Vraag & Antwoord

Beveiliging & privacy

Antimalware doctor, waarschuwing van ISP

Anoniem
None
64 antwoorden
  • Dan wil graag weten om welke worm het gaat.
    Kijk of Dr.Web inmiddels logs heeft aangelegd en post dan de inhoud vandat log!
  • die infectie gaf ik 2 post geleden aan.

    Curit geeft alleen aan dat hij uitgeroeid is, Mbam vindt niets.
  • Wat ik hier schrijf is de vierde post!
    Waar jij dan denkt de naam van de infektie te hebben genoemd?

    En: log van van Dr.Web niet te vinden?
    Indien wel - dan graag posten!
  • Abraham, 2 posts geleden stond op P1.. we zitten inmiddels al weer op pagina 2 van deze ellende

    Hoe dan ook het ging om :

    [Memory test] Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1280 geïnfecteerd met BackDoor.Tdss.565 - Uitgeroeid

    Ik heb curit meerdere malen gedraaid, met reboots ertussen maar niets hielp. 1 van de logs hieronder (ik weet niet meer of dit de laatste was).

    Omdat ik er toen een beetje giftig van werd heb ik wat zaken handmatig weggegooid en ineens deed Combofix het ook. Dat log staat er onder.

    Het volledige log van Cure-IT is 6MB!! mijn browser slaat vast bij het plaatsen. Ik heb maar een deel gepakt waarvan ik denk dat belangrijk is. Mocht je een ander deel willen dan hoor ik het wel.

    =============================================================================
    Dr.Web Scanner voor Windows v6.00.03 (6.00.03.08100)
    © Doctor Web, Ltd., 1992-2009
    Log gegenereerd op: 2010-08-19, 19:39:17 [BLACKONE][Sander]
    Commando-lijn: "C:\Documents and Settings\Sander\Local Settings\temp\8776E808-349543A9-B84C6B79-251992FD\1b085_xp.exe" /lng:nl-scan /ini:setup_xp.ini /fast
    Besturingsysteem: Windows XP Professional x86 (Build 2600), Service Pack 3
    =============================================================================
    DwShield gestart
    Engine versie: 5.00 (5.00.2.03300)
    Engine API versie: 2.02

    Totaal aantal virus definities: 1598594
    [Self-checking] C:\Documents and Settings\Sander\Local Settings\temp\8776E808-349543A9-B84C6B79-251992FD\1b085_xp.exe
    Sleutel bestand: C:\Documents and Settings\Sander\Local Settings\temp\8776E808-349543A9-B84C6B79-251992FD\setup.key
    Licentie sleutel nummer: 0014068946
    Geregistreerd aan: An unauthorized User
    Licentie sleutel activatie: 2010-03-16
    Licentie sleutel verloopt: 2010-09-16
    Proces in geheugen: System:4 - OK
    Proces in geheugen: \SystemRoot\System32\smss.exe:740 - OK
    Proces in geheugen: \??\C:\WINDOWS\system32\csrss.exe:788 - OK
    Proces in geheugen: \??\C:\WINDOWS\system32\winlogon.exe:820 - OK
    Proces in geheugen: C:\WINDOWS\system32\services.exe:868 - OK
    Proces in geheugen: C:\WINDOWS\system32\lsass.exe:880 - OK
    Proces in geheugen: C:\WINDOWS\system32\Ati2evxx.exe:1076 - OK
    Proces in geheugen: C:\WINDOWS\system32\svchost.exe:1100 - OK
    Proces in geheugen: C:\WINDOWS\system32\svchost.exe:1172 - OK
    [Memory test] Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1280 geïnfecteerd met BackDoor.Tdss.565 - Uitgeroeid
    Proces in geheugen: C:\WINDOWS\System32\svchost.exe:1280 - OK
    Proces in geheugen: C:\WINDOWS\system32\svchost.exe:1332 - OK
    Proces in geheugen: C:\WINDOWS\system32\svchost.exe:1500 - OK
    Proces in geheugen: C:\WINDOWS\system32\Ati2evxx.exe:1576 - OK
    Proces in geheugen: C:\WINDOWS\system32\spoolsv.exe:1684 - OK
    Proces in geheugen: C:\Program Files\Avira\AntiVir Desktop\sched.exe:1744 - OK
