Vraag & Antwoord
Hijackthis log advies graag
19 antwoorden
- Hieronder een logje van een PC van een kennis die vol zat met virussen en Trojaanse paarden etc. Heb gescanned met antivirus, adware, spybot etc.
Graag advies wat ik er nav het logje nog meer uit kan gooien.
Bij voorbaat dank.
Logfile of HijackThis v1.99.1
Scan saved at 3:22:30 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Download SDFix en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:31174f5753]
R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
[/b:31174f5753]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beΓ«indigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log - Geprobeerd wat je zei. SDFIX vliegt eruit zodra hij aan de Registry check wil beginnen en de PC reboot vanzelf. Dat deed hij de hele dag al als ik probeerde Winxp updates (er waren er 52 waarvan hij er 21 kon doen) en dan heb ik precies hetzelfde probleem; de PC reboot vanzelf zonder duidelijke aanleiding. Deed hij nog veel erger toen ik hem gisteravond binnen kreeg en nog vol zat met virussen etc.
Is een volledige reformat van C: en opnieuw installatie van Winxp etc. nu de enige uitweg?
Bedankt voor je duidelijke instructies en hoor graag je mening. - doe alleen het fixen van die regels en plaats een nieuw logje van HJT aub.
- Nieuwe log. 2 regels komen steeds terug; heb ze echt in veilige mode gefixed maar zodra ik SDFIX weer draai (die er nog steeds uitvliegt) zijn de regels weer terugβ¦
Logfile of HijackThis v1.99.1
Scan saved at 10:42:02 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Vink deze regels weer aan en klik dan weer op fix checked
[b:1061db3c81]R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
[/b:1061db3c81]
Download en installeer [b:1061db3c81]AVG Anti-Spyware[/b:1061db3c81].[list:1061db3c81]
Na de installatie, open AVG Anti-Spyware:
* onder "[b:1061db3c81]Status[/b:1061db3c81]", klik op [b:1061db3c81]Change state[/b:1061db3c81] naast "Resident shield". (wijzig van active naar [b:1061db3c81]inactive[/b:1061db3c81]!)
* onder "[b:1061db3c81]Update[/b:1061db3c81]", klik op de [b:1061db3c81]Start update[/b:1061db3c81] knop.
* onder "[b:1061db3c81]Scanner[/b:1061db3c81]", tab "Settings":[list:1061db3c81]- onder "How to act?", klik op "[u:1061db3c81]Recommended actions[/u:1061db3c81]" en selecteer [b:1061db3c81]Quarantine[/b:1061db3c81]. ([b:1061db3c81]ZEER BELANGRIJK![/b:1061db3c81])
* onder "Reports", selecteer [b:1061db3c81]Automatically generate report after every scan[/b:1061db3c81] en [u:1061db3c81]verwijder[/u:1061db3c81] het vinkje bij [b:1061db3c81]Only if threats were found[/b:1061db3c81][/list:u:1061db3c81]
Sluit AVG Anti-Spyware. Laat het [b:1061db3c81]nog niet[/b:1061db3c81] scannen.[/list:u:1061db3c81]
Start op in veilige modus
Start [b:1061db3c81]AVG Anti-Spyware[/b:1061db3c81].[list:1061db3c81]* Klik op [b:1061db3c81]Scan[/b:1061db3c81] en kies [b:1061db3c81]Complete System Scan[/b:1061db3c81].
Na de scan; volg onderstaande instructies : - Ga het zsm doen. Moet vanmiddag/avond weg dus wordt wel morgen. Bedankt alvast. Je hoort nog.
- Alles gelukt. Hier is het rapport; toch nog aardig wat rommel gevonden. Ben benieuwd naar de volgende stap! Wederom hartelijk dank.
βββββββββββββββββββ
AVG Anti-Spyware - Scan Report
βββββββββββββββββββ
+ Created at: 12:23:37 AM 1/13/2007
+ Scan result:
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048476.dll -> Adware.Delfin : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038454.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048474.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038267.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038268.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038269.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038272.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038462.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038263.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038458.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048475.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048473.exe -> Hijacker.Agent.bt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038461.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038453.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038465.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038464.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038253.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038254.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038255.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038256.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038257.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038258.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038259.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038265.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038266.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038270.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048477.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038271.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
::Report end - Doe de scan nogmaals en laat nu verwijderen wat het vind en leeg ook de quarantine box aub.
start opnieuw op en plaats een nieuw HJT logje en vertel eens of je problemen al over zijn. - Opnieuw gescanned in veilige modus met AVG-antispyware, niets gevonden en quarantine leeggemaakt. HJT log hieronder is ook gemaakt in veilige modus omdat PC in normale startup erg onstabiel is (erger dan voorheen heb ik de indruk). Krijg regelmatig de boodschap:
C:\windows\system32\services.exe onverwacht gestopt met servicecode 10737441819. Het systeem wordt dan afgesloten na een minuut of zo en start opnieuw. Ook herstart het systeem te pas en te onpas zonder deze melding. Heb de indruk dat in veilige modus (met netwerk) het minder of niet gebeurt. Zal hem vandaag enkele uren in die opstartmodus laten staan om te zien of mijn vermoeden juist is. Zit zelf te denken aan een instabiel hardware onderdeel maar heb geen idee welke (moederboard misschien??)
Logfile of HijackThis v1.99.1
Scan saved at 9:11:09 AM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Wil je dit eens proberen uit te voeren aub.
Download [b:7245ed8052]Combofix[/b:7245ed8052] naar je Bureaublad.[list:7245ed8052]
Dubbelklik [b:7245ed8052]Combofix.exe[/b:7245ed8052]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:7245ed8052]NIET[/b:7245ed8052] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:7245ed8052]
Wanneer de fix voltooid is en na herstart, zal de log [b:7245ed8052]combofix.txt[/b:7245ed8052] openen.
[i:7245ed8052]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:7245ed8052]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - Bedankt voor je reactie. Heb gisteravond wat gezocht op code 1073741819 en heb het volgende gedaan:
1. Avenger gerund met script:
Unload Driver
pe386
Was succesvol, heb logfile niet meer.
2. Combofix gerund; zie logfile hieronder.
PC liep weer in gewone mode maar wel heel traag. Process SVCHOST.EXE van SYSTEM nam 80% of meer van de CPU.
Vanmorgen een aantal programma's eraf gegooid; inclusief AVG virusscanner en spyware. PC loopt nu goed maar wel in gevaarlijke modus: Geen Firewall (Windows Firewall wil niet starten) en geen Antivirus. Was van plan NORMAN erop te zetten vandaag.
Zojuist nieuw HJT gerund; zie hieronder. Nogmaals bedankt.
"laura melchior" - 07-01-14 19:40:21 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{380EE~1
C:\Program Files\Common Files\{380EE~2
C:\Program Files\Common Files\{880EE~1
C:\Program Files\Common Files\{880EE~2
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPPATC~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\system32\ASKS~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\ASKS~1\?hkntfs.exe
C:\qoobox\purity\WINDOWS\system32\RACLE~1\?racle
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 19:28 <DIR> dβββ C:\avenger
2007-01-14 11:05 <DIR> dβββ C:\Program Files\Uniblue
2007-01-14 11:05 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\Uniblue
2007-01-12 16:16 3,968 βaββ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-11 21:12 <DIR> dβββ C:\SDFix
2007-01-11 21:03 <DIR> dr-hββ C:\$VAULT$.AVG
2007-01-11 21:03 <DIR> dβββ C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-11 21:03 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\AVG7
2007-01-11 21:03 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-11 21:03 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-11 21:02 <DIR> dβββ C:\Program Files\Grisoft
2007-01-11 20:56 <DIR> dβββ C:\WINDOWS\ServicePackFiles
2007-01-11 19:36 <DIR> dβββ C:\Program Files\Common Files\Symantec Shared
2007-01-11 19:36 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-11 18:00 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-11 17:28 82,432 -raββ C:\WINDOWS\system32\MSXML4r.dll
2007-01-11 17:28 1,230,336 -raββ C:\WINDOWS\system32\MSXML4.dll
2007-01-11 15:46 <DIR> dr-hββ C:\DOCUME~1\LAURAM~1\Onlangs geopend
2007-01-11 15:19 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2007-01-11 12:32 <DIR> dr-hββ C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Menu Start
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Favorieten
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Bureaublad
2007-01-11 12:32 <DIR> dβhββ C:\DOCUME~1\ADMINI~1\Sjablonen
2007-01-11 12:32 <DIR> dβhββ C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\WINDOWS
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\Application Data\InterTrust
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-01-11 10:16 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-11 08:58 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\Lavasoft
2007-01-11 07:43 <DIR> dβββ C:\WINDOWS\pss
2007-01-10 21:43 <DIR> dβββ C:\Program Files\Yahoo!
