Vraag & Antwoord

Beveiliging & privacy

Hijackthis log advies graag

Anoniem
None
19 antwoorden
  • Hieronder een logje van een PC van een kennis die vol zat met virussen en Trojaanse paarden etc. Heb gescanned met antivirus, adware, spybot etc.
    Graag advies wat ik er nav het logje nog meer uit kan gooien.

    Bij voorbaat dank.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:22:30 PM, on 1/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\PROGRA~1\WINZIP\wzqkpick.exe
    C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
  • Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:31174f5753]
    R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
    O2 - BHO: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    [/b:31174f5753]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log
  • Geprobeerd wat je zei. SDFIX vliegt eruit zodra hij aan de Registry check wil beginnen en de PC reboot vanzelf. Dat deed hij de hele dag al als ik probeerde Winxp updates (er waren er 52 waarvan hij er 21 kon doen) en dan heb ik precies hetzelfde probleem; de PC reboot vanzelf zonder duidelijke aanleiding. Deed hij nog veel erger toen ik hem gisteravond binnen kreeg en nog vol zat met virussen etc.
    Is een volledige reformat van C: en opnieuw installatie van Winxp etc. nu de enige uitweg?

    Bedankt voor je duidelijke instructies en hoor graag je mening.
  • doe alleen het fixen van die regels en plaats een nieuw logje van HJT aub.
  • Nieuwe log. 2 regels komen steeds terug; heb ze echt in veilige mode gefixed maar zodra ik SDFIX weer draai (die er nog steeds uitvliegt) zijn de regels weer terug…

    Logfile of HijackThis v1.99.1
    Scan saved at 10:42:02 PM, on 1/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
  • Vink deze regels weer aan en klik dan weer op fix checked
    [b:1061db3c81]R3 - URLSearchHook: (no name) - {820E52B0-B62D-C48A-7A40-98ECDEE315C9} - (no file)

    O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\laura melchior\Bureaublad\ww.exe
    [/b:1061db3c81]


    Download en installeer [b:1061db3c81]AVG Anti-Spyware[/b:1061db3c81].[list:1061db3c81]
    Na de installatie, open AVG Anti-Spyware:
    * onder "[b:1061db3c81]Status[/b:1061db3c81]", klik op [b:1061db3c81]Change state[/b:1061db3c81] naast "Resident shield". (wijzig van active naar [b:1061db3c81]inactive[/b:1061db3c81]!)
    * onder "[b:1061db3c81]Update[/b:1061db3c81]", klik op de [b:1061db3c81]Start update[/b:1061db3c81] knop.
    * onder "[b:1061db3c81]Scanner[/b:1061db3c81]", tab "Settings":[list:1061db3c81]- onder "How to act?", klik op "[u:1061db3c81]Recommended actions[/u:1061db3c81]" en selecteer [b:1061db3c81]Quarantine[/b:1061db3c81]. ([b:1061db3c81]ZEER BELANGRIJK![/b:1061db3c81])
    * onder "Reports", selecteer [b:1061db3c81]Automatically generate report after every scan[/b:1061db3c81] en [u:1061db3c81]verwijder[/u:1061db3c81] het vinkje bij [b:1061db3c81]Only if threats were found[/b:1061db3c81][/list:u:1061db3c81]
    Sluit AVG Anti-Spyware. Laat het [b:1061db3c81]nog niet[/b:1061db3c81] scannen.[/list:u:1061db3c81]

    Start op in veilige modus

    Start [b:1061db3c81]AVG Anti-Spyware[/b:1061db3c81].[list:1061db3c81]* Klik op [b:1061db3c81]Scan[/b:1061db3c81] en kies [b:1061db3c81]Complete System Scan[/b:1061db3c81].
    Na de scan; volg onderstaande instructies :
  • Ga het zsm doen. Moet vanmiddag/avond weg dus wordt wel morgen. Bedankt alvast. Je hoort nog.
  • Alles gelukt. Hier is het rapport; toch nog aardig wat rommel gevonden. Ben benieuwd naar de volgende stap! Wederom hartelijk dank.
    ———————————————————
    AVG Anti-Spyware - Scan Report
    ———————————————————

    + Created at: 12:23:37 AM 1/13/2007

    + Scan result:



    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048476.dll -> Adware.Delfin : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038454.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048474.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038267.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038268.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038269.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038272.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038462.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038263.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038458.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048475.exe -> Dropper.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048473.exe -> Hijacker.Agent.bt : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038461.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038453.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038465.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP165\A0038464.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038253.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038254.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038255.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038256.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038257.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038258.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038259.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038265.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038266.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038270.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP177\A0048477.exe -> Trojan.Small : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{9C7F9967-8ACA-436B-BC32-5A3D08F639C6}\RP164\A0038271.exe -> Worm.Banwarum.f : Cleaned with backup (quarantined).


    ::Report end
  • Doe de scan nogmaals en laat nu verwijderen wat het vind en leeg ook de quarantine box aub.

    start opnieuw op en plaats een nieuw HJT logje en vertel eens of je problemen al over zijn.
  • Opnieuw gescanned in veilige modus met AVG-antispyware, niets gevonden en quarantine leeggemaakt. HJT log hieronder is ook gemaakt in veilige modus omdat PC in normale startup erg onstabiel is (erger dan voorheen heb ik de indruk). Krijg regelmatig de boodschap:
    C:\windows\system32\services.exe onverwacht gestopt met servicecode 10737441819. Het systeem wordt dan afgesloten na een minuut of zo en start opnieuw. Ook herstart het systeem te pas en te onpas zonder deze melding. Heb de indruk dat in veilige modus (met netwerk) het minder of niet gebeurt. Zal hem vandaag enkele uren in die opstartmodus laten staan om te zien of mijn vermoeden juist is. Zit zelf te denken aan een instabiel hardware onderdeel maar heb geen idee welke (moederboard misschien??)
    Logfile of HijackThis v1.99.1
    Scan saved at 9:11:09 AM, on 1/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
  • Wil je dit eens proberen uit te voeren aub.

    Download [b:7245ed8052]Combofix[/b:7245ed8052] naar je Bureaublad.[list:7245ed8052]
    Dubbelklik [b:7245ed8052]Combofix.exe[/b:7245ed8052]
    Volg de instructies, aanvaard de disclaimer door "y" of "Y" te typen.
    Tijdens het runnen van de fix, [b:7245ed8052]NIET[/b:7245ed8052] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:7245ed8052]
    Wanneer de fix voltooid is en na herstart, zal de log [b:7245ed8052]combofix.txt[/b:7245ed8052] openen.
    [i:7245ed8052]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:7245ed8052]

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Bedankt voor je reactie. Heb gisteravond wat gezocht op code 1073741819 en heb het volgende gedaan:
    1. Avenger gerund met script:
    Unload Driver
    pe386
    Was succesvol, heb logfile niet meer.
    2. Combofix gerund; zie logfile hieronder.

    PC liep weer in gewone mode maar wel heel traag. Process SVCHOST.EXE van SYSTEM nam 80% of meer van de CPU.
    Vanmorgen een aantal programma's eraf gegooid; inclusief AVG virusscanner en spyware. PC loopt nu goed maar wel in gevaarlijke modus: Geen Firewall (Windows Firewall wil niet starten) en geen Antivirus. Was van plan NORMAN erop te zetten vandaag.
    Zojuist nieuw HJT gerund; zie hieronder. Nogmaals bedankt.
    "laura melchior" - 07-01-14 19:40:21 Service Pack 2
    ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\{380EE~1
    C:\Program Files\Common Files\{380EE~2
    C:\Program Files\Common Files\{880EE~1
    C:\Program Files\Common Files\{880EE~2
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\PPPATC~1
    C:\qoobox\purity\WINDOWS\DOBE~1
    C:\qoobox\purity\WINDOWS\system32\ASKS~1
    C:\qoobox\purity\WINDOWS\system32\RACLE~1
    C:\qoobox\purity\WINDOWS\system32\ASKS~1\?hkntfs.exe
    C:\qoobox\purity\WINDOWS\system32\RACLE~1\?racle