    Proces in geheugen: C:\WINDOWS\system32\svchost.exe:1876 - OK
    Proces in geheugen: C:\WINDOWS\Explorer.EXE:844 - OK
    Proces in geheugen: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe:1380 - OK
    Proces in geheugen: C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe:1396 - OK
    Proces in geheugen: C:\Program Files\AGEIA Technologies\TrayIcon.exe:1432 - OK
    Proces in geheugen: C:\WINDOWS\RTHDCPL.EXE:1448 - OK
    Proces in geheugen: C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe:1464 - OK
    Proces in geheugen: C:\WINDOWS\vVX1000.exe:1480 - OK
    Proces in geheugen: C:\Program Files\FTD Watchdog\FtdMonitor.exe:1612 - OK
    Proces in geheugen: C:\Program Files\Avira\AntiVir Desktop\avguard.exe:1852 - OK
    Proces in geheugen: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe:1980 - OK
    Proces in geheugen: C:\Program Files\Logitech\SetPoint\SetPoint.exe:1996 - OK
    Proces in geheugen: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe:208 - OK
    Proces in geheugen: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE:244 - OK
    Proces in geheugen: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:252 - OK
    Proces in geheugen: C:\Program Files\Java\jre6\bin\jqs.exe:680 - OK
    Proces in geheugen: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe:1416 - OK
    Proces in geheugen: C:\Program Files\Microsoft LifeCam\MSCamS32.exe:2100 - OK
    Proces in geheugen: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe:2256 - OK
    Proces in geheugen: C:\Program Files\CDBurnerXP\NMSAccessU.exe:2296 - OK
    Proces in geheugen: C:\WINDOWS\system32\svchost.exe:2480 - OK
    Proces in geheugen: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe:2500 - OK
    Proces in geheugen: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe:2508 - OK
    Proces in geheugen: C:\WINDOWS\system32\vmnat.exe:2568 - OK
    Proces in geheugen: F:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe:2712 - OK
    Proces in geheugen: C:\WINDOWS\system32\vmnetdhcp.exe:2784 - OK
    Proces in geheugen: F:\Program Files\VMware\VMware Server\vmware-authd.exe:2824 - OK
    Proces in geheugen: C:\WINDOWS\system32\wbem\wmiprvse.exe:3096 - OK
    Proces in geheugen: F:\Program Files\VMware\VMware Server\vmware-hostd.exe:3304 - OK
    Proces in geheugen: C:\WINDOWS\System32\alg.exe:480 - OK
    Proces in geheugen: C:\WINDOWS\system32\wuauclt.exe:3992 - OK
    Proces in geheugen: C:\Program Files\PC Connectivity Solution\ServiceLayer.exe:4000 - OK
    Proces in geheugen: C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe:3924 - OK
    Proces in geheugen: C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe:1976 - OK
    Proces in geheugen: C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe:1188 - OK
    Proces in geheugen: C:\Program Files\Google\Chrome\Application\chrome.exe:3968 - OK
    Proces in geheugen: C:\Program Files\Google\Chrome\Application\chrome.exe:3256 - OK
    Proces in geheugen: C:\Program Files\Google\Chrome\Application\chrome.exe:3772 - OK
    Proces in geheugen: C:\Program Files\Google\Chrome\Application\chrome.exe:3620 - OK
    Proces in geheugen: C:\Documents and Settings\Sander\Bureaublad\cureit.exe:1084 - OK
    Proces in geheugen: C:\Documents and Settings\Sander\Local Settings\temp\8776E808-349543A9-B84C6B79-251992FD\76264e.exe:1092 - OK
    Proces in geheugen: C:\Documents and Settings\Sander\Local Settings\temp\8776E808-349543A9-B84C6B79-251992FD\1b085_xp.exe:3136 - OK
    Master Boot Record HDD1 - OK
