Vraag & Antwoord
Hijackthis log advies graag
19 antwoorden
- Hieronder een logje van een PC van een kennis die vol zat met virussen en Trojaanse paarden etc. Heb gescanned met antivirus, adware, spybot etc.
Graag advies wat ik er nav het logje nog meer uit kan gooien.
Bij voorbaat dank.
Logfile of HijackThis v1.99.1
Scan saved at 3:22:30 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Download SDFix en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:31174f5753]
R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
[/b:31174f5753]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log - Geprobeerd wat je zei. SDFIX vliegt eruit zodra hij aan de Registry check wil beginnen en de PC reboot vanzelf. Dat deed hij de hele dag al als ik probeerde Winxp updates (er waren er 52 waarvan hij er 21 kon doen) en dan heb ik precies hetzelfde probleem; de PC reboot vanzelf zonder duidelijke aanleiding. Deed hij nog veel erger toen ik hem gisteravond binnen kreeg en nog vol zat met virussen etc.
Is een volledige reformat van C: en opnieuw installatie van Winxp etc. nu de enige uitweg?
Bedankt voor je duidelijke instructies en hoor graag je mening. - doe alleen het fixen van die regels en plaats een nieuw logje van HJT aub.
- Nieuwe log. 2 regels komen steeds terug; heb ze echt in veilige mode gefixed maar zodra ik SDFIX weer draai (die er nog steeds uitvliegt) zijn de regels weer terug…
Logfile of HijackThis v1.99.1
Scan saved at 10:42:02 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Vink deze regels weer aan en klik dan weer op fix checked
[b:1061db3c81]R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
[/b:1061db3c81]
Download en installeer [b:1061db3c81]AVG Anti-Spyware[/b:1061db3c81].[list:1061db3c81]
Na de installatie, open AVG Anti-Spyware:
* onder "[b:1061db3c81]Status[/b:1061db3c81]", klik op [b:1061db3c81]Change state[/b:1061db3c81] naast "Resident shield". (wijzig van active naar [b:1061db3c81]inactive[/b:1061db3c81]!)
* onder "[b:1061db3c81]Update[/b:1061db3c81]", klik op de [b:1061db3c81]Start update[/b:1061db3c81] knop.
* onder "[b:1061db3c81]Scanner[/b:1061db3c81]", tab "Settings":[list:1061db3c81]- onder "How to act?", klik op "[u:1061db3c81]Recommended actions[/u:1061db3c81]" en selecteer [b:1061db3c81]Quarantine[/b:1061db3c81]. ([b:1061db3c81]ZEER BELANGRIJK![/b:1061db3c81])
* onder "Reports", selecteer [b:1061db3c81]Automatically generate report after every scan[/b:1061db3c81] en [u:1061db3c81]verwijder[/u:1061db3c81] het vinkje bij [b:1061db3c81]Only if threats were found[/b:1061db3c81][/list:u:1061db3c81]
Sluit AVG Anti-Spyware. Laat het [b:1061db3c81]nog niet[/b:1061db3c81] scannen.[/list:u:1061db3c81]
Start op in veilige modus
Start [b:1061db3c81]AVG Anti-Spyware[/b:1061db3c81].[list:1061db3c81]* Klik op [b:1061db3c81]Scan[/b:1061db3c81] en kies [b:1061db3c81]Complete System Scan[/b:1061db3c81].
Na de scan; volg onderstaande instructies : - Ga het zsm doen. Moet vanmiddag/avond weg dus wordt wel morgen. Bedankt alvast. Je hoort nog.
- Alles gelukt. Hier is het rapport; toch nog aardig wat rommel gevonden. Ben benieuwd naar de volgende stap! Wederom hartelijk dank.
———————————————————
AVG Anti-Spyware - Scan Report
———————————————————
+ Created at: 12:23:37 AM 1/13/2007
+ Scan result:
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048476.dll -> Adware.Delfin : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038454.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048474.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038267.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038268.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038269.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038272.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038462.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038263.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038458.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048475.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048473.exe -> Hijacker.Agent.bt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038461.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038453.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038465.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038464.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038253.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038254.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038255.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038256.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038257.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038258.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038259.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038265.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038266.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038270.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048477.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038271.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).
::Report end - Doe de scan nogmaals en laat nu verwijderen wat het vind en leeg ook de quarantine box aub.
start opnieuw op en plaats een nieuw HJT logje en vertel eens of je problemen al over zijn. - Opnieuw gescanned in veilige modus met AVG-antispyware, niets gevonden en quarantine leeggemaakt. HJT log hieronder is ook gemaakt in veilige modus omdat PC in normale startup erg onstabiel is (erger dan voorheen heb ik de indruk). Krijg regelmatig de boodschap:
C:\windows\system32\services.exe onverwacht gestopt met servicecode 10737441819. Het systeem wordt dan afgesloten na een minuut of zo en start opnieuw. Ook herstart het systeem te pas en te onpas zonder deze melding. Heb de indruk dat in veilige modus (met netwerk) het minder of niet gebeurt. Zal hem vandaag enkele uren in die opstartmodus laten staan om te zien of mijn vermoeden juist is. Zit zelf te denken aan een instabiel hardware onderdeel maar heb geen idee welke (moederboard misschien??)
Logfile of HijackThis v1.99.1
Scan saved at 9:11:09 AM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Wil je dit eens proberen uit te voeren aub.
Download [b:7245ed8052]Combofix[/b:7245ed8052] naar je Bureaublad.[list:7245ed8052]
Dubbelklik [b:7245ed8052]Combofix.exe[/b:7245ed8052]
Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
Tijdens het runnen van de fix, [b:7245ed8052]NIET[/b:7245ed8052] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:7245ed8052]
Wanneer de fix voltooid is en na herstart, zal de log [b:7245ed8052]combofix.txt[/b:7245ed8052] openen.
[i:7245ed8052]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:7245ed8052]
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - Bedankt voor je reactie. Heb gisteravond wat gezocht op code 1073741819 en heb het volgende gedaan:
1. Avenger gerund met script:
Unload Driver
pe386
Was succesvol, heb logfile niet meer.
2. Combofix gerund; zie logfile hieronder.
PC liep weer in gewone mode maar wel heel traag. Process SVCHOST.EXE van SYSTEM nam 80% of meer van de CPU.
Vanmorgen een aantal programma's eraf gegooid; inclusief AVG virusscanner en spyware. PC loopt nu goed maar wel in gevaarlijke modus: Geen Firewall (Windows Firewall wil niet starten) en geen Antivirus. Was van plan NORMAN erop te zetten vandaag.
Zojuist nieuw HJT gerund; zie hieronder. Nogmaals bedankt.
"laura melchior" - 07-01-14 19:40:21 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{380EE~1
C:\Program Files\Common Files\{380EE~2
C:\Program Files\Common Files\{880EE~1
C:\Program Files\Common Files\{880EE~2
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\PPPATC~1
C:\qoobox\purity\WINDOWS\DOBE~1
C:\qoobox\purity\WINDOWS\system32\ASKS~1
C:\qoobox\purity\WINDOWS\system32\RACLE~1
C:\qoobox\purity\WINDOWS\system32\ASKS~1\?hkntfs.exe
C:\qoobox\purity\WINDOWS\system32\RACLE~1\?racle
((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))
2007-01-14 19:28 <DIR> d——– C:\avenger
2007-01-14 11:05 <DIR> d——– C:\Program Files\Uniblue
2007-01-14 11:05 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Uniblue
2007-01-12 16:16 3,968 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-11 21:12 <DIR> d——– C:\SDFix
2007-01-11 21:03 <DIR> dr-h—– C:\$VAULT$.AVG
2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\AVG7
2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-11 21:02 <DIR> d——– C:\Program Files\Grisoft
2007-01-11 20:56 <DIR> d——– C:\WINDOWS\ServicePackFiles
2007-01-11 19:36 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
2007-01-11 19:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-11 18:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-11 17:28 82,432 -ra—— C:\WINDOWS\system32\MSXML4r.dll
2007-01-11 17:28 1,230,336 -ra—— C:\WINDOWS\system32\MSXML4.dll
2007-01-11 15:46 <DIR> dr-h—– C:\DOCUME~1\LAURAM~1\Onlangs geopend
2007-01-11 15:19 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2007-01-11 12:32 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Bureaublad
2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\WINDOWS
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\InterTrust
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-01-11 10:16 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-11 08:58 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Lavasoft
2007-01-11 07:43 <DIR> d——– C:\WINDOWS\pss
2007-01-10 21:43 <DIR> d——– C:\Program Files\Yahoo!