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


    2007-01-14 19:28 <DIR> d——– C:\avenger
    2007-01-14 11:05 <DIR> d——– C:\Program Files\Uniblue
    2007-01-14 11:05 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Uniblue
    2007-01-12 16:16 3,968 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-01-11 21:12 <DIR> d——– C:\SDFix
    2007-01-11 21:03 <DIR> dr-h—– C:\$VAULT$.AVG
    2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\LOCALS~1\Application Data\AVG7
    2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\AVG7
    2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
    2007-01-11 21:03 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\avg7
    2007-01-11 21:02 <DIR> d——– C:\Program Files\Grisoft
    2007-01-11 20:56 <DIR> d——– C:\WINDOWS\ServicePackFiles
    2007-01-11 19:36 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2007-01-11 19:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
    2007-01-11 18:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
    2007-01-11 17:28 82,432 -ra—— C:\WINDOWS\system32\MSXML4r.dll
    2007-01-11 17:28 1,230,336 -ra—— C:\WINDOWS\system32\MSXML4.dll
    2007-01-11 15:46 <DIR> dr-h—– C:\DOCUME~1\LAURAM~1\Onlangs geopend
    2007-01-11 15:19 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
    2007-01-11 12:32 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\InterTrust
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\AVG7
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\Adobe
    2007-01-11 10:16 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-11 08:58 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Lavasoft
    2007-01-11 07:43 <DIR> d——– C:\WINDOWS\pss
    2007-01-10 21:43 <DIR> d——– C:\Program Files\Yahoo!
    2007-01-10 21:43 <DIR> d——– C:\Program Files\CCleaner
    2007-01-09 09:31 816,672 –a—— C:\WINDOWS\system32\drivers\avg7core.sys
    2007-01-09 09:31 4,960 –a—— C:\WINDOWS\system32\drivers\avgtdi.sys
    2007-01-09 09:31 4,224 –a—— C:\WINDOWS\system32\drivers\avg7rsw.sys
    2007-01-09 09:31 3,968 –a—— C:\WINDOWS\system32\drivers\avgclean.sys
    2007-01-09 09:31 28,416 –a—— C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2007-01-09 09:31 18,240 –a—— C:\WINDOWS\system32\drivers\avgmfx86.sys
    2007-01-09 09:31 110,592 –a—— C:\WINDOWS\system32\avgfwafu.dll
    2007-01-09 08:32 <DIR> d–h—– C:\WINDOWS\$hf_mig$
    2007-01-09 08:32 <DIR> d——– C:\WINDOWS\system32\PreInstall
    2007-01-08 14:50 <DIR> d——– C:\DOCUME~1\LOCALS~1\Menu Start
    2007-01-08 14:47 <DIR> d——– C:\WINDOWS\Prefetch
    2007-01-08 14:20 <DIR> d——– C:\WINDOWS\provisioning
    2007-01-08 14:20 <DIR> d——– C:\WINDOWS\peernet
    2007-01-08 14:08 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2007-01-08 14:02 999,936 –a—— C:\WINDOWS\system32\setupapi.dll
    2007-01-08 14:02 993,280 –a—— C:\WINDOWS\system32\syssetup.dll
    2007-01-08 14:02 98,304 –a—— C:\WINDOWS\system32\scardsvr.exe
    2007-01-08 14:02 96,768 –a—— C:\WINDOWS\system32\srvsvc.dll
    2007-01-08 14:02 95,360 –a—— C:\WINDOWS\system32\drivers\atapi.sys
    2007-01-08 14:02 92,160 –a—— C:\WINDOWS\system32\ntprint.dll
    2007-01-08 14:02 92,032 –a—— C:\WINDOWS\system32\drivers\ksecdd.sys
    2007-01-08 14:02 91,776 –a—— C:\WINDOWS\system32\drivers\ndiswan.sys
    2007-01-08 14:02 89,088 –a—— C:\WINDOWS\system32\rasauto.dll
    2007-01-08 14:02 88,448 –a—— C:\WINDOWS\system32\drivers\nwlnkipx.sys
    2007-01-08 14:02 800,000 –a—— C:\WINDOWS\system32\drivers\dmboot.sys
    2007-01-08 14:02 80,384 –a—— C:\WINDOWS\system32\drivers\parport.sys
    2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\ntlsapi.dll
    2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\drivers\i2omgmt.sys
    2007-01-08 14:02 76,800 –a—— C:\WINDOWS\system32\nslookup.exe
    2007-01-08 14:02 75,264 –a—— C:\WINDOWS\system32\locator.exe
    2007-01-08 14:02 74,752 –a—— C:\WINDOWS\system32\drivers\ipsec.sys
    2007-01-08 14:02 729,088 –a—— C:\WINDOWS\system32\ntdll.dll
    2007-01-08 14:02 727,040 –a—— C:\WINDOWS\system32\lsasrv.dll
    2007-01-08 14:02 71,552 –a—— C:\WINDOWS\system32\drivers\bridge.sys
    2007-01-08 14:02 71,040 –a—— C:\WINDOWS\system32\drivers\dxg.sys
    2007-01-08 14:02 7,552 –a—— C:\WINDOWS\system32\drivers\mskssrv.sys
    2007-01-08 14:02 69,120 –a—— C:\WINDOWS\system32\drivers\psched.sys
    2007-01-08 14:02 684,032 –a—— C:\WINDOWS\system32\advapi32.dll
    2007-01-08 14:02 68,224 –a—— C:\WINDOWS\system32\drivers\pci.sys
    2007-01-08 14:02 676,864 –a—— C:\WINDOWS\system32\rasdlg.dll
    2007-01-08 14:02 64,000 –a—— C:\WINDOWS\system32\samlib.dll
    2007-01-08 14:02 632,832 –a—— C:\WINDOWS\system32\autoconv.exe
    2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\mf.sys
    2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\cdfs.sys
    2007-01-08 14:02 619,008 –a—— C:\WINDOWS\system32\autochk.exe
    2007-01-08 14:02 611,328 –a—— C:\WINDOWS\system32\comctl32.dll
    2007-01-08 14:02 61,824 –a—— C:\WINDOWS\system32\drivers\nic1394.sys
    2007-01-08 14:02 61,440 –a—— C:\WINDOWS\system32\rasman.dll
    2007-01-08 14:02 60,800 –a—— C:\WINDOWS\system32\drivers\arp1394.sys
    2007-01-08 14:02 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
    2007-01-08 14:02 59,904 –a—— C:\WINDOWS\system32\drivers\atmarpc.sys
    2007-01-08 14:02 58,880 –a—— C:\WINDOWS\system32\rastapi.dll
    2007-01-08 14:02 574,592 –a—— C:\WINDOWS\system32\drivers\ntfs.sys
    2007-01-08 14:02 572,928 –a—— C:\WINDOWS\system32\printui.dll
    2007-01-08 14:02 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
    2007-01-08 14:02 553,472 –a—— C:\WINDOWS\system32\oleaut32.dll
    2007-01-08 14:02 55,936 –a—— C:\WINDOWS\system32\drivers\atmlane.sys
    2007-01-08 14:02 53,760 –a—— C:\WINDOWS\system32\drivers\i8042prt.sys
    2007-01-08 14:02 52,864 –a—— C:\WINDOWS\system32\drivers\dmusic.sys
    2007-01-08 14:02 51,328 –a—— C:\WINDOWS\system32\drivers\rasl2tp.sys
    2007-01-08 14:02 50,688 –a—— C:\WINDOWS\system32\smss.exe
    2007-01-08 14:02 5,632 –a—— C:\WINDOWS\system32\drivers\intelide.sys
    2007-01-08 14:02 5,376 –a—— C:\WINDOWS\system32\drivers\mspclock.sys
    2007-01-08 14:02 49,664 –a—— C:\WINDOWS\system32\drivers\classpnp.sys
    2007-01-08 14:02 49,536 –a—— C:\WINDOWS\system32\drivers\cdrom.sys
    2007-01-08 14:02 48,384 –a—— C:\WINDOWS\system32\drivers\raspptp.sys
    2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\tcpmonui.dll
    2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\drivers\p3.sys
    2007-01-08 14:02 453,120 –a—— C:\WINDOWS\system32\drivers\mrxsmb.sys
    2007-01-08 14:02 45,056 –a—— C:\WINDOWS\system32\ftp.exe
    2007-01-08 14:02 429,056 –a—— C:\WINDOWS\system32\samsrv.dll
    2007-01-08 14:02 420,864 –a—— C:\WINDOWS\system32\ntvdm.exe
    2007-01-08 14:02 42,240 –a—— C:\WINDOWS\system32\drivers\mountmgr.sys
    2007-01-08 14:02 41,856 –a—— C:\WINDOWS\system32\drivers\imapi.sys
    2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\perfctrs.dll
    2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\drivers\raspppoe.sys
    2007-01-08 14:02 41,088 –a—— C:\WINDOWS\system32\drivers\amdk6.sys
    2007-01-08 14:02 40,576 –a—— C:\WINDOWS\system32\drivers\crusoe.sys
    2007-01-08 14:02 40,448 –a—— C:\WINDOWS\system32\rshx32.dll
    2007-01-08 14:02 40,320 –a—— C:\WINDOWS\system32\drivers\nmnt.sys
    2007-01-08 14:02 4,992 –a—— C:\WINDOWS\system32\drivers\mspqm.sys
    2007-01-08 14:02 399,360 –a—— C:\WINDOWS\system32\cmd.exe
    2007-01-08 14:02 39,424 –a—— C:\WINDOWS\system32\drivers\processr.sys
    2007-01-08 14:02 36,352 –a—— C:\WINDOWS\system32\drivers\disk.sys
    2007-01-08 14:02 36,224 –a—— C:\WINDOWS\system32\drivers\hidclass.sys
    2007-01-08 14:02 35,072 –a—— C:\WINDOWS\system32\drivers\msgpc.sys
    2007-01-08 14:02 343,040 –a—— C:\WINDOWS\system32\localspl.dll
    2007-01-08 14:02 34,560 –a—— C:\WINDOWS\system32\drivers\netbios.sys
    2007-01-08 14:02 33,792 –a—— C:\WINDOWS\system32\msgsvc.dll
    2007-01-08 14:02 32,768 –a—— C:\WINDOWS\system32\csrsrv.dll
    2007-01-08 14:02 316,416 –a—— C:\WINDOWS\system32\untfs.dll
    2007-01-08 14:02 305,664 –a—— C:\WINDOWS\system32\ulib.dll
    2007-01-08 14:02 30,848 –a—— C:\WINDOWS\system32\drivers\npfs.sys
    2007-01-08 14:02 30,336 –a—— C:\WINDOWS\system32\drivers\modem.sys
    2007-01-08 14:02 281,088 –a—— C:\WINDOWS\system32\comdlg32.dll
    2007-01-08 14:02 27,392 –a—— C:\WINDOWS\system32\drivers\fdc.sys
    2007-01-08 14:02 25,216 –a—— C:\WINDOWS\system32\drivers\kbdclass.sys
    2007-01-08 14:02 25,088 –a—— C:\WINDOWS\system32\drivers\pciidex.sys
    2007-01-08 14:02 24,960 –a—— C:\WINDOWS\system32\drivers\hidparse.sys
    2007-01-08 14:02 24,576 –a—— C:\WINDOWS\system32\userinit.exe
    2007-01-08 14:02 236,544 –a—— C:\WINDOWS\system32\rasapi32.dll
    2007-01-08 14:02 23,552 –a—— C:\WINDOWS\system32\drivers\mouclass.sys
    2007-01-08 14:02 20,992 –a—— C:\WINDOWS\system32\drivers\ipinip.sys
    2007-01-08 14:02 20,480 –a—— C:\WINDOWS\system32\drivers\flpydisk.sys
    2007-01-08 14:02 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
    2007-01-08 14:02 196,864 –a—— C:\WINDOWS\system32\drivers\rdpdr.sys
    2007-01-08 14:02 19,072 –a—— C:\WINDOWS\system32\drivers\msfs.sys
    2007-01-08 14:02 188,544 –a—— C:\WINDOWS\system32\drivers\acpi.sys
    2007-01-08 14:02 182,912 –a—— C:\WINDOWS\system32\drivers\ndis.sys
    2007-01-08 14:02 181,248 –a—— C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-01-08 14:02 18,560 –a—— C:\WINDOWS\system32\drivers\i2omp.sys
    2007-01-08 14:02 174,592 –a—— C:\WINDOWS\system32\drivers\rdbss.sys
    2007-01-08 14:02 171,776 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
    2007-01-08 14:02 162,816 –a—— C:\WINDOWS\system32\drivers\netbt.sys
    2007-01-08 14:02 153,856 –a—— C:\WINDOWS\system32\drivers\dmio.sys
    2007-01-08 14:02 146,432 –a—— C:\WINDOWS\system32\nwprovau.dll
    2007-01-08 14:02 145,792 –a—— C:\WINDOWS\system32\drivers\portcls.sys
    2007-01-08 14:02 144,896 –a—— C:\WINDOWS\system32\schannel.dll
    2007-01-08 14:02 144,384 –a—— C:\WINDOWS\system32\imagehlp.dll
    2007-01-08 14:02 143,360 –a—— C:\WINDOWS\system32\drivers\fastfat.sys
    2007-01-08 14:02 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
    2007-01-08 14:02 142,336 –a—— C:\WINDOWS\system32\sessmgr.exe
    2007-01-08 14:02 140,928 –a—— C:\WINDOWS\system32\drivers\ks.sys
    2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\mgmtapi.dll
    2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-01-08 14:02 14,336 –a—— C:\WINDOWS\system32\drivers\asyncmac.sys
    2007-01-08 14:02 14,208 –a—— C:\WINDOWS\system32\drivers\diskdump.sys
    2007-01-08 14:02 139,528 –a—— C:\WINDOWS\system32\drivers\rdpwd.sys
    2007-01-08 14:02 138,496 –a—— C:\WINDOWS\system32\drivers\afd.sys
    2007-01-08 14:02 134,912 –a—— C:\WINDOWS\system32\drivers\ipnat.sys
    2007-01-08 14:02 132,096 –a—— C:\WINDOWS\system32\wkssvc.dll
    2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\savedump.exe
    2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\lmhsvc.dll
    2007-01-08 14:02 129,536 –a—— C:\WINDOWS\system32\msv1_0.dll
    2007-01-08 14:02 120,320 –a—— C:\WINDOWS\system32\drivers\pcmcia.sys
    2007-01-08 14:02 12,928 –a—— C:\WINDOWS\system32\drivers\ndisuio.sys
    2007-01-08 14:02 11,264 –a—— C:\WINDOWS\system32\drivers\irenum.sys
    2007-01-08 14:02 108,544 –a—— C:\WINDOWS\system32\services.exe
    2007-01-08 14:02 107,904 –a—— C:\WINDOWS\system32\drivers\mup.sys
    2007-01-08 14:02 102,400 –a—— C:\WINDOWS\system32\win32spl.dll
    2007-01-08 14:02 10,624 –a—— C:\WINDOWS\system32\drivers\gameenum.sys
    2007-01-08 14:02 1,839,616 –a—— C:\WINDOWS\system32\win32k.sys
    2007-01-08 14:01 96,256 –a—— C:\WINDOWS\system32\drivers\scsiport.sys
    2007-01-08 14:01 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
    2007-01-08 14:01 79,744 –a—— C:\WINDOWS\system32\drivers\videoprt.sys
    2007-01-08 14:01 73,472 –a—— C:\WINDOWS\system32\drivers\sr.sys
    2007-01-08 14:01 66,176 –a—— C:\WINDOWS\system32\drivers\udfs.sys
    2007-01-08 14:01 65,920 –a—— C:\WINDOWS\system32\drivers\serial.sys
    2007-01-08 14:01 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
    2007-01-08 14:01 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
    2007-01-08 14:01 57,600 –a—— C:\WINDOWS\system32\drivers\usbhub.sys
    2007-01-08 14:01 53,632 –a—— C:\WINDOWS\system32\drivers\volsnap.sys
    2007-01-08 14:01 5,376 –a—— C:\WINDOWS\system32\drivers\viaide.sys
    2007-01-08 14:01 48,640 –a—— C:\WINDOWS\system32\drivers\stream.sys
    2007-01-08 14:01 40,840 –a—— C:\WINDOWS\system32\drivers\termdd.sys
    2007-01-08 14:01 4,352 –a—— C:\WINDOWS\system32\drivers\swenum.sys
    2007-01-08 14:01 359,808 –a—— C:\WINDOWS\system32\drivers\tcpip.sys
    2007-01-08 14:01 34,560 –a—— C:\WINDOWS\system32\drivers\wanarp.sys
    2007-01-08 14:01 336,256 –a—— C:\WINDOWS\system32\drivers\srv.sys
    2007-01-08 14:01 31,616 –a—— C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-01-08 14:01 30,080 –a—— C:\WINDOWS\system32\drivers\rndismp.sys
    2007-01-08 14:01 25,472 –a—— C:\WINDOWS\system32\drivers\sonydcam.sys
    2007-01-08 14:01 223,616 –a—— C:\WINDOWS\system32\drivers\tcpip6.sys
    2007-01-08 14:01 21,896 –a—— C:\WINDOWS\system32\drivers\tdtcp.sys
    2007-01-08 14:01 209,408 –a—— C:\WINDOWS\system32\drivers\update.sys
    2007-01-08 14:01 20,992 –a—— C:\WINDOWS\system32\drivers\vga.sys
    2007-01-08 14:01 18,560 –a—— C:\WINDOWS\system32\drivers\tdi.sys
    2007-01-08 14:01 17,024 –a—— C:\WINDOWS\system32\drivers\usbohci.sys
    2007-01-08 14:01 16,000 –a—— C:\WINDOWS\system32\drivers\usbintel.sys
    2007-01-08 14:01 15,488 –a—— C:\WINDOWS\system32\drivers\serenum.sys
    2007-01-08 14:01 142,976 –a—— C:\WINDOWS\system32\drivers\usbport.sys
    2007-01-08 14:01 14,976 –a—— C:\WINDOWS\system32\drivers\tape.sys
    2007-01-08 14:01 12,672 –a—— C:\WINDOWS\system32\drivers\usb8023.sys
    2007-01-08 14:01 12,040 –a—— C:\WINDOWS\system32\drivers\tdpipe.sys
    2007-01-08 14:01 11,392 –a—— C:\WINDOWS\system32\drivers\sfloppy.sys
    2007-01-08 09:40 <DIR> d——– C:\WINDOWS\McAfee.com
    2007-01-08 08:38 493,440 –a—— C:\WINDOWS\system32\drivers\WlanBZ64.SYS
    2007-01-08 08:38 402,432 –a—— C:\WINDOWS\system32\drivers\WlanBZXP.sys
    2007-01-05 13:32 <DIR> d——– C:\Bdienst
    2007-01-05 12:53 50,176 ——— C:\WINDOWS\system32\xmlprovi.dll
    2007-01-05 12:53 129,536 ——— C:\WINDOWS\system32\xmlprov.dll
    2007-01-05 12:52 937,984 ——— C:\WINDOWS\system32\winbrand.dll
    2007-01-05 12:52 896,512 ——— C:\WINDOWS\system32\wmspdmoe.dll
    2007-01-05 12:52 81,408 ——— C:\WINDOWS\system32\wscsvc.dll
    2007-01-05 12:52 484,864 ——— C:\WINDOWS\system32\wmspdmod.dll
    2007-01-05 12:52 25,471 ——— C:\WINDOWS\system32\drivers\watv10nt.sys
    2007-01-05 12:52 233,472 ——— C:\WINDOWS\system32\wmpdxm.dll
    2007-01-05 12:52 22,271 ——— C:\WINDOWS\system32\drivers\watv06nt.sys
    2007-01-05 12:52 189,952 ——— C:\WINDOWS\system32\wmerror.dll
    2007-01-05 12:52 17,408 ——— C:\WINDOWS\system32\winshfhc.dll