    Active OS/2 or WinNT Boot Sector HDD1 - OK

    [Scan lokatie] C:\WINDOWS\system32
    C:\WINDOWS\system32\$winnt$.inf - OK
    C:\WINDOWS\system32\12520437.cpx - OK
    C:\WINDOWS\system32\12520850.cpx - OK
    C:\WINDOWS\system32\20bfqr6.log - OK
    C:\WINDOWS\system32\3DViewer.dll - OK
    C:\WINDOWS\system32\6to4svc.dll - OK
    C:\WINDOWS\system32\aaaamon.dll - OK
    C:\WINDOWS\system32\aaclient.dll - OK
    C:\WINDOWS\system32\access.cpl - OK
    C:\WINDOWS\system32\acctres.dll - OK
    C:\WINDOWS\system32\accwiz.exe - OK
    C:\WINDOWS\system32\ACDV.dll - OK
    C:\WINDOWS\system32\acelpdec.ax - OK
    C:\WINDOWS\system32\acledit.dll - OK
    C:\WINDOWS\system32\aclui.dll - OK
    C:\WINDOWS\system32\activeds.dll - OK
    C:\WINDOWS\system32\activeds.tlb - OK
    C:\WINDOWS\system32\actmovie.exe - OK
    C:\WINDOWS\system32\actxprxy.dll - OK
    C:\WINDOWS\system32\admparse.dll - OK
    C:\WINDOWS\system32\adptif.dll - OK
    C:\WINDOWS\system32\adsldp.dll - OK
    C:\WINDOWS\system32\adsldpc.dll - OK
    C:\WINDOWS\system32\adsmsext.dll - OK
    C:\WINDOWS\system32\adsnds.dll - OK
    C:\WINDOWS\system32\adsnt.dll - OK
    C:\WINDOWS\system32\adsnw.dll - OK
    C:\WINDOWS\system32\advapi32.dll - OK
    C:\WINDOWS\system32\advpack.dll - OK
    C:\WINDOWS\system32\advpack.dll.mui - OK
    C:\WINDOWS\system32\AgCPanelFrench.dll - OK
    C:\WINDOWS\system32\AgCPanelGerman.dll - OK
    C:\WINDOWS\system32\AgCPanelJapanese.dll - OK
    C:\WINDOWS\system32\AgCPanelKorean.dll - OK
    C:\WINDOWS\system32\AgCPanelPortugese.dll - OK
    C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll - OK
    C:\WINDOWS\system32\AgCPanelSpanish.dll - OK
    C:\WINDOWS\system32\AgCPanelSwedish.dll - OK
    C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll - OK
    C:\WINDOWS\system32\ahui.exe - OK
    C:\WINDOWS\system32\alg.exe - OK
    C:\WINDOWS\system32\alrsvc.dll - OK
    C:\WINDOWS\system32\ALSNDMGR.CPL - OK
    C:\WINDOWS\system32\AltST.dll - OK
    C:\WINDOWS\system32\AltST.rdt - OK
    C:\WINDOWS\system32\amcompat.tlb - OK
    C:\WINDOWS\system32\amdpcom32.dll - OK
    C:\WINDOWS\system32\amstream.dll - OK
    C:\WINDOWS\system32\ansi.sys - OK
    C:\WINDOWS\system32\apcups.dll - OK
    C:\WINDOWS\system32\append.exe - OK
    C:\WINDOWS\system32\apphelp.dll - OK
    C:\WINDOWS\system32\appmgmts.dll - OK
    C:\WINDOWS\system32\appmgr.dll - OK
    C:\WINDOWS\system32\appwiz.cpl - archief BINARYRES
    >C:\WINDOWS\system32\appwiz.cpl/data001 - archief HTML
    >>C:\WINDOWS\system32\appwiz.cpl/data001/JavaScript.0 - OK
    >>C:\WINDOWS\system32\appwiz.cpl/data001/JavaScript.1 - OK
    >C:\WINDOWS\system32\appwiz.cpl/data001 - OK
    C:\WINDOWS\system32\appwiz.cpl - OK
    C:\WINDOWS\system32\arp.exe - OK
    C:\WINDOWS\system32\asctrls.ocx - OK
    C:\WINDOWS\system32\asferror.dll - OK
    C:\WINDOWS\system32\asr_fmt.exe - OK
    C:\WINDOWS\system32\asr_ldm.exe - OK
    C:\WINDOWS\system32\asr_pfu.exe - OK
    C:\WINDOWS\system32\AsUninst.exe - OK
    C:\WINDOWS\system32\asutl8.dll - OK
    C:\WINDOWS\system32\asycfilt.dll - OK
    C:\WINDOWS\system32\at.exe - OK
    C:\WINDOWS\system32\ati2cqag.dll - OK
    C:\WINDOWS\system32\ati2dvag.dll gepakt door FLY-CODE
    >C:\WINDOWS\system32\ati2dvag.dll - OK
    C:\WINDOWS\system32\ati2edxx.dll - OK
    C:\WINDOWS\system32\ati2evxx.dll - OK
    C:\WINDOWS\system32\ati2evxx.exe - OK
    C:\WINDOWS\system32\Ati2mdxx.exe - OK
    C:\WINDOWS\system32\ati2sgag.exe - OK