2007-01-10 21:43 <DIR> d——– C:\Program Files\CCleaner
2007-01-09 09:31 816,672 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-09 09:31 4,960 –a—— C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-09 09:31 4,224 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-09 09:31 3,968 –a—— C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-09 09:31 28,416 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-09 09:31 18,240 –a—— C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-09 09:31 110,592 –a—— C:\WINDOWS\system32\avgfwafu.dll
2007-01-09 08:32 <DIR> d–h—– C:\WINDOWS\$hf_mig$
2007-01-09 08:32 <DIR> d——– C:\WINDOWS\system32\PreInstall
2007-01-08 14:50 <DIR> d——– C:\DOCUME~1\LOCALS~1\Menu Start
2007-01-08 14:47 <DIR> d——– C:\WINDOWS\Prefetch
2007-01-08 14:20 <DIR> d——– C:\WINDOWS\provisioning
2007-01-08 14:20 <DIR> d——– C:\WINDOWS\peernet
2007-01-08 14:08 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2007-01-08 14:02 999,936 –a—— C:\WINDOWS\system32\setupapi.dll
2007-01-08 14:02 993,280 –a—— C:\WINDOWS\system32\syssetup.dll
2007-01-08 14:02 98,304 –a—— C:\WINDOWS\system32\scardsvr.exe
2007-01-08 14:02 96,768 –a—— C:\WINDOWS\system32\srvsvc.dll
2007-01-08 14:02 95,360 –a—— C:\WINDOWS\system32\drivers\atapi.sys
2007-01-08 14:02 92,160 –a—— C:\WINDOWS\system32\ntprint.dll
2007-01-08 14:02 92,032 –a—— C:\WINDOWS\system32\drivers\ksecdd.sys
2007-01-08 14:02 91,776 –a—— C:\WINDOWS\system32\drivers\ndiswan.sys
2007-01-08 14:02 89,088 –a—— C:\WINDOWS\system32\rasauto.dll
2007-01-08 14:02 88,448 –a—— C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-01-08 14:02 800,000 –a—— C:\WINDOWS\system32\drivers\dmboot.sys
2007-01-08 14:02 80,384 –a—— C:\WINDOWS\system32\drivers\parport.sys
2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\ntlsapi.dll
2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\drivers\i2omgmt.sys
2007-01-08 14:02 76,800 –a—— C:\WINDOWS\system32\nslookup.exe
2007-01-08 14:02 75,264 –a—— C:\WINDOWS\system32\locator.exe
2007-01-08 14:02 74,752 –a—— C:\WINDOWS\system32\drivers\ipsec.sys
2007-01-08 14:02 729,088 –a—— C:\WINDOWS\system32\ntdll.dll
2007-01-08 14:02 727,040 –a—— C:\WINDOWS\system32\lsasrv.dll
2007-01-08 14:02 71,552 –a—— C:\WINDOWS\system32\drivers\bridge.sys
2007-01-08 14:02 71,040 –a—— C:\WINDOWS\system32\drivers\dxg.sys
2007-01-08 14:02 7,552 –a—— C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-08 14:02 69,120 –a—— C:\WINDOWS\system32\drivers\psched.sys
2007-01-08 14:02 684,032 –a—— C:\WINDOWS\system32\advapi32.dll
2007-01-08 14:02 68,224 –a—— C:\WINDOWS\system32\drivers\pci.sys
2007-01-08 14:02 676,864 –a—— C:\WINDOWS\system32\rasdlg.dll
2007-01-08 14:02 64,000 –a—— C:\WINDOWS\system32\samlib.dll
2007-01-08 14:02 632,832 –a—— C:\WINDOWS\system32\autoconv.exe
2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\mf.sys
2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\cdfs.sys
2007-01-08 14:02 619,008 –a—— C:\WINDOWS\system32\autochk.exe
2007-01-08 14:02 611,328 –a—— C:\WINDOWS\system32\comctl32.dll
2007-01-08 14:02 61,824 –a—— C:\WINDOWS\system32\drivers\nic1394.sys
2007-01-08 14:02 61,440 –a—— C:\WINDOWS\system32\rasman.dll
2007-01-08 14:02 60,800 –a—— C:\WINDOWS\system32\drivers\arp1394.sys
2007-01-08 14:02 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
2007-01-08 14:02 59,904 –a—— C:\WINDOWS\system32\drivers\atmarpc.sys
2007-01-08 14:02 58,880 –a—— C:\WINDOWS\system32\rastapi.dll
2007-01-08 14:02 574,592 –a—— C:\WINDOWS\system32\drivers\ntfs.sys
2007-01-08 14:02 572,928 –a—— C:\WINDOWS\system32\printui.dll
2007-01-08 14:02 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
2007-01-08 14:02 553,472 –a—— C:\WINDOWS\system32\oleaut32.dll
2007-01-08 14:02 55,936 –a—— C:\WINDOWS\system32\drivers\atmlane.sys
2007-01-08 14:02 53,760 –a—— C:\WINDOWS\system32\drivers\i8042prt.sys
2007-01-08 14:02 52,864 –a—— C:\WINDOWS\system32\drivers\dmusic.sys
2007-01-08 14:02 51,328 –a—— C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-01-08 14:02 50,688 –a—— C:\WINDOWS\system32\smss.exe
2007-01-08 14:02 5,632 –a—— C:\WINDOWS\system32\drivers\intelide.sys
2007-01-08 14:02 5,376 –a—— C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-08 14:02 49,664 –a—— C:\WINDOWS\system32\drivers\classpnp.sys
2007-01-08 14:02 49,536 –a—— C:\WINDOWS\system32\drivers\cdrom.sys
2007-01-08 14:02 48,384 –a—— C:\WINDOWS\system32\drivers\raspptp.sys
2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\tcpmonui.dll
2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\drivers\p3.sys
2007-01-08 14:02 453,120 –a—— C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-01-08 14:02 45,056 –a—— C:\WINDOWS\system32\ftp.exe
2007-01-08 14:02 429,056 –a—— C:\WINDOWS\system32\samsrv.dll
2007-01-08 14:02 420,864 –a—— C:\WINDOWS\system32\ntvdm.exe
2007-01-08 14:02 42,240 –a—— C:\WINDOWS\system32\drivers\mountmgr.sys
2007-01-08 14:02 41,856 –a—— C:\WINDOWS\system32\drivers\imapi.sys
2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\perfctrs.dll
2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\drivers\raspppoe.sys
2007-01-08 14:02 41,088 –a—— C:\WINDOWS\system32\drivers\amdk6.sys
2007-01-08 14:02 40,576 –a—— C:\WINDOWS\system32\drivers\crusoe.sys
2007-01-08 14:02 40,448 –a—— C:\WINDOWS\system32\rshx32.dll
2007-01-08 14:02 40,320 –a—— C:\WINDOWS\system32\drivers\nmnt.sys
2007-01-08 14:02 4,992 –a—— C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-08 14:02 399,360 –a—— C:\WINDOWS\system32\cmd.exe
2007-01-08 14:02 39,424 –a—— C:\WINDOWS\system32\drivers\processr.sys
2007-01-08 14:02 36,352 –a—— C:\WINDOWS\system32\drivers\disk.sys
2007-01-08 14:02 36,224 –a—— C:\WINDOWS\system32\drivers\hidclass.sys
2007-01-08 14:02 35,072 –a—— C:\WINDOWS\system32\drivers\msgpc.sys
2007-01-08 14:02 343,040 –a—— C:\WINDOWS\system32\localspl.dll
2007-01-08 14:02 34,560 –a—— C:\WINDOWS\system32\drivers\netbios.sys
2007-01-08 14:02 33,792 –a—— C:\WINDOWS\system32\msgsvc.dll
2007-01-08 14:02 32,768 –a—— C:\WINDOWS\system32\csrsrv.dll
2007-01-08 14:02 316,416 –a—— C:\WINDOWS\system32\untfs.dll
2007-01-08 14:02 305,664 –a—— C:\WINDOWS\system32\ulib.dll
2007-01-08 14:02 30,848 –a—— C:\WINDOWS\system32\drivers\npfs.sys
2007-01-08 14:02 30,336 –a—— C:\WINDOWS\system32\drivers\modem.sys
2007-01-08 14:02 281,088 –a—— C:\WINDOWS\system32\comdlg32.dll
2007-01-08 14:02 27,392 –a—— C:\WINDOWS\system32\drivers\fdc.sys
2007-01-08 14:02 25,216 –a—— C:\WINDOWS\system32\drivers\kbdclass.sys
2007-01-08 14:02 25,088 –a—— C:\WINDOWS\system32\drivers\pciidex.sys
2007-01-08 14:02 24,960 –a—— C:\WINDOWS\system32\drivers\hidparse.sys
2007-01-08 14:02 24,576 –a—— C:\WINDOWS\system32\userinit.exe
2007-01-08 14:02 236,544 –a—— C:\WINDOWS\system32\rasapi32.dll
2007-01-08 14:02 23,552 –a—— C:\WINDOWS\system32\drivers\mouclass.sys
2007-01-08 14:02 20,992 –a—— C:\WINDOWS\system32\drivers\ipinip.sys
2007-01-08 14:02 20,480 –a—— C:\WINDOWS\system32\drivers\flpydisk.sys
2007-01-08 14:02 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-08 14:02 196,864 –a—— C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-08 14:02 19,072 –a—— C:\WINDOWS\system32\drivers\msfs.sys
2007-01-08 14:02 188,544 –a—— C:\WINDOWS\system32\drivers\acpi.sys
2007-01-08 14:02 182,912 –a—— C:\WINDOWS\system32\drivers\ndis.sys
2007-01-08 14:02 181,248 –a—— C:\WINDOWS\system32\drivers\mrxdav.sys
2007-01-08 14:02 18,560 –a—— C:\WINDOWS\system32\drivers\i2omp.sys
2007-01-08 14:02 174,592 –a—— C:\WINDOWS\system32\drivers\rdbss.sys
2007-01-08 14:02 171,776 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-08 14:02 162,816 –a—— C:\WINDOWS\system32\drivers\netbt.sys
2007-01-08 14:02 153,856 –a—— C:\WINDOWS\system32\drivers\dmio.sys
2007-01-08 14:02 146,432 –a—— C:\WINDOWS\system32\nwprovau.dll
2007-01-08 14:02 145,792 –a—— C:\WINDOWS\system32\drivers\portcls.sys
2007-01-08 14:02 144,896 –a—— C:\WINDOWS\system32\schannel.dll
2007-01-08 14:02 144,384 –a—— C:\WINDOWS\system32\imagehlp.dll
2007-01-08 14:02 143,360 –a—— C:\WINDOWS\system32\drivers\fastfat.sys
2007-01-08 14:02 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
2007-01-08 14:02 142,336 –a—— C:\WINDOWS\system32\sessmgr.exe
2007-01-08 14:02 140,928 –a—— C:\WINDOWS\system32\drivers\ks.sys
2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\mgmtapi.dll
2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-08 14:02 14,336 –a—— C:\WINDOWS\system32\drivers\asyncmac.sys
2007-01-08 14:02 14,208 –a—— C:\WINDOWS\system32\drivers\diskdump.sys
2007-01-08 14:02 139,528 –a—— C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-08 14:02 138,496 –a—— C:\WINDOWS\system32\drivers\afd.sys
2007-01-08 14:02 134,912 –a—— C:\WINDOWS\system32\drivers\ipnat.sys
2007-01-08 14:02 132,096 –a—— C:\WINDOWS\system32\wkssvc.dll
2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\savedump.exe
2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\lmhsvc.dll
2007-01-08 14:02 129,536 –a—— C:\WINDOWS\system32\msv1_0.dll
2007-01-08 14:02 120,320 –a—— C:\WINDOWS\system32\drivers\pcmcia.sys
2007-01-08 14:02 12,928 –a—— C:\WINDOWS\system32\drivers\ndisuio.sys
2007-01-08 14:02 11,264 –a—— C:\WINDOWS\system32\drivers\irenum.sys
2007-01-08 14:02 108,544 –a—— C:\WINDOWS\system32\services.exe
2007-01-08 14:02 107,904 –a—— C:\WINDOWS\system32\drivers\mup.sys
2007-01-08 14:02 102,400 –a—— C:\WINDOWS\system32\win32spl.dll
2007-01-08 14:02 10,624 –a—— C:\WINDOWS\system32\drivers\gameenum.sys
2007-01-08 14:02 1,839,616 –a—— C:\WINDOWS\system32\win32k.sys
2007-01-08 14:01 96,256 –a—— C:\WINDOWS\system32\drivers\scsiport.sys
2007-01-08 14:01 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-08 14:01 79,744 –a—— C:\WINDOWS\system32\drivers\videoprt.sys
2007-01-08 14:01 73,472 –a—— C:\WINDOWS\system32\drivers\sr.sys
2007-01-08 14:01 66,176 –a—— C:\WINDOWS\system32\drivers\udfs.sys
2007-01-08 14:01 65,920 –a—— C:\WINDOWS\system32\drivers\serial.sys
2007-01-08 14:01 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-08 14:01 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
2007-01-08 14:01 57,600 –a—— C:\WINDOWS\system32\drivers\usbhub.sys
2007-01-08 14:01 53,632 –a—— C:\WINDOWS\system32\drivers\volsnap.sys