    2007-01-05 12:52 151,552 ——— C:\WINDOWS\system32\wmidx.dll
    2007-01-05 12:52 13,824 ——— C:\WINDOWS\system32\wscntfy.exe
    2007-01-05 12:52 114,688 ——— C:\WINDOWS\system32\wmpasf.dll
    2007-01-05 12:52 11,935 ——— C:\WINDOWS\system32\drivers\wadv11nt.sys
    2007-01-05 12:52 11,871 ——— C:\WINDOWS\system32\drivers\wadv09nt.sys
    2007-01-05 12:52 11,807 ——— C:\WINDOWS\system32\drivers\wadv07nt.sys
    2007-01-05 12:52 11,295 ——— C:\WINDOWS\system32\drivers\wadv08nt.sys
    2007-01-05 12:52 108,032 ——— C:\WINDOWS\system32\wshbth.dll
    2007-01-05 12:52 1,119,744 ——— C:\WINDOWS\system32\wmsdmoe2.dll
    2007-01-05 12:52 1,001,472 ——— C:\WINDOWS\system32\wmvdmoe2.dll
    2007-01-05 12:51 78,464 ——— C:\WINDOWS\system32\drivers\usbvideo.sys
    2007-01-05 12:51 75,776 ——— C:\WINDOWS\system32\strmfilt.dll
    2007-01-05 12:51 44,672 ——— C:\WINDOWS\system32\drivers\uagp35.sys
    2007-01-05 12:51 44,032 ——— C:\WINDOWS\system32\twext.dll
    2007-01-05 12:51 26,624 ——— C:\WINDOWS\system32\drivers\usbehci.sys
    2007-01-05 12:51 21,504 ——— C:\WINDOWS\system32\spupdwxp.exe
    2007-01-05 12:51 2,962,432 ——— C:\WINDOWS\system32\xpsp2res.dll
    2007-01-05 12:51 196,096 ——— C:\WINDOWS\system32\xpsp1res.dll
    2007-01-05 12:51 15,872 ——— C:\WINDOWS\system32\w3ssl.dll
    2007-01-05 12:51 13,568 ——— C:\WINDOWS\system32\drivers\wacompen.sys
    2007-01-05 12:51 12,672 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-01-05 12:51 12,416 ——— C:\WINDOWS\system32\drivers\tunmp.sys
    2007-01-05 12:51 11,776 ——— C:\WINDOWS\system32\spnpinst.exe
    2007-01-05 12:51 11,325 ——— C:\WINDOWS\system32\drivers\vchnt5.dll
    2007-01-05 12:50 9,728 ——— C:\WINDOWS\system32\proxycfg.exe
    2007-01-05 12:50 88,064 ——— C:\WINDOWS\system32\p2pnetsh.dll
    2007-01-05 12:50 86,016 ——— C:\WINDOWS\system32\p2pgasvc.dll
    2007-01-05 12:50 8,192 ——— C:\WINDOWS\system32\smbinst.exe
    2007-01-05 12:50 73,832 ——— C:\WINDOWS\system32\slcoinst.dll
    2007-01-05 12:50 67,584 ——— C:\WINDOWS\system32\drivers\sdbus.sys
    2007-01-05 12:50 6,016 ——— C:\WINDOWS\system32\drivers\smbali.sys
    2007-01-05 12:50 59,648 ——— C:\WINDOWS\system32\drivers\rfcomm.sys
    2007-01-05 12:50 526,848 ——— C:\WINDOWS\system32\p2psvc.dll
    2007-01-05 12:50 49,152 ——— C:\WINDOWS\system32\powercfg.exe
    2007-01-05 12:50 48,640 ——— C:\WINDOWS\system32\pnrpnsp.dll
    2007-01-05 12:50 397,056 ——— C:\WINDOWS\system32\s3gnb.dll
    2007-01-05 12:50 32,866 ——— C:\WINDOWS\system32\slrundll.exe
    2007-01-05 12:50 32,866 ——— C:\WINDOWS\slrundll.exe
    2007-01-05 12:50 312,320 ——— C:\WINDOWS\system32\p2pgraph.dll
    2007-01-05 12:50 30,080 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-01-05 12:50 3,901 ——— C:\WINDOWS\system32\drivers\siint5.dll
    2007-01-05 12:50 29,184 ——— C:\WINDOWS\system32\sdhcinst.dll
    2007-01-05 12:50 270,848 ——— C:\WINDOWS\system32\sbe.dll
    2007-01-05 12:50 188,508 ——— C:\WINDOWS\system32\slgen.dll
    2007-01-05 12:50 166,912 ——— C:\WINDOWS\system32\drivers\s3gnbm.sys
    2007-01-05 12:50 159,232 ——— C:\WINDOWS\system32\sbeio.dll
    2007-01-05 12:50 13,776 ——— C:\WINDOWS\system32\drivers\recagent.sys
    2007-01-05 12:50 129,535 ——— C:\WINDOWS\system32\drivers\slnt7554.sys
    2007-01-05 12:50 116,224 ——— C:\WINDOWS\system32\p2p.dll
    2007-01-05 12:50 11,136 ——— C:\WINDOWS\system32\drivers\sffdisk.sys
    2007-01-05 12:50 10,240 ——— C:\WINDOWS\system32\drivers\sffp_sd.sys
    2007-01-05 12:49 52,736 ——— C:\WINDOWS\system32\mspmsnsv.dll
    2007-01-05 12:49 452,736 ——— C:\WINDOWS\system32\drivers\mtxparhm.sys
    2007-01-05 12:49 4,274,816 ——— C:\WINDOWS\system32\nv4_disp.dll
    2007-01-05 12:49 15,488 ——— C:\WINDOWS\system32\drivers\mssmbios.sys
    2007-01-05 12:49 134,656 ——— C:\WINDOWS\system32\mssap.dll
    2007-01-05 12:49 12,672 ——— C:\WINDOWS\system32\drivers\mutohpen.sys
    2007-01-05 12:49 1,897,408 ——— C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-01-05 12:49 1,737,856 ——— C:\WINDOWS\system32\mtxparhd.dll
    2007-01-05 12:48 537,088 ——— C:\WINDOWS\system32\msftedit.dll
    2007-01-05 12:48 384,512 ——— C:\WINDOWS\system32\mp4sdmod.dll
    2007-01-05 12:48 310,272 ——— C:\WINDOWS\system32\mp43dmod.dll
    2007-01-05 12:48 118,784 ——— C:\WINDOWS\system32\msdadiag.dll
    2007-01-05 12:47 86,016 ——— C:\WINDOWS\system32\mdmxsdk.dll
    2007-01-05 12:47 61,440 ——— C:\WINDOWS\system32\logman.exe
    2007-01-05 12:47 11,868 ——— C:\WINDOWS\system32\drivers\mdmxsdk.sys
    2007-01-05 12:46 81,920 ——— C:\WINDOWS\system32\ieencode.dll
    2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsno.dll
    2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsfi.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdukx.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdno1.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdfi1.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\hccoin.dll
    2007-01-05 12:46 685,056 ——— C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2007-01-05 12:46 60,416 ——— C:\WINDOWS\system32\fwcfg.dll
    2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinmal.dll
    2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinben.dll
    2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt48.dll
    2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt47.dll
    2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdinbe1.dll
    2007-01-05 12:46 5,632 ——— C:\WINDOWS\system32\kbdmaori.dll
    2007-01-05 12:46 46,464 ——— C:\WINDOWS\system32\drivers\gagp30kx.sys
    2007-01-05 12:46 40,192 ——— C:\WINDOWS\system32\drivers\intelppm.sys
    2007-01-05 12:46 32,285 ——— C:\WINDOWS\system32\hsfcisp2.dll
    2007-01-05 12:46 29,056 ——— C:\WINDOWS\system32\drivers\ip6fw.sys
    2007-01-05 12:46 262,784 ——— C:\WINDOWS\system32\drivers\http.sys
    2007-01-05 12:46 25,728 ——— C:\WINDOWS\system32\drivers\hidbth.sys
    2007-01-05 12:46 24,576 ——— C:\WINDOWS\system32\httpapi.dll
    2007-01-05 12:46 220,032 ——— C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2007-01-05 12:46 22,528 ——— C:\WINDOWS\system32\fltmc.exe
    2007-01-05 12:46 20,992 ——— C:\WINDOWS\system32\faxpatch.exe
    2007-01-05 12:46 193,024 ——— C:\WINDOWS\system32\fsquirt.exe
    2007-01-05 12:46 16,896 ——— C:\WINDOWS\system32\fltlib.dll
    2007-01-05 12:46 15,104 ——— C:\WINDOWS\system32\drivers\hidir.sys
    2007-01-05 12:46 124,800 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
    2007-01-05 12:46 1,041,536 ——— C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2007-01-05 12:45 71,680 ——— C:\WINDOWS\system32\blastcln.exe
    2007-01-05 12:45 50,688 ——— C:\WINDOWS\system32\btpanui.dll
    2007-01-05 12:45 4,096 ——— C:\WINDOWS\system32\dsprpres.dll
    2007-01-05 12:45 38,016 ——— C:\WINDOWS\system32\drivers\bthmodem.sys
    2007-01-05 12:45 35,456 ——— C:\WINDOWS\system32\drivers\bthprint.sys
    2007-01-05 12:45 30,208 ——— C:\WINDOWS\system32\bthserv.dll
    2007-01-05 12:45 274,816 ——— C:\WINDOWS\system32\drivers\bthport.sys
    2007-01-05 12:45 25,471 ——— C:\WINDOWS\system32\drivers\atv04nt5.dll
    2007-01-05 12:45 20,992 ——— C:\WINDOWS\system32\bthci.dll
    2007-01-05 12:45 20,480 ——— C:\WINDOWS\system32\encapi.dll
    2007-01-05 12:45 2,113,536 ——— C:\WINDOWS\system32\dxdiagn.dll
    2007-01-05 12:45 186,368 ——— C:\WINDOWS\system32\encdec.dll
    2007-01-05 12:45 18,944 ——— C:\WINDOWS\system32\drivers\bthusb.sys
    2007-01-05 12:45 17,279 ——— C:\WINDOWS\system32\drivers\atv10nt5.dll
    2007-01-05 12:45 17,024 ——— C:\WINDOWS\system32\drivers\bthenum.sys
    2007-01-05 12:45 15,423 ——— C:\WINDOWS\system32\drivers\ch7xxnt5.dll
    2007-01-05 12:45 14,336 ——— C:\WINDOWS\system32\auditusr.exe
    2007-01-05 12:45 14,143 ——— C:\WINDOWS\system32\drivers\atv06nt5.dll
    2007-01-05 12:45 13,824 ——— C:\WINDOWS\system32\cmsetacl.dll
    2007-01-05 12:45 100,992 ——— C:\WINDOWS\system32\drivers\bthpan.sys
    2007-01-05 12:45 1,689,088 ——— C:\WINDOWS\system32\d3d9.dll
    2007-01-05 12:44 870,784 ——— C:\WINDOWS\system32\ati3d1ag.dll
    2007-01-05 12:44 73,216 ——— C:\WINDOWS\system32\drivers\atintuxx.sys
    2007-01-05 12:44 701,440 ——— C:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-01-05 12:44 63,663 ——— C:\WINDOWS\system32\drivers\ati1rvxx.sys
    2007-01-05 12:44 63,488 ——— C:\WINDOWS\system32\drivers\atinxsxx.sys
    2007-01-05 12:44 57,856 ——— C:\WINDOWS\system32\drivers\atinbtxx.sys
    2007-01-05 12:44 56,623 ——— C:\WINDOWS\system32\drivers\ati1btxx.sys
    2007-01-05 12:44 52,224 ——— C:\WINDOWS\system32\drivers\atinraxx.sys
    2007-01-05 12:44 516,768 ——— C:\WINDOWS\system32\ativvaxx.dll
    2007-01-05 12:44 41,472 ——— C:\WINDOWS\system32\drivers\amdk7.sys
    2007-01-05 12:44 4,255 ——— C:\WINDOWS\system32\drivers\adv01nt5.dll
    2007-01-05 12:44 377,984 ——— C:\WINDOWS\system32\ati2dvaa.dll
    2007-01-05 12:44 36,463 ——— C:\WINDOWS\system32\drivers\ati1tuxx.sys
    2007-01-05 12:44 34,735 ——— C:\WINDOWS\system32\drivers\ati1xsxx.sys
    2007-01-05 12:44 327,168 ——— C:\WINDOWS\system32\drivers\ati2mtaa.sys
    2007-01-05 12:44 32,768 ——— C:\WINDOWS\system32\ativtmxx.dll
    2007-01-05 12:44 31,744 ——— C:\WINDOWS\system32\drivers\atinxbxx.sys
    2007-01-05 12:44 30,671 ——— C:\WINDOWS\system32\drivers\ati1raxx.sys
    2007-01-05 12:44 3,967 ——— C:\WINDOWS\system32\drivers\adv02nt5.dll
    2007-01-05 12:44 3,775 ——— C:\WINDOWS\system32\drivers\adv11nt5.dll
    2007-01-05 12:44 3,711 ——— C:\WINDOWS\system32\drivers\adv09nt5.dll
    2007-01-05 12:44 3,647 ——— C:\WINDOWS\system32\drivers\adv07nt5.dll
    2007-01-05 12:44 3,615 ——— C:\WINDOWS\system32\drivers\adv05nt5.dll
    2007-01-05 12:44 3,135 ——— C:\WINDOWS\system32\drivers\adv08nt5.dll
    2007-01-05 12:44 29,455 ——— C:\WINDOWS\system32\drivers\ati1xbxx.sys
    2007-01-05 12:44 28,672 ——— C:\WINDOWS\system32\drivers\atinsnxx.sys
    2007-01-05 12:44 26,367 ——— C:\WINDOWS\system32\drivers\ati1snxx.sys
    2007-01-05 12:44 229,376 ——— C:\WINDOWS\system32\ati2cqag.dll
    2007-01-05 12:44 21,343 ——— C:\WINDOWS\system32\drivers\ati1ttxx.sys
    2007-01-05 12:44 21,183 ——— C:\WINDOWS\system32\drivers\atv01nt5.dll
    2007-01-05 12:44 201,728 ——— C:\WINDOWS\system32\ati2dvag.dll
    2007-01-05 12:44 14,336 ——— C:\WINDOWS\system32\drivers\atinpdxx.sys
    2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinttxx.sys
    2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinmdxx.sys
    2007-01-05 12:44 12,047 ——— C:\WINDOWS\system32\drivers\ati1pdxx.sys
    2007-01-05 12:44 11,615 ——— C:\WINDOWS\system32\drivers\ati1mdxx.sys
    2007-01-05 12:44 11,359 ——— C:\WINDOWS\system32\drivers\atv02nt5.dll
    2007-01-05 12:44 104,960 ——— C:\WINDOWS\system32\drivers\atinrvxx.sys
    2007-01-05 12:44 1,888,992 ——— C:\WINDOWS\system32\ati3duag.dll
    2007-01-05 10:59 178,408 –a—— C:\WINDOWS\system32\muweb.dll
    2007-01-05 10:59 128,232 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-01-04 14:49 <DIR> d——– C:\DOCUME~1\LAURAM~1\Contacts
    2007-01-04 14:48 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
    2007-01-04 14:47 <DIR> d——– C:\Program Files\Windows Live Toolbar
    2007-01-04 14:45 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
    2006-12-29 16:59 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\AdobeUM
    2006-12-29 16:43 <DIR> d——– C:\Program Files\Mozilla Firefox
    2006-12-29 16:42 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2006-12-29 16:38 2,560 ——— C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-12-29 16:38 2,432 ——— C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-12-29 16:38 <DIR> d——– C:\Program Files\Picasa2
    2006-12-29 16:38 <DIR> d——– C:\Program Files\Lavasoft
    2006-12-29 14:07 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Google
    2006-12-29 14:01 <DIR> d——– C:\Program Files\Google
    2006-12-29 14:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Google
    2006-12-25 11:01 <DIR> d——– C:\WINDOWS\EHome
    2006-12-19 17:39 956,416 –a—— C:\WINDOWS\system32\msdtctm.dll
    2006-12-19 17:39 91,136 –a—— C:\WINDOWS\system32\mtxoci.dll
    2006-12-19 17:39 66,560 –a—— C:\WINDOWS\system32\mtxclu.dll
    2006-12-19 17:39 628,224 –a—— C:\WINDOWS\system32\catsrvut(2).dll
    2006-12-19 17:39 625,152 –a—— C:\WINDOWS\system32\catsrvut.dll
    2006-12-19 17:39 62,464 –a—— C:\WINDOWS\system32\colbact(3).dll
    2006-12-19 17:39 60,416 –a—— C:\WINDOWS\system32\colbact.dll
    2006-12-19 17:39 581,120 –a—— C:\WINDOWS\system32\rpcrt4.dll
    2006-12-19 17:39 540,160 –a—— C:\WINDOWS\system32\comuid.dll
    2006-12-19 17:39 426,496 –a—— C:\WINDOWS\system32\msdtcprx.dll
    2006-12-19 17:39 397,824 –a—— C:\WINDOWS\system32\rpcss.dll
    2006-12-19 17:39 395,776 –a—— C:\WINDOWS\system32\rpcss(3).dll
    2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es.dll
    2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es(3).dll
    2006-12-19 17:39 229,888 –a—— C:\WINDOWS\system32\catsrv(2).dll
    2006-12-19 17:39 225,792 –a—— C:\WINDOWS\system32\catsrv.dll
    2006-12-19 17:39 161,280 –a—— C:\WINDOWS\system32\msdtcuiu.dll
    2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex.dll
    2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex(2).dll
    2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog.dll
    2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog(2).dll
    2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32.dll
    2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32(3).dll
    2006-12-19 17:39 1,267,200 –a—— C:\WINDOWS\system32\comsvcs.dll
    2006-12-19 17:38 77,312 –a—— C:\WINDOWS\system32\browser.dll
    2006-12-19 17:38 614,912 –a—— C:\WINDOWS\system32\h323msp.dll
    2006-12-19 17:38 39,936 –a—— C:\WINDOWS\system32\mf3216.dll
    2006-12-19 17:37 332,288 –a—— C:\WINDOWS\system32\ipnathlp.dll
    2006-12-19 17:25 46,352 –a—— C:\WINDOWS\setdebug.exe
    2006-12-19 17:25 313,856 –a—— C:\WINDOWS\system32\dx3j.dll
    2006-12-19 17:25 171,280 –a—— C:\WINDOWS\system32\jit.dll
    2006-12-19 17:25 139,536 –a—— C:\WINDOWS\system32\javaee.dll
    2006-12-19 17:24 947,472 –a—— C:\WINDOWS\system32\msjava.dll
    2006-12-19 17:24 63,248 –a—— C:\WINDOWS\system32\javaprxy.dll
    2006-12-19 17:24 49,424 –a—— C:\WINDOWS\system32\clspack.exe
    2006-12-19 17:24 404,752 –a—— C:\WINDOWS\system32\javart.dll
    2006-12-19 17:24 286,992 –a—— C:\WINDOWS\system32\vmhelper.dll
    2006-12-19 17:24 21,264 –a—— C:\WINDOWS\system32\msjdbc10.dll
    2006-12-19 17:24 187,152 –a—— C:\WINDOWS\system32\javacypt.dll
    2006-12-19 17:24 172,304 –a—— C:\WINDOWS\system32\jview.exe
    2006-12-19 17:24 171,792 –a—— C:\WINDOWS\system32\wjview.exe
    2006-12-19 17:24 154,384 –a—— C:\WINDOWS\system32\msawt.dll
    2006-12-19 17:24 15,120 –a—— C:\WINDOWS\system32\jdbgmgr.exe
    2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedon.reg
    2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedoff.reg
    2006-12-19 17:15 241,152 –a—— C:\WINDOWS\system32\srrstr.dll
    2006-12-19 16:54 26,112 –a—— C:\WINDOWS\system32\xpsp1hfm.exe
    2006-12-19 16:54 <DIR> d–h-c— C:\WINDOWS\$xpsp1hfm$
    2006-12-18 10:59 <DIR> d—s—- C:\DOCUME~1\LAURAM~1\UserData