2007-01-10 21:43 <DIR> dβββ C:\Program Files\CCleaner
2007-01-09 09:31 816,672 βaββ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-09 09:31 4,960 βaββ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-09 09:31 4,224 βaββ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-09 09:31 3,968 βaββ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-09 09:31 28,416 βaββ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-09 09:31 18,240 βaββ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-09 09:31 110,592 βaββ C:\WINDOWS\system32\avgfwafu.dll
2007-01-09 08:32 <DIR> dβhββ C:\WINDOWS\$hf_mig$
2007-01-09 08:32 <DIR> dβββ C:\WINDOWS\system32\PreInstall
2007-01-08 14:50 <DIR> dβββ C:\DOCUME~1\LOCALS~1\Menu Start
2007-01-08 14:47 <DIR> dβββ C:\WINDOWS\Prefetch
2007-01-08 14:20 <DIR> dβββ C:\WINDOWS\provisioning
2007-01-08 14:20 <DIR> dβββ C:\WINDOWS\peernet
2007-01-08 14:08 22,752 βaββ C:\WINDOWS\system32\spupdsvc.exe
2007-01-08 14:02 999,936 βaββ C:\WINDOWS\system32\setupapi.dll
2007-01-08 14:02 993,280 βaββ C:\WINDOWS\system32\syssetup.dll
2007-01-08 14:02 98,304 βaββ C:\WINDOWS\system32\scardsvr.exe
2007-01-08 14:02 96,768 βaββ C:\WINDOWS\system32\srvsvc.dll
2007-01-08 14:02 95,360 βaββ C:\WINDOWS\system32\drivers\atapi.sys
2007-01-08 14:02 92,160 βaββ C:\WINDOWS\system32\ntprint.dll
2007-01-08 14:02 92,032 βaββ C:\WINDOWS\system32\drivers\ksecdd.sys
2007-01-08 14:02 91,776 βaββ C:\WINDOWS\system32\drivers\ndiswan.sys
2007-01-08 14:02 89,088 βaββ C:\WINDOWS\system32\rasauto.dll
2007-01-08 14:02 88,448 βaββ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-01-08 14:02 800,000 βaββ C:\WINDOWS\system32\drivers\dmboot.sys
2007-01-08 14:02 80,384 βaββ C:\WINDOWS\system32\drivers\parport.sys
2007-01-08 14:02 8,192 βaββ C:\WINDOWS\system32\ntlsapi.dll
2007-01-08 14:02 8,192 βaββ C:\WINDOWS\system32\drivers\i2omgmt.sys
2007-01-08 14:02 76,800 βaββ C:\WINDOWS\system32\nslookup.exe
2007-01-08 14:02 75,264 βaββ C:\WINDOWS\system32\locator.exe
2007-01-08 14:02 74,752 βaββ C:\WINDOWS\system32\drivers\ipsec.sys
2007-01-08 14:02 729,088 βaββ C:\WINDOWS\system32\ntdll.dll
2007-01-08 14:02 727,040 βaββ C:\WINDOWS\system32\lsasrv.dll
2007-01-08 14:02 71,552 βaββ C:\WINDOWS\system32\drivers\bridge.sys
2007-01-08 14:02 71,040 βaββ C:\WINDOWS\system32\drivers\dxg.sys
2007-01-08 14:02 7,552 βaββ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-08 14:02 69,120 βaββ C:\WINDOWS\system32\drivers\psched.sys
2007-01-08 14:02 684,032 βaββ C:\WINDOWS\system32\advapi32.dll
2007-01-08 14:02 68,224 βaββ C:\WINDOWS\system32\drivers\pci.sys
2007-01-08 14:02 676,864 βaββ C:\WINDOWS\system32\rasdlg.dll
2007-01-08 14:02 64,000 βaββ C:\WINDOWS\system32\samlib.dll
2007-01-08 14:02 632,832 βaββ C:\WINDOWS\system32\autoconv.exe
2007-01-08 14:02 63,744 βaββ C:\WINDOWS\system32\drivers\mf.sys
2007-01-08 14:02 63,744 βaββ C:\WINDOWS\system32\drivers\cdfs.sys
2007-01-08 14:02 619,008 βaββ C:\WINDOWS\system32\autochk.exe
2007-01-08 14:02 611,328 βaββ C:\WINDOWS\system32\comctl32.dll
2007-01-08 14:02 61,824 βaββ C:\WINDOWS\system32\drivers\nic1394.sys
2007-01-08 14:02 61,440 βaββ C:\WINDOWS\system32\rasman.dll
2007-01-08 14:02 60,800 βaββ C:\WINDOWS\system32\drivers\arp1394.sys
2007-01-08 14:02 60,288 βaββ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-08 14:02 59,904 βaββ C:\WINDOWS\system32\drivers\atmarpc.sys
2007-01-08 14:02 58,880 βaββ C:\WINDOWS\system32\rastapi.dll
2007-01-08 14:02 574,592 βaββ C:\WINDOWS\system32\drivers\ntfs.sys
2007-01-08 14:02 572,928 βaββ C:\WINDOWS\system32\printui.dll
2007-01-08 14:02 57,856 βaββ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-08 14:02 553,472 βaββ C:\WINDOWS\system32\oleaut32.dll
2007-01-08 14:02 55,936 βaββ C:\WINDOWS\system32\drivers\atmlane.sys
2007-01-08 14:02 53,760 βaββ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-01-08 14:02 52,864 βaββ C:\WINDOWS\system32\drivers\dmusic.sys
2007-01-08 14:02 51,328 βaββ C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-01-08 14:02 50,688 βaββ C:\WINDOWS\system32\smss.exe
2007-01-08 14:02 5,632 βaββ C:\WINDOWS\system32\drivers\intelide.sys
2007-01-08 14:02 5,376 βaββ C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-08 14:02 49,664 βaββ C:\WINDOWS\system32\drivers\classpnp.sys
2007-01-08 14:02 49,536 βaββ C:\WINDOWS\system32\drivers\cdrom.sys
2007-01-08 14:02 48,384 βaββ C:\WINDOWS\system32\drivers\raspptp.sys
2007-01-08 14:02 46,592 βaββ C:\WINDOWS\system32\tcpmonui.dll
2007-01-08 14:02 46,592 βaββ C:\WINDOWS\system32\drivers\p3.sys
2007-01-08 14:02 453,120 βaββ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-01-08 14:02 45,056 βaββ C:\WINDOWS\system32\ftp.exe
2007-01-08 14:02 429,056 βaββ C:\WINDOWS\system32\samsrv.dll
2007-01-08 14:02 420,864 βaββ C:\WINDOWS\system32\ntvdm.exe
2007-01-08 14:02 42,240 βaββ C:\WINDOWS\system32\drivers\mountmgr.sys
2007-01-08 14:02 41,856 βaββ C:\WINDOWS\system32\drivers\imapi.sys
2007-01-08 14:02 41,472 βaββ C:\WINDOWS\system32\perfctrs.dll
2007-01-08 14:02 41,472 βaββ C:\WINDOWS\system32\drivers\raspppoe.sys
2007-01-08 14:02 41,088 βaββ C:\WINDOWS\system32\drivers\amdk6.sys
2007-01-08 14:02 40,576 βaββ C:\WINDOWS\system32\drivers\crusoe.sys
2007-01-08 14:02 40,448 βaββ C:\WINDOWS\system32\rshx32.dll
2007-01-08 14:02 40,320 βaββ C:\WINDOWS\system32\drivers\nmnt.sys
2007-01-08 14:02 4,992 βaββ C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-08 14:02 399,360 βaββ C:\WINDOWS\system32\cmd.exe
2007-01-08 14:02 39,424 βaββ C:\WINDOWS\system32\drivers\processr.sys
2007-01-08 14:02 36,352 βaββ C:\WINDOWS\system32\drivers\disk.sys
2007-01-08 14:02 36,224 βaββ C:\WINDOWS\system32\drivers\hidclass.sys
2007-01-08 14:02 35,072 βaββ C:\WINDOWS\system32\drivers\msgpc.sys
2007-01-08 14:02 343,040 βaββ C:\WINDOWS\system32\localspl.dll
2007-01-08 14:02 34,560 βaββ C:\WINDOWS\system32\drivers\netbios.sys
2007-01-08 14:02 33,792 βaββ C:\WINDOWS\system32\msgsvc.dll
2007-01-08 14:02 32,768 βaββ C:\WINDOWS\system32\csrsrv.dll
2007-01-08 14:02 316,416 βaββ C:\WINDOWS\system32\untfs.dll
2007-01-08 14:02 305,664 βaββ C:\WINDOWS\system32\ulib.dll
2007-01-08 14:02 30,848 βaββ C:\WINDOWS\system32\drivers\npfs.sys
2007-01-08 14:02 30,336 βaββ C:\WINDOWS\system32\drivers\modem.sys
2007-01-08 14:02 281,088 βaββ C:\WINDOWS\system32\comdlg32.dll
2007-01-08 14:02 27,392 βaββ C:\WINDOWS\system32\drivers\fdc.sys
2007-01-08 14:02 25,216 βaββ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-01-08 14:02 25,088 βaββ C:\WINDOWS\system32\drivers\pciidex.sys
2007-01-08 14:02 24,960 βaββ C:\WINDOWS\system32\drivers\hidparse.sys
2007-01-08 14:02 24,576 βaββ C:\WINDOWS\system32\userinit.exe
2007-01-08 14:02 236,544 βaββ C:\WINDOWS\system32\rasapi32.dll
2007-01-08 14:02 23,552 βaββ C:\WINDOWS\system32\drivers\mouclass.sys
2007-01-08 14:02 20,992 βaββ C:\WINDOWS\system32\drivers\ipinip.sys
2007-01-08 14:02 20,480 βaββ C:\WINDOWS\system32\drivers\flpydisk.sys
2007-01-08 14:02 2,944 βaββ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-08 14:02 196,864 βaββ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-08 14:02 19,072 βaββ C:\WINDOWS\system32\drivers\msfs.sys
2007-01-08 14:02 188,544 βaββ C:\WINDOWS\system32\drivers\acpi.sys
2007-01-08 14:02 182,912 βaββ C:\WINDOWS\system32\drivers\ndis.sys
2007-01-08 14:02 181,248 βaββ C:\WINDOWS\system32\drivers\mrxdav.sys
2007-01-08 14:02 18,560 βaββ C:\WINDOWS\system32\drivers\i2omp.sys
2007-01-08 14:02 174,592 βaββ C:\WINDOWS\system32\drivers\rdbss.sys
2007-01-08 14:02 171,776 βaββ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-08 14:02 162,816 βaββ C:\WINDOWS\system32\drivers\netbt.sys
2007-01-08 14:02 153,856 βaββ C:\WINDOWS\system32\drivers\dmio.sys
2007-01-08 14:02 146,432 βaββ C:\WINDOWS\system32\nwprovau.dll
2007-01-08 14:02 145,792 βaββ C:\WINDOWS\system32\drivers\portcls.sys
2007-01-08 14:02 144,896 βaββ C:\WINDOWS\system32\schannel.dll
2007-01-08 14:02 144,384 βaββ C:\WINDOWS\system32\imagehlp.dll
2007-01-08 14:02 143,360 βaββ C:\WINDOWS\system32\drivers\fastfat.sys
2007-01-08 14:02 142,464 βaββ C:\WINDOWS\system32\drivers\aec.sys
2007-01-08 14:02 142,336 βaββ C:\WINDOWS\system32\sessmgr.exe
2007-01-08 14:02 140,928 βaββ C:\WINDOWS\system32\drivers\ks.sys
2007-01-08 14:02 14,848 βaββ C:\WINDOWS\system32\mgmtapi.dll
2007-01-08 14:02 14,848 βaββ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-08 14:02 14,336 βaββ C:\WINDOWS\system32\drivers\asyncmac.sys
2007-01-08 14:02 14,208 βaββ C:\WINDOWS\system32\drivers\diskdump.sys
2007-01-08 14:02 139,528 βaββ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-08 14:02 138,496 βaββ C:\WINDOWS\system32\drivers\afd.sys
2007-01-08 14:02 134,912 βaββ C:\WINDOWS\system32\drivers\ipnat.sys
2007-01-08 14:02 132,096 βaββ C:\WINDOWS\system32\wkssvc.dll
2007-01-08 14:02 13,824 βaββ C:\WINDOWS\system32\savedump.exe
2007-01-08 14:02 13,824 βaββ C:\WINDOWS\system32\lmhsvc.dll
2007-01-08 14:02 129,536 βaββ C:\WINDOWS\system32\msv1_0.dll
2007-01-08 14:02 120,320 βaββ C:\WINDOWS\system32\drivers\pcmcia.sys
2007-01-08 14:02 12,928 βaββ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-01-08 14:02 11,264 βaββ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-08 14:02 108,544 βaββ C:\WINDOWS\system32\services.exe
2007-01-08 14:02 107,904 βaββ C:\WINDOWS\system32\drivers\mup.sys
2007-01-08 14:02 102,400 βaββ C:\WINDOWS\system32\win32spl.dll
2007-01-08 14:02 10,624 βaββ C:\WINDOWS\system32\drivers\gameenum.sys
2007-01-08 14:02 1,839,616 βaββ C:\WINDOWS\system32\win32k.sys
2007-01-08 14:01 96,256 βaββ C:\WINDOWS\system32\drivers\scsiport.sys
2007-01-08 14:01 82,944 βaββ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-08 14:01 79,744 βaββ C:\WINDOWS\system32\drivers\videoprt.sys
2007-01-08 14:01 73,472 βaββ C:\WINDOWS\system32\drivers\sr.sys
2007-01-08 14:01 66,176 βaββ C:\WINDOWS\system32\drivers\udfs.sys
2007-01-08 14:01 65,920 βaββ C:\WINDOWS\system32\drivers\serial.sys
2007-01-08 14:01 60,800 βaββ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-08 14:01 6,400 βaββ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-08 14:01 57,600 βaββ C:\WINDOWS\system32\drivers\usbhub.sys
2007-01-08 14:01 53,632 βaββ C:\WINDOWS\system32\drivers\volsnap.sys
2007-01-08 14:01 5,376 βaββ C:\WINDOWS\system32\drivers\viaide.sys
2007-01-08 14:01 48,640 βaββ C:\WINDOWS\system32\drivers\stream.sys
