:\WINDOWS\system32\BASSMOD.dll
    2006-09-13 20:40 ——– d——– C:\Program Files\Admiresoft
    2006-09-13 16:15 ——– d——– C:\Program Files\Internet Explorer
    2006-09-10 21:35 ——– d——– C:\Program Files\Allok Video Joiner
    2006-09-07 16:00 ——– d——– C:\Program Files\Common Files\Deterministic Networks
    2006-09-06 20:44 ——– d——– C:\Program Files\Common Files\Softwin
    2006-09-06 19:44 77824 –a—— C:\WINDOWS\system32\xcomm.dll
    2006-09-06 19:44 73728 –a—— C:\WINDOWS\system32\sockspy.dll
    2006-08-30 13:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\dvdcss
    2006-08-29 00:47 1257783 –a—— C:\WINDOWS\system32\drivers\v3engine.sys
    2006-08-28 21:11 ——– d——– C:\Program Files\EA Games
    2006-08-28 20:32 ——– d——– C:\Program Files\Windows Media Player
    2006-08-28 20:14 ——– d——– C:\Program Files\Movie Joiner
    2006-08-24 18:09 ——– d——– C:\Program Files\Innovatools
    2006-08-24 17:25 12464 –a—— C:\WINDOWS\system32\drivers\secdrv.sys
    2006-08-24 17:05 ——– d——– C:\Program Files\D-Tools
    2006-08-22 20:24 ——– d——– C:\Program Files\ATI Technologies
    2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 14:11 ——– d——– C:\Program Files\MSN Messenger
    2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 –a—— C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-20 18:35 ——– d——– C:\Program Files\Allok Video Splitter
    2006-08-19 22:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Vso
    2006-08-19 19:54 5680 –a—— C:\WINDOWS\system32\drivers\psntkd20.sys
    2006-08-16 16:42 ——– d——– C:\Program Files\Windows NT
    2006-08-15 13:13 ——– d——– C:\Program Files\Bucek
    2006-08-15 13:02 ——– d——– C:\Program Files\AVI MPEG RM WMV Joiner
    2006-08-14 19:32 ——– d——– C:\Program Files\Easy Video Joiner
    2006-08-13 19:36 ——– d——– C:\Program Files\Google
    2006-08-13 18:16 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Google
    2006-08-13 16:54 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Skype
    2006-08-12 16:59 ——– d——– C:\Program Files\Xara
    2006-08-12 15:47 ——– d——– C:\Program Files\AviSynth 2.5
    2006-08-12 15:46 ——– d——– C:\Documents and Settings\Jevithan\Application Data\uTorrent
    2006-08-11 20:58 666624 –a—— C:\WINDOWS\is-7DAPH.exe
    2006-08-11 20:58 ——– d——– C:\Program Files\Common Files\Agnitum Shared
    2006-08-10 19:37 8 –a—— C:\WINDOWS\system32\lssexp.dll
    2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
    2006-07-20 22:24 286720 –a—— C:\WINDOWS\iun506.exe
    2006-07-18 20:45 46 –a—— C:\WINDOWS\system32\w3c985va.dll
    2006-07-16 22:10 784 –a—— C:\Documents and Settings\Jevithan\Application Data\mpauth.dat
    2006-07-16 16:23 73216 –a—— C:\WINDOWS\ST6UNST.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Armor2net"="C:\\Program Files\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000000
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoChangeStartMenu"=dword:00000000
    "NoClose"=dword:00000000
    "NoLogOff"=dword:00000000
    "NoRun"=dword:00000000