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-12 13:36 ——– d——– C:\Program Files\messenger
    2007-01-11 21:02 ——– d——– C:\Program Files\movie maker
    2007-01-11 20:58 ——– d——– C:\Program Files\windows nt
    2007-01-11 18:52 ——– d—s—- C:\DOCUME~1\LAURAM~1\Application Data\microsoft
    2007-01-11 17:30 ——– d——– C:\Program Files\hp
    2007-01-11 11:50 ——– d——– C:\Program Files\pedevice
    2007-01-11 11:50 ——– d——– C:\Program Files\Common Files\companion wizard
    2007-01-11 10:42 ——– d—s—- C:\Program Files\Common Files\teknum systems
    2007-01-11 08:13 ——– d–h—– C:\Program Files\installshield installation information
    2007-01-09 09:00 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\mozilla
    2007-01-08 16:18 69682 –a—— C:\WINDOWS\system32\lzx32.sys
    2007-01-08 15:02 ——– d——– C:\Program Files\msn messenger
    2007-01-04 14:17 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\adobe
    2006-12-31 13:15 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\msn6
    2006-12-06 15:53 ——– d–h—– C:\Program Files\windowsupdate
    2006-12-02 18:27 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\drivecleaner 2006 free
    2006-11-27 18:16 0 -rahs—- C:\MSDOS.SYS
    2006-11-27 18:16 0 -rahs—- C:\IO.SYS
    2006-11-16 17:39 ——– d——– C:\Program Files\Common Files\adobe
    2006-11-14 19:40 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\help
    2006-11-14 10:15 ——– d——– C:\Program Files\microsoft.net
    2006-11-13 12:42 90112 -ra—— C:\WINDOWS\bwunin-6.1.0.145l.exe
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "Uniblue SpyEraser"="\"C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe\" -m"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
    "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
    6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MMKeybd"
    "hkey"="HKLM"
    "command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivSurf]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="backweb-4448364"
    "hkey"="HKLM"
    "command"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cleanall"
    "hkey"="HKLM"
    "command"="c:\\apps\\easydvd\\cleanall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dc6_startupmon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EM_EXEC"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ers_startupmon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igomnu"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Orange\\GLOBAL\\Mnu\\igomnu.exe /S:T"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="udcpas"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon Personal Firewall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PFWall"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Orange\\PC Firewall\\PFWall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="udcsdr"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="khooker"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\khooker.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="vcsplay"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pdwpamt"
    "hkey"="HKLM"
    "command"="C:\\pdwpamt.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    C:\WINDOWS\tasks\Herinnering voor registratie 1.job
    C:\WINDOWS\tasks\Herinnering voor registratie 2.job
    C:\WINDOWS\tasks\Herinnering voor registratie 3.job
    C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - laura melchior.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    Completion time: 07-01-14 19:43:18


    Logfile of HijackThis v1.99.1
    Scan saved at 9:41:14 AM, on 1/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\laura melchior\Mijn documenten\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
  • Avenger is een link programma om zo maar te gebruiken, die kan je pc grondig vernielen bij verkeerd gebruik.

    Nietemin zal het inderdaad die rootkit geweest zijn en had ik ook avenger laten gebruiken. Ik zal straks je logje beoordelen. Momentje geduld aub.
  • Ok, heb Avenger gebruikt zoals aangeraden op dit forum voor iemand die vergelijkbare problemen had.
    Vindt trouwens nu wel een map op het bureaublad %SystenDrive% die naar Documents and Settings gaat. Het ziet er niet uit als een shortcut dus ik durf hem niet te verwijderen. Enig idee hoe hij daar komt en wat zal ik er mee doen?
  • Download en installeer CCleaner
    (De CCLeaner Yahoo Toolbar is niet nodig)
    Nog niet gebruiken.