    C:\WINDOWS\system32\ati3duag.dll - OK
    C:\WINDOWS\system32\atiadlxx.dll - OK
    C:\WINDOWS\system32\atibtmon.exe - OK
    C:\WINDOWS\system32\aticalcl.dll - OK
    C:\WINDOWS\system32\aticaldd.dll - OK
    C:\WINDOWS\system32\aticalrt.dll - OK
    C:\WINDOWS\system32\ATIDDC.DLL - OK
    C:\WINDOWS\system32\ATIDEMGX.dll - OK
    C:\WINDOWS\system32\atifglpf.xml - OK
    C:\WINDOWS\system32\atiicdxx.dat - OK
    C:\WINDOWS\system32\atiiiexx.dll - OK
    C:\WINDOWS\system32\atikvmag.dll - OK
    C:\WINDOWS\system32\atimpc32.dll - OK
    C:\WINDOWS\system32\ATIODCLI.exe - OK
    C:\WINDOWS\system32\ATIODE.exe - OK
    C:\WINDOWS\system32\atioglxx.dll - OK
    C:\WINDOWS\system32\atiok3x2.dll - OK
    C:\WINDOWS\system32\atipdlxx.dll - OK
    C:\WINDOWS\system32\atitvo32.dll - OK
    C:\WINDOWS\system32\ativcoxx.dll - OK
    C:\WINDOWS\system32\ativva5x.dat - OK
    C:\WINDOWS\system32\ativva6x.dat - OK
    C:\WINDOWS\system32\ativvaxx.cap - OK
    C:\WINDOWS\system32\ativvaxx.dll - OK
    C:\WINDOWS\system32\atkctrs.dll - OK
    C:\WINDOWS\system32\atl.dll - OK
    C:\WINDOWS\system32\atl70.dll - OK
    C:\WINDOWS\system32\atmadm.exe - OK
    C:\WINDOWS\system32\atmfd.dll - OK
    C:\WINDOWS\system32\atmlib.dll - OK
    C:\WINDOWS\system32\atmpvcno.dll - OK
    C:\WINDOWS\system32\atrace.dll - OK
    C:\WINDOWS\system32\attrib.exe - OK
    C:\WINDOWS\system32\audiodev.dll gepakt door PESTUB
    >C:\WINDOWS\system32\audiodev.dll - OK
    C:\WINDOWS\system32\audiosrv.dll - OK
    C:\WINDOWS\system32\auditusr.exe - OK
    C:\WINDOWS\system32\authz.dll - OK
    C:\WINDOWS\system32\autochk.exe - OK
    C:\WINDOWS\system32\autoconv.exe - OK
    C:\WINDOWS\system32\autodisc.dll - OK
    C:\WINDOWS\system32\AUTOEXEC.NT - OK
    C:\WINDOWS\system32\autofmt.exe - OK
    C:\WINDOWS\system32\autolfn.exe gepakt door FLY-CODE
    >C:\WINDOWS\system32\autolfn.exe - OK
    C:\WINDOWS\system32\avicap.dll - OK
    C:\WINDOWS\system32\avicap32.dll - OK
    C:\WINDOWS\system32\avifil32.dll - OK
    C:\WINDOWS\system32\avifile.dll - OK
    C:\WINDOWS\system32\avmeter.dll - OK
    C:\WINDOWS\system32\avtapi.dll - OK
    C:\WINDOWS\system32\avwav.dll - OK
    C:\WINDOWS\system32\azroles.dll - OK
    C:\WINDOWS\system32\basesrv.dll - OK
    C:\WINDOWS\system32\batmeter.dll - OK
    C:\WINDOWS\system32\batt.dll - OK
    C:\WINDOWS\system32\bdaplgin.ax - OK
    C:\WINDOWS\system32\bdco1.dll - OK
    C:\WINDOWS\system32\bdco1ins.dll - OK
    C:\WINDOWS\system32\bidispl.dll - OK
    C:\WINDOWS\system32\bios1.rom - OK
    C:\WINDOWS\system32\bios4.rom - OK
    C:\WINDOWS\system32\bitsprx2.dll - OK
    C:\WINDOWS\system32\bitsprx3.dll - OK
    C:\WINDOWS\system32\bitsprx4.dll - OK
    C:\WINDOWS\system32\blackbox.dll - OK
    C:\WINDOWS\system32\blastcln.exe - OK
    C:\WINDOWS\system32\bootcfg.exe - OK
    C:\WINDOWS\system32\bootok.exe - OK
    C:\WINDOWS\system32\bootvid.dll - OK
    C:\WINDOWS\system32\bootvrfy.exe - OK
    C:\WINDOWS\system32\bopomofo.uce - OK
    C:\WINDOWS\system32\browselc.dll - archief BINARYRES
    >C:\WINDOWS\system32\browselc.dll/data001 - OK
    >C:\WINDOWS\system32\browselc.dll/data002 - OK
    >C:\WINDOWS\system32\browselc.dll/data003 - OK
    >C:\WINDOWS\system32\browselc.dll/data004 - archief HTML
    >>C:\WINDOWS\system32\browselc.dll/data004/Script.0 - OK
    >C:\WINDOWS\system32\browselc.dll/data004 - OK
    >C:\WINDOWS\system32\browselc.dll/data005 - OK
    >C:\WINDOWS\system32\browselc.dll/data006 - OK
    >C:\WINDOWS\system32\browselc.dll/data007 - OK