2007-01-08 14:01 40,840 βaββ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-08 14:01 4,352 βaββ C:\WINDOWS\system32\drivers\swenum.sys
2007-01-08 14:01 359,808 βaββ C:\WINDOWS\system32\drivers\tcpip.sys
2007-01-08 14:01 34,560 βaββ C:\WINDOWS\system32\drivers\wanarp.sys
2007-01-08 14:01 336,256 βaββ C:\WINDOWS\system32\drivers\srv.sys
2007-01-08 14:01 31,616 βaββ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-08 14:01 30,080 βaββ C:\WINDOWS\system32\drivers\rndismp.sys
2007-01-08 14:01 25,472 βaββ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-01-08 14:01 223,616 βaββ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-01-08 14:01 21,896 βaββ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-08 14:01 209,408 βaββ C:\WINDOWS\system32\drivers\update.sys
2007-01-08 14:01 20,992 βaββ C:\WINDOWS\system32\drivers\vga.sys
2007-01-08 14:01 18,560 βaββ C:\WINDOWS\system32\drivers\tdi.sys
2007-01-08 14:01 17,024 βaββ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-08 14:01 16,000 βaββ C:\WINDOWS\system32\drivers\usbintel.sys
2007-01-08 14:01 15,488 βaββ C:\WINDOWS\system32\drivers\serenum.sys
2007-01-08 14:01 142,976 βaββ C:\WINDOWS\system32\drivers\usbport.sys
2007-01-08 14:01 14,976 βaββ C:\WINDOWS\system32\drivers\tape.sys
2007-01-08 14:01 12,672 βaββ C:\WINDOWS\system32\drivers\usb8023.sys
2007-01-08 14:01 12,040 βaββ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-08 14:01 11,392 βaββ C:\WINDOWS\system32\drivers\sfloppy.sys
2007-01-08 09:40 <DIR> dβββ C:\WINDOWS\McAfee.com
2007-01-08 08:38 493,440 βaββ C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-01-08 08:38 402,432 βaββ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-01-05 13:32 <DIR> dβββ C:\Bdienst
2007-01-05 12:53 50,176 βββ C:\WINDOWS\system32\xmlprovi.dll
2007-01-05 12:53 129,536 βββ C:\WINDOWS\system32\xmlprov.dll
2007-01-05 12:52 937,984 βββ C:\WINDOWS\system32\winbrand.dll
2007-01-05 12:52 896,512 βββ C:\WINDOWS\system32\wmspdmoe.dll
2007-01-05 12:52 81,408 βββ C:\WINDOWS\system32\wscsvc.dll
2007-01-05 12:52 484,864 βββ C:\WINDOWS\system32\wmspdmod.dll
2007-01-05 12:52 25,471 βββ C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-05 12:52 233,472 βββ C:\WINDOWS\system32\wmpdxm.dll
2007-01-05 12:52 22,271 βββ C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-05 12:52 189,952 βββ C:\WINDOWS\system32\wmerror.dll
2007-01-05 12:52 17,408 βββ C:\WINDOWS\system32\winshfhc.dll
2007-01-05 12:52 151,552 βββ C:\WINDOWS\system32\wmidx.dll
2007-01-05 12:52 13,824 βββ C:\WINDOWS\system32\wscntfy.exe
2007-01-05 12:52 114,688 βββ C:\WINDOWS\system32\wmpasf.dll
2007-01-05 12:52 11,935 βββ C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-05 12:52 11,871 βββ C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-05 12:52 11,807 βββ C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-05 12:52 11,295 βββ C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-05 12:52 108,032 βββ C:\WINDOWS\system32\wshbth.dll
2007-01-05 12:52 1,119,744 βββ C:\WINDOWS\system32\wmsdmoe2.dll
2007-01-05 12:52 1,001,472 βββ C:\WINDOWS\system32\wmvdmoe2.dll
2007-01-05 12:51 78,464 βββ C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-05 12:51 75,776 βββ C:\WINDOWS\system32\strmfilt.dll
2007-01-05 12:51 44,672 βββ C:\WINDOWS\system32\drivers\uagp35.sys
2007-01-05 12:51 44,032 βββ C:\WINDOWS\system32\twext.dll
2007-01-05 12:51 26,624 βββ C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-05 12:51 21,504 βββ C:\WINDOWS\system32\spupdwxp.exe
2007-01-05 12:51 2,962,432 βββ C:\WINDOWS\system32\xpsp2res.dll
2007-01-05 12:51 196,096 βββ C:\WINDOWS\system32\xpsp1res.dll
2007-01-05 12:51 15,872 βββ C:\WINDOWS\system32\w3ssl.dll
2007-01-05 12:51 13,568 βββ C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-05 12:51 12,672 βββ C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-05 12:51 12,416 βββ C:\WINDOWS\system32\drivers\tunmp.sys
2007-01-05 12:51 11,776 βββ C:\WINDOWS\system32\spnpinst.exe
2007-01-05 12:51 11,325 βββ C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-05 12:50 9,728 βββ C:\WINDOWS\system32\proxycfg.exe
2007-01-05 12:50 88,064 βββ C:\WINDOWS\system32\p2pnetsh.dll
2007-01-05 12:50 86,016 βββ C:\WINDOWS\system32\p2pgasvc.dll
2007-01-05 12:50 8,192 βββ C:\WINDOWS\system32\smbinst.exe
2007-01-05 12:50 73,832 βββ C:\WINDOWS\system32\slcoinst.dll
2007-01-05 12:50 67,584 βββ C:\WINDOWS\system32\drivers\sdbus.sys
2007-01-05 12:50 6,016 βββ C:\WINDOWS\system32\drivers\smbali.sys
2007-01-05 12:50 59,648 βββ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-05 12:50 526,848 βββ C:\WINDOWS\system32\p2psvc.dll
2007-01-05 12:50 49,152 βββ C:\WINDOWS\system32\powercfg.exe
2007-01-05 12:50 48,640 βββ C:\WINDOWS\system32\pnrpnsp.dll
2007-01-05 12:50 397,056 βββ C:\WINDOWS\system32\s3gnb.dll
2007-01-05 12:50 32,866 βββ C:\WINDOWS\system32\slrundll.exe
2007-01-05 12:50 32,866 βββ C:\WINDOWS\slrundll.exe
2007-01-05 12:50 312,320 βββ C:\WINDOWS\system32\p2pgraph.dll
2007-01-05 12:50 30,080 βββ C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-05 12:50 3,901 βββ C:\WINDOWS\system32\drivers\siint5.dll
2007-01-05 12:50 29,184 βββ C:\WINDOWS\system32\sdhcinst.dll
2007-01-05 12:50 270,848 βββ C:\WINDOWS\system32\sbe.dll
2007-01-05 12:50 188,508 βββ C:\WINDOWS\system32\slgen.dll
2007-01-05 12:50 166,912 βββ C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-05 12:50 159,232 βββ C:\WINDOWS\system32\sbeio.dll
2007-01-05 12:50 13,776 βββ C:\WINDOWS\system32\drivers\recagent.sys
2007-01-05 12:50 129,535 βββ C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-05 12:50 116,224 βββ C:\WINDOWS\system32\p2p.dll
2007-01-05 12:50 11,136 βββ C:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-05 12:50 10,240 βββ C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-05 12:49 52,736 βββ C:\WINDOWS\system32\mspmsnsv.dll
2007-01-05 12:49 452,736 βββ C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-05 12:49 4,274,816 βββ C:\WINDOWS\system32\nv4_disp.dll
2007-01-05 12:49 15,488 βββ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-05 12:49 134,656 βββ C:\WINDOWS\system32\mssap.dll
2007-01-05 12:49 12,672 βββ C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-05 12:49 1,897,408 βββ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-05 12:49 1,737,856 βββ C:\WINDOWS\system32\mtxparhd.dll
2007-01-05 12:48 537,088 βββ C:\WINDOWS\system32\msftedit.dll
2007-01-05 12:48 384,512 βββ C:\WINDOWS\system32\mp4sdmod.dll
2007-01-05 12:48 310,272 βββ C:\WINDOWS\system32\mp43dmod.dll
2007-01-05 12:48 118,784 βββ C:\WINDOWS\system32\msdadiag.dll
2007-01-05 12:47 86,016 βββ C:\WINDOWS\system32\mdmxsdk.dll
2007-01-05 12:47 61,440 βββ C:\WINDOWS\system32\logman.exe
2007-01-05 12:47 11,868 βββ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-05 12:46 81,920 βββ C:\WINDOWS\system32\ieencode.dll
2007-01-05 12:46 7,680 βββ C:\WINDOWS\system32\kbdsmsno.dll
2007-01-05 12:46 7,680 βββ C:\WINDOWS\system32\kbdsmsfi.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\kbdukx.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\kbdno1.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\kbdfi1.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\hccoin.dll
2007-01-05 12:46 685,056 βββ C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-05 12:46 60,416 βββ C:\WINDOWS\system32\fwcfg.dll
2007-01-05 12:46 6,656 βββ C:\WINDOWS\system32\kbdinmal.dll
2007-01-05 12:46 6,656 βββ C:\WINDOWS\system32\kbdinben.dll
2007-01-05 12:46 6,144 βββ C:\WINDOWS\system32\kbdmlt48.dll
2007-01-05 12:46 6,144 βββ C:\WINDOWS\system32\kbdmlt47.dll
2007-01-05 12:46 6,144 βββ C:\WINDOWS\system32\kbdinbe1.dll
2007-01-05 12:46 5,632 βββ C:\WINDOWS\system32\kbdmaori.dll
2007-01-05 12:46 46,464 βββ C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-05 12:46 40,192 βββ C:\WINDOWS\system32\drivers\intelppm.sys
2007-01-05 12:46 32,285 βββ C:\WINDOWS\system32\hsfcisp2.dll
2007-01-05 12:46 29,056 βββ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-05 12:46 262,784 βββ C:\WINDOWS\system32\drivers\http.sys
2007-01-05 12:46 25,728 βββ C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-05 12:46 24,576 βββ C:\WINDOWS\system32\httpapi.dll
2007-01-05 12:46 220,032 βββ C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-05 12:46 22,528 βββ C:\WINDOWS\system32\fltmc.exe
2007-01-05 12:46 20,992 βββ C:\WINDOWS\system32\faxpatch.exe
2007-01-05 12:46 193,024 βββ C:\WINDOWS\system32\fsquirt.exe
2007-01-05 12:46 16,896 βββ C:\WINDOWS\system32\fltlib.dll
2007-01-05 12:46 15,104 βββ C:\WINDOWS\system32\drivers\hidir.sys
2007-01-05 12:46 124,800 βββ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-05 12:46 1,041,536 βββ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-05 12:45 71,680 βββ C:\WINDOWS\system32\blastcln.exe
2007-01-05 12:45 50,688 βββ C:\WINDOWS\system32\btpanui.dll
2007-01-05 12:45 4,096 βββ C:\WINDOWS\system32\dsprpres.dll
2007-01-05 12:45 38,016 βββ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-05 12:45 35,456 βββ C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-05 12:45 30,208 βββ C:\WINDOWS\system32\bthserv.dll
2007-01-05 12:45 274,816 βββ C:\WINDOWS\system32\drivers\bthport.sys
2007-01-05 12:45 25,471 βββ C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-05 12:45 20,992 βββ C:\WINDOWS\system32\bthci.dll
2007-01-05 12:45 20,480 βββ C:\WINDOWS\system32\encapi.dll
2007-01-05 12:45 2,113,536 βββ C:\WINDOWS\system32\dxdiagn.dll
2007-01-05 12:45 186,368 βββ C:\WINDOWS\system32\encdec.dll
2007-01-05 12:45 18,944 βββ C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-05 12:45 17,279 βββ C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-05 12:45 17,024 βββ C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-05 12:45 15,423 βββ C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-05 12:45 14,336 βββ C:\WINDOWS\system32\auditusr.exe
2007-01-05 12:45 14,143 βββ C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-05 12:45 13,824 βββ C:\WINDOWS\system32\cmsetacl.dll
2007-01-05 12:45 100,992 βββ C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-05 12:45 1,689,088 βββ C:\WINDOWS\system32\d3d9.dll
2007-01-05 12:44 870,784 βββ C:\WINDOWS\system32\ati3d1ag.dll