    Download SDFix en klik op "uitvoeren".
    Versie 1.40 en hoger zal de uitgepakte SDFix map automatisch naar je systeemdrive verplaatsen (waarschijnlijk: C:\SDFix).

    Herstart de pc in de veilige modus.
    Safe mode for Windows XP
    Herstart de computer
    Zodra uw computer klaar is met het laden van de BIOS (zwarte scherm en witte letters, of een ander beginscherm)en vlak voordat Windows wordt geladen
    Tap op de F8-toets (of de F5)-toets totdat u in het Windows option-menu terechtkomt
    Kies hier voor opstarten in veilige modus (Safe mode) door het gebruik van de pijltjestoetsen en daarna Enter


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:6d28c87f04]
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    [/b:6d28c87f04]
    Klik op 'Fix checked' om de items te verwijderen.



    Ga met de verkenner zoeken naar
    C:\[b:6d28c87f04]qoobox[/b:6d28c87f04] en verwijder dit (dikgedrukt)
    Dubbelklik de map SDFix en dubbelklik op RunThis.bat om het script te starten.
    Typ Y en klik enter om het schoonmaakproces te starten.
    Er zullen Trojan Services en/of Registry Entries worden verwijderd als ze worden gevonden en je zult een toets voor herstart moeten indrukken.
    De computer zal dan herstarten; dit duurt langer dan gewoonlijk.
    De Fixtool zal opnieuw gaan werken en het verwijderingproces vervolgen, dan wordt Finished, getoond, wacht geduldig af totdat je weer een toets moeten indrukken om het script te beëindigen en je bureaubladiconen weer te laden.
    Zodra je bureaublad weer normaal is zal het SDFix report openen en ook te vinden zijn in de SDFix folder als Report.txt.
    Copy/paste de inhoud van dit report Report.txt in je volgende antwoord hier samen met een nieuw HijackThis log (aan het einde )


    Start Ccleaner.
    Ccleaner biedt je de mogelijkheid om in te stellen wat er opgeschoond moet worden.
    Selecteer nu alleen de volgende items:
    Internet Explorer:
    - Tijdelijke Internet bestanden
    Systeem:
    - Prullenbak leegmaken
    - Tijdelijke bestanden
    klik nu in Ccleaner op [b:6d28c87f04]opschonen[/b:6d28c87f04] (rechts onderaan).
    - Klik ook op het icoon problemen oplossen, en doe de scan, maak wel een backupmapje aan.

    Run nogmaals de combofix en bewaar het logje aub.

    Mag ik nu dus zien.

    Het rapport van SDFix
    Een nieuw HJT logje
    En het nieuwe combofix logje.

    Juisterr
  • Hierbij alle logjes. Moest SDFIX ook in veilige modus runnen volgens het startup screen. Eerste impressie van runnen in nomale mode lijkt goed!

    SDFix: Version 1.57

    Mon 01/15/2007 - 12:05:02.68

    Microsoft Windows XP [versie 5.1.2600]

    Running From: C:\SDFix

    Safe Mode

    Service Check:

    Service Name:

    MsaSvc

    File Path:

    C:\WINDOWS\System32\msasvc.exe

    MsaSvc Deleted


    Starting Registry Repairs

    Restoring Default Hosts File…

    Stage One Complete

    Rebooting…

    Stage Two - Normal Mode

    Checking Files:
    ————–

    C:\WINDOWS\system32\lzx32.sys

    Removing any Files Found…

    Alternate Stream Check:

    C:\WINDOWS\system32
    No streams found.

    Final Check:

    Remaining Services:
    ——————


    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\pdwpamt.exe"="C:\\pdwpamt.exe:*:Enabled:Server"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "c:\\pdwpamt.exe"="C:\\pdwpamt.exe:*:Enabled:Server"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


    Remaining Files:
    —————

    Backups Folder: - C:\SDFix\backups\backups.zip

    Remaining files with hidden attributes:

    C:\NTDETECT.COM
    C:\WINDOWS\Downloaded Program Files\instwact.dll
    C:\QooBox\Purity\WINDOWS\system32\ASKS~1\?hkntfs.exe
    C:\WINDOWS\system32\cdplayer.exe.manifest
    C:\WINDOWS\system32\logonui.exe.manifest
    C:\hiberfil.sys
    C:\IO.SYS
    C:\MSDOS.SYS
    C:\pagefile.sys
    C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL0005.tmp
    C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL1316.tmp
    C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL1950.tmp
    C:\Documents and Settings\laura melchior\Mijn documenten\LINDA\documenten\pws keizersnede\~WRL2983.tmp
    C:\Program Files\Google\Google Desktop Search\BITF.tmp

    Finished
    "laura melchior" - 07-01-15 12:29:16 Service Pack 2
    ComboFix 07-01-14.2 - Running from: "C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners"

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-15 to 2007-01-15 ))))))))))))))))))))))))))))))))))