2007-01-08 14:01 5,376 –a—— C:\WINDOWS\system32\drivers\viaide.sys
2007-01-08 14:01 48,640 –a—— C:\WINDOWS\system32\drivers\stream.sys
2007-01-08 14:01 40,840 –a—— C:\WINDOWS\system32\drivers\termdd.sys
2007-01-08 14:01 4,352 –a—— C:\WINDOWS\system32\drivers\swenum.sys
2007-01-08 14:01 359,808 –a—— C:\WINDOWS\system32\drivers\tcpip.sys
2007-01-08 14:01 34,560 –a—— C:\WINDOWS\system32\drivers\wanarp.sys
2007-01-08 14:01 336,256 –a—— C:\WINDOWS\system32\drivers\srv.sys
2007-01-08 14:01 31,616 –a—— C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-08 14:01 30,080 –a—— C:\WINDOWS\system32\drivers\rndismp.sys
2007-01-08 14:01 25,472 –a—— C:\WINDOWS\system32\drivers\sonydcam.sys
2007-01-08 14:01 223,616 –a—— C:\WINDOWS\system32\drivers\tcpip6.sys
2007-01-08 14:01 21,896 –a—— C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-08 14:01 209,408 –a—— C:\WINDOWS\system32\drivers\update.sys
2007-01-08 14:01 20,992 –a—— C:\WINDOWS\system32\drivers\vga.sys
2007-01-08 14:01 18,560 –a—— C:\WINDOWS\system32\drivers\tdi.sys
2007-01-08 14:01 17,024 –a—— C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-08 14:01 16,000 –a—— C:\WINDOWS\system32\drivers\usbintel.sys
2007-01-08 14:01 15,488 –a—— C:\WINDOWS\system32\drivers\serenum.sys
2007-01-08 14:01 142,976 –a—— C:\WINDOWS\system32\drivers\usbport.sys
2007-01-08 14:01 14,976 –a—— C:\WINDOWS\system32\drivers\tape.sys
2007-01-08 14:01 12,672 –a—— C:\WINDOWS\system32\drivers\usb8023.sys
2007-01-08 14:01 12,040 –a—— C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-08 14:01 11,392 –a—— C:\WINDOWS\system32\drivers\sfloppy.sys
2007-01-08 09:40 <DIR> d——– C:\WINDOWS\McAfee.com
2007-01-08 08:38 493,440 –a—— C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-01-08 08:38 402,432 –a—— C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-01-05 13:32 <DIR> d——– C:\Bdienst
2007-01-05 12:53 50,176 ——— C:\WINDOWS\system32\xmlprovi.dll
2007-01-05 12:53 129,536 ——— C:\WINDOWS\system32\xmlprov.dll
2007-01-05 12:52 937,984 ——— C:\WINDOWS\system32\winbrand.dll
2007-01-05 12:52 896,512 ——— C:\WINDOWS\system32\wmspdmoe.dll
2007-01-05 12:52 81,408 ——— C:\WINDOWS\system32\wscsvc.dll
2007-01-05 12:52 484,864 ——— C:\WINDOWS\system32\wmspdmod.dll
2007-01-05 12:52 25,471 ——— C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-05 12:52 233,472 ——— C:\WINDOWS\system32\wmpdxm.dll
2007-01-05 12:52 22,271 ——— C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-05 12:52 189,952 ——— C:\WINDOWS\system32\wmerror.dll
2007-01-05 12:52 17,408 ——— C:\WINDOWS\system32\winshfhc.dll
2007-01-05 12:52 151,552 ——— C:\WINDOWS\system32\wmidx.dll
2007-01-05 12:52 13,824 ——— C:\WINDOWS\system32\wscntfy.exe
2007-01-05 12:52 114,688 ——— C:\WINDOWS\system32\wmpasf.dll
2007-01-05 12:52 11,935 ——— C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-05 12:52 11,871 ——— C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-05 12:52 11,807 ——— C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-05 12:52 11,295 ——— C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-05 12:52 108,032 ——— C:\WINDOWS\system32\wshbth.dll
2007-01-05 12:52 1,119,744 ——— C:\WINDOWS\system32\wmsdmoe2.dll
2007-01-05 12:52 1,001,472 ——— C:\WINDOWS\system32\wmvdmoe2.dll
2007-01-05 12:51 78,464 ——— C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-05 12:51 75,776 ——— C:\WINDOWS\system32\strmfilt.dll
2007-01-05 12:51 44,672 ——— C:\WINDOWS\system32\drivers\uagp35.sys
2007-01-05 12:51 44,032 ——— C:\WINDOWS\system32\twext.dll
2007-01-05 12:51 26,624 ——— C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-05 12:51 21,504 ——— C:\WINDOWS\system32\spupdwxp.exe
2007-01-05 12:51 2,962,432 ——— C:\WINDOWS\system32\xpsp2res.dll
2007-01-05 12:51 196,096 ——— C:\WINDOWS\system32\xpsp1res.dll
2007-01-05 12:51 15,872 ——— C:\WINDOWS\system32\w3ssl.dll
2007-01-05 12:51 13,568 ——— C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-05 12:51 12,672 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-05 12:51 12,416 ——— C:\WINDOWS\system32\drivers\tunmp.sys
2007-01-05 12:51 11,776 ——— C:\WINDOWS\system32\spnpinst.exe
2007-01-05 12:51 11,325 ——— C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-05 12:50 9,728 ——— C:\WINDOWS\system32\proxycfg.exe
2007-01-05 12:50 88,064 ——— C:\WINDOWS\system32\p2pnetsh.dll
2007-01-05 12:50 86,016 ——— C:\WINDOWS\system32\p2pgasvc.dll
2007-01-05 12:50 8,192 ——— C:\WINDOWS\system32\smbinst.exe
2007-01-05 12:50 73,832 ——— C:\WINDOWS\system32\slcoinst.dll
2007-01-05 12:50 67,584 ——— C:\WINDOWS\system32\drivers\sdbus.sys
2007-01-05 12:50 6,016 ——— C:\WINDOWS\system32\drivers\smbali.sys
2007-01-05 12:50 59,648 ——— C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-05 12:50 526,848 ——— C:\WINDOWS\system32\p2psvc.dll
2007-01-05 12:50 49,152 ——— C:\WINDOWS\system32\powercfg.exe
2007-01-05 12:50 48,640 ——— C:\WINDOWS\system32\pnrpnsp.dll
2007-01-05 12:50 397,056 ——— C:\WINDOWS\system32\s3gnb.dll
2007-01-05 12:50 32,866 ——— C:\WINDOWS\system32\slrundll.exe
2007-01-05 12:50 32,866 ——— C:\WINDOWS\slrundll.exe
2007-01-05 12:50 312,320 ——— C:\WINDOWS\system32\p2pgraph.dll
2007-01-05 12:50 30,080 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-05 12:50 3,901 ——— C:\WINDOWS\system32\drivers\siint5.dll
2007-01-05 12:50 29,184 ——— C:\WINDOWS\system32\sdhcinst.dll
2007-01-05 12:50 270,848 ——— C:\WINDOWS\system32\sbe.dll
2007-01-05 12:50 188,508 ——— C:\WINDOWS\system32\slgen.dll
2007-01-05 12:50 166,912 ——— C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-05 12:50 159,232 ——— C:\WINDOWS\system32\sbeio.dll
2007-01-05 12:50 13,776 ——— C:\WINDOWS\system32\drivers\recagent.sys
2007-01-05 12:50 129,535 ——— C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-05 12:50 116,224 ——— C:\WINDOWS\system32\p2p.dll
2007-01-05 12:50 11,136 ——— C:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-05 12:50 10,240 ——— C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-05 12:49 52,736 ——— C:\WINDOWS\system32\mspmsnsv.dll
2007-01-05 12:49 452,736 ——— C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-05 12:49 4,274,816 ——— C:\WINDOWS\system32\nv4_disp.dll
2007-01-05 12:49 15,488 ——— C:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-05 12:49 134,656 ——— C:\WINDOWS\system32\mssap.dll
2007-01-05 12:49 12,672 ——— C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-05 12:49 1,897,408 ——— C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-05 12:49 1,737,856 ——— C:\WINDOWS\system32\mtxparhd.dll
2007-01-05 12:48 537,088 ——— C:\WINDOWS\system32\msftedit.dll
2007-01-05 12:48 384,512 ——— C:\WINDOWS\system32\mp4sdmod.dll
2007-01-05 12:48 310,272 ——— C:\WINDOWS\system32\mp43dmod.dll
2007-01-05 12:48 118,784 ——— C:\WINDOWS\system32\msdadiag.dll
2007-01-05 12:47 86,016 ——— C:\WINDOWS\system32\mdmxsdk.dll
2007-01-05 12:47 61,440 ——— C:\WINDOWS\system32\logman.exe
2007-01-05 12:47 11,868 ——— C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-05 12:46 81,920 ——— C:\WINDOWS\system32\ieencode.dll
2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsno.dll
2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsfi.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdukx.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdno1.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdfi1.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\hccoin.dll
2007-01-05 12:46 685,056 ——— C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-05 12:46 60,416 ——— C:\WINDOWS\system32\fwcfg.dll
2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinmal.dll
2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinben.dll
2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt48.dll
2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt47.dll
2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdinbe1.dll
2007-01-05 12:46 5,632 ——— C:\WINDOWS\system32\kbdmaori.dll
2007-01-05 12:46 46,464 ——— C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-05 12:46 40,192 ——— C:\WINDOWS\system32\drivers\intelppm.sys
2007-01-05 12:46 32,285 ——— C:\WINDOWS\system32\hsfcisp2.dll
2007-01-05 12:46 29,056 ——— C:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-05 12:46 262,784 ——— C:\WINDOWS\system32\drivers\http.sys
2007-01-05 12:46 25,728 ——— C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-05 12:46 24,576 ——— C:\WINDOWS\system32\httpapi.dll
2007-01-05 12:46 220,032 ——— C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-05 12:46 22,528 ——— C:\WINDOWS\system32\fltmc.exe
2007-01-05 12:46 20,992 ——— C:\WINDOWS\system32\faxpatch.exe
2007-01-05 12:46 193,024 ——— C:\WINDOWS\system32\fsquirt.exe
2007-01-05 12:46 16,896 ——— C:\WINDOWS\system32\fltlib.dll
2007-01-05 12:46 15,104 ——— C:\WINDOWS\system32\drivers\hidir.sys
2007-01-05 12:46 124,800 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-05 12:46 1,041,536 ——— C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-05 12:45 71,680 ——— C:\WINDOWS\system32\blastcln.exe
2007-01-05 12:45 50,688 ——— C:\WINDOWS\system32\btpanui.dll
2007-01-05 12:45 4,096 ——— C:\WINDOWS\system32\dsprpres.dll
2007-01-05 12:45 38,016 ——— C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-05 12:45 35,456 ——— C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-05 12:45 30,208 ——— C:\WINDOWS\system32\bthserv.dll
2007-01-05 12:45 274,816 ——— C:\WINDOWS\system32\drivers\bthport.sys
2007-01-05 12:45 25,471 ——— C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-05 12:45 20,992 ——— C:\WINDOWS\system32\bthci.dll
2007-01-05 12:45 20,480 ——— C:\WINDOWS\system32\encapi.dll
2007-01-05 12:45 2,113,536 ——— C:\WINDOWS\system32\dxdiagn.dll
2007-01-05 12:45 186,368 ——— C:\WINDOWS\system32\encdec.dll
2007-01-05 12:45 18,944 ——— C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-05 12:45 17,279 ——— C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-05 12:45 17,024 ——— C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-05 12:45 15,423 ——— C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-05 12:45 14,336 ——— C:\WINDOWS\system32\auditusr.exe
2007-01-05 12:45 14,143 ——— C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-05 12:45 13,824 ——— C:\WINDOWS\system32\cmsetacl.dll
2007-01-05 12:45 100,992 ——— C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-05 12:45 1,689,088 ——— C:\WINDOWS\system32\d3d9.dll