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Jevithan^Menu Start^Programma's^Opstarten^Snelkoppeling naar zlclient.lnk]
    "path"="C:\\Documents and Settings\\Jevithan\\Menu Start\\Programma's\\Opstarten\\Snelkoppeling naar zlclient.lnk"
    "backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar zlclient.lnkStartup"
    "location"="Startup"
    "command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe "
    "item"="Snelkoppeling naar zlclient"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\0153901159966770mcinstcleanup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cleanup"
    "hkey"="HKLM"
    "command"="C:\\DOCUME~1\\Jevithan\\LOCALS~1\\Temp\\015390~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\APVXDWIN]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="APVXDWIN"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdmcon"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdnagent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdnagent.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDOESRV]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdoesrv"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDSwitchAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdswitch"
    "hkey"="HKLM"
    "command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BitTorrent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bittorrent"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" –force_start_minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CaISSDT]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="caissdt"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools-1033]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dfndrff_e26"
    "hkey"="HKLM"
    "command"="C:\\\\dfndrff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Explorer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iexplore"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\iexplore.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FreeCall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeCall"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FSWebServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fsws"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Easy File Sharing Web Server\\fsws.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IDMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IDMan"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\eMule\\Incoming\\Internet Download Manager v5.03.02 Multilangages Incl-Crack\\Crack\\IDMan.exe /onboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kybrdff_16"
    "hkey"="HKLM"
    "command"="c:\\\\kybrdff_16.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kis]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kqkm]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kqkmm"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\COMMON~1\\kqkm\\kqkmm.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MacroVirus]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MacroVirus"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MacroVirus\\MacroVirus.exe -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsgPlus"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnreord]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmonitor"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\Jevithan\\Bureaublad\\TAMIL° ZONE\\Setup\\MSN_Password_Logger_v3\\msnmonitor.ex"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwnmff_e26"
    "hkey"="HKLM"
    "command"="C:\\\\nwnmff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NI.UWA6PM_0001_N91M2107]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UWA6PM_0001_N91M2107NetInstaller"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS\\Downloaded Program Files\\UWA6PM_0001_N91M2107NetInstaller.exe\" -nag "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Outpost Firewall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="outpost"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe\" /waitservice"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OutpostFeedBack]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="feedback"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PadTouch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PadExe"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pccguide.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pccguide"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTAVApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PrivacyKeyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PrivacyKeyboard"
    "hkey"="HKLM"
    "command"="C:\\KAV5.0\\PrivacyKeyboard\\PrivacyKeyboard.exe /autorun"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SCANINICIO]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Inicio"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\shell]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ibm00001"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SmoothView]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SmoothView"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\TOSHIBA-zoomutility\\SmoothView.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Snelkiezer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Snelkiezer"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\Snelkiezer.exe /quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedOptimizer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SPO"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyEmergency]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpyEmergency"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Netgate\\Spy Emergency 2006\\SpyEmergency.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpySweeper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpySweeper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spyware Doctor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\startkey]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="system32"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\system32.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\stonedrv]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="stonedrv"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\stonedrv.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sunserver"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SynTPEnh]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SynTPEnh"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SysTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lhiq"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\lhiq.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tkq0724f]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE w1111879.dll,n 0040724b0000000a1111879"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TOSCDSPD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="toscdspd"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Toshiba Hotkey Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Hotkey"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang NL"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TPSMain]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TPSMain"
    "hkey"="HKLM"
    "command"="TPSMain.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VoipStunt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VoipStunt"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows installer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winstall"
    "hkey"="HKCU"
    "command"="C:\\winstall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Task Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="taskmgn"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\taskmgn.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Zone Labs Client]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="zlclient"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
    "PAVSRV"=dword:00000002
    "PAVFIRES"=dword:00000002
    "SDhelper"=dword:00000002
    "wampmysqld"=dword:00000003
    "wampapache"=dword:00000003
    "TUWinStylerThemeSvc"=dword:00000003
    "AVP"=dword:00000002
    "VSSERV"=dword:00000002
    "bdss"=dword:00000002
    "LIVESRV"=dword:00000002
    "XCOMM"=dword:00000002
    "WinDefend"=dword:00000002
    "WWW File Share Pro"=dword:00000002
    "Ati HotKey Poller"=dword:00000002
    "MSIServer"=dword:00000003
    "wuauserv"=dword:00000002
    "svcWRSSSDK"=dword:00000002


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\XoftSpy.job

    Completion time: Wed 11-10-2006 19:26:44.29
    ComboFix.txt

    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:55, on 11-10-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
  • Download en pak het uit naar je bureaublad.