    2007-01-15 12:21 <DIR> d——– C:\Program Files\CCleaner
    2007-01-15 11:55 <DIR> d——– C:\SDFix
    2007-01-15 10:53 <DIR> d——– C:\WINDOWS\WBEM
    2007-01-15 10:53 <DIR> d——– C:\WINDOWS\system32\nl-nl
    2007-01-15 10:51 <DIR> d–h-c— C:\WINDOWS\ie7
    2007-01-15 10:48 121,856 ——— C:\WINDOWS\system32\xmllite.dll
    2007-01-15 10:47 <DIR> d——– C:\WINDOWS\network diagnostic
    2007-01-15 09:16 <DIR> d——– C:\WINDOWS\WLTB Custom Button Feeds
    2007-01-15 08:30 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
    2007-01-14 22:06 <DIR> d——– C:\Program Files\Windows Live Toolbar
    2007-01-14 21:12 <DIR> d——– C:\Program Files\MSXML 4.0
    2007-01-14 21:12 <DIR> d——– C:\8ab258aa4aec885576b648
    2007-01-14 11:05 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Uniblue
    2007-01-11 20:56 <DIR> d——– C:\WINDOWS\ServicePackFiles
    2007-01-11 19:36 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2007-01-11 19:36 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Symantec
    2007-01-11 18:00 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
    2007-01-11 17:28 82,432 -ra—— C:\WINDOWS\system32\MSXML4r.dll
    2007-01-11 15:46 <DIR> dr-h—– C:\DOCUME~1\LAURAM~1\Onlangs geopend
    2007-01-11 15:19 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
    2007-01-11 12:32 <DIR> dr-h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Mijn documenten
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Favorieten
    2007-01-11 12:32 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Bureaublad
    2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
    2007-01-11 12:32 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\WINDOWS
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\InterTrust
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\AVG7
    2007-01-11 12:32 <DIR> d——– C:\DOCUME~1\ADMINI~1\Application Data\Adobe
    2007-01-11 10:16 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-11 08:58 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Lavasoft
    2007-01-11 07:43 <DIR> d——– C:\WINDOWS\pss
    2007-01-10 21:43 <DIR> d——– C:\Program Files\Yahoo!
    2007-01-09 08:32 <DIR> d–h—– C:\WINDOWS\$hf_mig$
    2007-01-09 08:32 <DIR> d——– C:\WINDOWS\system32\PreInstall
    2007-01-08 14:50 <DIR> d——– C:\DOCUME~1\LOCALS~1\Menu Start
    2007-01-08 14:47 <DIR> d——– C:\WINDOWS\Prefetch
    2007-01-08 14:20 <DIR> d——– C:\WINDOWS\provisioning
    2007-01-08 14:20 <DIR> d——– C:\WINDOWS\peernet
    2007-01-08 14:08 22,752 –a—— C:\WINDOWS\system32\spupdsvc.exe
    2007-01-08 14:02 999,936 –a—— C:\WINDOWS\system32\setupapi.dll
    2007-01-08 14:02 993,280 –a—— C:\WINDOWS\system32\syssetup.dll
    2007-01-08 14:02 98,304 –a—— C:\WINDOWS\system32\scardsvr.exe
    2007-01-08 14:02 96,768 –a—— C:\WINDOWS\system32\srvsvc.dll
    2007-01-08 14:02 95,360 –a—— C:\WINDOWS\system32\drivers\atapi.sys
    2007-01-08 14:02 92,160 –a—— C:\WINDOWS\system32\ntprint.dll
    2007-01-08 14:02 92,032 –a—— C:\WINDOWS\system32\drivers\ksecdd.sys
    2007-01-08 14:02 91,776 –a—— C:\WINDOWS\system32\drivers\ndiswan.sys
    2007-01-08 14:02 89,088 –a—— C:\WINDOWS\system32\rasauto.dll
    2007-01-08 14:02 88,448 –a—— C:\WINDOWS\system32\drivers\nwlnkipx.sys
    2007-01-08 14:02 800,000 –a—— C:\WINDOWS\system32\drivers\dmboot.sys
    2007-01-08 14:02 80,384 –a—— C:\WINDOWS\system32\drivers\parport.sys
    2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\ntlsapi.dll
    2007-01-08 14:02 8,192 –a—— C:\WINDOWS\system32\drivers\i2omgmt.sys
    2007-01-08 14:02 76,800 –a—— C:\WINDOWS\system32\nslookup.exe
    2007-01-08 14:02 75,264 –a—— C:\WINDOWS\system32\locator.exe
    2007-01-08 14:02 74,752 –a—— C:\WINDOWS\system32\drivers\ipsec.sys
    2007-01-08 14:02 729,088 –a—— C:\WINDOWS\system32\ntdll.dll
    2007-01-08 14:02 727,040 –a—— C:\WINDOWS\system32\lsasrv.dll
    2007-01-08 14:02 71,552 –a—— C:\WINDOWS\system32\drivers\bridge.sys
    2007-01-08 14:02 71,040 –a—— C:\WINDOWS\system32\drivers\dxg.sys
    2007-01-08 14:02 7,552 –a—— C:\WINDOWS\system32\drivers\mskssrv.sys
    2007-01-08 14:02 69,120 –a—— C:\WINDOWS\system32\drivers\psched.sys
    2007-01-08 14:02 684,032 –a—— C:\WINDOWS\system32\advapi32.dll
    2007-01-08 14:02 68,224 –a—— C:\WINDOWS\system32\drivers\pci.sys
    2007-01-08 14:02 676,864 –a—— C:\WINDOWS\system32\rasdlg.dll
    2007-01-08 14:02 64,000 –a—— C:\WINDOWS\system32\samlib.dll
    2007-01-08 14:02 632,832 –a—— C:\WINDOWS\system32\autoconv.exe
    2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\mf.sys
    2007-01-08 14:02 63,744 –a—— C:\WINDOWS\system32\drivers\cdfs.sys
    2007-01-08 14:02 619,008 –a—— C:\WINDOWS\system32\autochk.exe
    2007-01-08 14:02 617,472 –a—— C:\WINDOWS\system32\comctl32.dll
    2007-01-08 14:02 61,824 –a—— C:\WINDOWS\system32\drivers\nic1394.sys
    2007-01-08 14:02 61,440 –a—— C:\WINDOWS\system32\rasman.dll
    2007-01-08 14:02 60,800 –a—— C:\WINDOWS\system32\drivers\arp1394.sys
    2007-01-08 14:02 60,288 –a—— C:\WINDOWS\system32\drivers\drmk.sys
    2007-01-08 14:02 59,904 –a—— C:\WINDOWS\system32\drivers\atmarpc.sys
    2007-01-08 14:02 58,880 –a—— C:\WINDOWS\system32\rastapi.dll
    2007-01-08 14:02 574,592 –a—— C:\WINDOWS\system32\drivers\ntfs.sys
    2007-01-08 14:02 572,928 –a—— C:\WINDOWS\system32\printui.dll
    2007-01-08 14:02 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
    2007-01-08 14:02 553,472 –a—— C:\WINDOWS\system32\oleaut32.dll
    2007-01-08 14:02 55,936 –a—— C:\WINDOWS\system32\drivers\atmlane.sys
    2007-01-08 14:02 53,760 –a—— C:\WINDOWS\system32\drivers\i8042prt.sys
    2007-01-08 14:02 52,864 –a—— C:\WINDOWS\system32\drivers\dmusic.sys
    2007-01-08 14:02 51,328 –a—— C:\WINDOWS\system32\drivers\rasl2tp.sys
    2007-01-08 14:02 50,688 –a—— C:\WINDOWS\system32\smss.exe
    2007-01-08 14:02 5,632 –a—— C:\WINDOWS\system32\drivers\intelide.sys
    2007-01-08 14:02 5,376 –a—— C:\WINDOWS\system32\drivers\mspclock.sys
    2007-01-08 14:02 49,664 –a—— C:\WINDOWS\system32\drivers\classpnp.sys
    2007-01-08 14:02 49,536 –a—— C:\WINDOWS\system32\drivers\cdrom.sys
    2007-01-08 14:02 48,384 –a—— C:\WINDOWS\system32\drivers\raspptp.sys
    2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\tcpmonui.dll
    2007-01-08 14:02 46,592 –a—— C:\WINDOWS\system32\drivers\p3.sys
    2007-01-08 14:02 453,120 –a—— C:\WINDOWS\system32\drivers\mrxsmb.sys
    2007-01-08 14:02 45,056 –a—— C:\WINDOWS\system32\ftp.exe
    2007-01-08 14:02 429,056 –a—— C:\WINDOWS\system32\samsrv.dll
    2007-01-08 14:02 420,864 –a—— C:\WINDOWS\system32\ntvdm.exe
    2007-01-08 14:02 42,240 –a—— C:\WINDOWS\system32\drivers\mountmgr.sys
    2007-01-08 14:02 41,856 –a—— C:\WINDOWS\system32\drivers\imapi.sys
    2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\perfctrs.dll
    2007-01-08 14:02 41,472 –a—— C:\WINDOWS\system32\drivers\raspppoe.sys
    2007-01-08 14:02 41,088 –a—— C:\WINDOWS\system32\drivers\amdk6.sys
    2007-01-08 14:02 40,576 –a—— C:\WINDOWS\system32\drivers\crusoe.sys
    2007-01-08 14:02 40,448 –a—— C:\WINDOWS\system32\rshx32.dll
    2007-01-08 14:02 40,320 –a—— C:\WINDOWS\system32\drivers\nmnt.sys
    2007-01-08 14:02 4,992 –a—— C:\WINDOWS\system32\drivers\mspqm.sys
    2007-01-08 14:02 399,360 –a—— C:\WINDOWS\system32\cmd.exe
    2007-01-08 14:02 39,424 –a—— C:\WINDOWS\system32\drivers\processr.sys
    2007-01-08 14:02 36,352 –a—— C:\WINDOWS\system32\drivers\disk.sys
    2007-01-08 14:02 36,224 –a—— C:\WINDOWS\system32\drivers\hidclass.sys
    2007-01-08 14:02 35,072 –a—— C:\WINDOWS\system32\drivers\msgpc.sys
    2007-01-08 14:02 343,040 –a—— C:\WINDOWS\system32\localspl.dll
    2007-01-08 14:02 34,560 –a—— C:\WINDOWS\system32\drivers\netbios.sys
    2007-01-08 14:02 33,792 –a—— C:\WINDOWS\system32\msgsvc.dll
    2007-01-08 14:02 32,768 –a—— C:\WINDOWS\system32\csrsrv.dll
    2007-01-08 14:02 316,416 –a—— C:\WINDOWS\system32\untfs.dll
    2007-01-08 14:02 305,664 –a—— C:\WINDOWS\system32\ulib.dll
    2007-01-08 14:02 30,848 –a—— C:\WINDOWS\system32\drivers\npfs.sys
    2007-01-08 14:02 30,336 –a—— C:\WINDOWS\system32\drivers\modem.sys
    2007-01-08 14:02 281,088 –a—— C:\WINDOWS\system32\comdlg32.dll
    2007-01-08 14:02 27,392 –a—— C:\WINDOWS\system32\drivers\fdc.sys
    2007-01-08 14:02 25,216 –a—— C:\WINDOWS\system32\drivers\kbdclass.sys
    2007-01-08 14:02 25,088 –a—— C:\WINDOWS\system32\drivers\pciidex.sys
    2007-01-08 14:02 24,960 –a—— C:\WINDOWS\system32\drivers\hidparse.sys
    2007-01-08 14:02 24,576 –a—— C:\WINDOWS\system32\userinit.exe
    2007-01-08 14:02 236,544 –a—— C:\WINDOWS\system32\rasapi32.dll
    2007-01-08 14:02 23,552 –a—— C:\WINDOWS\system32\drivers\mouclass.sys
    2007-01-08 14:02 20,992 –a—— C:\WINDOWS\system32\drivers\ipinip.sys
    2007-01-08 14:02 20,480 –a—— C:\WINDOWS\system32\drivers\flpydisk.sys
    2007-01-08 14:02 2,944 –a—— C:\WINDOWS\system32\drivers\drmkaud.sys
    2007-01-08 14:02 196,864 –a—— C:\WINDOWS\system32\drivers\rdpdr.sys
    2007-01-08 14:02 19,072 –a—— C:\WINDOWS\system32\drivers\msfs.sys
    2007-01-08 14:02 188,544 –a—— C:\WINDOWS\system32\drivers\acpi.sys
    2007-01-08 14:02 182,912 –a—— C:\WINDOWS\system32\drivers\ndis.sys
    2007-01-08 14:02 181,248 –a—— C:\WINDOWS\system32\drivers\mrxdav.sys
    2007-01-08 14:02 18,560 –a—— C:\WINDOWS\system32\drivers\i2omp.sys
    2007-01-08 14:02 174,592 –a—— C:\WINDOWS\system32\drivers\rdbss.sys
    2007-01-08 14:02 172,416 –a—— C:\WINDOWS\system32\drivers\kmixer.sys
    2007-01-08 14:02 162,816 –a—— C:\WINDOWS\system32\drivers\netbt.sys
    2007-01-08 14:02 153,856 –a—— C:\WINDOWS\system32\drivers\dmio.sys
    2007-01-08 14:02 145,792 –a—— C:\WINDOWS\system32\drivers\portcls.sys
    2007-01-08 14:02 144,896 –a—— C:\WINDOWS\system32\schannel.dll
    2007-01-08 14:02 144,384 –a—— C:\WINDOWS\system32\nwprovau.dll
    2007-01-08 14:02 144,384 –a—— C:\WINDOWS\system32\imagehlp.dll
    2007-01-08 14:02 143,360 –a—— C:\WINDOWS\system32\drivers\fastfat.sys
    2007-01-08 14:02 142,464 –a—— C:\WINDOWS\system32\drivers\aec.sys
    2007-01-08 14:02 142,336 –a—— C:\WINDOWS\system32\sessmgr.exe
    2007-01-08 14:02 140,928 –a—— C:\WINDOWS\system32\drivers\ks.sys
    2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\mgmtapi.dll
    2007-01-08 14:02 14,848 –a—— C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-01-08 14:02 14,336 –a—— C:\WINDOWS\system32\drivers\asyncmac.sys
    2007-01-08 14:02 14,208 –a—— C:\WINDOWS\system32\drivers\diskdump.sys
    2007-01-08 14:02 139,528 –a—— C:\WINDOWS\system32\drivers\rdpwd.sys
    2007-01-08 14:02 138,496 –a—— C:\WINDOWS\system32\drivers\afd.sys
    2007-01-08 14:02 134,912 –a—— C:\WINDOWS\system32\drivers\ipnat.sys
    2007-01-08 14:02 132,096 –a—— C:\WINDOWS\system32\wkssvc.dll
    2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\savedump.exe
    2007-01-08 14:02 13,824 –a—— C:\WINDOWS\system32\lmhsvc.dll
    2007-01-08 14:02 129,536 –a—— C:\WINDOWS\system32\msv1_0.dll
    2007-01-08 14:02 120,320 –a—— C:\WINDOWS\system32\drivers\pcmcia.sys
    2007-01-08 14:02 12,928 –a—— C:\WINDOWS\system32\drivers\ndisuio.sys
    2007-01-08 14:02 11,264 –a—— C:\WINDOWS\system32\drivers\irenum.sys
    2007-01-08 14:02 108,544 –a—— C:\WINDOWS\system32\services.exe
    2007-01-08 14:02 107,904 –a—— C:\WINDOWS\system32\drivers\mup.sys
    2007-01-08 14:02 102,400 –a—— C:\WINDOWS\system32\win32spl.dll
    2007-01-08 14:02 10,624 –a—— C:\WINDOWS\system32\drivers\gameenum.sys
    2007-01-08 14:02 1,839,616 –a—— C:\WINDOWS\system32\win32k.sys
    2007-01-08 14:01 96,256 –a—— C:\WINDOWS\system32\drivers\scsiport.sys
    2007-01-08 14:01 82,944 –a—— C:\WINDOWS\system32\drivers\wdmaud.sys
    2007-01-08 14:01 79,744 –a—— C:\WINDOWS\system32\drivers\videoprt.sys
    2007-01-08 14:01 73,472 –a—— C:\WINDOWS\system32\drivers\sr.sys
    2007-01-08 14:01 66,176 –a—— C:\WINDOWS\system32\drivers\udfs.sys
    2007-01-08 14:01 65,920 –a—— C:\WINDOWS\system32\drivers\serial.sys
    2007-01-08 14:01 60,800 –a—— C:\WINDOWS\system32\drivers\sysaudio.sys
    2007-01-08 14:01 6,400 –a—— C:\WINDOWS\system32\drivers\splitter.sys
    2007-01-08 14:01 57,600 –a—— C:\WINDOWS\system32\drivers\usbhub.sys
    2007-01-08 14:01 53,632 –a—— C:\WINDOWS\system32\drivers\volsnap.sys
    2007-01-08 14:01 5,376 –a—— C:\WINDOWS\system32\drivers\viaide.sys
    2007-01-08 14:01 48,640 –a—— C:\WINDOWS\system32\drivers\stream.sys
    2007-01-08 14:01 40,840 –a—— C:\WINDOWS\system32\drivers\termdd.sys
    2007-01-08 14:01 4,352 –a—— C:\WINDOWS\system32\drivers\swenum.sys
    2007-01-08 14:01 359,808 –a—— C:\WINDOWS\system32\drivers\tcpip.sys
    2007-01-08 14:01 34,560 –a—— C:\WINDOWS\system32\drivers\wanarp.sys
    2007-01-08 14:01 332,928 –a—— C:\WINDOWS\system32\drivers\srv.sys
    2007-01-08 14:01 31,616 –a—— C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-01-08 14:01 30,080 –a—— C:\WINDOWS\system32\drivers\rndismp.sys
    2007-01-08 14:01 25,472 –a—— C:\WINDOWS\system32\drivers\sonydcam.sys
    2007-01-08 14:01 225,664 –a—— C:\WINDOWS\system32\drivers\tcpip6.sys
    2007-01-08 14:01 21,896 –a—— C:\WINDOWS\system32\drivers\tdtcp.sys
    2007-01-08 14:01 209,408 –a—— C:\WINDOWS\system32\drivers\update.sys
    2007-01-08 14:01 20,992 –a—— C:\WINDOWS\system32\drivers\vga.sys
    2007-01-08 14:01 18,560 –a—— C:\WINDOWS\system32\drivers\tdi.sys
    2007-01-08 14:01 17,024 –a—— C:\WINDOWS\system32\drivers\usbohci.sys
    2007-01-08 14:01 16,000 –a—— C:\WINDOWS\system32\drivers\usbintel.sys
    2007-01-08 14:01 15,488 –a—— C:\WINDOWS\system32\drivers\serenum.sys
    2007-01-08 14:01 142,976 –a—— C:\WINDOWS\system32\drivers\usbport.sys
    2007-01-08 14:01 14,976 –a—— C:\WINDOWS\system32\drivers\tape.sys
    2007-01-08 14:01 12,672 –a—— C:\WINDOWS\system32\drivers\usb8023.sys
    2007-01-08 14:01 12,040 –a—— C:\WINDOWS\system32\drivers\tdpipe.sys
    2007-01-08 14:01 11,392 –a—— C:\WINDOWS\system32\drivers\sfloppy.sys
    2007-01-08 09:40 <DIR> d——– C:\WINDOWS\McAfee.com
    2007-01-08 08:38 493,440 –a—— C:\WINDOWS\system32\drivers\WlanBZ64.SYS
    2007-01-08 08:38 402,432 –a—— C:\WINDOWS\system32\drivers\WlanBZXP.sys
    2007-01-05 13:32 <DIR> d——– C:\Bdienst
    2007-01-05 12:53 50,176 ——— C:\WINDOWS\system32\xmlprovi.dll
    2007-01-05 12:53 129,536 ——— C:\WINDOWS\system32\xmlprov.dll
    2007-01-05 12:52 937,984 ——— C:\WINDOWS\system32\winbrand.dll
    2007-01-05 12:52 896,512 ——— C:\WINDOWS\system32\wmspdmoe.dll
    2007-01-05 12:52 81,408 ——— C:\WINDOWS\system32\wscsvc.dll
    2007-01-05 12:52 484,864 ——— C:\WINDOWS\system32\wmspdmod.dll
    2007-01-05 12:52 25,471 ——— C:\WINDOWS\system32\drivers\watv10nt.sys
    2007-01-05 12:52 233,472 ——— C:\WINDOWS\system32\wmpdxm.dll
    2007-01-05 12:52 22,271 ——— C:\WINDOWS\system32\drivers\watv06nt.sys
    2007-01-05 12:52 189,952 ——— C:\WINDOWS\system32\wmerror.dll
