Vraag & Antwoord
popup internet explorer
40 antwoorden
- Telkens als ik mijn pc opstart of als ik FIREFOX opstart, krijg ik een popup van Internet Explorer, meestal is deze popup van 888.com ofzo. Het curieuse vind ik dat het ook gebeurd op het moment dat ik firefox opstart, aangezien deze geen connectie heeft met internet explorer volgens mij.
Ik heb zojuist al ad-aware SE pro en Spybot S&D gedraaid, en alle rozooi eraf laten halen. Dit had geen resultaten. Daarna met NOD32 gecontroleerd, en alles was veilig/schoon. Verder heb ik van IE ook alle cookies en tijdelijke internet bestanden (ook de off-line bestanden) verwijderd. Zo heb ik ook alle privé gegevens in firefox verwijderd (muv de wachtwoorden en gebruikersnamen)
kan iemand mij nog iets aanraden?
Alvast bedankt
- Post even een hijackthis logje.
- en draai deze aub.
Download [b:458eba1883]Combofix[/b:458eba1883] naar je Bureaublad.[list:458eba1883]
Dubbelklik [b:458eba1883]Combofix.exe[/b:458eba1883]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:458eba1883]NIET[/b:458eba1883] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:458eba1883]
Wanneer de fix voltooid is en na herstart, zal de log [b:458eba1883]combofix.txt[/b:458eba1883] openen.
[i:458eba1883]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:458eba1883]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
Juisterr - Hijack this:
[code:1:a77accea31]Logfile of HijackThis v1.99.1
Scan saved at 12:34:54, on 30-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
D:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\steam\steam.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Internet Explorer\iexplore.exe
d:\progra~1\intern~1\iexplore.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Xfire\xfire.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Bureaublad\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "D:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP OfficeJet T Series] "D:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [webfordbookskip] D:\Documents and Settings\All Users\Application Data\platformplaywebford\01 Show.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [GrimElse] D:\DOCUME~1\ADMINI~1\APPLIC~1\BLAHWE~1\Program Rect.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[/code:1:a77accea31]
Combofix:
[code:1:a77accea31]Administrator - 06-12-30 12:32:47,84 Service Pack 2
ComboFix 06.11.27 - Running from: "D:\Documents and Settings\Administrator\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-11-30 to 2006-12-30 ))))))))))))))))))))))))))))))))))
2006-12-30 11:26 <DIR> d——– D:\Program Files\Spybot - Search & Destroy
2006-12-30 11:26 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-30 07:08 <DIR> d——– D:\Documents and Settings\All Users\Application Data\platformplaywebford
2006-12-30 07:08 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\NetPumper
2006-12-30 07:07 <DIR> d——– D:\Program Files\Blah Web
2006-12-30 07:07 <DIR> d——– D:\Program Files\Anti-Leech
2006-12-30 07:07 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Blah Web
2006-12-30 07:05 <DIR> d——– D:\Program Files\NetPumper
2006-12-29 17:58 <DIR> d——– D:\Program Files\Real
2006-12-29 17:58 <DIR> d——– D:\Program Files\Common Files\xing shared
2006-12-29 17:58 <DIR> d——– D:\Program Files\Common Files\Real
2006-12-29 17:57 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Real
2006-12-27 14:05 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2006-12-27 13:58 <DIR> d——– D:\Program Files\Messenger Plus! Live
2006-12-27 13:55 <DIR> d——– D:\Documents and Settings\Administrator\Contacts
2006-12-27 13:54 <DIR> d—-c— D:\WINDOWS\system32\DRVSTORE
2006-12-27 13:25 <DIR> d——– D:\Program Files\Photo Graffiti Demo
2006-12-27 12:03 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-25 20:48 <DIR> d–h—– D:\Program Files\Zero G Registry
2006-12-25 20:48 <DIR> d–h—– D:\Documents and Settings\Administrator\InstallAnywhere
2006-12-25 20:48 <DIR> d——– D:\Program Files\JAlbum
2006-12-24 11:59 <DIR> d——– D:\Program Files\Guitar Pro 5
2006-12-22 13:26 <DIR> d——– D:\Program Files\TightVNC
2006-12-22 12:42 8 –a—— D:\WINDOWS\system32\VGANGMJYMWVPD.SYS
2006-12-22 12:42 <DIR> d——– D:\Program Files\D'Accord Music Software
2006-12-18 09:49 <DIR> d—s—- D:\Documents and Settings\Administrator\UserData
2006-12-17 15:59 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2006-12-17 13:08 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Skype
2006-12-17 13:07 <DIR> d——– D:\Program Files\Skype
2006-12-17 13:07 <DIR> d——– D:\Program Files\Common Files\Skype
2006-12-17 13:07 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Skype
2006-12-16 13:23 <DIR> d——– D:\Program Files\ToniArts
2006-12-16 11:39 <DIR> d——– D:\Program Files\PartyGaming
2006-12-13 22:12 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Ulead Systems
2006-12-13 21:53 <DIR> d——– D:\SmartSound Software
2006-12-13 21:53 <DIR> d——– D:\Program Files\SmartSound Software
2006-12-13 21:53 <DIR> d——– D:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2006-12-13 21:51 <DIR> d——– D:\Program Files\Windows Media Components
2006-12-13 21:51 <DIR> d——– D:\Program Files\QuickTime
2006-12-13 21:51 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Apple Computer
2006-12-13 21:50 <DIR> d——– D:\Program Files\Common Files\Ulead Systems
2006-12-13 21:50 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Ulead Systems
2006-12-13 19:09 <DIR> d——– D:\Program Files\GIF Movie Gear
2006-12-13 18:07 <DIR> d——– D:\Program Files\TagRename
2006-12-13 16:57 49,152 -ra—— D:\WINDOWS\system32\hpomon05.dll
2006-12-13 16:51 73,728 ——— D:\WINDOWS\system32\hpoidr07.dll
2006-12-13 16:51 57,344 ——— D:\WINDOWS\system32\hpoipm07.exe
2006-12-13 16:51 53,760 ——— D:\WINDOWS\system32\hpovcm05.dll
2006-12-13 16:51 53,248 ——— D:\WINDOWS\system32\hpoipr07.dll
2006-12-13 16:51 50,848 ——— D:\WINDOWS\system32\hpousd05.dll
2006-12-13 16:51 40,960 ——— D:\WINDOWS\system32\HPOtap05.dll
2006-12-13 16:51 40,960 ——— D:\WINDOWS\system32\hpoimn07.dll
2006-12-13 16:51 40,448 ——— D:\WINDOWS\system32\hpomem05.dll
2006-12-13 16:51 315,904 –a—— D:\WINDOWS\IsUninst.exe
2006-12-13 16:51 28,672 ——— D:\WINDOWS\system32\HPOtax05.exe
2006-12-13 16:51 118,784 ——— D:\WINDOWS\system32\hpocnt05.dll
2006-12-13 16:51 <DIR> d——– D:\WINDOWS\system32\Color
2006-12-13 16:51 <DIR> d——– D:\Program Files\Hewlett-Packard
2006-12-13 16:51 <DIR> d——– D:\My Images
2006-12-13 16:50 <DIR> d——– D:\Documents and Settings\Administrator\WINDOWS
2006-12-12 19:58 <DIR> d——– D:\Program Files\EA GAMES
2006-12-12 16:11 49,152 –a—— D:\WINDOWS\system32\INETWH32.dll
2006-12-12 16:11 1,056,768 –a—— D:\WINDOWS\system32\ROBOEX32.DLL
2006-12-12 16:11 <DIR> d——– D:\Program Files\Ulead Systems