    [b:abf840c0f2]Selecteer[/b:abf840c0f2] de onderstaande, vetgedrukte regels, door de linker muisknop ingedrukt te houden en van links boven naar rechts beneden te bewegen (het veld wordt blauw):


    [list:abf840c0f2][b:abf840c0f2]
    2006-10-09 13:12 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer_.exe
    2006-09-26 17:46 62,240 –a—— C:\WINDOWS\Snelkiezer.exe
    2006-09-14 10:47 53,248 –a—— C:\WINDOWS\system32\Process.exe
    2006-09-14 13:20 0 –a—— C:\WINDOWS\system32\Ultra.dll
    [/b:abf840c0f2][/list:u:abf840c0f2]
    Klik met je rechtermuisknop in het blauwe veld en vervolgens op kopieeren

  • Start KillBox! door te dubbelklikken op het killbox icoontje
  • Open [b:abf840c0f2]options[/b:abf840c0f2] in het killbox menu en selecteer [b:abf840c0f2]auto parse[/b:abf840c0f2]
  • Open [b:abf840c0f2]file[/b:abf840c0f2] in het killboxmenu bovenaan en kies: [b:abf840c0f2]Paste from clipboard[/b:abf840c0f2]
  • [i:abf840c0f2]Het vetgedrukte, dat je hebt geselecteerd en gekopiëerd, zal nu verschijnen in het veld bij
  • Full Path of File to Delete. (Controleer dit eventueel door te klikken op het pijltje naast dat veld)
    Files die niet (meer) bestaan worden door killbox niet weergegeven[/i:abf840c0f2]
  • kies de optie ('s) [b:abf840c0f2]Delete on reboot[/b:abf840c0f2] en [b:abf840c0f2]unregister dll's before deleting.[/b:abf840c0f2]
  • Klik op de knop [b:abf840c0f2]All files[/b:abf840c0f2].
  • Klik op de rode cirkel met het wit kruisje erin.
  • Killbox! zal zeggen dat deze bestanden zullen verwijderd worden on reboot.. Klik YES
  • Wanneer Killbox! vraagt om nu te rebooten, klik je op YES.
  • [i:abf840c0f2]Als je volgende boodschap krijgt: PendingFileRenameOperations Registry Data has been Removed by External Process!
  • dan zal je handmatig moeten herstarten.[/i:abf840c0f2]

    Killbox zal nu je PC herstarten
    Killbox zal nu je PC herstarten
    Verwijder na de herstart de map [b:abf840c0f2]C:\!Killbox[/b:abf840c0f2]
    Leeg daarna de prullenbak

    start HJT opnieuw en doe een systemscan only en vink onderstaande regels aan sluit alle vensters(behalve HJT) en klik op fix checked.


    [b:abf840c0f2]R3 - Default URLSearchHook is missing
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)[/b:abf840c0f2]

    Verwijder via verkenner onderstaand items.

    C:\Program Files\Common Files\[b:abf840c0f2]{3C985221-063C-1043-0309-06051124001f}[/b:abf840c0f2]

    Start combofix nogmaals en laat het runnen.