    2007-01-05 12:52 17,408 ——— C:\WINDOWS\system32\winshfhc.dll
    2007-01-05 12:52 151,552 ——— C:\WINDOWS\system32\wmidx.dll
    2007-01-05 12:52 13,824 ——— C:\WINDOWS\system32\wscntfy.exe
    2007-01-05 12:52 114,688 ——— C:\WINDOWS\system32\wmpasf.dll
    2007-01-05 12:52 11,935 ——— C:\WINDOWS\system32\drivers\wadv11nt.sys
    2007-01-05 12:52 11,871 ——— C:\WINDOWS\system32\drivers\wadv09nt.sys
    2007-01-05 12:52 11,807 ——— C:\WINDOWS\system32\drivers\wadv07nt.sys
    2007-01-05 12:52 11,295 ——— C:\WINDOWS\system32\drivers\wadv08nt.sys
    2007-01-05 12:52 108,032 ——— C:\WINDOWS\system32\wshbth.dll
    2007-01-05 12:52 1,119,744 ——— C:\WINDOWS\system32\wmsdmoe2.dll
    2007-01-05 12:52 1,001,472 ——— C:\WINDOWS\system32\wmvdmoe2.dll
    2007-01-05 12:51 78,464 ——— C:\WINDOWS\system32\drivers\usbvideo.sys
    2007-01-05 12:51 75,776 ——— C:\WINDOWS\system32\strmfilt.dll
    2007-01-05 12:51 44,672 ——— C:\WINDOWS\system32\drivers\uagp35.sys
    2007-01-05 12:51 44,032 ——— C:\WINDOWS\system32\twext.dll
    2007-01-05 12:51 26,624 ——— C:\WINDOWS\system32\drivers\usbehci.sys
    2007-01-05 12:51 21,504 ——— C:\WINDOWS\system32\spupdwxp.exe
    2007-01-05 12:51 2,962,432 ——— C:\WINDOWS\system32\xpsp2res.dll
    2007-01-05 12:51 196,096 ——— C:\WINDOWS\system32\xpsp1res.dll
    2007-01-05 12:51 15,872 ——— C:\WINDOWS\system32\w3ssl.dll
    2007-01-05 12:51 13,568 ——— C:\WINDOWS\system32\drivers\wacompen.sys
    2007-01-05 12:51 12,672 ——— C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-01-05 12:51 12,416 ——— C:\WINDOWS\system32\drivers\tunmp.sys
    2007-01-05 12:51 11,776 ——— C:\WINDOWS\system32\spnpinst.exe
    2007-01-05 12:51 11,325 ——— C:\WINDOWS\system32\drivers\vchnt5.dll
    2007-01-05 12:50 9,728 ——— C:\WINDOWS\system32\proxycfg.exe
    2007-01-05 12:50 88,064 ——— C:\WINDOWS\system32\p2pnetsh.dll
    2007-01-05 12:50 86,016 ——— C:\WINDOWS\system32\p2pgasvc.dll
    2007-01-05 12:50 8,192 ——— C:\WINDOWS\system32\smbinst.exe
    2007-01-05 12:50 73,832 ——— C:\WINDOWS\system32\slcoinst.dll
    2007-01-05 12:50 67,584 ——— C:\WINDOWS\system32\drivers\sdbus.sys
    2007-01-05 12:50 6,016 ——— C:\WINDOWS\system32\drivers\smbali.sys
    2007-01-05 12:50 59,648 ——— C:\WINDOWS\system32\drivers\rfcomm.sys
    2007-01-05 12:50 526,848 ——— C:\WINDOWS\system32\p2psvc.dll
    2007-01-05 12:50 49,152 ——— C:\WINDOWS\system32\powercfg.exe
    2007-01-05 12:50 48,640 ——— C:\WINDOWS\system32\pnrpnsp.dll
    2007-01-05 12:50 397,056 ——— C:\WINDOWS\system32\s3gnb.dll
    2007-01-05 12:50 32,866 ——— C:\WINDOWS\system32\slrundll.exe
    2007-01-05 12:50 32,866 ——— C:\WINDOWS\slrundll.exe
    2007-01-05 12:50 312,320 ——— C:\WINDOWS\system32\p2pgraph.dll
    2007-01-05 12:50 30,080 ——— C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-01-05 12:50 3,901 ——— C:\WINDOWS\system32\drivers\siint5.dll
    2007-01-05 12:50 29,184 ——— C:\WINDOWS\system32\sdhcinst.dll
    2007-01-05 12:50 270,848 ——— C:\WINDOWS\system32\sbe.dll
    2007-01-05 12:50 188,508 ——— C:\WINDOWS\system32\slgen.dll
    2007-01-05 12:50 166,912 ——— C:\WINDOWS\system32\drivers\s3gnbm.sys
    2007-01-05 12:50 159,232 ——— C:\WINDOWS\system32\sbeio.dll
    2007-01-05 12:50 13,776 ——— C:\WINDOWS\system32\drivers\recagent.sys
    2007-01-05 12:50 129,535 ——— C:\WINDOWS\system32\drivers\slnt7554.sys
    2007-01-05 12:50 116,224 ——— C:\WINDOWS\system32\p2p.dll
    2007-01-05 12:50 11,136 ——— C:\WINDOWS\system32\drivers\sffdisk.sys
    2007-01-05 12:50 10,240 ——— C:\WINDOWS\system32\drivers\sffp_sd.sys
    2007-01-05 12:49 52,736 ——— C:\WINDOWS\system32\mspmsnsv.dll
    2007-01-05 12:49 452,736 ——— C:\WINDOWS\system32\drivers\mtxparhm.sys
    2007-01-05 12:49 4,274,816 ——— C:\WINDOWS\system32\nv4_disp.dll
    2007-01-05 12:49 15,488 ——— C:\WINDOWS\system32\drivers\mssmbios.sys
    2007-01-05 12:49 134,656 ——— C:\WINDOWS\system32\mssap.dll
    2007-01-05 12:49 12,672 ——— C:\WINDOWS\system32\drivers\mutohpen.sys
    2007-01-05 12:49 1,897,408 ——— C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-01-05 12:49 1,737,856 ——— C:\WINDOWS\system32\mtxparhd.dll
    2007-01-05 12:48 537,088 ——— C:\WINDOWS\system32\msftedit.dll
    2007-01-05 12:48 384,512 ——— C:\WINDOWS\system32\mp4sdmod.dll
    2007-01-05 12:48 310,272 ——— C:\WINDOWS\system32\mp43dmod.dll
    2007-01-05 12:48 118,784 ——— C:\WINDOWS\system32\msdadiag.dll
    2007-01-05 12:47 86,016 ——— C:\WINDOWS\system32\mdmxsdk.dll
    2007-01-05 12:47 61,440 ——— C:\WINDOWS\system32\logman.exe
    2007-01-05 12:47 11,868 ——— C:\WINDOWS\system32\drivers\mdmxsdk.sys
    2007-01-05 12:46 78,336 –a—— C:\WINDOWS\system32\ieencode.dll
    2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsno.dll
    2007-01-05 12:46 7,680 ——— C:\WINDOWS\system32\kbdsmsfi.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdukx.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdno1.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\kbdfi1.dll
    2007-01-05 12:46 7,168 ——— C:\WINDOWS\system32\hccoin.dll
    2007-01-05 12:46 685,056 ——— C:\WINDOWS\system32\drivers\hsfcxts2.sys
    2007-01-05 12:46 60,416 ——— C:\WINDOWS\system32\fwcfg.dll
    2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinmal.dll
    2007-01-05 12:46 6,656 ——— C:\WINDOWS\system32\kbdinben.dll
    2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt48.dll
    2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdmlt47.dll
    2007-01-05 12:46 6,144 ——— C:\WINDOWS\system32\kbdinbe1.dll
    2007-01-05 12:46 5,632 ——— C:\WINDOWS\system32\kbdmaori.dll
    2007-01-05 12:46 46,464 ——— C:\WINDOWS\system32\drivers\gagp30kx.sys
    2007-01-05 12:46 40,192 ——— C:\WINDOWS\system32\drivers\intelppm.sys
    2007-01-05 12:46 32,285 ——— C:\WINDOWS\system32\hsfcisp2.dll
    2007-01-05 12:46 29,056 ——— C:\WINDOWS\system32\drivers\ip6fw.sys
    2007-01-05 12:46 262,784 ——— C:\WINDOWS\system32\drivers\http.sys
    2007-01-05 12:46 25,728 ——— C:\WINDOWS\system32\drivers\hidbth.sys
    2007-01-05 12:46 24,576 ——— C:\WINDOWS\system32\httpapi.dll
    2007-01-05 12:46 23,040 –a—— C:\WINDOWS\system32\fltmc.exe
    2007-01-05 12:46 220,032 ——— C:\WINDOWS\system32\drivers\hsfbs2s2.sys
    2007-01-05 12:46 20,992 ——— C:\WINDOWS\system32\faxpatch.exe
    2007-01-05 12:46 193,024 ——— C:\WINDOWS\system32\fsquirt.exe
    2007-01-05 12:46 16,896 –a—— C:\WINDOWS\system32\fltlib.dll
    2007-01-05 12:46 15,104 ——— C:\WINDOWS\system32\drivers\hidir.sys
    2007-01-05 12:46 128,896 ——— C:\WINDOWS\system32\drivers\fltmgr.sys
    2007-01-05 12:46 1,041,536 ——— C:\WINDOWS\system32\drivers\hsfdpsp2.sys
    2007-01-05 12:45 71,680 ——— C:\WINDOWS\system32\blastcln.exe
    2007-01-05 12:45 50,688 ——— C:\WINDOWS\system32\btpanui.dll
    2007-01-05 12:45 4,096 ——— C:\WINDOWS\system32\dsprpres.dll
    2007-01-05 12:45 38,016 ——— C:\WINDOWS\system32\drivers\bthmodem.sys
    2007-01-05 12:45 35,456 ——— C:\WINDOWS\system32\drivers\bthprint.sys
    2007-01-05 12:45 30,208 ——— C:\WINDOWS\system32\bthserv.dll
    2007-01-05 12:45 274,816 ——— C:\WINDOWS\system32\drivers\bthport.sys
    2007-01-05 12:45 25,471 ——— C:\WINDOWS\system32\drivers\atv04nt5.dll
    2007-01-05 12:45 20,992 ——— C:\WINDOWS\system32\bthci.dll
    2007-01-05 12:45 20,480 ——— C:\WINDOWS\system32\encapi.dll
    2007-01-05 12:45 2,113,536 ——— C:\WINDOWS\system32\dxdiagn.dll
    2007-01-05 12:45 186,368 ——— C:\WINDOWS\system32\encdec.dll
    2007-01-05 12:45 18,944 ——— C:\WINDOWS\system32\drivers\bthusb.sys
    2007-01-05 12:45 17,279 ——— C:\WINDOWS\system32\drivers\atv10nt5.dll
    2007-01-05 12:45 17,024 ——— C:\WINDOWS\system32\drivers\bthenum.sys
    2007-01-05 12:45 15,423 ——— C:\WINDOWS\system32\drivers\ch7xxnt5.dll
    2007-01-05 12:45 14,336 ——— C:\WINDOWS\system32\auditusr.exe
    2007-01-05 12:45 14,143 ——— C:\WINDOWS\system32\drivers\atv06nt5.dll
    2007-01-05 12:45 13,824 ——— C:\WINDOWS\system32\cmsetacl.dll
    2007-01-05 12:45 100,992 ——— C:\WINDOWS\system32\drivers\bthpan.sys
    2007-01-05 12:45 1,689,088 ——— C:\WINDOWS\system32\d3d9.dll
    2007-01-05 12:44 870,784 ——— C:\WINDOWS\system32\ati3d1ag.dll
    2007-01-05 12:44 73,216 ——— C:\WINDOWS\system32\drivers\atintuxx.sys
    2007-01-05 12:44 701,440 ——— C:\WINDOWS\system32\drivers\ati2mtag.sys
    2007-01-05 12:44 63,663 ——— C:\WINDOWS\system32\drivers\ati1rvxx.sys
    2007-01-05 12:44 63,488 ——— C:\WINDOWS\system32\drivers\atinxsxx.sys
    2007-01-05 12:44 57,856 ——— C:\WINDOWS\system32\drivers\atinbtxx.sys
    2007-01-05 12:44 56,623 ——— C:\WINDOWS\system32\drivers\ati1btxx.sys
    2007-01-05 12:44 52,224 ——— C:\WINDOWS\system32\drivers\atinraxx.sys
    2007-01-05 12:44 516,768 ——— C:\WINDOWS\system32\ativvaxx.dll
    2007-01-05 12:44 41,472 ——— C:\WINDOWS\system32\drivers\amdk7.sys
    2007-01-05 12:44 4,255 ——— C:\WINDOWS\system32\drivers\adv01nt5.dll
    2007-01-05 12:44 377,984 ——— C:\WINDOWS\system32\ati2dvaa.dll
    2007-01-05 12:44 36,463 ——— C:\WINDOWS\system32\drivers\ati1tuxx.sys
    2007-01-05 12:44 34,735 ——— C:\WINDOWS\system32\drivers\ati1xsxx.sys
    2007-01-05 12:44 327,168 ——— C:\WINDOWS\system32\drivers\ati2mtaa.sys
    2007-01-05 12:44 32,768 ——— C:\WINDOWS\system32\ativtmxx.dll
    2007-01-05 12:44 31,744 ——— C:\WINDOWS\system32\drivers\atinxbxx.sys
    2007-01-05 12:44 30,671 ——— C:\WINDOWS\system32\drivers\ati1raxx.sys
    2007-01-05 12:44 3,967 ——— C:\WINDOWS\system32\drivers\adv02nt5.dll
    2007-01-05 12:44 3,775 ——— C:\WINDOWS\system32\drivers\adv11nt5.dll
    2007-01-05 12:44 3,711 ——— C:\WINDOWS\system32\drivers\adv09nt5.dll
    2007-01-05 12:44 3,647 ——— C:\WINDOWS\system32\drivers\adv07nt5.dll
    2007-01-05 12:44 3,615 ——— C:\WINDOWS\system32\drivers\adv05nt5.dll
    2007-01-05 12:44 3,135 ——— C:\WINDOWS\system32\drivers\adv08nt5.dll
    2007-01-05 12:44 29,455 ——— C:\WINDOWS\system32\drivers\ati1xbxx.sys
    2007-01-05 12:44 28,672 ——— C:\WINDOWS\system32\drivers\atinsnxx.sys
    2007-01-05 12:44 26,367 ——— C:\WINDOWS\system32\drivers\ati1snxx.sys
    2007-01-05 12:44 229,376 ——— C:\WINDOWS\system32\ati2cqag.dll
    2007-01-05 12:44 21,343 ——— C:\WINDOWS\system32\drivers\ati1ttxx.sys
    2007-01-05 12:44 21,183 ——— C:\WINDOWS\system32\drivers\atv01nt5.dll
    2007-01-05 12:44 201,728 ——— C:\WINDOWS\system32\ati2dvag.dll
    2007-01-05 12:44 14,336 ——— C:\WINDOWS\system32\drivers\atinpdxx.sys
    2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinttxx.sys
    2007-01-05 12:44 13,824 ——— C:\WINDOWS\system32\drivers\atinmdxx.sys
    2007-01-05 12:44 12,047 ——— C:\WINDOWS\system32\drivers\ati1pdxx.sys
    2007-01-05 12:44 11,615 ——— C:\WINDOWS\system32\drivers\ati1mdxx.sys
    2007-01-05 12:44 11,359 ——— C:\WINDOWS\system32\drivers\atv02nt5.dll
    2007-01-05 12:44 104,960 ——— C:\WINDOWS\system32\drivers\atinrvxx.sys
    2007-01-05 12:44 1,888,992 ——— C:\WINDOWS\system32\ati3duag.dll
    2007-01-05 10:59 178,408 –a—— C:\WINDOWS\system32\muweb.dll
    2007-01-05 10:59 128,232 –a—— C:\WINDOWS\system32\mucltui.dll
    2007-01-04 14:49 <DIR> d——– C:\DOCUME~1\LAURAM~1\Contacts
    2007-01-04 14:48 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Windows Live Toolbar
    2007-01-04 14:45 <DIR> d—-c— C:\WINDOWS\system32\DRVSTORE
    2006-12-29 16:59 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\AdobeUM
    2006-12-29 16:43 <DIR> d——– C:\Program Files\Mozilla Firefox
    2006-12-29 16:42 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
    2006-12-29 14:07 <DIR> d——– C:\DOCUME~1\LAURAM~1\Application Data\Google
    2006-12-29 14:01 <DIR> d——– C:\Program Files\Google
    2006-12-29 14:01 <DIR> d——– C:\DOCUME~1\ALLUSE~1\Application Data\Google
    2006-12-25 11:01 <DIR> d——– C:\WINDOWS\EHome
    2006-12-19 17:39 956,416 –a—— C:\WINDOWS\system32\msdtctm.dll
    2006-12-19 17:39 91,136 –a—— C:\WINDOWS\system32\mtxoci.dll
    2006-12-19 17:39 66,560 –a—— C:\WINDOWS\system32\mtxclu.dll
    2006-12-19 17:39 628,224 –a—— C:\WINDOWS\system32\catsrvut(2).dll
    2006-12-19 17:39 625,152 –a—— C:\WINDOWS\system32\catsrvut.dll
    2006-12-19 17:39 62,464 –a—— C:\WINDOWS\system32\colbact(3).dll
    2006-12-19 17:39 60,416 –a—— C:\WINDOWS\system32\colbact.dll
    2006-12-19 17:39 581,120 –a—— C:\WINDOWS\system32\rpcrt4.dll
    2006-12-19 17:39 540,160 –a—— C:\WINDOWS\system32\comuid.dll
    2006-12-19 17:39 426,496 –a—— C:\WINDOWS\system32\msdtcprx.dll
    2006-12-19 17:39 397,824 –a—— C:\WINDOWS\system32\rpcss.dll
    2006-12-19 17:39 395,776 –a—— C:\WINDOWS\system32\rpcss(3).dll
    2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es.dll
    2006-12-19 17:39 243,200 –a—— C:\WINDOWS\system32\es(3).dll
    2006-12-19 17:39 229,888 –a—— C:\WINDOWS\system32\catsrv(2).dll
    2006-12-19 17:39 225,792 –a—— C:\WINDOWS\system32\catsrv.dll
    2006-12-19 17:39 161,280 –a—— C:\WINDOWS\system32\msdtcuiu.dll
    2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex.dll
    2006-12-19 17:39 110,080 –a—— C:\WINDOWS\system32\clbcatex(2).dll
    2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog.dll
    2006-12-19 17:39 101,376 –a—— C:\WINDOWS\system32\txflog(2).dll
    2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32.dll
    2006-12-19 17:39 1,284,608 –a—— C:\WINDOWS\system32\ole32(3).dll
    2006-12-19 17:39 1,267,200 –a—— C:\WINDOWS\system32\comsvcs.dll
    2006-12-19 17:38 77,312 –a—— C:\WINDOWS\system32\browser.dll
    2006-12-19 17:38 614,912 –a—— C:\WINDOWS\system32\h323msp.dll
    2006-12-19 17:38 39,936 –a—— C:\WINDOWS\system32\mf3216.dll
    2006-12-19 17:37 332,288 –a—— C:\WINDOWS\system32\ipnathlp.dll
    2006-12-19 17:25 46,352 –a—— C:\WINDOWS\setdebug.exe
    2006-12-19 17:25 313,856 –a—— C:\WINDOWS\system32\dx3j.dll
    2006-12-19 17:25 171,280 –a—— C:\WINDOWS\system32\jit.dll
    2006-12-19 17:25 139,536 –a—— C:\WINDOWS\system32\javaee.dll
    2006-12-19 17:24 947,472 –a—— C:\WINDOWS\system32\msjava.dll
    2006-12-19 17:24 63,248 –a—— C:\WINDOWS\system32\javaprxy.dll
    2006-12-19 17:24 49,424 –a—— C:\WINDOWS\system32\clspack.exe
    2006-12-19 17:24 404,752 –a—— C:\WINDOWS\system32\javart.dll
    2006-12-19 17:24 286,992 –a—— C:\WINDOWS\system32\vmhelper.dll
    2006-12-19 17:24 21,264 –a—— C:\WINDOWS\system32\msjdbc10.dll
    2006-12-19 17:24 187,152 –a—— C:\WINDOWS\system32\javacypt.dll
    2006-12-19 17:24 172,304 –a—— C:\WINDOWS\system32\jview.exe
    2006-12-19 17:24 171,792 –a—— C:\WINDOWS\system32\wjview.exe
    2006-12-19 17:24 154,384 –a—— C:\WINDOWS\system32\msawt.dll
    2006-12-19 17:24 15,120 –a—— C:\WINDOWS\system32\jdbgmgr.exe
    2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedon.reg
    2006-12-19 17:24 113 –a—— C:\WINDOWS\system32\zonedoff.reg
    2006-12-19 17:15 241,152 –a—— C:\WINDOWS\system32\srrstr.dll
    2006-12-19 16:54 26,112 –a—— C:\WINDOWS\system32\xpsp1hfm.exe
    2006-12-19 16:54 <DIR> d–h-c— C:\WINDOWS\$xpsp1hfm$
    2006-12-18 10:59 <DIR> d—s—- C:\DOCUME~1\LAURAM~1\UserData