2006-12-12 15:31 <DIR> d——– D:\Program Files\Wolfenstein - Enemy Territory
2006-12-12 08:34 <DIR> d——– D:\Program Files\MSXML 4.0
2006-12-11 10:20 952 –ahs—- D:\WINDOWS\system32\KGyGaAvL.sys
2006-12-11 10:20 <DIR> d——– D:\Documents and Settings\All Users\Application Data\InstallShield
2006-12-11 10:20 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Corel
2006-12-11 10:19 <DIR> d——– D:\Program Files\Corel
2006-12-11 10:19 <DIR> d——– D:\Program Files\Common Files\Corel
2006-12-11 10:16 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\InterVideo
2006-12-11 10:15 204,800 –a—— D:\WINDOWS\system32\IVIresizeW7.dll
2006-12-11 10:15 200,704 –a—— D:\WINDOWS\system32\IVIresizeA6.dll
2006-12-11 10:15 20,480 –a—— D:\WINDOWS\system32\IVIresize.dll
2006-12-11 10:15 192,512 –a—— D:\WINDOWS\system32\IVIresizeP6.dll
2006-12-11 10:15 192,512 –a—— D:\WINDOWS\system32\IVIresizeM6.dll
2006-12-11 10:15 188,416 –a—— D:\WINDOWS\system32\IVIresizePX.dll
2006-12-11 10:15 <DIR> d——– D:\Program Files\InterActual
2006-12-11 10:15 <DIR> d——– D:\Program Files\Common Files\InterVideo
2006-12-11 10:14 122,880 –a—— D:\WINDOWS\system32\cddvdint.dll
2006-12-11 10:14 <DIR> d——– D:\Program Files\InterVideo
2006-12-11 10:09 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Sony
2006-12-11 10:09 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Publish Providers
2006-12-11 10:09 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\NetMedia Providers
2006-12-11 10:07 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\CyberLink
2006-12-11 10:06 <DIR> d——– D:\Program Files\Sony
2006-12-11 10:05 <DIR> d——– D:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-11 10:04 499,712 ——— D:\WINDOWS\system32\msvcp71.dll
2006-12-11 10:04 <DIR> d——– D:\Program Files\CyberLink
2006-12-11 09:58 <DIR> d——– D:\Program Files\WinAVIVideoConverter
2006-12-11 09:26 <DIR> d——– D:\Program Files\DAEMON Tools
2006-12-11 09:24 639,224 –a—— D:\WINDOWS\system32\drivers\sptd.sys
2006-12-10 21:36 <DIR> d——– D:\Program Files\UT2004
2006-12-10 19:38 <DIR> d——– D:\Program Files\SmartFTP Client 2.0 Setup Files
2006-12-10 19:38 <DIR> d——– D:\Program Files\SmartFTP Client 2.0
2006-12-10 19:38 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\SmartFTP
2006-12-10 17:12 <DIR> d——– D:\Program Files\Azureus
2006-12-10 17:12 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Azureus
2006-12-10 16:35 <DIR> d——– D:\WINDOWS\Sun
2006-12-10 16:35 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Sun
2006-12-10 13:57 <DIR> d——– D:\NVIDIA
2006-12-10 13:47 221,184 –a—— D:\WINDOWS\system32\wmpns.dll
2006-12-10 13:28 208,896 –a—— D:\WINDOWS\system32\NVUNINST.EXE
2006-12-10 13:09 <DIR> d——– D:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-12-10 13:07 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Adobe
2006-12-10 13:06 <DIR> d——– D:\Program Files\Adobe
2006-12-10 13:06 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Adobe
2006-12-10 13:05 <DIR> d——– D:\Program Files\Common Files\Adobe
2006-12-10 12:59 <DIR> d——– D:\WINDOWS\xp to vista (sound scheme)
2006-12-10 12:24 22,752 –a—— D:\WINDOWS\system32\spupdsvc.exe
2006-12-10 12:24 <DIR> d–h—– D:\WINDOWS\$hf_mig$
2006-12-10 12:24 <DIR> d——– D:\WINDOWS\system32\PreInstall
2006-12-10 12:12 <DIR> d——– D:\WINDOWS\system32\SoftwareDistribution
2006-12-10 00:33 26,496 –a—— D:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-12-09 22:38 <DIR> d——– D:\Program Files\Microsoft Visual Studio
2006-12-09 22:38 <DIR> d——– D:\Program Files\Common Files\Designer
2006-12-09 22:36 <DIR> d——– D:\WINDOWS\ShellNew
2006-12-09 22:36 <DIR> d——– D:\Program Files\Snapshot Viewer
2006-12-09 22:34 <DIR> d——– D:\WINDOWS\Twain32
2006-12-09 22:34 <DIR> d——– D:\Program Files\Microsoft Office
2006-12-09 22:34 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders
2006-12-09 22:12 <DIR> d——– D:\WINDOWS\Minidump
2006-12-09 21:55 <DIR> d–hs—- D:\WINDOWS\ftpcache
2006-12-09 21:32 <DIR> d——– D:\Program Files\SpeedFan
2006-12-09 21:29 <DIR> d——– D:\Program Files\Activision
2006-12-09 20:57 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Elaborate Bytes
2006-12-09 20:53 <DIR> d——– D:\Program Files\GoldEsel
2006-12-09 20:52 364,544 ——— D:\WINDOWS\system32\TwnLib4.dll
2006-12-09 20:52 24,064 ——— D:\WINDOWS\system32\msxml3a.dll
2006-12-09 20:52 2,977,792 ——— D:\WINDOWS\UNNeroVision.exe
2006-12-09 20:52 <DIR> d——– D:\Documents and Settings\All Users\Application Data\Ahead
2006-12-09 20:51 5,504 ——— D:\WINDOWS\system32\drivers\imagedrv.sys
2006-12-09 20:51 476,320 ——— D:\WINDOWS\system32\ImagXpr7.dll
2006-12-09 20:51 471,040 ——— D:\WINDOWS\system32\ImagXRA7.dll
2006-12-09 20:51 262,144 ——— D:\WINDOWS\system32\ImagXR7.dll
2006-12-09 20:51 125,184 ——— D:\WINDOWS\system32\drivers\imagesrv.sys
2006-12-09 20:51 1,568,768 ——— D:\WINDOWS\system32\ImagX7.dll
2006-12-09 20:27 <DIR> d——– D:\Program Files\Western Digital Technologies
2006-12-09 18:25 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\SlySoft
2006-12-09 18:02 81,920 –a—— D:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2006-12-09 18:02 47,360 –a—— D:\WINDOWS\system32\drivers\pcouffin.sys
2006-12-09 18:02 47,360 –a—— D:\Documents and Settings\Administrator\Application Data\pcouffin.sys
2006-12-09 18:02 14,848 –a—— D:\WINDOWS\system32\BASSMOD.dll
2006-12-09 18:02 <DIR> d——– D:\Program Files\vso
2006-12-09 18:02 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Vso
2006-12-09 17:52 <DIR> d——– D:\Documents and Settings\Administrator\Incomplete
2006-12-09 17:33 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\LimeWire
2006-12-09 17:30 <DIR> d——– D:\Program Files\Java
2006-12-09 17:30 <DIR> d——– D:\Program Files\Common Files\Java
2006-12-09 17:29 <DIR> d——– D:\Program Files\WinRAR
2006-12-09 17:29 <DIR> d——– D:\Program Files\LimeWire
2006-12-09 17:24 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Talkback
2006-12-09 17:24 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Mozilla
2006-12-09 17:23 <DIR> d——– D:\Program Files\Mozilla Firefox
2006-12-09 17:12 36,528 ——— D:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-09 17:12 2,560 ——— D:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-09 17:12 2,432 ——— D:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-09 17:12 129,784 ——— D:\WINDOWS\system32\pxafs.dll
2006-12-09 17:12 115,880 ——— D:\WINDOWS\system32\pxinsi64.exe
2006-12-09 17:12 <DIR> d——– D:\Program Files\Winamp
2006-12-09 17:10 <DIR> d——– D:\Program Files\SlySoft
2006-12-09 17:10 <DIR> d——– D:\Program Files\Elaborate Bytes
2006-12-09 16:45 <DIR> d——– D:\Program Files\RivaTuner v2.0 RC 15.8
2006-12-09 16:44 <DIR> d——– D:\Guru3D.com
2006-12-09 16:41 77,824 –a—— D:\WINDOWS\system32\mplaw7.dll
2006-12-09 16:41 77,824 –a—— D:\WINDOWS\system32\mplaa6.dll