    Mag ik een nieuw HJT logje en een nieuw Combofix logje.
  • Jevithan - 06-10-12 13:30:31,56 Service Pack 2
    ComboFix 06.10.12 - Running from: "C:\Documents and Settings\Jevithan\Bureaublad"

    ((((((((((((((((((((((((((((((( Files Created from 2006-09-12 to 2006-10-12 ))))))))))))))))))))))))))))))))))


    2006-10-10 18:29 224,478 –a—— C:\WINDOWS\iexplore.exe
    2006-10-08 18:28 32,896 –a—— C:\WINDOWS\system32\APFTrans.sys
    2006-10-02 18:19 81,920 –a—— C:\WINDOWS\system32\AppToPort.dll
    2006-10-02 18:19 24,576 –a—— C:\WINDOWS\system32\hook1.dll
    2006-10-02 18:19 20,480 –a—— C:\WINDOWS\system32\hook2.dll
    2006-10-02 16:11 77,824 –a—— C:\WINDOWS\system32\driverif.dll
    2006-10-02 16:11 733,236 –a—— C:\WINDOWS\system32\vete.dll
    2006-10-02 16:11 541,733 –a—— C:\WINDOWS\system32\drivers\vetmonnt.sys
    2006-10-02 16:11 21,605 –a—— C:\WINDOWS\system32\drivers\vet-filt.sys
    2006-10-02 16:11 15,668 –a—— C:\WINDOWS\system32\drivers\vet-rec.sys
    2006-10-02 16:11 12,288 –a—— C:\WINDOWS\system32\vetntmsg.dll
    2006-10-02 16:11 108,453 –a—— C:\WINDOWS\system32\drivers\vetfddnt.sys
    2006-10-02 12:14 5,120 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2006-09-27 15:11 720,896 –a—— C:\WINDOWS\iun6002.exe
    2006-09-26 16:05 3,082 –a—— C:\WINDOWS\system32\affv9553p6now.sys
    2006-09-26 15:59 395,776 –a—— C:\WINDOWS\system32\libmplayer.dll
    2006-09-26 15:59 34,820 –a—— C:\WINDOWS\system32\ffdshow.reg
    2006-09-26 15:59 262,144 –a—— C:\WINDOWS\system32\TomsMoComp_ff.dll
    2006-09-26 15:59 2,255,360 –a—— C:\WINDOWS\system32\libavcodec.dll
    2006-09-26 15:59 112,640 –a—— C:\WINDOWS\system32\libmpeg2_ff.dll
    2006-09-26 15:53 33,280 –a—— C:\WINDOWS\is-HAP4U.exe
    2006-09-21 18:54 1,003,520 –a—— C:\WINDOWS\system32\ltmm_n.dll
    2006-09-21 18:51 969,728 –a—— C:\WINDOWS\system32\libmcl-4.4.0.dll
    2006-09-21 18:51 8,192 –a—— C:\WINDOWS\system32\libcvr-1.0.0.dll
    2006-09-21 18:51 39,936 –a—— C:\WINDOWS\system32\libxpm-1.0.0.dll
    2006-09-21 18:51 301,056 –a—— C:\WINDOWS\system32\libtif-1.0.0.dll
    2006-09-21 18:51 30,720 –a—— C:\WINDOWS\system32\libdsw-1.0.0.dll
    2006-09-21 18:51 22,016 –a—— C:\WINDOWS\system32\libhav-1.0.0.dll
    2006-09-21 18:51 205,824 –a—— C:\WINDOWS\system32\libjp2-1.0.0.dll
    2006-09-21 18:51 16,384 –a—— C:\WINDOWS\system32\libgif-1.0.0.dll
    2006-09-21 18:51 149,504 –a—— C:\WINDOWS\system32\libpng-1.0.0.dll
    2006-09-21 18:51 110,592 –a—— C:\WINDOWS\system32\libjpg-1.0.0.dll
    2006-09-21 18:51 1,679,872 –a—— C:\WINDOWS\system32\libmpg-1.0.0.dll
    2006-09-21 18:51 1,185,280 –a—— C:\WINDOWS\system32\libogg-1.0.0.dll
    2006-09-18 13:19 24,576 –a—— C:\WINDOWS\system32\STKIT432.DLL
    2006-09-14 15:08 94,208 ——— C:\WINDOWS\system32\mclsp.dll
    2006-09-14 15:08 32,768 –a—— C:\WINDOWS\system32\instlsp.exe
    2006-09-14 15:08 11,264 –a—— C:\WINDOWS\system32\sporder.dll
    2006-09-14 10:47 40,960 –a—— C:\WINDOWS\system32\swsc.exe
    2006-09-14 10:47 288,417 –a—— C:\WINDOWS\system32\SrchSTS.exe
    2006-09-14 10:47 135,168 –a—— C:\WINDOWS\system32\swreg.exe