2007-01-05 12:44 870,784 ——— C:\WINDOWS\system32\ati3d1ag.dll
2007-01-05 12:44 73,216 ——— C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-05 12:44 701,440 ——— C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-05 12:44 63,663 ——— C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-05 12:44 63,488 ——— C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-05 12:44 57,856 ——— C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-05 12:44 56,623 ——— C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-05 12:44 52,224 ——— C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-05 12:44 516,768 ——— C:\WINDOWS\system32\ativvaxx.dll
2007-01-05 12:44 41,472 ——— C:\WINDOWS\system32\drivers\amdk7.sys
2007-01-05 12:44 4,255 ——— C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-05 12:44 377,984 ——— C:\WINDOWS\system32\ati2dvaa.dll
2007-01-05 12:44 36,463 ——— C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-05 12:44 34,735 ——— C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-05 12:44 327,168 ——— C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-05 12:44 32,768 ——— C:\WINDOWS\system32\ativtmxx.dll
2007-01-05 12:44 31,744 ——— C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-05 12:44 30,671 ——— C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-05 12:44 3,967 ——— C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-05 12:44 3,775 ——— C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-05 12:44 3,711 ——— C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-05 12:44 3,647 ——— C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-05 12:44 3,615 ——— C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-05 12:44 3,135 ——— C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-05 12:44 29,455 ——— C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-05 12:44 28,672 ——— C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-05 12:44 26,367 ——— C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-05 12:44 229,376 ——— C:\WINDOWS\system32\ati2cqag.dll
2007-01-05 12:44 21,343 ——— C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-05 12:44 21,183 ——— C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-05 12:44 201,728 ——— C:\WINDOWS\system32\ati2dvag.dll
2007-01-05 12:44 14,336 ——— C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-05 12:44 12,047 ——— C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-05 12:44 11,615 ——— C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-05 12:44 11,359 ——— C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-05 12:44 104,960 ——— C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-05 12:44 1,888,992 ——— C:\WINDOWS\system32\ati3duag.dll
2007-01-05 10:59 178,408 –a—— C:\WINDOWS\system32\muweb.dll
2007-01-05 10:59 128,232 –a—— C:\WINDOWS\system32\mucltui.dll
2007-01-04 14:49 <DIR> d——– C:\DOCUME~1\LAURAM~1\Contacts
2007-01-04 14:48 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2007-01-04 14:47 <DIR> d——– C:\Program Files\Windows Live Toolbar
2007-01-04 14:45 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
2006-12-29 16:59 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\AdobeUM
2006-12-29 16:43 <DIR> d——– C:\Program Files\Mozilla Firefox
2006-12-29 16:42 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2006-12-29 16:38 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-29 16:38 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-29 16:38 <DIR> d——– C:\Program Files\Picasa2
2006-12-29 16:38 <DIR> d——– C:\Program Files\Lavasoft
2006-12-29 14:07 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Google
2006-12-29 14:01 <DIR> d——– C:\Program Files\Google
2006-12-29 14:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Google
2006-12-25 11:01 <DIR> d——– C:\WINDOWS\EHome
2006-12-19 17:39 956,416 –a—— C:\WINDOWS\system32\msdtctm.dll
2006-12-19 17:39 91,136 –a—— C:\WINDOWS\system32\mtxoci.dll
2006-12-19 17:39 66,560 –a—— C:\WINDOWS\system32\mtxclu.dll
2006-12-19 17:39 628,224 –a—— C:\WINDOWS\system32\catsrvut(2).dll
2006-12-19 17:39 625,152 –a—— C:\WINDOWS\system32\catsrvut.dll
2006-12-19 17:39 62,464 –a—— C:\WINDOWS\system32\colbact(3).dll
2006-12-19 17:39 60,416 –a—— C:\WINDOWS\system32\colbact.dll
2006-12-19 17:39 581,120 –a—— C:\WINDOWS\system32\rpcrt4.dll
2006-12-19 17:39 540,160 –a—— C:\WINDOWS\system32\comuid.dll
2006-12-19 17:39 426,496 –a—— C:\WINDOWS\system32\msdtcprx.dll
2006-12-19 17:39 397,824 –a—— C:\WINDOWS\system32\rpcss.dll
2006-12-19 17:39 395,776 –a—— C:\WINDOWS\system32\rpcss(3).dll
2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es.dll
2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es(3).dll
2006-12-19 17:39 229,888 –a—— C:\WINDOWS\system32\catsrv(2).dll
2006-12-19 17:39 225,792 –a—— C:\WINDOWS\system32\catsrv.dll
2006-12-19 17:39 161,280 –a—— C:\WINDOWS\system32\msdtcuiu.dll
2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex.dll
2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex(2).dll
2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog.dll
2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog(2).dll
2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32.dll
2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32(3).dll
2006-12-19 17:39 1,267,200 –a—— C:\WINDOWS\system32\comsvcs.dll
2006-12-19 17:38 77,312 –a—— C:\WINDOWS\system32\browser.dll
2006-12-19 17:38 614,912 –a—— C:\WINDOWS\system32\h323msp.dll
2006-12-19 17:38 39,936 –a—— C:\WINDOWS\system32\mf3216.dll
2006-12-19 17:37 332,288 –a—— C:\WINDOWS\system32\ipnathlp.dll
2006-12-19 17:25 46,352 –a—— C:\WINDOWS\setdebug.exe
2006-12-19 17:25 313,856 –a—— C:\WINDOWS\system32\dx3j.dll
2006-12-19 17:25 171,280 –a—— C:\WINDOWS\system32\jit.dll
2006-12-19 17:25 139,536 –a—— C:\WINDOWS\system32\javaee.dll
2006-12-19 17:24 947,472 –a—— C:\WINDOWS\system32\msjava.dll
2006-12-19 17:24 63,248 –a—— C:\WINDOWS\system32\javaprxy.dll
2006-12-19 17:24 49,424 –a—— C:\WINDOWS\system32\clspack.exe
2006-12-19 17:24 404,752 –a—— C:\WINDOWS\system32\javart.dll
2006-12-19 17:24 286,992 –a—— C:\WINDOWS\system32\vmhelper.dll
2006-12-19 17:24 21,264 –a—— C:\WINDOWS\system32\msjdbc10.dll
2006-12-19 17:24 187,152 –a—— C:\WINDOWS\system32\javacypt.dll
2006-12-19 17:24 172,304 –a—— C:\WINDOWS\system32\jview.exe
2006-12-19 17:24 171,792 –a—— C:\WINDOWS\system32\wjview.exe
2006-12-19 17:24 154,384 –a—— C:\WINDOWS\system32\msawt.dll
2006-12-19 17:24 15,120 –a—— C:\WINDOWS\system32\jdbgmgr.exe
2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedon.reg
2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedoff.reg
2006-12-19 17:15 241,152 –a—— C:\WINDOWS\system32\srrstr.dll
2006-12-19 16:54 26,112 –a—— C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-19 16:54 <DIR> d–h-c— C:\WINDOWS\$xpsp1hfm$
2006-12-18 10:59 <DIR> d—s—- C:\DOCUME~1\LAURAM~1\UserData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-12 13:36 ——– d——– C:\Program Files\messenger
2007-01-11 21:02 ——– d——– C:\Program Files\movie maker
2007-01-11 20:58 ——– d——– C:\Program Files\windows nt
2007-01-11 18:52 ——– d—s—- C:\DOCUME~1\LAURAM~1\Application Data\microsoft
2007-01-11 17:30 ——– d——– C:\Program Files\hp
2007-01-11 11:50 ——– d——– C:\Program Files\pedevice
2007-01-11 11:50 ——– d——– C:\Program Files\Common Files\companion wizard
2007-01-11 10:42 ——– d—s—- C:\Program Files\Common Files\teknum systems
2007-01-11 08:13 ——– d–h—– C:\Program Files\installshield installation information
2007-01-09 09:00 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\mozilla
2007-01-08 16:18 69682 –a—— C:\WINDOWS\system32\lzx32.sys
2007-01-08 15:02 ——– d——– C:\Program Files\msn messenger
2007-01-04 14:17 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\adobe
2006-12-31 13:15 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\msn6
2006-12-06 15:53 ——– d–h—– C:\Program Files\windowsupdate
2006-12-02 18:27 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\drivecleaner 2006 free
2006-11-27 18:16 0 -rahs—- C:\MSDOS.SYS
2006-11-27 18:16 0 -rahs—- C:\IO.SYS
2006-11-16 17:39 ——– d——– C:\Program Files\Common Files\adobe
2006-11-14 19:40 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\help
2006-11-14 10:15 ——– d——– C:\Program Files\microsoft.net
2006-11-13 12:42 90112 -ra—— C:\WINDOWS\bwunin-6.1.0.145l.exe
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"Uniblue SpyEraser"="\"C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe\" -m"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMKeybd"
"hkey"="HKLM"
"command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivSurf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="backweb-4448364"
"hkey"="HKLM"
"command"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cleanall"
"hkey"="HKLM"
"command"="c:\\apps\\easydvd\\cleanall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dc6_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EM_EXEC"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ers_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igomnu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\GLOBAL\\Mnu\\igomnu.exe /S:T"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon Personal Firewall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PFWall"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\PC Firewall\\PFWall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="khooker"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\khooker.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vcsplay"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pdwpamt"
"hkey"="HKLM"
"command"="C:\\pdwpamt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Herinnering voor registratie 1.job
C:\WINDOWS\tasks\Herinnering voor registratie 2.job
C:\WINDOWS\tasks\Herinnering voor registratie 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - laura melchior.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
Completion time: 07-01-14 19:43:18
Logfile of HijackThis v1.99.1
Scan saved at 9:41:14 AM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Avenger is een link programma om zo maar te gebruiken, die kan je pc grondig vernielen bij verkeerd gebruik.