    >C:\WINDOWS\system32\browselc.dll/data008 - archief HTML
    >>C:\WINDOWS\system32\browselc.dll/data008/Script.0 - OK
    >C:\WINDOWS\system32\browselc.dll/data008 - OK
    >C:\WINDOWS\system32\browselc.dll/data009 - OK
    >C:\WINDOWS\system32\browselc.dll/data010 - OK
    >C:\WINDOWS\system32\browselc.dll/data011 - OK
    >C:\WINDOWS\system32\browselc.dll/data012 - archief HTML
    >>C:\WINDOWS\system32\browselc.dll/data012/Script.0 - OK
    >C:\WINDOWS\system32\browselc.dll/data012 - OK
    >C:\WINDOWS\system32\browselc.dll/data013 gepakt door ZLIB
    >>C:\WINDOWS\system32\browselc.dll/data013 - archief BINARYRES
    >>>C:\WINDOWS\system32\browselc.dll/data013/data001 - OK
    >>C:\WINDOWS\system32\browselc.dll/data013 - OK
    C:\WINDOWS\system32\browselc.dll - OK
    C:\WINDOWS\system32\browser.dll - OK
    C:\WINDOWS\system32\browserchoice.exe - archief BINARYRES
    >C:\WINDOWS\system32\browserchoice.exe/data001 - archief HTML
    >>C:\WINDOWS\system32\browserchoice.exe/data001/Script.0 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data001 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data002 - archief HTML
    >>C:\WINDOWS\system32\browserchoice.exe/data002/Script.0 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data002 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data003 - archief HTML
    >>C:\WINDOWS\system32\browserchoice.exe/data003/Script.0 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data003 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data004 - archief HTML
    >>C:\WINDOWS\system32\browserchoice.exe/data004/Script.0 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data004 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data005 - archief HTML
    >>C:\WINDOWS\system32\browserchoice.exe/data005/Script.0 - OK
    >C:\WINDOWS\system32\browserchoice.exe/data005 - OK
    C:\WINDOWS\system32\browserchoice.exe - OK
    C:\WINDOWS\system32\browseui.dll - OK
    C:\WINDOWS\system32\browsewm.dll - OK
    C:\WINDOWS\system32\BtCoreIf.dll - OK
    C:\WINDOWS\system32\bthci.dll - OK
    C:\WINDOWS\system32\bthprops.cpl - OK
    C:\WINDOWS\system32\bthserv.dll - OK
    C:\WINDOWS\system32\btpanui.dll - OK
    C:\WINDOWS\system32\BuzzingBee.wav - OK
    C:\WINDOWS\system32\cabinet.dll - OK
    C:\WINDOWS\system32\cabview.dll - OK
    C:\WINDOWS\system32\cacls.exe - OK
    C:\WINDOWS\system32\calc.exe - OK
    C:\WINDOWS\system32\camocx.dll - OK
    C:\WINDOWS\system32\capesnpn.dll - OK
    C:\WINDOWS\system32\cards.dll - OK
    C:\WINDOWS\system32\catsrv.dll - OK
    C:\WINDOWS\system32\catsrvps.dll - OK
    C:\WINDOWS\system32\catsrvut.dll - OK
    C:\WINDOWS\system32\CCCInstall_200906041703225000.log - OK
    C:\WINDOWS\system32\ccfgnt.dll - OK
    C:\WINDOWS\system32\cdfview.dll - archief BINARYRES
    >C:\WINDOWS\system32\cdfview.dll/data001 - OK
    >C:\WINDOWS\system32\cdfview.dll/data002 - archief HTML
    >>C:\WINDOWS\system32\cdfview.dll/data002/JavaScript.0 - OK
    >>C:\WINDOWS\system32\cdfview.dll/data002/JavaScript.1 - OK
    >C:\WINDOWS\system32\cdfview.dll/data002 - OK
    >C:\WINDOWS\system32\cdfview.dll/data003 - archief HTML
    >>C:\WINDOWS\system32\cdfview.dll/data003/JavaScript.0 - OK
    >>C:\WINDOWS\system32\cdfview.dll/data003/JavaScript.1 - OK
    >C:\WINDOWS\system32\cdfview.dll/data003 - OK
    C:\WINDOWS\system32\cdfview.dll - OK
    C:\WINDOWS\system32\cdm.dll - OK
    C:\WINDOWS\system32\cdmodem.dll - OK
    C:\WINDOWS\system32\cdosys.dll - archief BINARYRES