    2006-09-13 12:11 10,193 -r-h—– C:\WINDOWS\system32\win_3.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-12 13:24 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Azureus
    2006-10-11 19:19 ——– d——– C:\Program Files\Common Files
    2006-10-11 19:03 ——– d——– C:\Program Files\ElcomSoft
    2006-10-11 16:48 ——– d——– C:\Program Files\WinRAR
    2006-10-11 14:22 ——– d——– C:\Program Files\Intelore
    2006-10-11 14:14 ——– d——– C:\Program Files\DC++
    2006-10-11 13:59 ——– d——– C:\Program Files\Xilisoft
    2006-10-10 19:08 ——– d——– C:\Documents and Settings\Jevithan\Application Data\NetPumper
    2006-10-10 18:57 ——– d——– C:\Program Files\7-Zip
    2006-10-10 16:06 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Media Player Classic
    2006-10-09 16:35 ——– d——– C:\Program Files\eMule
    2006-10-09 13:25 ——– d——– C:\Documents and Settings\Jevithan\Application Data\PC Tools
    2006-10-08 18:37 ——– d——– C:\Program Files\Common Files\Wise Installation Wizard
    2006-10-08 18:28 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-10-08 18:28 ——– d——– C:\Program Files\Armor2net
    2006-10-06 22:36 ——– d——– C:\Program Files\DreamCatcher
    2006-10-06 20:23 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.ABC
    2006-10-04 20:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Macromedia
    2006-10-04 15:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\SiteAdvisor
    2006-10-04 15:05 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee
    2006-10-04 14:59 ——– d——– C:\Program Files\Common Files\McAfee
    2006-10-02 18:58 ——– d——– C:\Program Files\File Recover
    2006-10-02 15:57 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Comodo
    2006-10-02 12:14 ——– d——– C:\Program Files\K-Lite Codec Pack
    2006-10-02 11:51 ——– d——– C:\Program Files\WinAVI VideoConverter
    2006-10-01 19:14 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Lavasoft
    2006-10-01 12:52 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Registry Booster
    2006-09-30 18:31 ——– d——– C:\Program Files\Azureus
    2006-09-30 18:14 ——– d——– C:\Program Files\TuneUp Utilities 2006
    2006-09-29 13:37 ——– d——– C:\Program Files\Gabest
    2006-09-23 18:08 5632 –ahs—- C:\Program Files\Thumbs.db
    2006-09-23 18:08 ——– d——– C:\Program Files\ShopInsite MMI
    2006-09-23 18:08 ——– d——– C:\Program Files\Messenger
    2006-09-23 18:08 ——– d——– C:\Program Files\A-one Video Joiner
    2006-09-22 12:05 ——– d——– C:\Program Files\Super Video Splitter
    2006-09-20 22:03 ——– d——– C:\Documents and Settings\Jevithan\Application Data\STOIK
    2006-09-20 16:11 ——– d—s—- C:\Documents and Settings\Jevithan\Application Data\Microsoft
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Microsoft Shared
    2006-09-18 21:32 ——– d——– C:\Program Files\Common Files\Designer
    2006-09-18 21:31 ——– d——– C:\Program Files\Microsoft Office
    2006-09-18 21:31 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Microsoft Web Folders
    2006-09-18 14:27 ——– d——– C:\Documents and Settings\Jevithan\Application Data\.BitTornado