Nietemin zal het inderdaad die rootkit geweest zijn en had ik ook avenger laten gebruiken. Ik zal straks je logje beoordelen. Momentje geduld aub. - Ok, heb Avenger gebruikt zoals aangeraden op dit forum voor iemand die vergelijkbare problemen had.
Vindt trouwens nu wel een map op het bureaublad %SystenDrive% die naar Documents and Settings gaat. Het ziet er niet uit als een shortcut dus ik durf hem niet te verwijderen. Enig idee hoe hij daar komt en wat zal ik er mee doen? - Download en installeer CCleaner
(De CCLeaner Yahoo Toolbar is niet nodig)
Nog niet gebruiken.
Download SDFix en klik op "uitvoeren".
Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).
Herstart de pc in de veilige modus.
Safe mode for Windows XP
Herstart de computer
Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter
Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:6d28c87f04]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
[/b:6d28c87f04]
Klik op 'Fix checked' om de items te verwijderen.
Ga met de verkenner zoeken naar
C:\[b:6d28c87f04]qoobox[/b:6d28c87f04] en verwijder dit (dikgedrukt)
Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
Typ Y en klik enter om het schoonmaakproces te starten.
Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log (aan het einde )
Start Ccleaner.
Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
Selecteer nu alleen de volgende items:
Internet Explorer:
- Tijdelijke Internet bestanden
Systeem:
- Prullenbak leegmaken
- Tijdelijke bestanden
klik nu in Ccleaner op [b:6d28c87f04]opschonen[/b:6d28c87f04] (rechts onderaan).
- Klik ook op het icoon problemen oplossen, en doe de scan, maak wel een backupmapje aan.
Run nogmaals de combofix en bewaar het logje aub.
Mag ik nu dus zien.
Het rapport van SDFix
Een nieuw HJT logje
En het nieuwe combofix logje.
Juisterr - Hierbij alle logjes. Moest SDFIX ook in veilige modus runnen volgens het startup screen. Eerste impressie van runnen in nomale mode lijkt goed!
SDFix: Version 1.57
Mon 01/15/2007 - 12:05:02.68
Microsoft Windows XP [versie 5.1.2600]
Running From: C:\SDFix
Safe Mode
Service Check:
Service Name:
MsaSvc
File Path:
C:\WINDOWS\System32\msasvc.exe
MsaSvc Deleted
Starting Registry Repairs
Restoring Default Hosts File…
Stage One Complete
Rebooting…
Stage Two - Normal Mode
Checking Files:
————–
C:\WINDOWS\system32\lzx32.sys
Removing any Files Found…
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
——————
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\pdwpamt.exe"="C:\\pdwpamt.exe:*:Enabled:Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\\pdwpamt.exe"="C:\\pdwpamt.exe:*:Enabled:Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
—————
Backups Folder: - C:\SDFix\backups\backups.zip
Remaining files with hidden attributes:
C:\NTDETECT.COM
C:\WINDOWS\Downloaded Program Files\instwact.dll
C:\QooBox\Purity\WINDOWS\system32\ASKS~1\?hkntfs.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL0005.tmp
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL1316.tmp
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL1950.tmp
C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL2983.tmp
C:\Program Files\Google\Google Desktop Search\BITF.tmp
Finished
"laura melchior" - 07-01-15 12:29:16 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners"
((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))
2007-01-15 12:21 <DIR> d——– C:\Program Files\CCleaner
2007-01-15 11:55 <DIR> d——– C:\SDFix
2007-01-15 10:53 <DIR> d——– C:\WINDOWS\WBEM
2007-01-15 10:53 <DIR> d——– C:\WINDOWS\system32\nl-nl
2007-01-15 10:51 <DIR> d–h-c— C:\WINDOWS\ie7
2007-01-15 10:48 121,856 ——— C:\WINDOWS\system32\xmllite.dll
2007-01-15 10:47 <DIR> d——– C:\WINDOWS\network diagnostic
2007-01-15 09:16 <DIR> d——– C:\WINDOWS\WLTB Custom Button Feeds
2007-01-15 08:30 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-14 22:06 <DIR> d——– C:\Program Files\Windows Live Toolbar
2007-01-14 21:12 <DIR> d——– C:\Program Files\MSXML 4.0
2007-01-14 21:12 <DIR> d——– C:\8ab258aa4aec885576b648
2007-01-14 11:05 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Uniblue
2007-01-11 20:56 <DIR> d——– C:\WINDOWS\ServicePackFiles
2007-01-11 19:36 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
2007-01-11 19:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
2007-01-11 18:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-11 17:28 82,432 -ra—— C:\WINDOWS\system32\MSXML4r.dll
2007-01-11 15:46 <DIR> dr-h—– C:\DOCUME~1\LAURAM~1\Onlangs geopend
2007-01-11 15:19 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2007-01-11 12:32 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Bureaublad
2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\WINDOWS
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\InterTrust
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\AVG7
2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\Adobe
2007-01-11 10:16 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-11 08:58 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Lavasoft
2007-01-11 07:43 <DIR> d——– C:\WINDOWS\pss
2007-01-10 21:43 <DIR> d——– C:\Program Files\Yahoo!
2007-01-09 08:32 <DIR> d–h—– C:\WINDOWS\$hf_mig$
2007-01-09 08:32 <DIR> d——– C:\WINDOWS\system32\PreInstall
2007-01-08 14:50 <DIR> d——– C:\DOCUME~1\LOCALS~1\Menu Start
2007-01-08 14:47 <DIR> d——– C:\WINDOWS\Prefetch
2007-01-08 14:20 <DIR> d——– C:\WINDOWS\provisioning
2007-01-08 14:20 <DIR> d——– C:\WINDOWS\peernet
2007-01-08 14:08 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
2007-01-08 14:02 999,936 –a—— C:\WINDOWS\system32\setupapi.dll
2007-01-08 14:02 993,280 –a—— C:\WINDOWS\system32\syssetup.dll
2007-01-08 14:02 98,304 –a—— C:\WINDOWS\system32\scardsvr.exe
2007-01-08 14:02 96,768 –a—— C:\WINDOWS\system32\srvsvc.dll
2007-01-08 14:02 95,360 –a—— C:\WINDOWS\system32\drivers\atapi.sys
2007-01-08 14:02 92,160 –a—— C:\WINDOWS\system32\ntprint.dll
2007-01-08 14:02 92,032 –a—— C:\WINDOWS\system32\drivers\ksecdd.sys
2007-01-08 14:02 91,776 –a—— C:\WINDOWS\system32\drivers\ndiswan.sys
2007-01-08 14:02 89,088 –a—— C:\WINDOWS\system32\rasauto.dll
2007-01-08 14:02 88,448 –a—— C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-01-08 14:02 800,000 –a—— C:\WINDOWS\system32\drivers\dmboot.sys
2007-01-08 14:02 80,384 –a—— C:\WINDOWS\system32\drivers\parport.sys
2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\ntlsapi.dll
2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\drivers\i2omgmt.sys
2007-01-08 14:02 76,800 –a—— C:\WINDOWS\system32\nslookup.exe
2007-01-08 14:02 75,264 –a—— C:\WINDOWS\system32\locator.exe
2007-01-08 14:02 74,752 –a—— C:\WINDOWS\system32\drivers\ipsec.sys
2007-01-08 14:02 729,088 –a—— C:\WINDOWS\system32\ntdll.dll
2007-01-08 14:02 727,040 –a—— C:\WINDOWS\system32\lsasrv.dll
2007-01-08 14:02 71,552 –a—— C:\WINDOWS\system32\drivers\bridge.sys
2007-01-08 14:02 71,040 –a—— C:\WINDOWS\system32\drivers\dxg.sys
2007-01-08 14:02 7,552 –a—— C:\WINDOWS\system32\drivers\mskssrv.sys
2007-01-08 14:02 69,120 –a—— C:\WINDOWS\system32\drivers\psched.sys
2007-01-08 14:02 684,032 –a—— C:\WINDOWS\system32\advapi32.dll
2007-01-08 14:02 68,224 –a—— C:\WINDOWS\system32\drivers\pci.sys
2007-01-08 14:02 676,864 –a—— C:\WINDOWS\system32\rasdlg.dll
2007-01-08 14:02 64,000 –a—— C:\WINDOWS\system32\samlib.dll
2007-01-08 14:02 632,832 –a—— C:\WINDOWS\system32\autoconv.exe
2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\mf.sys
2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\cdfs.sys
2007-01-08 14:02 619,008 –a—— C:\WINDOWS\system32\autochk.exe
2007-01-08 14:02 617,472 –a—— C:\WINDOWS\system32\comctl32.dll
2007-01-08 14:02 61,824 –a—— C:\WINDOWS\system32\drivers\nic1394.sys
2007-01-08 14:02 61,440 –a—— C:\WINDOWS\system32\rasman.dll
2007-01-08 14:02 60,800 –a—— C:\WINDOWS\system32\drivers\arp1394.sys
2007-01-08 14:02 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
2007-01-08 14:02 59,904 –a—— C:\WINDOWS\system32\drivers\atmarpc.sys
2007-01-08 14:02 58,880 –a—— C:\WINDOWS\system32\rastapi.dll
2007-01-08 14:02 574,592 –a—— C:\WINDOWS\system32\drivers\ntfs.sys
2007-01-08 14:02 572,928 –a—— C:\WINDOWS\system32\printui.dll
2007-01-08 14:02 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
2007-01-08 14:02 553,472 –a—— C:\WINDOWS\system32\oleaut32.dll
2007-01-08 14:02 55,936 –a—— C:\WINDOWS\system32\drivers\atmlane.sys
2007-01-08 14:02 53,760 –a—— C:\WINDOWS\system32\drivers\i8042prt.sys
2007-01-08 14:02 52,864 –a—— C:\WINDOWS\system32\drivers\dmusic.sys
2007-01-08 14:02 51,328 –a—— C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-01-08 14:02 50,688 –a—— C:\WINDOWS\system32\smss.exe
2007-01-08 14:02 5,632 –a—— C:\WINDOWS\system32\drivers\intelide.sys
2007-01-08 14:02 5,376 –a—— C:\WINDOWS\system32\drivers\mspclock.sys
2007-01-08 14:02 49,664 –a—— C:\WINDOWS\system32\drivers\classpnp.sys