2007-01-05 12:44 73,216 βββ C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-05 12:44 701,440 βββ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-05 12:44 63,663 βββ C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-05 12:44 63,488 βββ C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-05 12:44 57,856 βββ C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-05 12:44 56,623 βββ C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-05 12:44 52,224 βββ C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-05 12:44 516,768 βββ C:\WINDOWS\system32\ativvaxx.dll
2007-01-05 12:44 41,472 βββ C:\WINDOWS\system32\drivers\amdk7.sys
2007-01-05 12:44 4,255 βββ C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-05 12:44 377,984 βββ C:\WINDOWS\system32\ati2dvaa.dll
2007-01-05 12:44 36,463 βββ C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-05 12:44 34,735 βββ C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-05 12:44 327,168 βββ C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-05 12:44 32,768 βββ C:\WINDOWS\system32\ativtmxx.dll
2007-01-05 12:44 31,744 βββ C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-05 12:44 30,671 βββ C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-05 12:44 3,967 βββ C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-05 12:44 3,775 βββ C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-05 12:44 3,711 βββ C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-05 12:44 3,647 βββ C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-05 12:44 3,615 βββ C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-05 12:44 3,135 βββ C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-05 12:44 29,455 βββ C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-05 12:44 28,672 βββ C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-05 12:44 26,367 βββ C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-05 12:44 229,376 βββ C:\WINDOWS\system32\ati2cqag.dll
2007-01-05 12:44 21,343 βββ C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-05 12:44 21,183 βββ C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-05 12:44 201,728 βββ C:\WINDOWS\system32\ati2dvag.dll
2007-01-05 12:44 14,336 βββ C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-05 12:44 13,824 βββ C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-05 12:44 13,824 βββ C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-05 12:44 12,047 βββ C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-05 12:44 11,615 βββ C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-05 12:44 11,359 βββ C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-05 12:44 104,960 βββ C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-05 12:44 1,888,992 βββ C:\WINDOWS\system32\ati3duag.dll
2007-01-05 10:59 178,408 βaββ C:\WINDOWS\system32\muweb.dll
2007-01-05 10:59 128,232 βaββ C:\WINDOWS\system32\mucltui.dll
2007-01-04 14:49 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Contacts
2007-01-04 14:48 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2007-01-04 14:47 <DIR> dβββ C:\Program Files\Windows Live Toolbar
2007-01-04 14:45 <DIR> dβ-cβ C:\WINDOWS\system32\DRVSTORE
2006-12-29 16:59 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\AdobeUM
2006-12-29 16:43 <DIR> dβββ C:\Program Files\Mozilla Firefox
2006-12-29 16:42 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2006-12-29 16:38 2,560 βββ C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-29 16:38 2,432 βββ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-29 16:38 <DIR> dβββ C:\Program Files\Picasa2
2006-12-29 16:38 <DIR> dβββ C:\Program Files\Lavasoft
2006-12-29 14:07 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\Google
2006-12-29 14:01 <DIR> dβββ C:\Program Files\Google
2006-12-29 14:01 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Google
2006-12-25 11:01 <DIR> dβββ C:\WINDOWS\EHome
2006-12-19 17:39 956,416 βaββ C:\WINDOWS\system32\msdtctm.dll
2006-12-19 17:39 91,136 βaββ C:\WINDOWS\system32\mtxoci.dll
2006-12-19 17:39 66,560 βaββ C:\WINDOWS\system32\mtxclu.dll
2006-12-19 17:39 628,224 βaββ C:\WINDOWS\system32\catsrvut(2).dll
2006-12-19 17:39 625,152 βaββ C:\WINDOWS\system32\catsrvut.dll
2006-12-19 17:39 62,464 βaββ C:\WINDOWS\system32\colbact(3).dll
2006-12-19 17:39 60,416 βaββ C:\WINDOWS\system32\colbact.dll
2006-12-19 17:39 581,120 βaββ C:\WINDOWS\system32\rpcrt4.dll
2006-12-19 17:39 540,160 βaββ C:\WINDOWS\system32\comuid.dll
2006-12-19 17:39 426,496 βaββ C:\WINDOWS\system32\msdtcprx.dll
2006-12-19 17:39 397,824 βaββ C:\WINDOWS\system32\rpcss.dll
2006-12-19 17:39 395,776 βaββ C:\WINDOWS\system32\rpcss(3).dll
2006-12-19 17:39 243,200 βaββ C:\WINDOWS\system32\es.dll
2006-12-19 17:39 243,200 βaββ C:\WINDOWS\system32\es(3).dll
2006-12-19 17:39 229,888 βaββ C:\WINDOWS\system32\catsrv(2).dll
2006-12-19 17:39 225,792 βaββ C:\WINDOWS\system32\catsrv.dll
2006-12-19 17:39 161,280 βaββ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-19 17:39 110,080 βaββ C:\WINDOWS\system32\clbcatex.dll
2006-12-19 17:39 110,080 βaββ C:\WINDOWS\system32\clbcatex(2).dll
2006-12-19 17:39 101,376 βaββ C:\WINDOWS\system32\txflog.dll
2006-12-19 17:39 101,376 βaββ C:\WINDOWS\system32\txflog(2).dll
2006-12-19 17:39 1,284,608 βaββ C:\WINDOWS\system32\ole32.dll
2006-12-19 17:39 1,284,608 βaββ C:\WINDOWS\system32\ole32(3).dll
2006-12-19 17:39 1,267,200 βaββ C:\WINDOWS\system32\comsvcs.dll
2006-12-19 17:38 77,312 βaββ C:\WINDOWS\system32\browser.dll
2006-12-19 17:38 614,912 βaββ C:\WINDOWS\system32\h323msp.dll
2006-12-19 17:38 39,936 βaββ C:\WINDOWS\system32\mf3216.dll
2006-12-19 17:37 332,288 βaββ C:\WINDOWS\system32\ipnathlp.dll
2006-12-19 17:25 46,352 βaββ C:\WINDOWS\setdebug.exe
2006-12-19 17:25 313,856 βaββ C:\WINDOWS\system32\dx3j.dll
2006-12-19 17:25 171,280 βaββ C:\WINDOWS\system32\jit.dll
2006-12-19 17:25 139,536 βaββ C:\WINDOWS\system32\javaee.dll
2006-12-19 17:24 947,472 βaββ C:\WINDOWS\system32\msjava.dll
2006-12-19 17:24 63,248 βaββ C:\WINDOWS\system32\javaprxy.dll
2006-12-19 17:24 49,424 βaββ C:\WINDOWS\system32\clspack.exe
2006-12-19 17:24 404,752 βaββ C:\WINDOWS\system32\javart.dll
2006-12-19 17:24 286,992 βaββ C:\WINDOWS\system32\vmhelper.dll
2006-12-19 17:24 21,264 βaββ C:\WINDOWS\system32\msjdbc10.dll
2006-12-19 17:24 187,152 βaββ C:\WINDOWS\system32\javacypt.dll
2006-12-19 17:24 172,304 βaββ C:\WINDOWS\system32\jview.exe
2006-12-19 17:24 171,792 βaββ C:\WINDOWS\system32\wjview.exe
2006-12-19 17:24 154,384 βaββ C:\WINDOWS\system32\msawt.dll
2006-12-19 17:24 15,120 βaββ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-19 17:24 113 βaββ C:\WINDOWS\system32\zonedon.reg
2006-12-19 17:24 113 βaββ C:\WINDOWS\system32\zonedoff.reg
2006-12-19 17:15 241,152 βaββ C:\WINDOWS\system32\srrstr.dll
2006-12-19 16:54 26,112 βaββ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-19 16:54 <DIR> dβh-cβ C:\WINDOWS\$xpsp1hfm$
2006-12-18 10:59 <DIR> dβsβ- C:\DOCUME~1\LAURAM~1\UserData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-12 13:36 βββ dβββ C:\Program Files\messenger
2007-01-11 21:02 βββ dβββ C:\Program Files\movie maker
2007-01-11 20:58 βββ dβββ C:\Program Files\windows nt
2007-01-11 18:52 βββ dβsβ- C:\DOCUME~1\LAURAM~1\Application Data\microsoft
2007-01-11 17:30 βββ dβββ C:\Program Files\hp
2007-01-11 11:50 βββ dβββ C:\Program Files\pedevice
2007-01-11 11:50 βββ dβββ C:\Program Files\Common Files\companion wizard
2007-01-11 10:42 βββ dβsβ- C:\Program Files\Common Files\teknum systems
2007-01-11 08:13 βββ dβhββ C:\Program Files\installshield installation information
2007-01-09 09:00 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\mozilla
2007-01-08 16:18 69682 βaββ C:\WINDOWS\system32\lzx32.sys
2007-01-08 15:02 βββ dβββ C:\Program Files\msn messenger
2007-01-04 14:17 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\adobe
2006-12-31 13:15 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\msn6
2006-12-06 15:53 βββ dβhββ C:\Program Files\windowsupdate
2006-12-02 18:27 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\drivecleaner 2006 free
2006-11-27 18:16 0 -rahsβ- C:\MSDOS.SYS
2006-11-27 18:16 0 -rahsβ- C:\IO.SYS
2006-11-16 17:39 βββ dβββ C:\Program Files\Common Files\adobe
2006-11-14 19:40 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\help
2006-11-14 10:15 βββ dβββ C:\Program Files\microsoft.net
2006-11-13 12:42 90112 -raββ C:\WINDOWS\bwunin-6.1.0.145l.exe
2006-11-08 06:07 679424 βaββ C:\WINDOWS\system32\inetcomm.dll
2006-10-20 02:39 714752 βaββ C:\WINDOWS\system32\sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"Uniblue SpyEraser"="\"C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe\" -m"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMKeybd"
"hkey"="HKLM"
"command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivSurf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="backweb-4448364"
"hkey"="HKLM"
"command"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cleanall"
"hkey"="HKLM"
"command"="c:\\apps\\easydvd\\cleanall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dc6_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EM_EXEC"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ers_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igomnu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\GLOBAL\\Mnu\\igomnu.exe /S:T"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon Personal Firewall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PFWall"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\PC Firewall\\PFWall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="khooker"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\khooker.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vcsplay"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pdwpamt"
"hkey"="HKLM"
"command"="C:\\pdwpamt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Herinnering voor registratie 1.job
C:\WINDOWS\tasks\Herinnering voor registratie 2.job
C:\WINDOWS\tasks\Herinnering voor registratie 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - laura melchior.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
Completion time: 07-01-14 19:43:18
Logfile of HijackThis v1.99.1
Scan saved at 9:41:14 AM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Avenger is een link programma om zo maar te gebruiken, die kan je pc grondig vernielen bij verkeerd gebruik.