    2006-09-18 12:01 ——– d——– C:\Program Files\AliveMedia
    2006-09-15 14:21 ——– d——– C:\Documents and Settings\Jevithan\Application Data\LimeWire
    2006-09-14 16:09 ——– d——– C:\Documents and Settings\Jevithan\Application Data\McAfee.com Personal Firewall
    2006-09-14 15:07 15360 –a—— C:\WINDOWS\system32\BASSMOD.dll
    2006-09-13 20:40 ——– d——– C:\Program Files\Admiresoft
    2006-09-13 16:15 ——– d——– C:\Program Files\Internet Explorer
    2006-09-10 21:35 ——– d——– C:\Program Files\Allok Video Joiner
    2006-09-07 16:00 ——– d——– C:\Program Files\Common Files\Deterministic Networks
    2006-09-06 20:44 ——– d——– C:\Program Files\Common Files\Softwin
    2006-09-06 19:44 77824 –a—— C:\WINDOWS\system32\xcomm.dll
    2006-09-06 19:44 73728 –a—— C:\WINDOWS\system32\sockspy.dll
    2006-08-30 13:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\dvdcss
    2006-08-29 00:47 1257783 –a—— C:\WINDOWS\system32\drivers\v3engine.sys
    2006-08-28 21:11 ——– d——– C:\Program Files\EA Games
    2006-08-28 20:32 ——– d——– C:\Program Files\Windows Media Player
    2006-08-28 20:14 ——– d——– C:\Program Files\Movie Joiner
    2006-08-24 18:09 ——– d——– C:\Program Files\Innovatools
    2006-08-24 17:25 12464 –a—— C:\WINDOWS\system32\drivers\secdrv.sys
    2006-08-24 17:05 ——– d——– C:\Program Files\D-Tools
    2006-08-22 20:24 ——– d——– C:\Program Files\ATI Technologies
    2006-08-21 14:28 16896 –a—— C:\WINDOWS\system32\fltlib.dll
    2006-08-21 14:11 ——– d——– C:\Program Files\MSN Messenger
    2006-08-21 11:14 23040 –a—— C:\WINDOWS\system32\fltmc.exe
    2006-08-21 11:14 128896 –a—— C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-20 18:35 ——– d——– C:\Program Files\Allok Video Splitter
    2006-08-19 22:07 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Vso
    2006-08-19 19:54 5680 –a—— C:\WINDOWS\system32\drivers\psntkd20.sys
    2006-08-16 16:42 ——– d——– C:\Program Files\Windows NT
    2006-08-15 13:13 ——– d——– C:\Program Files\Bucek
    2006-08-15 13:02 ——– d——– C:\Program Files\AVI MPEG RM WMV Joiner
    2006-08-14 19:32 ——– d——– C:\Program Files\Easy Video Joiner
    2006-08-13 19:36 ——– d——– C:\Program Files\Google
    2006-08-13 18:16 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Google
    2006-08-13 16:54 ——– d——– C:\Documents and Settings\Jevithan\Application Data\Skype
    2006-08-12 16:59 ——– d——– C:\Program Files\Xara
    2006-08-12 15:47 ——– d——– C:\Program Files\AviSynth 2.5
    2006-08-12 15:46 ——– d——– C:\Documents and Settings\Jevithan\Application Data\uTorrent
    2006-08-11 20:58 666624 –a—— C:\WINDOWS\is-7DAPH.exe
    2006-08-10 19:37 8 –a—— C:\WINDOWS\system32\lssexp.dll
    2006-07-29 19:32 48936 –a—— C:\WINDOWS\system32\sirenacm.dll
    2006-07-27 15:26 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-07-21 10:29 72704 –a—— C:\WINDOWS\system32\hlink.dll
    2006-07-20 22:24 286720 –a—— C:\WINDOWS\iun506.exe
    2006-07-18 20:45 46 –a—— C:\WINDOWS\system32\w3c985va.dll
    2006-07-16 22:10 784 –a—— C:\Documents and Settings\Jevithan\Application Data\mpauth.dat
    2006-07-16 16:23 73216 –a—— C:\WINDOWS\ST6UNST.EXE