2007-01-08 14:02 49,536 –a—— C:\WINDOWS\system32\drivers\cdrom.sys
2007-01-08 14:02 48,384 –a—— C:\WINDOWS\system32\drivers\raspptp.sys
2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\tcpmonui.dll
2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\drivers\p3.sys
2007-01-08 14:02 453,120 –a—— C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-01-08 14:02 45,056 –a—— C:\WINDOWS\system32\ftp.exe
2007-01-08 14:02 429,056 –a—— C:\WINDOWS\system32\samsrv.dll
2007-01-08 14:02 420,864 –a—— C:\WINDOWS\system32\ntvdm.exe
2007-01-08 14:02 42,240 –a—— C:\WINDOWS\system32\drivers\mountmgr.sys
2007-01-08 14:02 41,856 –a—— C:\WINDOWS\system32\drivers\imapi.sys
2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\perfctrs.dll
2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\drivers\raspppoe.sys
2007-01-08 14:02 41,088 –a—— C:\WINDOWS\system32\drivers\amdk6.sys
2007-01-08 14:02 40,576 –a—— C:\WINDOWS\system32\drivers\crusoe.sys
2007-01-08 14:02 40,448 –a—— C:\WINDOWS\system32\rshx32.dll
2007-01-08 14:02 40,320 –a—— C:\WINDOWS\system32\drivers\nmnt.sys
2007-01-08 14:02 4,992 –a—— C:\WINDOWS\system32\drivers\mspqm.sys
2007-01-08 14:02 399,360 –a—— C:\WINDOWS\system32\cmd.exe
2007-01-08 14:02 39,424 –a—— C:\WINDOWS\system32\drivers\processr.sys
2007-01-08 14:02 36,352 –a—— C:\WINDOWS\system32\drivers\disk.sys
2007-01-08 14:02 36,224 –a—— C:\WINDOWS\system32\drivers\hidclass.sys
2007-01-08 14:02 35,072 –a—— C:\WINDOWS\system32\drivers\msgpc.sys
2007-01-08 14:02 343,040 –a—— C:\WINDOWS\system32\localspl.dll
2007-01-08 14:02 34,560 –a—— C:\WINDOWS\system32\drivers\netbios.sys
2007-01-08 14:02 33,792 –a—— C:\WINDOWS\system32\msgsvc.dll
2007-01-08 14:02 32,768 –a—— C:\WINDOWS\system32\csrsrv.dll
2007-01-08 14:02 316,416 –a—— C:\WINDOWS\system32\untfs.dll
2007-01-08 14:02 305,664 –a—— C:\WINDOWS\system32\ulib.dll
2007-01-08 14:02 30,848 –a—— C:\WINDOWS\system32\drivers\npfs.sys
2007-01-08 14:02 30,336 –a—— C:\WINDOWS\system32\drivers\modem.sys
2007-01-08 14:02 281,088 –a—— C:\WINDOWS\system32\comdlg32.dll
2007-01-08 14:02 27,392 –a—— C:\WINDOWS\system32\drivers\fdc.sys
2007-01-08 14:02 25,216 –a—— C:\WINDOWS\system32\drivers\kbdclass.sys
2007-01-08 14:02 25,088 –a—— C:\WINDOWS\system32\drivers\pciidex.sys
2007-01-08 14:02 24,960 –a—— C:\WINDOWS\system32\drivers\hidparse.sys
2007-01-08 14:02 24,576 –a—— C:\WINDOWS\system32\userinit.exe
2007-01-08 14:02 236,544 –a—— C:\WINDOWS\system32\rasapi32.dll
2007-01-08 14:02 23,552 –a—— C:\WINDOWS\system32\drivers\mouclass.sys
2007-01-08 14:02 20,992 –a—— C:\WINDOWS\system32\drivers\ipinip.sys
2007-01-08 14:02 20,480 –a—— C:\WINDOWS\system32\drivers\flpydisk.sys
2007-01-08 14:02 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-08 14:02 196,864 –a—— C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-08 14:02 19,072 –a—— C:\WINDOWS\system32\drivers\msfs.sys
2007-01-08 14:02 188,544 –a—— C:\WINDOWS\system32\drivers\acpi.sys
2007-01-08 14:02 182,912 –a—— C:\WINDOWS\system32\drivers\ndis.sys
2007-01-08 14:02 181,248 –a—— C:\WINDOWS\system32\drivers\mrxdav.sys
2007-01-08 14:02 18,560 –a—— C:\WINDOWS\system32\drivers\i2omp.sys
2007-01-08 14:02 174,592 –a—— C:\WINDOWS\system32\drivers\rdbss.sys
2007-01-08 14:02 172,416 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-08 14:02 162,816 –a—— C:\WINDOWS\system32\drivers\netbt.sys
2007-01-08 14:02 153,856 –a—— C:\WINDOWS\system32\drivers\dmio.sys
2007-01-08 14:02 145,792 –a—— C:\WINDOWS\system32\drivers\portcls.sys
2007-01-08 14:02 144,896 –a—— C:\WINDOWS\system32\schannel.dll
2007-01-08 14:02 144,384 –a—— C:\WINDOWS\system32\nwprovau.dll
2007-01-08 14:02 144,384 –a—— C:\WINDOWS\system32\imagehlp.dll
2007-01-08 14:02 143,360 –a—— C:\WINDOWS\system32\drivers\fastfat.sys
2007-01-08 14:02 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
2007-01-08 14:02 142,336 –a—— C:\WINDOWS\system32\sessmgr.exe
2007-01-08 14:02 140,928 –a—— C:\WINDOWS\system32\drivers\ks.sys
2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\mgmtapi.dll
2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
2007-01-08 14:02 14,336 –a—— C:\WINDOWS\system32\drivers\asyncmac.sys
2007-01-08 14:02 14,208 –a—— C:\WINDOWS\system32\drivers\diskdump.sys
2007-01-08 14:02 139,528 –a—— C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-08 14:02 138,496 –a—— C:\WINDOWS\system32\drivers\afd.sys
2007-01-08 14:02 134,912 –a—— C:\WINDOWS\system32\drivers\ipnat.sys
2007-01-08 14:02 132,096 –a—— C:\WINDOWS\system32\wkssvc.dll
2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\savedump.exe
2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\lmhsvc.dll
2007-01-08 14:02 129,536 –a—— C:\WINDOWS\system32\msv1_0.dll
2007-01-08 14:02 120,320 –a—— C:\WINDOWS\system32\drivers\pcmcia.sys
2007-01-08 14:02 12,928 –a—— C:\WINDOWS\system32\drivers\ndisuio.sys
2007-01-08 14:02 11,264 –a—— C:\WINDOWS\system32\drivers\irenum.sys
2007-01-08 14:02 108,544 –a—— C:\WINDOWS\system32\services.exe
2007-01-08 14:02 107,904 –a—— C:\WINDOWS\system32\drivers\mup.sys
2007-01-08 14:02 102,400 –a—— C:\WINDOWS\system32\win32spl.dll
2007-01-08 14:02 10,624 –a—— C:\WINDOWS\system32\drivers\gameenum.sys
2007-01-08 14:02 1,839,616 –a—— C:\WINDOWS\system32\win32k.sys
2007-01-08 14:01 96,256 –a—— C:\WINDOWS\system32\drivers\scsiport.sys
2007-01-08 14:01 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-08 14:01 79,744 –a—— C:\WINDOWS\system32\drivers\videoprt.sys
2007-01-08 14:01 73,472 –a—— C:\WINDOWS\system32\drivers\sr.sys
2007-01-08 14:01 66,176 –a—— C:\WINDOWS\system32\drivers\udfs.sys
2007-01-08 14:01 65,920 –a—— C:\WINDOWS\system32\drivers\serial.sys
2007-01-08 14:01 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-08 14:01 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
2007-01-08 14:01 57,600 –a—— C:\WINDOWS\system32\drivers\usbhub.sys
2007-01-08 14:01 53,632 –a—— C:\WINDOWS\system32\drivers\volsnap.sys
2007-01-08 14:01 5,376 –a—— C:\WINDOWS\system32\drivers\viaide.sys
2007-01-08 14:01 48,640 –a—— C:\WINDOWS\system32\drivers\stream.sys
2007-01-08 14:01 40,840 –a—— C:\WINDOWS\system32\drivers\termdd.sys
2007-01-08 14:01 4,352 –a—— C:\WINDOWS\system32\drivers\swenum.sys
2007-01-08 14:01 359,808 –a—— C:\WINDOWS\system32\drivers\tcpip.sys
2007-01-08 14:01 34,560 –a—— C:\WINDOWS\system32\drivers\wanarp.sys
2007-01-08 14:01 332,928 –a—— C:\WINDOWS\system32\drivers\srv.sys
2007-01-08 14:01 31,616 –a—— C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-08 14:01 30,080 –a—— C:\WINDOWS\system32\drivers\rndismp.sys
2007-01-08 14:01 25,472 –a—— C:\WINDOWS\system32\drivers\sonydcam.sys
2007-01-08 14:01 225,664 –a—— C:\WINDOWS\system32\drivers\tcpip6.sys
2007-01-08 14:01 21,896 –a—— C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-08 14:01 209,408 –a—— C:\WINDOWS\system32\drivers\update.sys
2007-01-08 14:01 20,992 –a—— C:\WINDOWS\system32\drivers\vga.sys
2007-01-08 14:01 18,560 –a—— C:\WINDOWS\system32\drivers\tdi.sys
2007-01-08 14:01 17,024 –a—— C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-08 14:01 16,000 –a—— C:\WINDOWS\system32\drivers\usbintel.sys
2007-01-08 14:01 15,488 –a—— C:\WINDOWS\system32\drivers\serenum.sys
2007-01-08 14:01 142,976 –a—— C:\WINDOWS\system32\drivers\usbport.sys
2007-01-08 14:01 14,976 –a—— C:\WINDOWS\system32\drivers\tape.sys
2007-01-08 14:01 12,672 –a—— C:\WINDOWS\system32\drivers\usb8023.sys
2007-01-08 14:01 12,040 –a—— C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-08 14:01 11,392 –a—— C:\WINDOWS\system32\drivers\sfloppy.sys
2007-01-08 09:40 <DIR> d——– C:\WINDOWS\McAfee.com
2007-01-08 08:38 493,440 –a—— C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2007-01-08 08:38 402,432 –a—— C:\WINDOWS\system32\drivers\WlanBZXP.sys
2007-01-05 13:32 <DIR> d——– C:\Bdienst
2007-01-05 12:53 50,176 ——— C:\WINDOWS\system32\xmlprovi.dll
2007-01-05 12:53 129,536 ——— C:\WINDOWS\system32\xmlprov.dll
2007-01-05 12:52 937,984 ——— C:\WINDOWS\system32\winbrand.dll
2007-01-05 12:52 896,512 ——— C:\WINDOWS\system32\wmspdmoe.dll
2007-01-05 12:52 81,408 ——— C:\WINDOWS\system32\wscsvc.dll
2007-01-05 12:52 484,864 ——— C:\WINDOWS\system32\wmspdmod.dll
2007-01-05 12:52 25,471 ——— C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-05 12:52 233,472 ——— C:\WINDOWS\system32\wmpdxm.dll
2007-01-05 12:52 22,271 ——— C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-05 12:52 189,952 ——— C:\WINDOWS\system32\wmerror.dll
2007-01-05 12:52 17,408 ——— C:\WINDOWS\system32\winshfhc.dll
2007-01-05 12:52 151,552 ——— C:\WINDOWS\system32\wmidx.dll
2007-01-05 12:52 13,824 ——— C:\WINDOWS\system32\wscntfy.exe
2007-01-05 12:52 114,688 ——— C:\WINDOWS\system32\wmpasf.dll
2007-01-05 12:52 11,935 ——— C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-05 12:52 11,871 ——— C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-05 12:52 11,807 ——— C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-05 12:52 11,295 ——— C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-05 12:52 108,032 ——— C:\WINDOWS\system32\wshbth.dll