    >C:\WINDOWS\system32\cdosys.dll/data001 - OK
    >C:\WINDOWS\system32\cdosys.dll/data002 - OK
    C:\WINDOWS\system32\cdosys.dll - OK
    C:\WINDOWS\system32\cdplayer.exe.manifest - OK
    C:\WINDOWS\system32\certcli.dll - OK
    C:\WINDOWS\system32\certmgr.dll - OK
    C:\WINDOWS\system32\certmgr.msc - OK
    C:\WINDOWS\system32\cewmdm.dll gepakt door PESTUB
    >C:\WINDOWS\system32\cewmdm.dll - OK
    C:\WINDOWS\system32\cfgbkend.dll - OK
    C:\WINDOWS\system32\cfgmgr32.dll - OK
    C:\WINDOWS\system32\charmap.exe - OK
    C:\WINDOWS\system32\ChCfg.exe - OK
    C:\WINDOWS\system32\chcp.com - OK
    C:\WINDOWS\system32\chkdsk.exe - OK
    C:\WINDOWS\system32\chkntfs.exe - OK
    C:\WINDOWS\system32\ciadmin.dll - OK
    C:\WINDOWS\system32\ciadv.msc - OK
    C:\WINDOWS\system32\cic.dll - OK
    C:\WINDOWS\system32\cidaemon.exe - OK
    C:\WINDOWS\system32\ciodm.dll - OK
    C:\WINDOWS\system32\cipher.exe - OK
    C:\WINDOWS\system32\cisvc.exe - OK
    C:\WINDOWS\system32\ckcnv.exe - OK
    C:\WINDOWS\system32\clb.dll - OK
    C:\WINDOWS\system32\clbcatex.dll - OK
    C:\WINDOWS\system32\clbcatq.dll - OK
    C:\WINDOWS\system32\cleanmgr.exe - OK
    C:\WINDOWS\system32\cliconf.chm - archief CHM
    >C:\WINDOWS\system32\cliconf.chm/#IDXHDR - OK
    >C:\WINDOWS\system32\cliconf.chm/#ITBITS - OK
    >C:\WINDOWS\system32\cliconf.chm/#IVB - OK
    >C:\WINDOWS\system32\cliconf.chm/#STRINGS - OK
    >C:\WINDOWS\system32\cliconf.chm/#SYSTEM - OK
    >C:\WINDOWS\system32\cliconf.chm/#TOCIDX - OK
    >C:\WINDOWS\system32\cliconf.chm/#TOPICS - OK
    >C:\WINDOWS\system32\cliconf.chm/#URLSTR - OK
    >C:\WINDOWS\system32\cliconf.chm/#URLTBL - OK
    >C:\WINDOWS\system32\cliconf.chm/#WINDOWS - OK
    >C:\WINDOWS\system32\cliconf.chm/$FIftiMain - OK
    >C:\WINDOWS\system32\cliconf.chm/$OBJINST - OK
    >C:\WINDOWS\system32\cliconf.chm/$WWAssociativeLinks/Property - OK
    >C:\WINDOWS\system32\cliconf.chm/$WWKeywordLinks/Property - OK
    >C:\WINDOWS\system32\cliconf.chm/_add_(or_edit)_via_library_configuration.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_appletalk_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_banyan_vines_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_helphow_to_alias_a_client_to_an_alternate_pipe.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_helphow_to_check_the_library_version_numbers.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_set_db.2d.library_conversion_preference.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_managing_clients.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_multiprotocol_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_named_pipes_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_nwlink_ipx!spx_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_sql_server_2000_copyright_and_disclaimer.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_tcp!ip_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_topic_unavailable_in_help.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_via_protocol_default_value_setup.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/_what_is_microsoft_sql_server_client_configurationy.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/banner.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/banner2.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/banner_.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/banner_2.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/caution.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coC.