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Armor2net"="C:\\Program Files\\Armor2net\\Armor2net Personal Firewall\\Armor2net.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000000
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoChangeStartMenu"=dword:00000000
    "NoClose"=dword:00000000
    "NoLogOff"=dword:00000000
    "NoRun"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "DisableTaskMgr"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Start\\Programma's\\Opstarten\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jevithan^Menu Start^Programma's^Opstarten^Snelkoppeling naar zlclient.lnk]
    "path"="C:\\Documents and Settings\\Jevithan\\Menu Start\\Programma's\\Opstarten\\Snelkoppeling naar zlclient.lnk"
    "backup"="C:\\WINDOWS\\pss\\Snelkoppeling naar zlclient.lnkStartup"
    "location"="Startup"
    "command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe "
    "item"="Snelkoppeling naar zlclient"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0153901159966770mcinstcleanup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cleanup"
    "hkey"="HKLM"
    "command"="C:\\DOCUME~1\\Jevithan\\LOCALS~1\\Temp\\015390~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup.ini -cleanup -nolog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="APVXDWIN"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdmcon"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdnagent"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdnagent.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDOESRV]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdoesrv"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bdswitch"
    "hkey"="HKLM"
    "command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bittorrent"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" –force_start_minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="caissdt"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\caissdt.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="daemon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dfndrff_e26"
    "hkey"="HKLM"
    "command"="C:\\\\dfndrff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PPActiveDetection"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\CA\\eTrust Internet Security Suite\\eTrust PestPatrol Anti-Spyware\\PPActiveDetection.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iexplore"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\iexplore.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="FreeCall"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSWebServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="fsws"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Easy File Sharing Web Server\\fsws.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IDMan"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\eMule\\Incoming\\Internet Download Manager v5.03.02 Multilangages Incl-Crack\\Crack\\IDMan.exe /onboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kybrdff_16"
    "hkey"="HKLM"
    "command"="c:\\\\kybrdff_16.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kis]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kqkm]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="kqkmm"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\COMMON~1\\kqkm\\kqkmm.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacroVirus]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MacroVirus"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\MacroVirus\\MacroVirus.exe -boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsgPlus"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnreord]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msnmonitor"
    "hkey"="HKLM"
    "command"="C:\\Documents and Settings\\Jevithan\\Bureaublad\\TAMIL° ZONE\\Setup\\MSN_Password_Logger_v3\\msnmonitor.ex"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwnmff_e26"
    "hkey"="HKLM"
    "command"="C:\\\\nwnmff_e26.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6PM_0001_N91M2107]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="UWA6PM_0001_N91M2107NetInstaller"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS\\Downloaded Program Files\\UWA6PM_0001_N91M2107NetInstaller.exe\" -nag "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="outpost"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Agnitum\\Outpost Firewall\\outpost.exe\" /waitservice"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="feedback"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PadExe"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pccguide"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyKeyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PrivacyKeyboard"
    "hkey"="HKLM"
    "command"="C:\\KAV5.0\\PrivacyKeyboard\\PrivacyKeyboard.exe /autorun"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PWRISOVM"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Inicio"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ibm00001"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SmoothView"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\TOSHIBA\\TOSHIBA-zoomutility\\SmoothView.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkiezer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Snelkiezer"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\Snelkiezer.exe /quiet"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SPO"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpyEmergency"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Netgate\\Spy Emergency 2006\\SpyEmergency.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SpySweeper"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="system32"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\system32.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stonedrv]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="stonedrv"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\stonedrv.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sunserver"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SynTPEnh"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="lhiq"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\lhiq.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkq0724f]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE w1111879.dll,n 0040724b0000000a1111879"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="toscdspd"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Hotkey"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang NL"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="TPSMain"
    "hkey"="HKLM"
    "command"="TPSMain.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="VoipStunt"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MSASCui"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="winstall"
    "hkey"="HKCU"
    "command"="C:\\winstall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Task Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="taskmgn"
    "hkey"="HKLM"
    "command"="c:\\windows\\system32\\taskmgn.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="zlclient"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "PAVSRV"=dword:00000002
    "PAVFIRES"=dword:00000002
    "SDhelper"=dword:00000002
    "wampmysqld"=dword:00000003
    "wampapache"=dword:00000003
    "TUWinStylerThemeSvc"=dword:00000003
    "AVP"=dword:00000002
    "VSSERV"=dword:00000002
    "bdss"=dword:00000002
    "LIVESRV"=dword:00000002
    "XCOMM"=dword:00000002
    "WinDefend"=dword:00000002
    "WWW File Share Pro"=dword:00000002
    "Ati HotKey Poller"=dword:00000002
    "MSIServer"=dword:00000003
    "wuauserv"=dword:00000002
    "svcWRSSSDK"=dword:00000002