2006-12-09 16:41 761,856 –a—— D:\WINDOWS\system32\xvidcore.dll
2006-12-09 16:41 65,536 –a—— D:\WINDOWS\system32\mplapx.dll
2006-12-09 16:41 65,536 –a—— D:\WINDOWS\system32\mplam6.dll
2006-12-09 16:41 348,160 –a—— D:\WINDOWS\system32\MSVCR71.dll
2006-12-09 16:41 19,968 –a—— D:\WINDOWS\system32\cpuinf32.dll
2006-12-09 16:41 152,064 –a—— D:\WINDOWS\system32\unrar.dll
2006-12-09 16:41 1,650,688 –a—— D:\WINDOWS\system32\mplva6.dll
2006-12-09 16:41 1,581,056 –a—— D:\WINDOWS\system32\mplvw7.dll
2006-12-09 16:41 1,552,384 –a—— D:\WINDOWS\system32\mplvm6.dll
2006-12-09 16:41 1,122,304 –a—— D:\WINDOWS\system32\mplvpx.dll
2006-12-09 16:41 <DIR> d——– D:\Program Files\ACE Mega CoDecS Pack
2006-12-09 16:40 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-12-09 16:39 <DIR> d——– D:\Program Files\Lavasoft
2006-12-09 15:51 <DIR> d——– D:\Program Files\Steam
2006-12-09 12:50 502,368 –a—— D:\WINDOWS\system32\drivers\amon.sys
2006-12-09 12:50 274,432 –a—— D:\WINDOWS\system32\imon.dll
2006-12-09 12:46 <DIR> d——– D:\Program Files\ESET
2006-12-09 12:33 3,072 –a—— D:\WINDOWS\system32\drivers\audstub.sys
2006-12-09 12:33 21,504 –a—— D:\WINDOWS\system32\hidserv.dll
2006-12-09 12:32 57,856 –a—— D:\WINDOWS\system32\drivers\redbook.sys
2006-12-09 12:32 20,992 –a—— D:\WINDOWS\system32\drivers\RTL8139.sys
2006-12-09 12:31 76,288 –a—— D:\WINDOWS\system32\usbui.dll
2006-12-09 12:31 5,632 –a—— D:\WINDOWS\system32\drivers\intelide.sys
2006-12-09 12:31 42,368 –a—— D:\WINDOWS\system32\drivers\AGP440.SYS
2006-12-09 12:30 9,936 –a—— D:\WINDOWS\system\LZEXPAND.DLL
2006-12-09 12:30 9,040 –a—— D:\WINDOWS\system\VER.DLL
2006-12-09 12:30 86,556 –a—— D:\WINDOWS\system32\dgsetup.dll
2006-12-09 12:30 82,944 –a—— D:\WINDOWS\system\OLECLI.DLL
2006-12-09 12:30 8,704 –a—— D:\WINDOWS\system32\batt.dll
2006-12-09 12:30 8,192 -ra—— D:\WINDOWS\system32\kbdhept.dll
2006-12-09 12:30 76,288 –a—— D:\WINDOWS\system32\storprop.dll
2006-12-09 12:30 70,192 –a—— D:\WINDOWS\system\MMSYSTEM.DLL
2006-12-09 12:30 70,144 –a—— D:\WINDOWS\system\AVICAP.DLL
2006-12-09 12:30 70,144 –a—— D:\WINDOWS\NOTEPAD.EXE
2006-12-09 12:30 7,168 -ra—— D:\WINDOWS\system32\kbdcz.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdycl.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdsl1.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdsl.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdpl.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdhu.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdhela3.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdcz2.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdcz1.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\kbdcr.dll
2006-12-09 12:30 6,656 -ra—— D:\WINDOWS\system32\KBDAL.DLL
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdtuq.dll
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdtuf.dll
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdlv1.dll
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdlv.dll
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdhela2.dll
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdgkl.dll
2006-12-09 12:30 6,144 -ra—— D:\WINDOWS\system32\kbdest.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdycc.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbduzb.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdur.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdtat.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdru1.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdru.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdro.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdpl1.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdmon.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdlt1.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdlt.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdkyr.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdkaz.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdhu1.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdhe319.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdhe220.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdhe.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdbu.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdblr.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdazel.dll
2006-12-09 12:30 5,632 -ra—— D:\WINDOWS\system32\kbdaze.dll
2006-12-09 12:30 5,120 –a—— D:\WINDOWS\system\SHELL.DLL
2006-12-09 12:30 33,696 –a—— D:\WINDOWS\system\COMMDLG.DLL
2006-12-09 12:30 24,661 –a—— D:\WINDOWS\system32\spxcoins.dll
2006-12-09 12:30 24,064 –a—— D:\WINDOWS\system\OLESVR.DLL
2006-12-09 12:30 19,200 –a—— D:\WINDOWS\system\TAPI.DLL
2006-12-09 12:30 176,157 –a—— D:\WINDOWS\system32\dgrpsetu.dll
2006-12-09 12:30 15,872 –a—— D:\WINDOWS\TASKMAN.EXE
2006-12-09 12:30 13,312 –a—— D:\WINDOWS\system32\irclass.dll
2006-12-09 12:30 126,976 –a—— D:\WINDOWS\system\MSVIDEO.DLL
2006-12-09 12:30 11,264 –a—— D:\WINDOWS\system32\drivers\irenum.sys
2006-12-09 12:30 109,552 –a—— D:\WINDOWS\system\AVIFILE.DLL
2006-12-09 12:30 103,936 –a—— D:\WINDOWS\system32\EqnClass.Dll
2006-12-09 12:30 <DIR> dr——- D:\Program Files\Common Files\..
2006-12-09 12:30 <DIR> dr——- D:\Program Files\.
2006-12-09 12:30 <DIR> dr——- D:\Program Files
2006-12-09 12:30 <DIR> dr——- D:\Documents and Settings\All Users\Menu Start
2006-12-09 12:30 <DIR> dr——- D:\Documents and Settings\All Users\Documenten
2006-12-09 12:30 <DIR> d–hs—- D:\WINDOWS\Installer
2006-12-09 12:30 <DIR> d–hs—- D:\Program Files\..
2006-12-09 12:30 <DIR> d–h—– D:\Documents and Settings\All Users\Sjablonen
2006-12-09 12:30 <DIR> d——– D:\Program Files\Common Files\SpeechEngines
2006-12-09 12:30 <DIR> d——– D:\Program Files\Common Files\ODBC
2006-12-09 12:30 <DIR> d——– D:\Program Files\Common Files\Microsoft Shared
2006-12-09 12:30 <DIR> d——– D:\Program Files\Common Files\.
2006-12-09 12:30 <DIR> d——– D:\Program Files\Common Files
2006-12-09 12:30 <DIR> d——– D:\Documents and Settings\All Users\Favorieten
2006-12-09 12:30 <DIR> d——– D:\Documents and Settings\All Users\Bureaublad
2006-12-09 12:28 <DIR> dr-h—– D:\Documents and Settings\All Users\Application Data\.
2006-12-09 12:28 <DIR> dr-h—– D:\Documents and Settings\All Users\Application Data
2006-12-09 12:28 <DIR> d–hs—- D:\System Volume Information
2006-12-09 12:28 <DIR> d—s—- D:\Documents and Settings\All Users\Application Data\Microsoft
2006-12-09 12:28 <DIR> d——– D:\WINDOWS\system32\CatRoot2
2006-12-09 12:28 <DIR> d——– D:\WINDOWS\system32\CatRoot
2006-12-09 12:28 <DIR> d——– D:\Documents and Settings\All Users\Application Data\..
2006-12-09 12:28 <DIR> d——– D:\Documents and Settings\All Users\..
2006-12-09 12:28 <DIR> d——– D:\Documents and Settings\All Users\.