2007-01-05 12:52 1,119,744 ——— C:\WINDOWS\system32\wmsdmoe2.dll
2007-01-05 12:52 1,001,472 ——— C:\WINDOWS\system32\wmvdmoe2.dll
2007-01-05 12:51 78,464 ——— C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-05 12:51 75,776 ——— C:\WINDOWS\system32\strmfilt.dll
2007-01-05 12:51 44,672 ——— C:\WINDOWS\system32\drivers\uagp35.sys
2007-01-05 12:51 44,032 ——— C:\WINDOWS\system32\twext.dll
2007-01-05 12:51 26,624 ——— C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-05 12:51 21,504 ——— C:\WINDOWS\system32\spupdwxp.exe
2007-01-05 12:51 2,962,432 ——— C:\WINDOWS\system32\xpsp2res.dll
2007-01-05 12:51 196,096 ——— C:\WINDOWS\system32\xpsp1res.dll
2007-01-05 12:51 15,872 ——— C:\WINDOWS\system32\w3ssl.dll
2007-01-05 12:51 13,568 ——— C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-05 12:51 12,672 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-05 12:51 12,416 ——— C:\WINDOWS\system32\drivers\tunmp.sys
2007-01-05 12:51 11,776 ——— C:\WINDOWS\system32\spnpinst.exe
2007-01-05 12:51 11,325 ——— C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-05 12:50 9,728 ——— C:\WINDOWS\system32\proxycfg.exe
2007-01-05 12:50 88,064 ——— C:\WINDOWS\system32\p2pnetsh.dll
2007-01-05 12:50 86,016 ——— C:\WINDOWS\system32\p2pgasvc.dll
2007-01-05 12:50 8,192 ——— C:\WINDOWS\system32\smbinst.exe
2007-01-05 12:50 73,832 ——— C:\WINDOWS\system32\slcoinst.dll
2007-01-05 12:50 67,584 ——— C:\WINDOWS\system32\drivers\sdbus.sys
2007-01-05 12:50 6,016 ——— C:\WINDOWS\system32\drivers\smbali.sys
2007-01-05 12:50 59,648 ——— C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-05 12:50 526,848 ——— C:\WINDOWS\system32\p2psvc.dll
2007-01-05 12:50 49,152 ——— C:\WINDOWS\system32\powercfg.exe
2007-01-05 12:50 48,640 ——— C:\WINDOWS\system32\pnrpnsp.dll
2007-01-05 12:50 397,056 ——— C:\WINDOWS\system32\s3gnb.dll
2007-01-05 12:50 32,866 ——— C:\WINDOWS\system32\slrundll.exe
2007-01-05 12:50 32,866 ——— C:\WINDOWS\slrundll.exe
2007-01-05 12:50 312,320 ——— C:\WINDOWS\system32\p2pgraph.dll
2007-01-05 12:50 30,080 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-05 12:50 3,901 ——— C:\WINDOWS\system32\drivers\siint5.dll
2007-01-05 12:50 29,184 ——— C:\WINDOWS\system32\sdhcinst.dll
2007-01-05 12:50 270,848 ——— C:\WINDOWS\system32\sbe.dll
2007-01-05 12:50 188,508 ——— C:\WINDOWS\system32\slgen.dll
2007-01-05 12:50 166,912 ——— C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-05 12:50 159,232 ——— C:\WINDOWS\system32\sbeio.dll
2007-01-05 12:50 13,776 ——— C:\WINDOWS\system32\drivers\recagent.sys
2007-01-05 12:50 129,535 ——— C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-05 12:50 116,224 ——— C:\WINDOWS\system32\p2p.dll
2007-01-05 12:50 11,136 ——— C:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-05 12:50 10,240 ——— C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-05 12:49 52,736 ——— C:\WINDOWS\system32\mspmsnsv.dll
2007-01-05 12:49 452,736 ——— C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-05 12:49 4,274,816 ——— C:\WINDOWS\system32\nv4_disp.dll
2007-01-05 12:49 15,488 ——— C:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-05 12:49 134,656 ——— C:\WINDOWS\system32\mssap.dll
2007-01-05 12:49 12,672 ——— C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-05 12:49 1,897,408 ——— C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-05 12:49 1,737,856 ——— C:\WINDOWS\system32\mtxparhd.dll
2007-01-05 12:48 537,088 ——— C:\WINDOWS\system32\msftedit.dll
2007-01-05 12:48 384,512 ——— C:\WINDOWS\system32\mp4sdmod.dll
2007-01-05 12:48 310,272 ——— C:\WINDOWS\system32\mp43dmod.dll
2007-01-05 12:48 118,784 ——— C:\WINDOWS\system32\msdadiag.dll
2007-01-05 12:47 86,016 ——— C:\WINDOWS\system32\mdmxsdk.dll
2007-01-05 12:47 61,440 ——— C:\WINDOWS\system32\logman.exe
2007-01-05 12:47 11,868 ——— C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-05 12:46 78,336 –a—— C:\WINDOWS\system32\ieencode.dll
2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsno.dll
2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsfi.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdukx.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdno1.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdfi1.dll
2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\hccoin.dll
2007-01-05 12:46 685,056 ——— C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-05 12:46 60,416 ——— C:\WINDOWS\system32\fwcfg.dll
2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinmal.dll
2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinben.dll
2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt48.dll
2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt47.dll
2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdinbe1.dll
2007-01-05 12:46 5,632 ——— C:\WINDOWS\system32\kbdmaori.dll
2007-01-05 12:46 46,464 ——— C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-05 12:46 40,192 ——— C:\WINDOWS\system32\drivers\intelppm.sys
2007-01-05 12:46 32,285 ——— C:\WINDOWS\system32\hsfcisp2.dll
2007-01-05 12:46 29,056 ——— C:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-05 12:46 262,784 ——— C:\WINDOWS\system32\drivers\http.sys
2007-01-05 12:46 25,728 ——— C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-05 12:46 24,576 ——— C:\WINDOWS\system32\httpapi.dll
2007-01-05 12:46 23,040 –a—— C:\WINDOWS\system32\fltmc.exe
2007-01-05 12:46 220,032 ——— C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-05 12:46 20,992 ——— C:\WINDOWS\system32\faxpatch.exe
2007-01-05 12:46 193,024 ——— C:\WINDOWS\system32\fsquirt.exe
2007-01-05 12:46 16,896 –a—— C:\WINDOWS\system32\fltlib.dll
2007-01-05 12:46 15,104 ——— C:\WINDOWS\system32\drivers\hidir.sys
2007-01-05 12:46 128,896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-05 12:46 1,041,536 ——— C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-05 12:45 71,680 ——— C:\WINDOWS\system32\blastcln.exe
2007-01-05 12:45 50,688 ——— C:\WINDOWS\system32\btpanui.dll
2007-01-05 12:45 4,096 ——— C:\WINDOWS\system32\dsprpres.dll
2007-01-05 12:45 38,016 ——— C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-05 12:45 35,456 ——— C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-05 12:45 30,208 ——— C:\WINDOWS\system32\bthserv.dll
2007-01-05 12:45 274,816 ——— C:\WINDOWS\system32\drivers\bthport.sys
2007-01-05 12:45 25,471 ——— C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-05 12:45 20,992 ——— C:\WINDOWS\system32\bthci.dll
2007-01-05 12:45 20,480 ——— C:\WINDOWS\system32\encapi.dll
2007-01-05 12:45 2,113,536 ——— C:\WINDOWS\system32\dxdiagn.dll
2007-01-05 12:45 186,368 ——— C:\WINDOWS\system32\encdec.dll
2007-01-05 12:45 18,944 ——— C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-05 12:45 17,279 ——— C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-05 12:45 17,024 ——— C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-05 12:45 15,423 ——— C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-05 12:45 14,336 ——— C:\WINDOWS\system32\auditusr.exe
2007-01-05 12:45 14,143 ——— C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-05 12:45 13,824 ——— C:\WINDOWS\system32\cmsetacl.dll
2007-01-05 12:45 100,992 ——— C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-05 12:45 1,689,088 ——— C:\WINDOWS\system32\d3d9.dll
2007-01-05 12:44 870,784 ——— C:\WINDOWS\system32\ati3d1ag.dll
2007-01-05 12:44 73,216 ——— C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-05 12:44 701,440 ——— C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-05 12:44 63,663 ——— C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-05 12:44 63,488 ——— C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-05 12:44 57,856 ——— C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-05 12:44 56,623 ——— C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-05 12:44 52,224 ——— C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-05 12:44 516,768 ——— C:\WINDOWS\system32\ativvaxx.dll
2007-01-05 12:44 41,472 ——— C:\WINDOWS\system32\drivers\amdk7.sys
2007-01-05 12:44 4,255 ——— C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-05 12:44 377,984 ——— C:\WINDOWS\system32\ati2dvaa.dll
2007-01-05 12:44 36,463 ——— C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-05 12:44 34,735 ——— C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-05 12:44 327,168 ——— C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-05 12:44 32,768 ——— C:\WINDOWS\system32\ativtmxx.dll