Nietemin zal het inderdaad die rootkit geweest zijn en had ik ook avenger laten gebruiken. Ik zal straks je logje beoordelen. Momentje geduld aub. - Ok, heb Avenger gebruikt zoals aangeraden op dit forum voor iemand die vergelijkbare problemen had.
Vindt trouwens nu wel een map op het bureaublad %SystenDrive% die naar Documents and Settings gaat. Het ziet er niet uit als een shortcut dus ik durf hem niet te verwijderen. Enig idee hoe hij daar komt en wat zal ik er mee doen? - Download en installeer CCleaner
(De CCLeaner Yahoo Toolbar is niet nodig)
Nog niet gebruiken.
Download SDFix en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:6d28c87f04]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
[/b:6d28c87f04]
Klik op 'Fix checked' om de items te verwijderen.
Ga met de verkenner zoeken naar
C:\[b:6d28c87f04]qoobox[/b:6d28c87f04] en verwijder dit (dikgedrukt)
Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beΓ«indigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log (aan het einde )
Start Ccleaner.
Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
Selecteer nu alleen de volgende items:
Internet Explorer:
- Tijdelijke Internet bestanden
Systeem:
- Prullenbak leegmaken
- Tijdelijke bestanden
klik nu in Ccleaner op [b:6d28c87f04]opschonen[/b:6d28c87f04] (rechts onderaan).
- Klik ook op het icoon problemen oplossen, en doe de scan, maak wel een backupmapje aan.
Run nogmaals de combofix en bewaar het logje aub.
Mag ik nu dus zien.
Het rapport van SDFix
Een nieuw HJT logje
En het nieuwe combofix logje.
Juisterr - Hierbij alle logjes. Moest SDFIX ook in veilige modus runnen volgens het startup screen. Eerste impressie van runnen in nomale mode lijkt goed!
SDFix: Version 1.57
Mon 01/15/2007 - 12:05:02.68
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Safe Mode
Service Check:
Service Name:
MsaSvc
File Path:
C:\WINDOWS\System32\msasvc.exe
MsaSvc Deleted
Starting Registry Repairs
Restoring Default Hosts Fileβ¦
Stage One Complete
Rebootingβ¦
Stage Two - Normal Mode
Checking Files:
βββββ
C:\WINDOWS\system32\lzx32.sys
Removing any Files Foundβ¦
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
ββββββ
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\pdwpamt.exe"="C:\\pdwpamt.exe:*:Enabled:Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\\pdwpamt.exe"="C:\\pdwpamt.exe:*:Enabled:Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
βββββ
Backups Folder: - C:\SDFix\backups\backups.zip
Remaining files with hidden attributes:
C:\NTDETECT.COM
C:\WINDOWS\Downloaded Program Files\instwact.dll
C:\QooBox\Purity\WINDOWS\system32\ASKS~1\?hkntfs.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL0005.tmp
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL1316.tmp
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL1950.tmp
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL2983.tmp
C:\Program Files\Google\Google Desktop Search\BITF.tmp
Finished
"laura melchior" - 07-01-15 12:29:16 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners"
((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))
2007-01-15 12:21 <DIR> dβββ C:\Program Files\CCleaner
2007-01-15 11:55 <DIR> dβββ C:\SDFix
2007-01-15 10:53 <DIR> dβββ C:\WINDOWS\WBEM
2007-01-15 10:53 <DIR> dβββ C:\WINDOWS\system32\nl-nl
2007-01-15 10:51 <DIR> dβh-cβ C:\WINDOWS\ie7
2007-01-15 10:48 121,856 βββ C:\WINDOWS\system32\xmllite.dll
2007-01-15 10:47 <DIR> dβββ C:\WINDOWS\network diagnostic
2007-01-15 09:16 <DIR> dβββ C:\WINDOWS\WLTB Custom Button Feeds
2007-01-15 08:30 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-14 22:06 <DIR> dβββ C:\Program Files\Windows Live Toolbar
2007-01-14 21:12 <DIR> dβββ C:\Program Files\MSXML 4.0
2007-01-14 21:12 <DIR> dβββ C:\8ab258aa4aec885576b648
2007-01-14 11:05 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\Uniblue
2007-01-11 20:56 <DIR> dβββ C:\WINDOWS\ServicePackFiles
2007-01-11 19:36 <DIR> dβββ C:\Program Files\Common Files\Symantec Shared
2007-01-11 19:36 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-11 18:00 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-11 17:28 82,432 -raββ C:\WINDOWS\system32\MSXML4r.dll
2007-01-11 15:46 <DIR> dr-hββ C:\DOCUME~1\LAURAM~1\Onlangs geopend
2007-01-11 15:19 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2007-01-11 12:32 <DIR> dr-hββ C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Menu Start
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Favorieten
2007-01-11 12:32 <DIR> drββ- C:\DOCUME~1\ADMINI~1\Bureaublad
2007-01-11 12:32 <DIR> dβhββ C:\DOCUME~1\ADMINI~1\Sjablonen
2007-01-11 12:32 <DIR> dβhββ C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\WINDOWS
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\Application Data\InterTrust
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-11 12:32 <DIR> dβββ C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-01-11 10:16 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-11 08:58 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\Lavasoft
2007-01-11 07:43 <DIR> dβββ C:\WINDOWS\pss
2007-01-10 21:43 <DIR> dβββ C:\Program Files\Yahoo!
2007-01-09 08:32 <DIR> dβhββ C:\WINDOWS\$hf_mig$
2007-01-09 08:32 <DIR> dβββ C:\WINDOWS\system32\PreInstall
2007-01-08 14:50 <DIR> dβββ C:\DOCUME~1\LOCALS~1\Menu Start
2007-01-08 14:47 <DIR> dβββ C:\WINDOWS\Prefetch
2007-01-08 14:20 <DIR> dβββ C:\WINDOWS\provisioning
2007-01-08 14:20 <DIR> dβββ C:\WINDOWS\peernet
2007-01-08 14:08 22,752 βaββ C:\WINDOWS\system32\spupdsvc.exe
2007-01-08 14:02 999,936 βaββ C:\WINDOWS\system32\setupapi.dll
2007-01-08 14:02 993,280 βaββ C:\WINDOWS\system32\syssetup.dll
2007-01-08 14:02 98,304 βaββ C:\WINDOWS\system32\scardsvr.exe
2007-01-08 14:02 96,768 βaββ C:\WINDOWS\system32\srvsvc.dll
2007-01-08 14:02 95,360 βaββ C:\WINDOWS\system32\drivers\atapi.sys
2007-01-08 14:02 92,160 βaββ C:\WINDOWS\system32\ntprint.dll
2007-01-08 14:02 92,032 βaββ C:\WINDOWS\system32\drivers\ksecdd.sys
2007-01-08 14:02 91,776 βaββ C:\WINDOWS\system32\drivers\ndiswan.sys
2007-01-08 14:02 89,088 βaββ C:\WINDOWS\system32\rasauto.dll
2007-01-08 14:02 88,448 βaββ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-01-08 14:02 800,000 βaββ C:\WINDOWS\system32\drivers\dmboot.sys
2007-01-08 14:02 80,384 βaββ C:\WINDOWS\system32\drivers\parport.sys
2007-01-08 14:02 8,192 βaββ C:\WINDOWS\system32\ntlsapi.dll
2007-01-08 14:02 8,192 βaββ C:\WINDOWS\system32\drivers\i2omgmt.sys
2007-01-08 14:02 76,800 βaββ C:\WINDOWS\system32\nslookup.exe
2007-01-08 14:02 75,264 βaββ C:\WINDOWS\system32\locator.exe
2007-01-08 14:02 74,752 βaββ C:\WINDOWS\system32\drivers\ipsec.sys
2007-01-08 14:02 729,088 βaββ C:\WINDOWS\system32\ntdll.dll
2007-01-08 14:02 727,040 βaββ C:\WINDOWS\system32\lsasrv.dll
2007-01-08 14:02 71,552 βaββ C:\WINDOWS\system32\drivers\bridge.sys
2007-01-08 14:02 71,040 βaββ C:\WINDOWS\system32\drivers\dxg.sys
2007-01-08 14:02 7,552 βaββ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-08 14:02 69,120 βaββ C:\WINDOWS\system32\drivers\psched.sys
2007-01-08 14:02 684,032 βaββ C:\WINDOWS\system32\advapi32.dll
2007-01-08 14:02 68,224 βaββ C:\WINDOWS\system32\drivers\pci.sys
2007-01-08 14:02 676,864 βaββ C:\WINDOWS\system32\rasdlg.dll
2007-01-08 14:02 64,000 βaββ C:\WINDOWS\system32\samlib.dll
2007-01-08 14:02 632,832 βaββ C:\WINDOWS\system32\autoconv.exe
2007-01-08 14:02 63,744 βaββ C:\WINDOWS\system32\drivers\mf.sys
2007-01-08 14:02 63,744 βaββ C:\WINDOWS\system32\drivers\cdfs.sys
2007-01-08 14:02 619,008 βaββ C:\WINDOWS\system32\autochk.exe
2007-01-08 14:02 617,472 βaββ C:\WINDOWS\system32\comctl32.dll
2007-01-08 14:02 61,824 βaββ C:\WINDOWS\system32\drivers\nic1394.sys
2007-01-08 14:02 61,440 βaββ C:\WINDOWS\system32\rasman.dll
2007-01-08 14:02 60,800 βaββ C:\WINDOWS\system32\drivers\arp1394.sys
2007-01-08 14:02 60,288 βaββ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-08 14:02 59,904 βaββ C:\WINDOWS\system32\drivers\atmarpc.sys
2007-01-08 14:02 58,880 βaββ C:\WINDOWS\system32\rastapi.dll
2007-01-08 14:02 574,592 βaββ C:\WINDOWS\system32\drivers\ntfs.sys
2007-01-08 14:02 572,928 βaββ C:\WINDOWS\system32\printui.dll
2007-01-08 14:02 57,856 βaββ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-08 14:02 553,472 βaββ C:\WINDOWS\system32\oleaut32.dll
2007-01-08 14:02 55,936 βaββ C:\WINDOWS\system32\drivers\atmlane.sys
2007-01-08 14:02 53,760 βaββ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-01-08 14:02 52,864 βaββ C:\WINDOWS\system32\drivers\dmusic.sys
2007-01-08 14:02 51,328 βaββ C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-01-08 14:02 50,688 βaββ C:\WINDOWS\system32\smss.exe
2007-01-08 14:02 5,632 βaββ C:\WINDOWS\system32\drivers\intelide.sys
2007-01-08 14:02 5,376 βaββ C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-08 14:02 49,664 βaββ C:\WINDOWS\system32\drivers\classpnp.sys
2007-01-08 14:02 49,536 βaββ C:\WINDOWS\system32\drivers\cdrom.sys
2007-01-08 14:02 48,384 βaββ C:\WINDOWS\system32\drivers\raspptp.sys
2007-01-08 14:02 46,592 βaββ C:\WINDOWS\system32\tcpmonui.dll
2007-01-08 14:02 46,592 βaββ C:\WINDOWS\system32\drivers\p3.sys
2007-01-08 14:02 453,120 βaββ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-01-08 14:02 45,056 βaββ C:\WINDOWS\system32\ftp.exe
2007-01-08 14:02 429,056 βaββ C:\WINDOWS\system32\samsrv.dll