2006-12-09 12:28 <DIR> d——– D:\Documents and Settings
2006-12-09 12:24 97,792 –a—— D:\WINDOWS\system32\LGUICOM.DLL
2006-12-09 12:24 94,208 –a—— D:\WINDOWS\system32\FEELIT.DLL
2006-12-09 12:24 81,920 -r——- D:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
2006-12-09 12:24 70,894 –a—— D:\WINDOWS\system32\drivers\LMouFlt2.Sys
2006-12-09 12:24 51,582 ——— D:\WINDOWS\system32\drivers\L8042PR2.SYS
2006-12-09 12:24 37,916 –a—— D:\WINDOWS\system32\drivers\LHidUsb.sys
2006-12-09 12:24 3,568 –a—— D:\WINDOWS\system32\LMOUSE16.DLL
2006-12-09 12:24 25,630 –a—— D:\WINDOWS\system32\drivers\LHidFlt2.Sys
2006-12-09 12:24 23,372 ——— D:\WINDOWS\system32\LCOINST.DLL
2006-12-09 12:24 20,992 ——— D:\WINDOWS\LOGI_MWX.EXE
2006-12-09 12:24 16,896 –a—— D:\WINDOWS\system32\LMOUSE32.DLL
2006-12-09 12:24 155,648 –a—— D:\WINDOWS\system32\ifc21.dll
2006-12-09 12:24 152,064 ——— D:\WINDOWS\system32\lmoufrc.dll
2006-12-09 12:24 14,092 ——— D:\WINDOWS\system32\drivers\LCCFLTR.SYS
2006-12-09 12:24 104,960 –a—— D:\WINDOWS\system32\COMNCTR.DLL
2006-12-09 12:24 <DIR> d—s—- D:\Program Files\Xfire
2006-12-09 12:24 <DIR> d——– D:\Program Files\MSN Messenger
2006-12-09 12:24 <DIR> d——– D:\Program Files\Logitech
2006-12-09 12:24 <DIR> d——– D:\Program Files\Common Files\Logitech
2006-12-09 12:24 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Xfire
2006-12-09 12:23 <DIR> dr-hsc— D:\WINDOWS\system32\dllcache
2006-12-09 12:23 <DIR> dr–s—- D:\WINDOWS\Fonts
2006-12-09 12:23 <DIR> dr——- D:\WINDOWS\Web
2006-12-09 12:23 <DIR> d–hs—- D:\WINDOWS\..
2006-12-09 12:23 <DIR> d–h—– D:\WINDOWS\inf
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\WinSxS
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\twain_32
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Temp
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\wins
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\wbem
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\usmt
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\spool
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\ShellExt
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\Setup
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\ras
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\oobe
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\npp
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\mui
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\inetsrv
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\IME
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\icsxml
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\ias
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\export
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\drivers\etc
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\drivers\disdn
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\drivers\..
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\drivers\.
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\drivers
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\dhcp
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\config
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\3com_dmi
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\3076
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\2052
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1054
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1043
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1042
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1041
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1037
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1033
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1031
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1028
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\1025
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\..
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32\.
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system32
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system\..
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system\.
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\system
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\security
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Resources
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\repair
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Provisioning
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\PeerNet
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\pchealth
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\mui
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\msapps
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\msagent
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Media
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\java
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\ime
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Help
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\ehome
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Driver Cache
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Debug
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Cursors
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Connection Wizard
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\Config
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\AppPatch
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\addins
2006-12-09 12:23 <DIR> d——– D:\WINDOWS\.
2006-12-09 12:23 <DIR> d——– D:\WINDOWS
2006-12-09 12:23 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Macromedia
2006-12-09 12:19 569,344 ——— D:\WINDOWS\system32\imagr5.dll
2006-12-09 12:19 544,768 ——— D:\WINDOWS\system32\imagx5.dll
2006-12-09 12:19 38,912 ——— D:\WINDOWS\system32\picn20.dll
2006-12-09 12:19 283,920 ——— D:\WINDOWS\system32\ImagXpr5.dll
2006-12-09 12:19 155,648 –a—— D:\WINDOWS\system32\NeroCheck.exe
2006-12-09 12:19 106,496 ——— D:\WINDOWS\system32\TwnLib20.dll
2006-12-09 12:19 <DIR> d——– D:\Program Files\Common Files\Ahead
2006-12-09 12:18 <DIR> d——– D:\Program Files\Ahead
2006-12-09 12:13 41,984 ——— D:\WINDOWS\Ctregrun.exe
2006-12-09 12:11 90,112 ——— D:\WINDOWS\Updreg.EXE
2006-12-09 12:11 81,920 –a—— D:\WINDOWS\system32\OpenAL32.dll
2006-12-09 12:11 6,400 –a—— D:\WINDOWS\system32\drivers\splitter.sys
2006-12-09 12:11 233,472 –a—— D:\WINDOWS\system32\wrap_oal.dll
2006-12-09 12:11 <DIR> d——– D:\WINDOWS\system32\Defaults
2006-12-09 12:10 82,944 –a—— D:\WINDOWS\system32\drivers\wdmaud.sys
2006-12-09 12:10 7,552 –a—— D:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-12-09 12:10 60,800 –a—— D:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-09 12:10 60,288 –a—— D:\WINDOWS\system32\drivers\drmk.sys
2006-12-09 12:10 54,272 –a—— D:\WINDOWS\system32\drivers\swmidi.sys
2006-12-09 12:10 52,864 –a—— D:\WINDOWS\system32\drivers\DMusic.sys
2006-12-09 12:10 5,376 –a—— D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-12-09 12:10 4,992 –a—— D:\WINDOWS\system32\drivers\MSPQM.sys
2006-12-09 12:10 4,096 –a—— D:\WINDOWS\system32\ksuser.dll
2006-12-09 12:10 24,576 –a—— D:\WINDOWS\INRESDUT.DLL
2006-12-09 12:10 2,944 –a—— D:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-09 12:10 172,416 –a—— D:\WINDOWS\system32\drivers\kmixer.sys
2006-12-09 12:10 145,792 –a—— D:\WINDOWS\system32\drivers\portcls.sys
2006-12-09 12:10 142,464 –a—— D:\WINDOWS\system32\drivers\aec.sys
2006-12-09 12:10 10,752 –a—— D:\WINDOWS\CTDCRDUT.DLL
2006-12-09 12:10 <DIR> d——– D:\WINDOWS\system32\Data
2006-12-09 12:08 77,824 ——— D:\WINDOWS\system32\ctdvda32.dll
2006-12-09 12:08 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Creative
2006-12-09 12:07 <DIR> d——– D:\WINDOWS\RegisteredPackages
2006-12-09 12:07 <DIR> d——– D:\Program Files\Creative
2006-12-09 12:04 <DIR> d–hs—- D:\RECYCLER
2006-12-09 11:59 <DIR> d——– D:\Program Files\ASUSTeK
2006-12-09 11:58 90,112 –a—— D:\WINDOWS\ATKKBService.exe
2006-12-09 11:58 8,704 –a—— D:\WINDOWS\system32\ATKOSDMini.DLL
2006-12-09 11:58 45,056 –a—— D:\WINDOWS\system32\ATKOGL.dll
2006-12-09 11:58 333,824 –a—— D:\WINDOWS\system32\ATKOSDX.dll
2006-12-09 11:58 303,104 –a—— D:\WINDOWS\system32\ATKDispCPL.dll
2006-12-09 11:58 208,896 –a—— D:\WINDOWS\system32\nvudisp.exe
2006-12-09 11:58 20,096 –a—— D:\WINDOWS\system32\drivers\atkkbnt.sys
2006-12-09 11:58 180,224 –a—— D:\WINDOWS\system32\ATKCheckDispIDs.dll
2006-12-09 11:58 154,144 –a—— D:\WINDOWS\system32\ATKDISP.dll
2006-12-09 11:58 <DIR> d——– D:\WINDOWS\nview
2006-12-09 11:56 9,472 -ra—— D:\WINDOWS\system32\drivers\EIO.sys
2006-12-09 11:52 <DIR> d–h—– D:\Program Files\InstallShield Installation Information
2006-12-09 11:52 <DIR> d——– D:\WINDOWS\system32\ReinstallBackups
2006-12-09 11:52 <DIR> d——– D:\Program Files\Intel
2006-12-09 11:52 <DIR> d——– D:\Program Files\Common Files\InstallShield
2006-12-09 11:51 5,824 –a—— D:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-12-09 11:46 <DIR> d–h—– D:\Program Files\Uninstall Information
2006-12-09 11:46 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\Identities
2006-12-09 11:42 <DIR> dr-h—– D:\Documents and Settings\Administrator\SendTo
2006-12-09 11:42 <DIR> dr-h—– D:\Documents and Settings\Administrator\Onlangs geopend
2006-12-09 11:42 <DIR> dr-h—– D:\Documents and Settings\Administrator\Application Data\.