2007-01-05 12:44 31,744 ——— C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-05 12:44 30,671 ——— C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-05 12:44 3,967 ——— C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-05 12:44 3,775 ——— C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-05 12:44 3,711 ——— C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-05 12:44 3,647 ——— C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-05 12:44 3,615 ——— C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-05 12:44 3,135 ——— C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-05 12:44 29,455 ——— C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-05 12:44 28,672 ——— C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-05 12:44 26,367 ——— C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-05 12:44 229,376 ——— C:\WINDOWS\system32\ati2cqag.dll
2007-01-05 12:44 21,343 ——— C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-05 12:44 21,183 ——— C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-05 12:44 201,728 ——— C:\WINDOWS\system32\ati2dvag.dll
2007-01-05 12:44 14,336 ——— C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-05 12:44 12,047 ——— C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-05 12:44 11,615 ——— C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-05 12:44 11,359 ——— C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-05 12:44 104,960 ——— C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-05 12:44 1,888,992 ——— C:\WINDOWS\system32\ati3duag.dll
2007-01-05 10:59 178,408 –a—— C:\WINDOWS\system32\muweb.dll
2007-01-05 10:59 128,232 –a—— C:\WINDOWS\system32\mucltui.dll
2007-01-04 14:49 <DIR> d——– C:\DOCUME~1\LAURAM~1\Contacts
2007-01-04 14:48 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
2007-01-04 14:45 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
2006-12-29 16:59 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\AdobeUM
2006-12-29 16:43 <DIR> d——– C:\Program Files\Mozilla Firefox
2006-12-29 16:42 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2006-12-29 14:07 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Google
2006-12-29 14:01 <DIR> d——– C:\Program Files\Google
2006-12-29 14:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Google
2006-12-25 11:01 <DIR> d——– C:\WINDOWS\EHome
2006-12-19 17:39 956,416 –a—— C:\WINDOWS\system32\msdtctm.dll
2006-12-19 17:39 91,136 –a—— C:\WINDOWS\system32\mtxoci.dll
2006-12-19 17:39 66,560 –a—— C:\WINDOWS\system32\mtxclu.dll
2006-12-19 17:39 628,224 –a—— C:\WINDOWS\system32\catsrvut(2).dll
2006-12-19 17:39 625,152 –a—— C:\WINDOWS\system32\catsrvut.dll
2006-12-19 17:39 62,464 –a—— C:\WINDOWS\system32\colbact(3).dll
2006-12-19 17:39 60,416 –a—— C:\WINDOWS\system32\colbact.dll
2006-12-19 17:39 581,120 –a—— C:\WINDOWS\system32\rpcrt4.dll
2006-12-19 17:39 540,160 –a—— C:\WINDOWS\system32\comuid.dll
2006-12-19 17:39 426,496 –a—— C:\WINDOWS\system32\msdtcprx.dll
2006-12-19 17:39 397,824 –a—— C:\WINDOWS\system32\rpcss.dll
2006-12-19 17:39 395,776 –a—— C:\WINDOWS\system32\rpcss(3).dll
2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es.dll
2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es(3).dll
2006-12-19 17:39 229,888 –a—— C:\WINDOWS\system32\catsrv(2).dll
2006-12-19 17:39 225,792 –a—— C:\WINDOWS\system32\catsrv.dll
2006-12-19 17:39 161,280 –a—— C:\WINDOWS\system32\msdtcuiu.dll
2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex.dll
2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex(2).dll
2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog.dll
2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog(2).dll
2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32.dll
2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32(3).dll
2006-12-19 17:39 1,267,200 –a—— C:\WINDOWS\system32\comsvcs.dll
2006-12-19 17:38 77,312 –a—— C:\WINDOWS\system32\browser.dll
2006-12-19 17:38 614,912 –a—— C:\WINDOWS\system32\h323msp.dll
2006-12-19 17:38 39,936 –a—— C:\WINDOWS\system32\mf3216.dll
2006-12-19 17:37 332,288 –a—— C:\WINDOWS\system32\ipnathlp.dll
2006-12-19 17:25 46,352 –a—— C:\WINDOWS\setdebug.exe
2006-12-19 17:25 313,856 –a—— C:\WINDOWS\system32\dx3j.dll
2006-12-19 17:25 171,280 –a—— C:\WINDOWS\system32\jit.dll
2006-12-19 17:25 139,536 –a—— C:\WINDOWS\system32\javaee.dll
2006-12-19 17:24 947,472 –a—— C:\WINDOWS\system32\msjava.dll
2006-12-19 17:24 63,248 –a—— C:\WINDOWS\system32\javaprxy.dll
2006-12-19 17:24 49,424 –a—— C:\WINDOWS\system32\clspack.exe
2006-12-19 17:24 404,752 –a—— C:\WINDOWS\system32\javart.dll
2006-12-19 17:24 286,992 –a—— C:\WINDOWS\system32\vmhelper.dll
2006-12-19 17:24 21,264 –a—— C:\WINDOWS\system32\msjdbc10.dll
2006-12-19 17:24 187,152 –a—— C:\WINDOWS\system32\javacypt.dll
2006-12-19 17:24 172,304 –a—— C:\WINDOWS\system32\jview.exe
2006-12-19 17:24 171,792 –a—— C:\WINDOWS\system32\wjview.exe
2006-12-19 17:24 154,384 –a—— C:\WINDOWS\system32\msawt.dll
2006-12-19 17:24 15,120 –a—— C:\WINDOWS\system32\jdbgmgr.exe
2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedon.reg
2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedoff.reg
2006-12-19 17:15 241,152 –a—— C:\WINDOWS\system32\srrstr.dll
2006-12-19 16:54 26,112 –a—— C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-19 16:54 <DIR> d–h-c— C:\WINDOWS\$xpsp1hfm$
2006-12-18 10:59 <DIR> d—s—- C:\DOCUME~1\LAURAM~1\UserData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-15 09:16 ——– d—s—- C:\DOCUME~1\LAURAM~1\Application Data\microsoft
2007-01-15 08:22 ——– d——– C:\Program Files\hp
2007-01-12 13:36 ——– d——– C:\Program Files\messenger
2007-01-11 21:02 ——– d——– C:\Program Files\movie maker
2007-01-11 20:58 ——– d——– C:\Program Files\windows nt
2007-01-11 11:50 ——– d——– C:\Program Files\pedevice
2007-01-11 11:50 ——– d——– C:\Program Files\Common Files\companion wizard
2007-01-11 10:42 ——– d—s—- C:\Program Files\Common Files\teknum systems
2007-01-11 08:13 ——– d–h—– C:\Program Files\installshield installation information
2007-01-09 09:00 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\mozilla
2007-01-08 15:02 ——– d——– C:\Program Files\msn messenger
2007-01-04 14:17 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\adobe
2006-12-31 13:15 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\msn6
2006-12-07 17:02 2174976 –a—— C:\WINDOWS\system32\wmvcore.dll
2006-12-06 15:53 ——– d–h—– C:\Program Files\windowsupdate
2006-12-02 18:27 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\drivecleaner 2006 free
2006-11-27 18:16 0 -rahs—- C:\MSDOS.SYS
2006-11-27 18:16 0 -rahs—- C:\IO.SYS
2006-11-16 17:39 ——– d——– C:\Program Files\Common Files\adobe
2006-11-13 12:42 90112 -ra—— C:\WINDOWS\bwunin-6.1.0.145l.exe
2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMKeybd"
"hkey"="HKLM"
"command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivSurf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="backweb-4448364"
"hkey"="HKLM"
"command"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cleanall"
"hkey"="HKLM"
"command"="c:\\apps\\easydvd\\cleanall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dc6_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EM_EXEC"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ers_startupmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igomnu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\GLOBAL\\Mnu\\igomnu.exe /S:T"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcpas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon Personal Firewall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PFWall"
"hkey"="HKLM"
"command"="C:\\Program Files\\Orange\\PC Firewall\\PFWall.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="udcsdr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="khooker"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\khooker.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vcsplay"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pdwpamt"
"hkey"="HKLM"
"command"="C:\\pdwpamt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Herinnering voor registratie 1.job
C:\WINDOWS\tasks\Herinnering voor registratie 2.job
C:\WINDOWS\tasks\Herinnering voor registratie 3.job
C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - laura melchior.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
Completion time: 07-01-15 12:32:29
C:\ComboFix2.txt … 07-01-14 19:43
Logfile of HijackThis v1.99.1
Scan saved at 12:39:06 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe - Ok je logje (wat er van over is) is schoon. Belangrijker, hoe is het met de problemen?
- Hij draait weer als een zonnetje en geen problemen meer!
Hartelijk dank voor je hulp, ook namens de eigenaar van de PC; het was even doorzetten maar dankzij jouw duidelijke instructies is het gelukt!
Heb alleen nog %SystemDrive% map op het bureaublad staan, weet niet hoe die daar gekomen is, maar stoort me verder niet en kan geen kwaad neem ik aan.
Groeten uit Drenthe en succes verder. - alle gebruikte tools kan je verwijderen hoor.
doe dit ook nog ff.
http://users.telenet.be/marcvn/spyware/1852808.htm
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