2007-01-08 14:02 420,864 βaββ C:\WINDOWS\system32\ntvdm.exe
2007-01-08 14:02 42,240 βaββ C:\WINDOWS\system32\drivers\mountmgr.sys
2007-01-08 14:02 41,856 βaββ C:\WINDOWS\system32\drivers\imapi.sys
2007-01-08 14:02 41,472 βaββ C:\WINDOWS\system32\perfctrs.dll
2007-01-08 14:02 41,472 βaββ C:\WINDOWS\system32\drivers\raspppoe.sys
2007-01-08 14:02 41,088 βaββ C:\WINDOWS\system32\drivers\amdk6.sys
2007-01-08 14:02 40,576 βaββ C:\WINDOWS\system32\drivers\crusoe.sys
2007-01-08 14:02 40,448 βaββ C:\WINDOWS\system32\rshx32.dll
2007-01-08 14:02 40,320 βaββ C:\WINDOWS\system32\drivers\nmnt.sys
2007-01-08 14:02 4,992 βaββ C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-08 14:02 399,360 βaββ C:\WINDOWS\system32\cmd.exe
2007-01-08 14:02 39,424 βaββ C:\WINDOWS\system32\drivers\processr.sys
2007-01-08 14:02 36,352 βaββ C:\WINDOWS\system32\drivers\disk.sys
2007-01-08 14:02 36,224 βaββ C:\WINDOWS\system32\drivers\hidclass.sys
2007-01-08 14:02 35,072 βaββ C:\WINDOWS\system32\drivers\msgpc.sys
2007-01-08 14:02 343,040 βaββ C:\WINDOWS\system32\localspl.dll
2007-01-08 14:02 34,560 βaββ C:\WINDOWS\system32\drivers\netbios.sys
2007-01-08 14:02 33,792 βaββ C:\WINDOWS\system32\msgsvc.dll
2007-01-08 14:02 32,768 βaββ C:\WINDOWS\system32\csrsrv.dll
2007-01-08 14:02 316,416 βaββ C:\WINDOWS\system32\untfs.dll
2007-01-08 14:02 305,664 βaββ C:\WINDOWS\system32\ulib.dll
2007-01-08 14:02 30,848 βaββ C:\WINDOWS\system32\drivers\npfs.sys
2007-01-08 14:02 30,336 βaββ C:\WINDOWS\system32\drivers\modem.sys
2007-01-08 14:02 281,088 βaββ C:\WINDOWS\system32\comdlg32.dll
2007-01-08 14:02 27,392 βaββ C:\WINDOWS\system32\drivers\fdc.sys
2007-01-08 14:02 25,216 βaββ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-01-08 14:02 25,088 βaββ C:\WINDOWS\system32\drivers\pciidex.sys
2007-01-08 14:02 24,960 βaββ C:\WINDOWS\system32\drivers\hidparse.sys
2007-01-08 14:02 24,576 βaββ C:\WINDOWS\system32\userinit.exe
2007-01-08 14:02 236,544 βaββ C:\WINDOWS\system32\rasapi32.dll
2007-01-08 14:02 23,552 βaββ C:\WINDOWS\system32\drivers\mouclass.sys
2007-01-08 14:02 20,992 βaββ C:\WINDOWS\system32\drivers\ipinip.sys
2007-01-08 14:02 20,480 βaββ C:\WINDOWS\system32\drivers\flpydisk.sys
2007-01-08 14:02 2,944 βaββ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-08 14:02 196,864 βaββ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-08 14:02 19,072 βaββ C:\WINDOWS\system32\drivers\msfs.sys
2007-01-08 14:02 188,544 βaββ C:\WINDOWS\system32\drivers\acpi.sys
2007-01-08 14:02 182,912 βaββ C:\WINDOWS\system32\drivers\ndis.sys
2007-01-08 14:02 181,248 βaββ C:\WINDOWS\system32\drivers\mrxdav.sys
2007-01-08 14:02 18,560 βaββ C:\WINDOWS\system32\drivers\i2omp.sys
2007-01-08 14:02 174,592 βaββ C:\WINDOWS\system32\drivers\rdbss.sys
2007-01-08 14:02 172,416 βaββ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-08 14:02 162,816 βaββ C:\WINDOWS\system32\drivers\netbt.sys
2007-01-08 14:02 153,856 βaββ C:\WINDOWS\system32\drivers\dmio.sys
2007-01-08 14:02 145,792 βaββ C:\WINDOWS\system32\drivers\portcls.sys
2007-01-08 14:02 144,896 βaββ C:\WINDOWS\system32\schannel.dll
2007-01-08 14:02 144,384 βaββ C:\WINDOWS\system32\nwprovau.dll
2007-01-08 14:02 144,384 βaββ C:\WINDOWS\system32\imagehlp.dll
2007-01-08 14:02 143,360 βaββ C:\WINDOWS\system32\drivers\fastfat.sys
2007-01-08 14:02 142,464 βaββ C:\WINDOWS\system32\drivers\aec.sys
2007-01-08 14:02 142,336 βaββ C:\WINDOWS\system32\sessmgr.exe
2007-01-08 14:02 140,928 βaββ C:\WINDOWS\system32\drivers\ks.sys
2007-01-08 14:02 14,848 βaββ C:\WINDOWS\system32\mgmtapi.dll
2007-01-08 14:02 14,848 βaββ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-08 14:02 14,336 βaββ C:\WINDOWS\system32\drivers\asyncmac.sys
2007-01-08 14:02 14,208 βaββ C:\WINDOWS\system32\drivers\diskdump.sys
2007-01-08 14:02 139,528 βaββ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-08 14:02 138,496 βaββ C:\WINDOWS\system32\drivers\afd.sys
2007-01-08 14:02 134,912 βaββ C:\WINDOWS\system32\drivers\ipnat.sys
2007-01-08 14:02 132,096 βaββ C:\WINDOWS\system32\wkssvc.dll
2007-01-08 14:02 13,824 βaββ C:\WINDOWS\system32\savedump.exe
2007-01-08 14:02 13,824 βaββ C:\WINDOWS\system32\lmhsvc.dll
2007-01-08 14:02 129,536 βaββ C:\WINDOWS\system32\msv1_0.dll
2007-01-08 14:02 120,320 βaββ C:\WINDOWS\system32\drivers\pcmcia.sys
2007-01-08 14:02 12,928 βaββ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-01-08 14:02 11,264 βaββ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-08 14:02 108,544 βaββ C:\WINDOWS\system32\services.exe
2007-01-08 14:02 107,904 βaββ C:\WINDOWS\system32\drivers\mup.sys
2007-01-08 14:02 102,400 βaββ C:\WINDOWS\system32\win32spl.dll
2007-01-08 14:02 10,624 βaββ C:\WINDOWS\system32\drivers\gameenum.sys
2007-01-08 14:02 1,839,616 βaββ C:\WINDOWS\system32\win32k.sys
2007-01-08 14:01 96,256 βaββ C:\WINDOWS\system32\drivers\scsiport.sys
2007-01-08 14:01 82,944 βaββ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-08 14:01 79,744 βaββ C:\WINDOWS\system32\drivers\videoprt.sys
2007-01-08 14:01 73,472 βaββ C:\WINDOWS\system32\drivers\sr.sys
2007-01-08 14:01 66,176 βaββ C:\WINDOWS\system32\drivers\udfs.sys
2007-01-08 14:01 65,920 βaββ C:\WINDOWS\system32\drivers\serial.sys
2007-01-08 14:01 60,800 βaββ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-08 14:01 6,400 βaββ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-08 14:01 57,600 βaββ C:\WINDOWS\system32\drivers\usbhub.sys
2007-01-08 14:01 53,632 βaββ C:\WINDOWS\system32\drivers\volsnap.sys
2007-01-08 14:01 5,376 βaββ C:\WINDOWS\system32\drivers\viaide.sys
2007-01-08 14:01 48,640 βaββ C:\WINDOWS\system32\drivers\stream.sys
2007-01-08 14:01 40,840 βaββ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-08 14:01 4,352 βaββ C:\WINDOWS\system32\drivers\swenum.sys
2007-01-08 14:01 359,808 βaββ C:\WINDOWS\system32\drivers\tcpip.sys
2007-01-08 14:01 34,560 βaββ C:\WINDOWS\system32\drivers\wanarp.sys
2007-01-08 14:01 332,928 βaββ C:\WINDOWS\system32\drivers\srv.sys
2007-01-08 14:01 31,616 βaββ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-08 14:01 30,080 βaββ C:\WINDOWS\system32\drivers\rndismp.sys
2007-01-08 14:01 25,472 βaββ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-01-08 14:01 225,664 βaββ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-01-08 14:01 21,896 βaββ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-08 14:01 209,408 βaββ C:\WINDOWS\system32\drivers\update.sys
2007-01-08 14:01 20,992 βaββ C:\WINDOWS\system32\drivers\vga.sys
2007-01-08 14:01 18,560 βaββ C:\WINDOWS\system32\drivers\tdi.sys
2007-01-08 14:01 17,024 βaββ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-08 14:01 16,000 βaββ C:\WINDOWS\system32\drivers\usbintel.sys
2007-01-08 14:01 15,488 βaββ C:\WINDOWS\system32\drivers\serenum.sys
2007-01-08 14:01 142,976 βaββ C:\WINDOWS\system32\drivers\usbport.sys
2007-01-08 14:01 14,976 βaββ C:\WINDOWS\system32\drivers\tape.sys
2007-01-08 14:01 12,672 βaββ C:\WINDOWS\system32\drivers\usb8023.sys
2007-01-08 14:01 12,040 βaββ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-08 14:01 11,392 βaββ C:\WINDOWS\system32\drivers\sfloppy.sys
2007-01-08 09:40 <DIR> dβββ C:\WINDOWS\McAfee.com
2007-01-08 08:38 493,440 βaββ C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-01-08 08:38 402,432 βaββ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-01-05 13:32 <DIR> dβββ C:\Bdienst
2007-01-05 12:53 50,176 βββ C:\WINDOWS\system32\xmlprovi.dll
2007-01-05 12:53 129,536 βββ C:\WINDOWS\system32\xmlprov.dll
2007-01-05 12:52 937,984 βββ C:\WINDOWS\system32\winbrand.dll
2007-01-05 12:52 896,512 βββ C:\WINDOWS\system32\wmspdmoe.dll
2007-01-05 12:52 81,408 βββ C:\WINDOWS\system32\wscsvc.dll
2007-01-05 12:52 484,864 βββ C:\WINDOWS\system32\wmspdmod.dll
2007-01-05 12:52 25,471 βββ C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-05 12:52 233,472 βββ C:\WINDOWS\system32\wmpdxm.dll
2007-01-05 12:52 22,271 βββ C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-05 12:52 189,952 βββ C:\WINDOWS\system32\wmerror.dll
2007-01-05 12:52 17,408 βββ C:\WINDOWS\system32\winshfhc.dll
2007-01-05 12:52 151,552 βββ C:\WINDOWS\system32\wmidx.dll
2007-01-05 12:52 13,824 βββ C:\WINDOWS\system32\wscntfy.exe
2007-01-05 12:52 114,688 βββ C:\WINDOWS\system32\wmpasf.dll
2007-01-05 12:52 11,935 βββ C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-05 12:52 11,871 βββ C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-05 12:52 11,807 βββ C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-05 12:52 11,295 βββ C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-05 12:52 108,032 βββ C:\WINDOWS\system32\wshbth.dll
2007-01-05 12:52 1,119,744 βββ C:\WINDOWS\system32\wmsdmoe2.dll
2007-01-05 12:52 1,001,472 βββ C:\WINDOWS\system32\wmvdmoe2.dll
2007-01-05 12:51 78,464 βββ C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-05 12:51 75,776 βββ C:\WINDOWS\system32\strmfilt.dll
2007-01-05 12:51 44,672 βββ C:\WINDOWS\system32\drivers\uagp35.sys
2007-01-05 12:51 44,032 βββ C:\WINDOWS\system32\twext.dll
2007-01-05 12:51 26,624 βββ C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-05 12:51 21,504 βββ C:\WINDOWS\system32\spupdwxp.exe
2007-01-05 12:51 2,962,432 βββ C:\WINDOWS\system32\xpsp2res.dll
2007-01-05 12:51 196,096 βββ C:\WINDOWS\system32\xpsp1res.dll
2007-01-05 12:51 15,872 βββ C:\WINDOWS\system32\w3ssl.dll