2006-12-09 11:42 <DIR> dr-h—– D:\Documents and Settings\Administrator\Application Data
2006-12-09 11:42 <DIR> dr–s—- D:\WINDOWS\assembly
2006-12-09 11:42 <DIR> dr——- D:\Documents and Settings\Administrator\Mijn documenten
2006-12-09 11:42 <DIR> dr——- D:\Documents and Settings\Administrator\Menu Start
2006-12-09 11:42 <DIR> dr——- D:\Documents and Settings\Administrator\Favorieten
2006-12-09 11:42 <DIR> d–h—– D:\Documents and Settings\Administrator\Sjablonen
2006-12-09 11:42 <DIR> d–h—– D:\Documents and Settings\Administrator\Netwerkprinteromgeving
2006-12-09 11:42 <DIR> d–h—– D:\Documents and Settings\Administrator\NetHood
2006-12-09 11:42 <DIR> d–h—– D:\Documents and Settings\Administrator\Local Settings
2006-12-09 11:42 <DIR> d—s—- D:\Documents and Settings\Administrator\Cookies
2006-12-09 11:42 <DIR> d—s—- D:\Documents and Settings\Administrator\Application Data\Microsoft
2006-12-09 11:42 <DIR> d——– D:\WINDOWS\SoftwareDistribution
2006-12-09 11:42 <DIR> d——– D:\WINDOWS\Microsoft.NET
2006-12-09 11:42 <DIR> d——– D:\Documents and Settings\Administrator\Bureaublad
2006-12-09 11:42 <DIR> d——– D:\Documents and Settings\Administrator\Application Data\..
2006-12-09 11:42 <DIR> d——– D:\Documents and Settings\Administrator\..
2006-12-09 11:42 <DIR> d——– D:\Documents and Settings\Administrator\.
2006-12-09 11:41 <DIR> d—s—- D:\WINDOWS\system32\Microsoft
2006-12-09 11:41 <DIR> d——– D:\WINDOWS\Prefetch
2006-12-09 11:39 <DIR> d——– D:\WINDOWS\system32\xircom
2006-12-09 11:39 <DIR> d——– D:\Program Files\xerox
2006-12-09 11:39 <DIR> d——– D:\Program Files\msn gaming zone
2006-12-09 11:39 <DIR> d——– D:\Program Files\microsoft frontpage
2006-12-09 11:38 112,128 –a—— D:\WINDOWS\system32\mapi32.dll
2006-12-09 11:37 <DIR> dr——- D:\WINDOWS\Offline Web Pages
2006-12-09 11:37 <DIR> d–hs—- D:\Documents and Settings\All Users\DRM
2006-12-09 11:37 <DIR> d–h—– D:\Program Files\WindowsUpdate
2006-12-09 11:37 <DIR> d—s—- D:\WINDOWS\Downloaded Program Files
2006-12-09 11:37 <DIR> d——– D:\Program Files\Online Services
2006-12-09 11:36 86,016 –a—— D:\WINDOWS\system32\isign32.dll
2006-12-09 11:36 81,920 –a—— D:\WINDOWS\system32\ils.dll
2006-12-09 11:36 8,192 –a—— D:\WINDOWS\system32\bitsprx2.dll
2006-12-09 11:36 73,728 –a—— D:\WINDOWS\system32\icwdial.dll
2006-12-09 11:36 73,472 –a—— D:\WINDOWS\system32\drivers\sr.sys
2006-12-09 11:36 7,168 –a—— D:\WINDOWS\system32\bitsprx3.dll
2006-12-09 11:36 69,632 –a—— D:\WINDOWS\system32\msconf.dll
2006-12-09 11:36 679,424 –a—— D:\WINDOWS\system32\inetcomm.dll
2006-12-09 11:36 67,584 –a—— D:\WINDOWS\system32\srclient.dll
2006-12-09 11:36 67,584 –a—— D:\WINDOWS\system32\acctres.dll
2006-12-09 11:36 65,536 –a—— D:\WINDOWS\system32\icwphbk.dll
2006-12-09 11:36 6,656 –a—— D:\WINDOWS\system32\wuauserv.dll
2006-12-09 11:36 50,176 –a—— D:\WINDOWS\system32\inetres.dll
2006-12-09 11:36 466,200 –a—— D:\WINDOWS\system32\wuapi.dll
2006-12-09 11:36 45,568 –a—— D:\WINDOWS\system32\safrslv.dll
2006-12-09 11:36 43,520 –a—— D:\WINDOWS\system32\safrcdlg.dll
2006-12-09 11:36 43,520 –a—— D:\WINDOWS\system32\racpldlg.dll
2006-12-09 11:36 41,240 –a—— D:\WINDOWS\system32\wups.dll
2006-12-09 11:36 382,464 –a—— D:\WINDOWS\system32\qmgr.dll
2006-12-09 11:36 34,560 –a—— D:\WINDOWS\system32\mnmdd.dll
2006-12-09 11:36 32,768 –a—— D:\WINDOWS\system32\mnmsrvc.exe
2006-12-09 11:36 32,768 –a—— D:\WINDOWS\system32\isrdbg32.dll
2006-12-09 11:36 29,696 –a—— D:\WINDOWS\system32\safrdm.dll
2006-12-09 11:36 28,672 –a—— D:\WINDOWS\system32\nmmkcert.dll
2006-12-09 11:36 278,528 –a—— D:\WINDOWS\system32\mstask.dll
2006-12-09 11:36 278,528 –a—— D:\WINDOWS\system32\inetcfg.dll
2006-12-09 11:36 252,928 –a—— D:\WINDOWS\system32\msoeacct.dll
2006-12-09 11:36 241,152 –a—— D:\WINDOWS\system32\srrstr.dll
2006-12-09 11:36 23,040 –a—— D:\WINDOWS\system32\fltmc.exe
2006-12-09 11:36 194,840 –a—— D:\WINDOWS\system32\wuaueng1.dll
2006-12-09 11:36 192,000 –a—— D:\WINDOWS\system32\schedsvc.dll
2006-12-09 11:36 18,944 –a—— D:\WINDOWS\system32\qmgrprxy.dll
2006-12-09 11:36 174,360 –a—— D:\WINDOWS\system32\wuauclt1.exe
2006-12-09 11:36 173,536 –a—— D:\WINDOWS\system32\wuweb.dll
2006-12-09 11:36 170,496 –a—— D:\WINDOWS\system32\srsvc.dll
2006-12-09 11:36 16,896 –a—— D:\WINDOWS\system32\fltlib.dll
2006-12-09 11:36 16,384 –a—— D:\WINDOWS\system32\icfgnt5.dll
2006-12-09 11:36 128,896 –a—— D:\WINDOWS\system32\drivers\fltmgr.sys
2006-12-09 11:36 128,280 –a—— D:\WINDOWS\system32\wucltui.dll
2006-12-09 11:36 125,208 –a—— D:\WINDOWS\system32\wuauclt.exe
2006-12-09 11:36 12,288 –a—— D:\WINDOWS\system32\nmevtmsg.dll
2006-12-09 11:36 12,288 –a—— D:\WINDOWS\system32\mstinit.exe
2006-12-09 11:36 11,264 –a—— D:\WINDOWS\system32\atrace.dll
2006-12-09 11:36 105,984 –a—— D:\WINDOWS\system32\msoert2.dll
2006-12-09 11:36 1,343,768 –a—— D:\WINDOWS\system32\wuaueng.dll
2006-12-09 11:36 <DIR> d—s—- D:\WINDOWS\Tasks
2006-12-09 11:36 <DIR> d——– D:\WINDOWS\system32\Restore
2006-12-09 11:36 <DIR> d——– D:\WINDOWS\system32\Macromed
2006-12-09 11:36 <DIR> d——– D:\WINDOWS\system32\DirectX