    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\1-Click Maintenance.job
    C:\WINDOWS\tasks\XoftSpy.job

    Completion time: 06-10-12 13:32:20.90
    ComboFix.txt

    Logfile of HijackThis v1.99.1
    Scan saved at 13:35:56, on 12-10-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jevithan\Bureaublad\TAMIL° ZONE\Setup\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEGetAll.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\eMule\Incoming\Internet Download Manager v5.03.02 Multilangages Incl-Crack\Crack\IEExt.htm
    O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownload.nefficient.co.kr/plugin/myv3/myv3.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152987549625
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: ,
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
  • moet ik nog iets doen?
  • Ja onderstaande aub.
    Download en installeer [b:0f92c64512]AVG Anti-Spyware[/b:0f92c64512].[list:0f92c64512]
    Na de installatie, open AVG Anti-Spyware:
    * onder "[b:0f92c64512]Status[/b:0f92c64512]", klik op [b:0f92c64512]Change state[/b:0f92c64512] naast "Resident shield". (wijzig van active naar [b:0f92c64512]inactive[/b:0f92c64512]!)
    * onder "[b:0f92c64512]Update[/b:0f92c64512]", klik op de [b:0f92c64512]Start update[/b:0f92c64512] knop.
    * onder "[b:0f92c64512]Scanner[/b:0f92c64512]", tab "Settings":[list:0f92c64512]- onder "How to act?", klik op "[u:0f92c64512]Recommended actions[/u:0f92c64512]" en selecteer [b:0f92c64512]Quarantine[/b:0f92c64512]. ([b:0f92c64512]ZEER BELANGRIJK![/b:0f92c64512])
    * onder "Reports", selecteer [b:0f92c64512]Automatically generate report after every scan[/b:0f92c64512] en [u:0f92c64512]verwijder[/u:0f92c64512] het vinkje bij [b:0f92c64512]Only if threats were found[/b:0f92c64512][/list:u:0f92c64512]
    Sluit AVG Anti-Spyware. Laat het [b:0f92c64512]nog niet[/b:0f92c64512] scannen.[/list:u:0f92c64512]

    Start op in veilige modus, (op F8 getapt drukken tijdens opstarten)
    Start HJT opnieuw en vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.




    [b:0f92c64512]O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C985221-063C-1043-0309-06051124001f}\MyToolBar.dll (file missing)
    O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.com/applet/applet_o.cab[/b:0f92c64512]



    Start [b:0f92c64512]AVG Anti-Spyware[/b:0f92c64512].[list:0f92c64512]* Klik op [b:0f92c64512]Scan[/b:0f92c64512] en kies [b:0f92c64512]Complete System Scan[/b:0f92c64512]. Na de scan; volg onderstaande instructies :
  • Beantwoord deze vraag

    Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.