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-15 09:16 ——– d—s—- C:\DOCUME~1\LAURAM~1\Application Data\microsoft
    2007-01-15 08:22 ——– d——– C:\Program Files\hp
    2007-01-12 13:36 ——– d——– C:\Program Files\messenger
    2007-01-11 21:02 ——– d——– C:\Program Files\movie maker
    2007-01-11 20:58 ——– d——– C:\Program Files\windows nt
    2007-01-11 11:50 ——– d——– C:\Program Files\pedevice
    2007-01-11 11:50 ——– d——– C:\Program Files\Common Files\companion wizard
    2007-01-11 10:42 ——– d—s—- C:\Program Files\Common Files\teknum systems
    2007-01-11 08:13 ——– d–h—– C:\Program Files\installshield installation information
    2007-01-09 09:00 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\mozilla
    2007-01-08 15:02 ——– d——– C:\Program Files\msn messenger
    2007-01-04 14:17 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\adobe
    2006-12-31 13:15 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\msn6
    2006-12-07 17:02 2174976 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-12-06 15:53 ——– d–h—– C:\Program Files\windowsupdate
    2006-12-02 18:27 ——– d——– C:\DOCUME~1\LAURAM~1\Application Data\drivecleaner 2006 free
    2006-11-27 18:16 0 -rahs—- C:\MSDOS.SYS
    2006-11-27 18:16 0 -rahs—- C:\IO.SYS
    2006-11-16 17:39 ——– d——– C:\Program Files\Common Files\adobe
    2006-11-13 12:42 90112 -ra—— C:\WINDOWS\bwunin-6.1.0.145l.exe
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 ——— C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 ——— C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 ——— C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 –a—— C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 –a—— C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 ——— C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 –a—— C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 –a—— C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 –a—— C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 –a—— C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 –a—— C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 –a—— C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 –a—— C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 –a—— C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 –a—— C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 –a—— C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 –a—— C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
    2006-10-17 12:05 40960 –a—— C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 ——— C:\WINDOWS\system32\winfxdocobj.exe
    2006-10-17 12:05 105984 –a—— C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 –a—— C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 –a—— C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 ——— C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 ——— C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 –a—— C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 ——— C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 –a—— C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 –a—— C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 ——— C:\WINDOWS\system32\ieapfltr.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MMKeybd"
    "hkey"="HKLM"
    "command"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivSurf]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="backweb-4448364"
    "hkey"="HKLM"
    "command"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanEasyImg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="cleanall"
    "hkey"="HKLM"
    "command"="c:\\apps\\easydvd\\cleanall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dc6_startupmon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\dc6_startupmon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EM_EXEC"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ers_startupmon"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\WinAntiVirus Pro 2006\\ers_startupmon.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dumprep 0 -k"
    "hkey"="HKLM"
    "command"="%systemroot%\\system32\\dumprep 0 -k"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnu]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igomnu"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Orange\\GLOBAL\\Mnu\\igomnu.exe /S:T"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="udcpas"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcpas.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preventon Personal Firewall]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PFWall"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Orange\\PC Firewall\\PFWall.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="udcsdr"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006 Free\\udcsdr.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS KHooker]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="khooker"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\khooker.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="vcsplay"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDOWS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pdwpamt"
    "hkey"="HKLM"
    "command"="C:\\pdwpamt.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    C:\WINDOWS\tasks\Herinnering voor registratie 1.job
    C:\WINDOWS\tasks\Herinnering voor registratie 2.job
    C:\WINDOWS\tasks\Herinnering voor registratie 3.job
    C:\WINDOWS\tasks\Norton AntiVirus - Mijn computer scannen - laura melchior.job
    C:\WINDOWS\tasks\Uniblue SpyEraser.job

    Completion time: 07-01-15 12:32:29
    C:\ComboFix2.txt … 07-01-14 19:43
    Logfile of HijackThis v1.99.1
    Scan saved at 12:39:06 PM, on 1/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\laura melchior\Mijn documenten\PC-Cleaners\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4933/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
  • Ok je logje (wat er van over is) is schoon. Belangrijker, hoe is het met de problemen?
  • Hij draait weer als een zonnetje en geen problemen meer!
    Hartelijk dank voor je hulp, ook namens de eigenaar van de PC; het was even doorzetten maar dankzij jouw duidelijke instructies is het gelukt!

    Heb alleen nog %SystemDrive% map op het bureaublad staan, weet niet hoe die daar gekomen is, maar stoort me verder niet en kan geen kwaad neem ik aan.

    Groeten uit Drenthe en succes verder.
  • alle gebruikte tools kan je verwijderen hoor.

    doe dit ook nog ff.

    http://users.telenet.be/marcvn/spyware/1852808.htm

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.