2006-12-09 11:36 <DIR> d——– D:\WINDOWS\srchasst
2006-12-09 11:36 <DIR> d——– D:\Program Files\Outlook Express
2006-12-09 11:36 <DIR> d——– D:\Program Files\NetMeeting
2006-12-09 11:36 <DIR> d——– D:\Program Files\Movie Maker
2006-12-09 11:36 <DIR> d——– D:\Program Files\Common Files\Services
2006-12-09 11:36 <DIR> d——– D:\Program Files\Common Files\MSSoap
2006-12-09 11:35 73,216 –a—— D:\WINDOWS\system32\avwav.dll
2006-12-09 11:35 5,632 –a—— D:\WINDOWS\system32\write.exe
2006-12-09 11:35 44,544 –a—— D:\WINDOWS\system32\hticons.dll
2006-12-09 11:35 35,840 –a—— D:\WINDOWS\system32\winchat.exe
2006-12-09 11:35 233,472 –a—— D:\WINDOWS\system32\avtapi.dll
2006-12-09 11:35 16,384 –a—— D:\WINDOWS\system32\avmeter.dll
2006-12-09 11:35 139,264 –a—— D:\WINDOWS\system32\sndvol32.exe
2006-12-09 11:35 <DIR> d——– D:\WINDOWS\Registration
2006-12-09 11:35 <DIR> d——– D:\Program Files\Windows Media Player
2006-12-09 11:35 <DIR> d——– D:\Program Files\Internet Explorer
2006-12-09 11:35 <DIR> d——– D:\Program Files\ComPlus Applications
2006-12-09 11:35 <DIR> d——– D:\Program Files\Common Files\System
2006-12-09 11:34 97,792 –a—— D:\WINDOWS\system32\comrepl.dll
2006-12-09 11:34 956,416 –a—— D:\WINDOWS\system32\msdtctm.dll
2006-12-09 11:34 94,208 –a—— D:\WINDOWS\system32\tscfgwmi.dll
2006-12-09 11:34 91,136 –a—— D:\WINDOWS\system32\mtxoci.dll
2006-12-09 11:34 9,728 –a—— D:\WINDOWS\system32\reset.exe
2006-12-09 11:34 87,176 –a—— D:\WINDOWS\system32\rdpwsx.dll
2006-12-09 11:34 85,504 –a—— D:\WINDOWS\system32\catsrvps.dll
2006-12-09 11:34 80,896 –a—— D:\WINDOWS\system32\charmap.exe
2006-12-09 11:34 67,072 –a—— D:\WINDOWS\system32\rdshost.exe
2006-12-09 11:34 662,528 –a—— D:\WINDOWS\system32\getuname.dll
2006-12-09 11:34 655,360 –a—— D:\WINDOWS\system32\mstscax.dll
2006-12-09 11:34 625,152 –a—— D:\WINDOWS\system32\catsrvut.dll
2006-12-09 11:34 62,464 –a—— D:\WINDOWS\system32\rdpclip.exe
2006-12-09 11:34 61,440 –a—— D:\WINDOWS\system32\remotepg.dll
2006-12-09 11:34 60,416 –a—— D:\WINDOWS\system32\colbact.dll
2006-12-09 11:34 6,144 –a—— D:\WINDOWS\system32\msdtc.exe
2006-12-09 11:34 58,880 –a—— D:\WINDOWS\system32\msdtclog.dll
2006-12-09 11:34 58,880 –a—— D:\WINDOWS\system32\licwmi.dll
2006-12-09 11:34 56,320 –a—— D:\WINDOWS\system32\servdeps.dll
2006-12-09 11:34 540,160 –a—— D:\WINDOWS\system32\comuid.dll
2006-12-09 11:34 54,272 –a—— D:\WINDOWS\system32\stclient.dll
2006-12-09 11:34 5,120 –a—— D:\WINDOWS\system32\dcomcnfg.exe
2006-12-09 11:34 498,688 –a—— D:\WINDOWS\system32\clbcatq.dll
2006-12-09 11:34 44,544 –a—— D:\WINDOWS\system32\tscupgrd.exe
2006-12-09 11:34 426,496 –a—— D:\WINDOWS\system32\msdtcprx.dll
2006-12-09 11:34 412,160 –a—— D:\WINDOWS\system32\mstsc.exe
2006-12-09 11:34 40,840 –a—— D:\WINDOWS\system32\drivers\termdd.sys
2006-12-09 11:34 4,608 –a—— D:\WINDOWS\system32\rdpcfgex.dll
2006-12-09 11:34 4,096 –a—— D:\WINDOWS\system32\mtxex.dll
2006-12-09 11:34 39,424 –a—— D:\WINDOWS\system32\cfgbkend.dll
2006-12-09 11:34 352,768 –a—— D:\WINDOWS\system32\hypertrm.dll
2006-12-09 11:34 345,600 –a—— D:\WINDOWS\system32\mspaint.exe
2006-12-09 11:34 33,792 –a—— D:\WINDOWS\system32\regini.exe
2006-12-09 11:34 25,600 –a—— D:\WINDOWS\system32\comaddin.dll
2006-12-09 11:34 25,088 –a—— D:\WINDOWS\system32\mtxlegih.dll
2006-12-09 11:34 23,040 –a—— D:\WINDOWS\system32\qwinsta.exe
2006-12-09 11:34 225,792 –a—— D:\WINDOWS\system32\catsrv.dll
2006-12-09 11:34 22,016 –a—— D:\WINDOWS\system32\msg.exe
2006-12-09 11:34 215,552 –a—— D:\WINDOWS\system32\termsrv.dll
2006-12-09 11:34 21,896 –a—— D:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-09 11:34 20,480 –a—— D:\WINDOWS\system32\qprocess.exe
2006-12-09 11:34 20,480 –a—— D:\WINDOWS\system32\mtxdm.dll
2006-12-09 11:34 196,864 –a—— D:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-09 11:34 19,968 –a—— D:\WINDOWS\system32\rdpsnd.dll
2006-12-09 11:34 188,928 –a—— D:\WINDOWS\system32\cmprops.dll
2006-12-09 11:34 187,392 –a—— D:\WINDOWS\system32\accwiz.exe
2006-12-09 11:34 17,920 –a—— D:\WINDOWS\system32\tsshutdn.exe
2006-12-09 11:34 17,920 –a—— D:\WINDOWS\system32\mmfutil.dll
2006-12-09 11:34 17,408 –a—— D:\WINDOWS\system32\qappsrv.exe
2006-12-09 11:34 161,280 –a—— D:\WINDOWS\system32\msdtcuiu.dll
2006-12-09 11:34 16,384 –a—— D:\WINDOWS\system32\tskill.exe
2006-12-09 11:34 16,384 –a—— D:\WINDOWS\system32\rwinsta.exe
2006-12-09 11:34 15,872 –a—— D:\WINDOWS\system32\cdmodem.dll
2006-12-09 11:34 15,360 –a—— D:\WINDOWS\system32\tsdiscon.exe
2006-12-09 11:34 15,360 –a—— D:\WINDOWS\system32\tscon.exe
2006-12-09 11:34 15,360 –a—— D:\WINDOWS\system32\shadow.exe
2006-12-09 11:34 15,360 –a—— D:\WINDOWS\system32\logoff.exe
2006-12-09 11:34 147,968 –a—— D:\WINDOWS\system32\rdchost.dll
2006-12-09 11:34 147,456 –a—— D:\WINDOWS\system32\comsnap.dll
2006-12-09 11:34 142,336 –a—— D:\WINDOWS\system32\sessmgr.exe
2006-12-09 11:34 139,528 –a—— D:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-09 11:34 132,608 –a—— D:\WINDOWS\system32\sndrec32.exe
2006-12-09 11:34 13,824 –a—— D:\WINDOWS\system32\rdsaddin.exe