2007-01-05 12:51 13,568 βββ C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-05 12:51 12,672 βββ C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-05 12:51 12,416 βββ C:\WINDOWS\system32\drivers\tunmp.sys
2007-01-05 12:51 11,776 βββ C:\WINDOWS\system32\spnpinst.exe
2007-01-05 12:51 11,325 βββ C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-05 12:50 9,728 βββ C:\WINDOWS\system32\proxycfg.exe
2007-01-05 12:50 88,064 βββ C:\WINDOWS\system32\p2pnetsh.dll
2007-01-05 12:50 86,016 βββ C:\WINDOWS\system32\p2pgasvc.dll
2007-01-05 12:50 8,192 βββ C:\WINDOWS\system32\smbinst.exe
2007-01-05 12:50 73,832 βββ C:\WINDOWS\system32\slcoinst.dll
2007-01-05 12:50 67,584 βββ C:\WINDOWS\system32\drivers\sdbus.sys
2007-01-05 12:50 6,016 βββ C:\WINDOWS\system32\drivers\smbali.sys
2007-01-05 12:50 59,648 βββ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-05 12:50 526,848 βββ C:\WINDOWS\system32\p2psvc.dll
2007-01-05 12:50 49,152 βββ C:\WINDOWS\system32\powercfg.exe
2007-01-05 12:50 48,640 βββ C:\WINDOWS\system32\pnrpnsp.dll
2007-01-05 12:50 397,056 βββ C:\WINDOWS\system32\s3gnb.dll
2007-01-05 12:50 32,866 βββ C:\WINDOWS\system32\slrundll.exe
2007-01-05 12:50 32,866 βββ C:\WINDOWS\slrundll.exe
2007-01-05 12:50 312,320 βββ C:\WINDOWS\system32\p2pgraph.dll
2007-01-05 12:50 30,080 βββ C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-05 12:50 3,901 βββ C:\WINDOWS\system32\drivers\siint5.dll
2007-01-05 12:50 29,184 βββ C:\WINDOWS\system32\sdhcinst.dll
2007-01-05 12:50 270,848 βββ C:\WINDOWS\system32\sbe.dll
2007-01-05 12:50 188,508 βββ C:\WINDOWS\system32\slgen.dll
2007-01-05 12:50 166,912 βββ C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-05 12:50 159,232 βββ C:\WINDOWS\system32\sbeio.dll
2007-01-05 12:50 13,776 βββ C:\WINDOWS\system32\drivers\recagent.sys
2007-01-05 12:50 129,535 βββ C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-05 12:50 116,224 βββ C:\WINDOWS\system32\p2p.dll
2007-01-05 12:50 11,136 βββ C:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-05 12:50 10,240 βββ C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-05 12:49 52,736 βββ C:\WINDOWS\system32\mspmsnsv.dll
2007-01-05 12:49 452,736 βββ C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-05 12:49 4,274,816 βββ C:\WINDOWS\system32\nv4_disp.dll
2007-01-05 12:49 15,488 βββ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-05 12:49 134,656 βββ C:\WINDOWS\system32\mssap.dll
2007-01-05 12:49 12,672 βββ C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-05 12:49 1,897,408 βββ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-05 12:49 1,737,856 βββ C:\WINDOWS\system32\mtxparhd.dll
2007-01-05 12:48 537,088 βββ C:\WINDOWS\system32\msftedit.dll
2007-01-05 12:48 384,512 βββ C:\WINDOWS\system32\mp4sdmod.dll
2007-01-05 12:48 310,272 βββ C:\WINDOWS\system32\mp43dmod.dll
2007-01-05 12:48 118,784 βββ C:\WINDOWS\system32\msdadiag.dll
2007-01-05 12:47 86,016 βββ C:\WINDOWS\system32\mdmxsdk.dll
2007-01-05 12:47 61,440 βββ C:\WINDOWS\system32\logman.exe
2007-01-05 12:47 11,868 βββ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-05 12:46 78,336 βaββ C:\WINDOWS\system32\ieencode.dll
2007-01-05 12:46 7,680 βββ C:\WINDOWS\system32\kbdsmsno.dll
2007-01-05 12:46 7,680 βββ C:\WINDOWS\system32\kbdsmsfi.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\kbdukx.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\kbdno1.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\kbdfi1.dll
2007-01-05 12:46 7,168 βββ C:\WINDOWS\system32\hccoin.dll
2007-01-05 12:46 685,056 βββ C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-05 12:46 60,416 βββ C:\WINDOWS\system32\fwcfg.dll
2007-01-05 12:46 6,656 βββ C:\WINDOWS\system32\kbdinmal.dll
2007-01-05 12:46 6,656 βββ C:\WINDOWS\system32\kbdinben.dll
2007-01-05 12:46 6,144 βββ C:\WINDOWS\system32\kbdmlt48.dll
2007-01-05 12:46 6,144 βββ C:\WINDOWS\system32\kbdmlt47.dll
2007-01-05 12:46 6,144 βββ C:\WINDOWS\system32\kbdinbe1.dll
2007-01-05 12:46 5,632 βββ C:\WINDOWS\system32\kbdmaori.dll
2007-01-05 12:46 46,464 βββ C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-05 12:46 40,192 βββ C:\WINDOWS\system32\drivers\intelppm.sys
2007-01-05 12:46 32,285 βββ C:\WINDOWS\system32\hsfcisp2.dll
2007-01-05 12:46 29,056 βββ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-05 12:46 262,784 βββ C:\WINDOWS\system32\drivers\http.sys
2007-01-05 12:46 25,728 βββ C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-05 12:46 24,576 βββ C:\WINDOWS\system32\httpapi.dll
2007-01-05 12:46 23,040 βaββ C:\WINDOWS\system32\fltmc.exe
2007-01-05 12:46 220,032 βββ C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-05 12:46 20,992 βββ C:\WINDOWS\system32\faxpatch.exe
2007-01-05 12:46 193,024 βββ C:\WINDOWS\system32\fsquirt.exe
2007-01-05 12:46 16,896 βaββ C:\WINDOWS\system32\fltlib.dll
2007-01-05 12:46 15,104 βββ C:\WINDOWS\system32\drivers\hidir.sys
2007-01-05 12:46 128,896 βββ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-05 12:46 1,041,536 βββ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-05 12:45 71,680 βββ C:\WINDOWS\system32\blastcln.exe
2007-01-05 12:45 50,688 βββ C:\WINDOWS\system32\btpanui.dll
2007-01-05 12:45 4,096 βββ C:\WINDOWS\system32\dsprpres.dll
2007-01-05 12:45 38,016 βββ C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-05 12:45 35,456 βββ C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-05 12:45 30,208 βββ C:\WINDOWS\system32\bthserv.dll
2007-01-05 12:45 274,816 βββ C:\WINDOWS\system32\drivers\bthport.sys
2007-01-05 12:45 25,471 βββ C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-05 12:45 20,992 βββ C:\WINDOWS\system32\bthci.dll
2007-01-05 12:45 20,480 βββ C:\WINDOWS\system32\encapi.dll
2007-01-05 12:45 2,113,536 βββ C:\WINDOWS\system32\dxdiagn.dll
2007-01-05 12:45 186,368 βββ C:\WINDOWS\system32\encdec.dll
2007-01-05 12:45 18,944 βββ C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-05 12:45 17,279 βββ C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-05 12:45 17,024 βββ C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-05 12:45 15,423 βββ C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-05 12:45 14,336 βββ C:\WINDOWS\system32\auditusr.exe
2007-01-05 12:45 14,143 βββ C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-05 12:45 13,824 βββ C:\WINDOWS\system32\cmsetacl.dll
2007-01-05 12:45 100,992 βββ C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-05 12:45 1,689,088 βββ C:\WINDOWS\system32\d3d9.dll
2007-01-05 12:44 870,784 βββ C:\WINDOWS\system32\ati3d1ag.dll
2007-01-05 12:44 73,216 βββ C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-05 12:44 701,440 βββ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-05 12:44 63,663 βββ C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-05 12:44 63,488 βββ C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-05 12:44 57,856 βββ C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-05 12:44 56,623 βββ C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-05 12:44 52,224 βββ C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-05 12:44 516,768 βββ C:\WINDOWS\system32\ativvaxx.dll
2007-01-05 12:44 41,472 βββ C:\WINDOWS\system32\drivers\amdk7.sys
2007-01-05 12:44 4,255 βββ C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-05 12:44 377,984 βββ C:\WINDOWS\system32\ati2dvaa.dll
2007-01-05 12:44 36,463 βββ C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-05 12:44 34,735 βββ C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-05 12:44 327,168 βββ C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-05 12:44 32,768 βββ C:\WINDOWS\system32\ativtmxx.dll
2007-01-05 12:44 31,744 βββ C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-05 12:44 30,671 βββ C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-05 12:44 3,967 βββ C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-05 12:44 3,775 βββ C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-05 12:44 3,711 βββ C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-05 12:44 3,647 βββ C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-05 12:44 3,615 βββ C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-05 12:44 3,135 βββ C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-05 12:44 29,455 βββ C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-05 12:44 28,672 βββ C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-05 12:44 26,367 βββ C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-05 12:44 229,376 βββ C:\WINDOWS\system32\ati2cqag.dll
2007-01-05 12:44 21,343 βββ C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-05 12:44 21,183 βββ C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-05 12:44 201,728 βββ C:\WINDOWS\system32\ati2dvag.dll
2007-01-05 12:44 14,336 βββ C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-05 12:44 13,824 βββ C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-05 12:44 13,824 βββ C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-05 12:44 12,047 βββ C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-05 12:44 11,615 βββ C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-05 12:44 11,359 βββ C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-05 12:44 104,960 βββ C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-05 12:44 1,888,992 βββ C:\WINDOWS\system32\ati3duag.dll
2007-01-05 10:59 178,408 βaββ C:\WINDOWS\system32\muweb.dll