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coCb.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coE.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coEb.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coUA.css - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coUA_Ex.css - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/coUA_Print.css - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/elle.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/important.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/keybrd.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/keybrd_.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/keybrd_c.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/mailto.css - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/mailto.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/mailto.js - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/mailto_.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/mailto_c.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/note.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/relglyph.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/relglyph_.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/relglyph_c.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/shared.js - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/shortcutclick.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/shortcutcold.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/shortcuthot.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/spacer.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/Basics/warning.gif - OK
    >C:\WINDOWS\system32\cliconf.chm/cliconf.hhc - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_apple.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_ipxspx1.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_ipxspx2.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_multi.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_namedpipes.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_others.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_tcpip.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_add_vines.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_alias.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_dblib.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_general.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/idh_netlib.htm - OK
    >C:\WINDOWS\system32\cliconf.chm/plus.gif - OK
    C:\WINDOWS\system32\cliconf.chm - OK
    C:\WINDOWS\system32\cliconfg.dll - OK
    C:\WINDOWS\system32\cliconfg.exe - OK
    C:\WINDOWS\system32\cliconfg.rll - OK
    C:\WINDOWS\system32\clipbrd.exe - OK
    C:\WINDOWS\system32\clipsrv.exe - OK
    C:\WINDOWS\system32\clusapi.dll - OK
    C:\WINDOWS\system32\cmcfg32.dll - OK
    C:\WINDOWS\system32\cmd.exe - OK
    C:\WINDOWS\system32\cmdial32.dll - OK
    C:\WINDOWS\system32\cmdl32.exe - OK
    C:\WINDOWS\system32\cmdlib.wsc - OK
    C:\WINDOWS\system32\CmdLineExt.dll - OK
    C:\WINDOWS\system32\cmmgr32.hlp - OK
    C:\WINDOWS\system32\cmmon32.exe - OK
    C:\WINDOWS\system32\cmos.ram - OK
    C:\WINDOWS\system32\cmpbk32.dll - OK
    C:\WINDOWS\system32\cmprops.dll - OK
    C:\WINDOWS\system32\cmsetACL.dll - OK
    C:\WINDOWS\system32\cmstp.exe - OK
    C:\WINDOWS\system32\cmutil.dll - OK
    C:\WINDOWS\system32\cnbjmon.dll - OK
    C:\WINDOWS\system32\CNCC160.DLL - OK
    C:\WINDOWS\system32\CNCI160.DLL - OK