2006-12-09 11:34 124,416 –a—— D:\WINDOWS\system32\mplay32.exe
2006-12-09 11:34 12,040 –a—— D:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-09 11:34 114,688 –a—— D:\WINDOWS\system32\calc.exe
2006-12-09 11:34 110,080 –a—— D:\WINDOWS\system32\clbcatex.dll
2006-12-09 11:34 11,776 –a—— D:\WINDOWS\system32\xolehlp.dll
2006-12-09 11:34 11,264 –a—— D:\WINDOWS\system32\icaapi.dll
2006-12-09 11:34 104,448 –a—— D:\WINDOWS\system32\clipbrd.exe
2006-12-09 11:34 1,267,200 –a—— D:\WINDOWS\system32\comsvcs.dll
2006-12-09 11:34 1,161 –a—— D:\WINDOWS\system32\usrlogon.cmd
2006-12-09 11:34 <DIR> d——– D:\WINDOWS\system32\MsDtc
2006-12-09 11:34 <DIR> d——– D:\WINDOWS\system32\Com
2006-12-09 11:34 <DIR> d——– D:\Program Files\Windows NT
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"="\"d:\\program files\\steam\\steam.exe\" -silent"
"GrimElse"="D:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\BLAHWE~1\\Program Rect.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"CTDVDDET"="\"D:\\Program Files\\Creative\\SBAudigy4\\DVDAudio\\CTDVDDET.EXE\""
"CTSysVol"="D:\\Program Files\\Creative\\SBAudigy4\\Surround Mixer\\CTSysVol.exe /r"
"RCSystem"="\"D:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"D:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"D:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"UpdReg"="D:\\WINDOWS\\UpdReg.EXE"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"Logitech Utility"="Logi_MwX.Exe"
"nod32kui"="\"D:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP OfficeJet T Series"="\"D:\\Program Files\\Hewlett-Packard\\HP OfficeJet T Series\\bin\\ktchnsnk.exe\" -reg \"Software\\Hewlett-Packard\\OfficeJet T Series\\Install\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"D:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"webfordbookskip"="D:\\Documents and Settings\\All Users\\Application Data\\platformplaywebford\\01 Show.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\AEB37C679184ECE7.job
Completion time: 06-12-30 12:33:44.37
D:\ComboFix.txt … 06-12-30 12:33
[/code:1:a77accea31] - Start HJT opnieuw en doe een systemscan only vink onderstaande regels aan sluit alle vensters behalve HJT en klik op fix checked.
[code:1:918936274c]
O4 - HKLM\..\Run: [webfordbookskip] D:\Documents and Settings\All Users\Application Data\platformplaywebford\01 Show.exe
O4 - HKCU\..\Run: [GrimElse] D:\DOCUME~1\ADMINI~1\APPLIC~1\BLAHWE~1\Program Rect.exe
[/code:1:918936274c]
verwijder deze dikgedrukte items met behulp van verkenner
D:\Documents and Settings\All Users\Application Data\[b:918936274c]platformplaywebford\01 Show.exe[/b:918936274c]
D:\DOCUME~1\ADMINI~1\APPLIC~1\[b:918936274c]BLAHWE~1\Program Rect.exe[/b:918936274c]
Open Kladblok, en kopieer en plak de vetgedrukte tekst in een leeg venster :[list:918936274c][list:918936274c][b:918936274c]@echo off
attrib -h %windir%\tasks\*.job
echo Lop Jobs deleted >logit.txt
dir /B "%windir%\tasks\????????9???????.job" >>logit.txt
del "%windir%\tasks\????????9???????.job"
dir /B "%windir%\tasks\????????8???????.job" >>logit.txt
del "%windir%\tasks\????????8???????.job"
cls
exit[/b:918936274c][/list:u:918936274c]
Ga naar Bestand > Opslaan als, en sla het op met als naam [b:918936274c]fix.bat[/b:918936274c] op je Bureaublad,
type: "alle typen", en klik op OK
Sluit Kladblok, ga naar je Bureaublad en dubbelklik op [b:918936274c]fix.bat[/b:918936274c]
Op je Bureaublad verschijnt een tekstbestandje (logit.txt)
Post de inhoud daarvan straks hier.[/list:u:918936274c]
Vertel eens of je problemen al over zijn,
J - D:\Documents and Settings\All Users\Application Data\platformplaywebford\01 Show.exe
kan niet verwijderd worden, het is in gebruik. De andere dingen zijn wel gelukt.
[b:487867e857]logit:[/b:487867e857]
Lop Jobs deleted
AEB37C679184ECE7.job
ik ga even resetten, en daarna kijken of ik het probleem nog steeds heb. Ik post de resultaten over enkele minuten - Probeer het een in veilige modus, http://users.telenet.be/marcvn/spyware/1378056.htm
- zal ik doen. Verder heb ik zojuist de pc opnieuw opgestart, en ben het alles nog niet tegengekomen, dus dat is mooi
Enig puntje: als ik de pc afsluit krijg ik wel een waarschuwing dat '01 show.exe niet kan worden uitgevoerd omdat het windows werk station zich afsluit' - [quote:f4b8c5fedb="Moist.Sun-Tzu"]zal ik doen. Verder heb ik zojuist de pc opnieuw opgestart, en ben het alles nog niet tegengekomen, dus dat is mooi
Enig puntje: als ik de pc afsluit krijg ik wel een waarschuwing dat '01 show.exe niet kan worden uitgevoerd omdat het windows werk station zich afsluit'[/quote:f4b8c5fedb]
da's logisch, de job is wel verwijderd maar het bestand nog niet, het bestand wil de job terug. Bestand dient verwijderd. - bestand is ondertussen verwijderd, bedankt!!! alle popups etc zijn verleden tijd
danku - Jahoe, goed gedaan.
prettig uiteinde gewenst en bedankt voor de reply.
Juisterr - Nou, ik heb hetzelfde probleem met mijn pc..
Zouden julliemij ook kunnen helpen?