2007-01-05 10:59 128,232 βaββ C:\WINDOWS\system32\mucltui.dll
2007-01-04 14:49 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Contacts
2007-01-04 14:48 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2007-01-04 14:45 <DIR> dβ-cβ C:\WINDOWS\system32\DRVSTORE
2006-12-29 16:59 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\AdobeUM
2006-12-29 16:43 <DIR> dβββ C:\Program Files\Mozilla Firefox
2006-12-29 16:42 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2006-12-29 14:07 <DIR> dβββ C:\DOCUME~1\LAURAM~1\Application Data\Google
2006-12-29 14:01 <DIR> dβββ C:\Program Files\Google
2006-12-29 14:01 <DIR> dβββ C:\DOCUME~1\ALLUSE~1\Application Data\Google
2006-12-25 11:01 <DIR> dβββ C:\WINDOWS\EHome
2006-12-19 17:39 956,416 βaββ C:\WINDOWS\system32\msdtctm.dll
2006-12-19 17:39 91,136 βaββ C:\WINDOWS\system32\mtxoci.dll
2006-12-19 17:39 66,560 βaββ C:\WINDOWS\system32\mtxclu.dll
2006-12-19 17:39 628,224 βaββ C:\WINDOWS\system32\catsrvut(2).dll
2006-12-19 17:39 625,152 βaββ C:\WINDOWS\system32\catsrvut.dll
2006-12-19 17:39 62,464 βaββ C:\WINDOWS\system32\colbact(3).dll
2006-12-19 17:39 60,416 βaββ C:\WINDOWS\system32\colbact.dll
2006-12-19 17:39 581,120 βaββ C:\WINDOWS\system32\rpcrt4.dll
2006-12-19 17:39 540,160 βaββ C:\WINDOWS\system32\comuid.dll
2006-12-19 17:39 426,496 βaββ C:\WINDOWS\system32\msdtcprx.dll
2006-12-19 17:39 397,824 βaββ C:\WINDOWS\system32\rpcss.dll
2006-12-19 17:39 395,776 βaββ C:\WINDOWS\system32\rpcss(3).dll
2006-12-19 17:39 243,200 βaββ C:\WINDOWS\system32\es.dll
2006-12-19 17:39 243,200 βaββ C:\WINDOWS\system32\es(3).dll
2006-12-19 17:39 229,888 βaββ C:\WINDOWS\system32\catsrv(2).dll
2006-12-19 17:39 225,792 βaββ C:\WINDOWS\system32\catsrv.dll
2006-12-19 17:39 161,280 βaββ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-19 17:39 110,080 βaββ C:\WINDOWS\system32\clbcatex.dll
2006-12-19 17:39 110,080 βaββ C:\WINDOWS\system32\clbcatex(2).dll
2006-12-19 17:39 101,376 βaββ C:\WINDOWS\system32\txflog.dll
2006-12-19 17:39 101,376 βaββ C:\WINDOWS\system32\txflog(2).dll
2006-12-19 17:39 1,284,608 βaββ C:\WINDOWS\system32\ole32.dll
2006-12-19 17:39 1,284,608 βaββ C:\WINDOWS\system32\ole32(3).dll
2006-12-19 17:39 1,267,200 βaββ C:\WINDOWS\system32\comsvcs.dll
2006-12-19 17:38 77,312 βaββ C:\WINDOWS\system32\browser.dll
2006-12-19 17:38 614,912 βaββ C:\WINDOWS\system32\h323msp.dll
2006-12-19 17:38 39,936 βaββ C:\WINDOWS\system32\mf3216.dll
2006-12-19 17:37 332,288 βaββ C:\WINDOWS\system32\ipnathlp.dll
2006-12-19 17:25 46,352 βaββ C:\WINDOWS\setdebug.exe
2006-12-19 17:25 313,856 βaββ C:\WINDOWS\system32\dx3j.dll
2006-12-19 17:25 171,280 βaββ C:\WINDOWS\system32\jit.dll
2006-12-19 17:25 139,536 βaββ C:\WINDOWS\system32\javaee.dll
2006-12-19 17:24 947,472 βaββ C:\WINDOWS\system32\msjava.dll
2006-12-19 17:24 63,248 βaββ C:\WINDOWS\system32\javaprxy.dll
2006-12-19 17:24 49,424 βaββ C:\WINDOWS\system32\clspack.exe
2006-12-19 17:24 404,752 βaββ C:\WINDOWS\system32\javart.dll
2006-12-19 17:24 286,992 βaββ C:\WINDOWS\system32\vmhelper.dll
2006-12-19 17:24 21,264 βaββ C:\WINDOWS\system32\msjdbc10.dll
2006-12-19 17:24 187,152 βaββ C:\WINDOWS\system32\javacypt.dll
2006-12-19 17:24 172,304 βaββ C:\WINDOWS\system32\jview.exe
2006-12-19 17:24 171,792 βaββ C:\WINDOWS\system32\wjview.exe
2006-12-19 17:24 154,384 βaββ C:\WINDOWS\system32\msawt.dll
2006-12-19 17:24 15,120 βaββ C:\WINDOWS\system32\jdbgmgr.exe
2006-12-19 17:24 113 βaββ C:\WINDOWS\system32\zonedon.reg
2006-12-19 17:24 113 βaββ C:\WINDOWS\system32\zonedoff.reg
2006-12-19 17:15 241,152 βaββ C:\WINDOWS\system32\srrstr.dll
2006-12-19 16:54 26,112 βaββ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-19 16:54 <DIR> dβh-cβ C:\WINDOWS\$xpsp1hfm$
2006-12-18 10:59 <DIR> dβsβ- C:\DOCUME~1\LAURAM~1\UserData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-15 09:16 βββ dβsβ- C:\DOCUME~1\LAURAM~1\Application Data\microsoft
2007-01-15 08:22 βββ dβββ C:\Program Files\hp
2007-01-12 13:36 βββ dβββ C:\Program Files\messenger
2007-01-11 21:02 βββ dβββ C:\Program Files\movie maker
2007-01-11 20:58 βββ dβββ C:\Program Files\windows nt
2007-01-11 11:50 βββ dβββ C:\Program Files\pedevice
2007-01-11 11:50 βββ dβββ C:\Program Files\Common Files\companion wizard
2007-01-11 10:42 βββ dβsβ- C:\Program Files\Common Files\teknum systems
2007-01-11 08:13 βββ dβhββ C:\Program Files\installshield installation information
2007-01-09 09:00 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\mozilla
2007-01-08 15:02 βββ dβββ C:\Program Files\msn messenger
2007-01-04 14:17 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\adobe
2006-12-31 13:15 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\msn6
2006-12-07 17:02 2174976 βaββ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 15:53 βββ dβhββ C:\Program Files\windowsupdate
2006-12-02 18:27 βββ dβββ C:\DOCUME~1\LAURAM~1\Application Data\drivecleaner 2006 free
2006-11-27 18:16 0 -rahsβ- C:\MSDOS.SYS
2006-11-27 18:16 0 -rahsβ- C:\IO.SYS
2006-11-16 17:39 βββ dβββ C:\Program Files\Common Files\adobe
2006-11-13 12:42 90112 -raββ C:\WINDOWS\bwunin-6.1.0.145l.exe
2006-11-08 06:07 679424 βaββ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 βββ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 βββ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 βββ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 βaββ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 βaββ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 βββ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 βaββ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 βaββ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 βaββ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 βaββ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 βaββ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 βaββ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 βaββ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 βaββ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 βaββ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 βaββ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 βaββ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 βaββ C:\WINDOWS\system32\msxml4.dll
2006-10-20 02:39 714752 βaββ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:05 40960 βaββ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 βββ C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 βaββ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 βaββ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 βaββ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 βββ C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 βββ C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 βaββ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 βββ C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 βaββ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 βaββ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 βββ C:\WINDOWS\system32\ieapfltr.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMKeybd"
"hkey"="HKLM"
"command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivSurf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="backweb-4448364"
"hkey"="HKLM"
"command"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cleanall"
"hkey"="HKLM"
"command"="c:\\apps\\easydvd\\cleanall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dc6_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EM_EXEC"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ers_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igomnu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\GLOBAL\\Mnu\\igomnu.exe /S:T"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon Personal Firewall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PFWall"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\PC Firewall\\PFWall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="khooker"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\khooker.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vcsplay"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pdwpamt"
"hkey"="HKLM"
"command"="C:\\pdwpamt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Herinnering voor registratie 1.job
C:\WINDOWS\tasks\Herinnering voor registratie 2.job
C:\WINDOWS\tasks\Herinnering voor registratie 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - laura melchior.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
Completion time: 07-01-15 12:32:29
C:\ComboFix2.txt β¦ 07-01-14 19:43
Logfile of HijackThis v1.99.1
Scan saved at 12:39:06 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Ok je logje (wat er van over is) is schoon. Belangrijker, hoe is het met de problemen?
- Hij draait weer als een zonnetje en geen problemen meer!
Hartelijk dank voor je hulp, ook namens de eigenaar van de PC; het was even doorzetten maar dankzij jouw duidelijke instructies is het gelukt!
Heb alleen nog %SystemDrive% map op het bureaublad staan, weet niet hoe die daar gekomen is, maar stoort me verder niet en kan geen kwaad neem ik aan.
Groeten uit Drenthe en succes verder. - alle gebruikte tools kan je verwijderen hoor.
doe dit ook nog ff.
http://users.telenet.be/marcvn/spyware/1852808.htm
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