Hijack this:
[code:1:d9f7343c42]Logfile of HijackThis v1.99.1
Scan saved at 15:47:41, on 5-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Katrien\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Delete copy loud bore] C:\Documents and Settings\All Users\Application Data\peak stop delete copy\globalthe.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
O4 - HKCU\..\Run: [TheFour] C:\DOCUME~1\Katrien\APPLIC~1\FORKGL~1\Tons stop memo.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
[/code:1:d9f7343c42]
ComboFix:
[code:1:d9f7343c42]Katrien - 07-01-05 15:51:00,18 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Katrien\Bureaublad"
((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))
2007-01-05 13:13 <DIR> d——– C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-01-05 12:41 <DIR> d——– C:\WINDOWS\WBEM
2007-01-05 12:41 <DIR> d——– C:\WINDOWS\system32\nl-nl
2007-01-05 12:39 <DIR> d–h—– C:\WINDOWS\ie7
2007-01-05 12:37 121,856 ——— C:\WINDOWS\system32\xmllite.dll
2007-01-05 12:35 <DIR> d——– C:\WINDOWS\network diagnostic
2007-01-05 12:17 <DIR> dr-h—– C:\Documents and Settings\Katrien\Onlangs geopend
2007-01-04 22:41 <DIR> d——– C:\WINDOWS\system32\DRM
2007-01-04 16:07 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\Bitdefender
2007-01-04 15:55 <DIR> d——– C:\Documents and Settings\All Users\Application Data\BitDefender
2007-01-03 20:39 <DIR> d——– C:\Documents and Settings\All Users\Application Data\peak stop delete copy
2007-01-03 20:38 <DIR> d——– C:\My Downloads
2007-01-03 20:38 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\forkgluelink
2007-01-03 20:38 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\BitRoll
2007-01-03 20:24 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\BitTorrent
2007-01-02 14:45 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\Leadertech
2007-01-02 14:33 639,224 –a—— C:\WINDOWS\system32\drivers\sptd.sys
2006-12-24 23:13 <DIR> d——– C:\Program Files\Virtools Web Player 3.5
2006-12-24 16:54 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\PlayFirst
2006-12-24 16:54 <DIR> d——– C:\Documents and Settings\All Users\Application Data\PlayFirst
2006-12-23 13:20 <DIR> d——– C:\Documents and Settings\All Users\Application Data\HipSoft
2006-12-20 19:59 13,312 –a—— C:\WINDOWS\system32\BASSMOD.dll
2006-12-20 19:43 513,152 –a—— C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
2006-12-20 19:35 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\tunebite
2006-12-20 19:34 16,640 –a—— C:\WINDOWS\system32\drivers\tbhsd.sys
2006-12-20 14:55 <DIR> d——– C:\Documents and Settings\Katrien\Incomplete
2006-12-17 15:07 <DIR> d–hs—- C:\FOUND.001
2006-12-07 20:02 <DIR> d——– C:\Documents and Settings\Katrien\Application Data\Ahead
2006-12-07 19:59 <DIR> d——– C:\Program Files\Nero
2006-12-07 19:59 <DIR> d——– C:\Program Files\Common Files\Ahead
2006-12-07 19:59 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Nero
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-27 09:45 60416 ——— C:\WINDOWS\system32\tzchange.exe
2006-11-26 11:52 41008 –a—— C:\Documents and Settings\Katrien\Application Data\GDIPFONTCACHEV1.DAT
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-06 11:35 531568 –a—— C:\WINDOWS\system32\RmActivate_isv.exe
2006-11-06 11:35 523376 –a—— C:\WINDOWS\system32\RmActivate.exe
2006-11-06 11:35 519280 –a—— C:\WINDOWS\system32\SecProc_isv.dll
2006-11-06 11:35 518768 –a—— C:\WINDOWS\system32\SecProc.dll
2006-11-06 11:35 358000 –a—— C:\WINDOWS\system32\RmActivate_ssp.exe
2006-11-06 11:35 354416 –a—— C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2006-11-06 11:35 323696 –a—— C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 –a—— C:\WINDOWS\system32\SecProc_ssp_isv.dll
2006-11-06 11:35 192624 –a—— C:\WINDOWS\system32\SecProc_ssp.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-11-02 23:35 8271872 –a—— C:\WINDOWS\system32\wmploc.dll
2006-11-02 22:53 99840 –a—— C:\WINDOWS\system32\wmpshell.dll
2006-11-02 22:52 257536 –a—— C:\WINDOWS\system32\wmerror.dll
2006-11-02 22:50 7680 –a—— C:\WINDOWS\system32\asferror.dll
2006-11-02 11:52 42496 ——— C:\WINDOWS\system32\wpdshextres.dll
2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 ——— C:\WINDOWS\system32\WdfMgr.exe
2006-10-18 21:58 8704 ——— C:\WINDOWS\system32\uWDF.exe
2006-10-18 21:47 937984 –a—— C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 767488 ——— C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 –a—— C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 ——— C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 ——— C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 ——— C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 ——— C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 –a—— C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 –a—— C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 ——— C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 ——— C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 –a—— C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 –a—— C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 4096 ——— C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 ——— C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 ——— C:\WINDOWS\system32\wdfApi.dll
2006-10-18 21:47 37376 –a—— C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 ——— C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 ——— C:\WINDOWS\system32\WPDSp.dll
2006-10-18 21:47 348672 ——— C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 –a—— C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 –a—— C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 ——— C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 –a—— C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 –a—— C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 –a—— C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 ——— C:\WINDOWS\system32\Audiodev.dll
2006-10-18 21:47 27136 –a—— C:\WINDOWS\system32\MsPMSNSv.dll
2006-10-18 21:47 2603008 ——— C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 ——— C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 ——— C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 –a—— C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 –a—— C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 –a—— C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 –a—— C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 –a—— C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 ——— C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 ——— C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 –a—— C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 –a—— C:\WINDOWS\system32\MsPMSP.dll
2006-10-18 21:47 166912 –a—— C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 ——— C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 ——— C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 –a—— C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 ——— C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 ——— C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 ——— C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 –a—— C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 –a—— C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 ——— C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 –a—— C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 –a—— C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 –a—— C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 ——— C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 –a—— C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 17408 ——— C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 –a—— C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32\nwprovau.dll
2006-10-11 17:26 58880 –a—— C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 17:26 553984 –a—— C:\WINDOWS\system32\p2psvc.dll
2006-10-11 17:26 313344 –a—— C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 17:26 153088 –a—— C:\WINDOWS\system32\p2p.dll
2006-10-11 17:26 116224 –a—— C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 17:26 104960 –a—— C:\WINDOWS\system32\p2pgasvc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" –force_start_minimized"
"TheFour"="C:\\DOCUME~1\\Katrien\\APPLIC~1\\FORKGL~1\\Tons stop memo.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"EPM-DM"="c:\\acer\\Empowering Technology\\ePower\\epm-dm.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"ScanRegistry"="C:\\W"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Delete copy loud bore"="C:\\Documents and Settings\\All Users\\Application Data\\peak stop delete copy\\globalthe.exe"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,b2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"="ParetoLogic Anti-Spyware"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF8DA19691E253B6.job
Completion time: 07-01-05 15:52:03.28
C:\ComboFix.txt … 07-01-05 15:52
[/code:1:d9f7343c42]
Nou dit ware ze dus alle twee..
Grtz - Deze kon ik niet vinden:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
en deze ook niet :
C:\WINDOWS\system32\xvdjh.dll
C:\Program Files\MyWaySA\SrchAsDe\
C:\Program Files\a?sembly\d?dplay.exe indien aanwezig
nu gewoon verder gaan? - hierbij de log en wederom bedankt
Logfile of HijackThis v1.99.1
Scan saved at 22:34:33, on 14-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe - nog steeds problemen???
laatste logje ziet er goed uit namelijk - nou speedy,
Fix deze regel met HJT,
O4 - HKLM\..\Run: [Delete copy loud bore] C:\Documents and Settings\All Users\Application Data\peak stop delete copy\globalthe.exe
Start verkenner en verwijder deze map
C:\Documents and Settings\All Users\Application Data\[b:29b44f6a2a]peak[/b:29b44f6a2a]
Open Kladblok, en kopieer en plak de vetgedrukte tekst in een leeg venster : [b:29b44f6a2a]
@echo off
attrib -h %windir%\tasks\*.job
echo Lop Jobs deleted >logit.txt
dir /B "%windir%\tasks\????????9???????.job" >>logit.txt
del "%windir%\tasks\????????9???????.job"
dir /B "%windir%\tasks\????????8???????.job" >>logit.txt
del "%windir%\tasks\????????8???????.job"
cls
exit[/b:29b44f6a2a]
Ga naar Bestand > Opslaan als, en sla het op met als naam fix.bat op je Bureaublad,
type: "alle typen", en klik op OK
Sluit Kladblok, ga naar je Bureaublad en dubbelklik op fix.bat
Op je Bureaublad verschijnt een tekstbestandje (logit.txt)
Post de inhoud daarvan straks hier. - Lop Jobs deleted
AF8DA19691E253B6.job
Heb veilige modus moeten opstarten net als Moist.Sun-Tzu om die map te verwijderen , voor de rest geen probleempjes gehad..
Hopelijk is t nu van de baan…
Bedankt!! - plaats nog even een nieuw HJT logje ter controle aub.
- HJT:[code:1:7ae6dc8a2a]Logfile of HijackThis v1.99.1
Scan saved at 19:51:01, on 5-1-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Katrien\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" –force_start_minimized
O4 - HKCU\..\Run: [TheFour] C:\DOCUME~1\Katrien\APPLIC~1\FORKGL~1\Tons stop memo.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
[/code:1:7ae6dc8a2a]
Kzie et ni dus t is wss gelukt..
Merci!! - Heb je nog klachten??
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.