    C:\WINDOWS\system32\CNCL160.DLL - OK
    C:\WINDOWS\system32\cnco160.dll - OK
    C:\WINDOWS\system32\cnetcfg.dll - OK
    C:\WINDOWS\system32\CNMLM83.DLL - OK
    C:\WINDOWS\system32\cnvfat.dll - OK
    C:\WINDOWS\system32\colbact.dll - OK
    C:\WINDOWS\system32\comaddin.dll - OK
    C:\WINDOWS\system32\comcat.dll - OK
    C:\WINDOWS\system32\comctl32.dll - OK
    C:\WINDOWS\system32\comdlg32.dll - OK
    C:\WINDOWS\system32\Comdlg32.ocx - OK
    C:\WINDOWS\system32\comm.drv - OK
    C:\WINDOWS\system32\command.com - OK
    C:\WINDOWS\system32\commdlg.dll - OK
    C:\WINDOWS\system32\comp.exe - OK
    C:\WINDOWS\system32\compact.exe - OK
    C:\WINDOWS\system32\compatUI.dll - archief BINARYRES
    >C:\WINDOWS\system32\compatUI.dll/data001 - OK
    >C:\WINDOWS\system32\compatUI.dll/data002 - archief HTML
    >>C:\WINDOWS\system32\compatUI.dll/data002/javascript.0 - OK
    >C:\WINDOWS\system32\compatUI.dll/data002 - OK
    C:\WINDOWS\system32\compatUI.dll - OK
    C:\WINDOWS\system32\compmgmt.msc - OK
    C:\WINDOWS\system32\compobj.dll - OK
    C:\WINDOWS\system32\compstui.dll - OK
    C:\WINDOWS\system32\comrepl.dll - OK
    C:\WINDOWS\system32\comres.dll - OK
    C:\WINDOWS\system32\comsnap.dll - OK
    C:\WINDOWS\system32\comsvcs.dll - OK
    C:\WINDOWS\system32\comuid.dll - OK
    C:\WINDOWS\system32\CONFIG.NT - OK
    C:\WINDOWS\system32\CONFIG.TMP - OK
    C:\WINDOWS\system32\confmsp.dll - OK
    C:\WINDOWS\system32\conime.exe - OK
    C:\WINDOWS\system32\console.dll - OK
    C:\WINDOWS\system32\control.exe - OK
    C:\WINDOWS\system32\convert.exe - OK
    C:\WINDOWS\system32\corpol.dll - OK
    C:\WINDOWS\system32\country.sys - OK
    C:\WINDOWS\system32\crash - OK
    C:\WINDOWS\system32\credssp.dll - OK
    C:\WINDOWS\system32\credui.dll - OK
    C:\WINDOWS\system32\crtdll.dll - OK
    C:\WINDOWS\system32\crypt32.dll - OK
    C:\WINDOWS\system32\cryptdlg.dll - OK
    C:\WINDOWS\system32\cryptdll.dll - OK
    C:\WINDOWS\system32\cryptext.dll - OK
    C:\WINDOWS\system32\cryptnet.dll - OK
    C:\WINDOWS\system32\cryptsvc.dll - OK
    C:\WINDOWS\system32\cryptui.dll - OK
    C:\WINDOWS\system32\cscdll.dll - OK
    C:\WINDOWS\system32\cscript.exe - OK
    C:\WINDOWS\system32\cscui.dll - OK
    C:\WINDOWS\system32\csrsrv.dll - OK
    C:\WINDOWS\system32\csrss.exe - OK
    C:\WINDOWS\system32\csseqchk.dll - OK
    C:\WINDOWS\system32\ctfmon.exe - OK
    C:\WINDOWS\system32\ctl3d32.dll - OK
    C:\WINDOWS\system32\ctl3dv2.dll - OK
    C:\WINDOWS\system32\ctype.nls - OK
    C:\WINDOWS\system32\cVX1000.dll - OK
    C:\WINDOWS\system32\c_037.nls - OK
    C:\WINDOWS\system32\c_10000.nls - OK
    C:\WINDOWS\system32\c_10006.nls - OK
    C:\WINDOWS\system32\c_10007.nls - OK
    C:\WINDOWS\system32\c_10010.nls - OK
    C:\WINDOWS\system32\c_10017.nls - OK
    C:\WINDOWS\system32\c_10029.nls - OK
    C:\WINDOWS\system32\c_10079.nls - OK
    C:\WINDOWS\system32\c_10081.nls - OK
    C:\WINDOWS\system32\c_10082.nls - OK
    C:\WINDOWS\system32\c_1026.nls - OK
    C:\WINDOWS\system32\c_1250.nls - OK
    C:\WINDOWS\system32\c_1251.nls - OK
    C:\WINDOWS\system32\c_1252.nls - OK
    C:\WINDOWS\system32\c_1253.nls - OK
    C:\WINDOWS\system32\c_1254.nls - OK
    C:\WINDOWS\system32\c_1255.nls - OK
    C:\WINDOWS\system32\c_1256.nls - OK
    C:\WINDOWS\system32\c_1257.nls - OK
    C:\WINDOWS\system32\c_1258.nls - OK
    C:\WINDOWS\system32\c_20127.nls - OK
    C:\WINDOWS\system32\c_20261.nls - OK
    C:\WINDOWS\system32\c_20866.nls - OK
    C:\WINDOWS\system32\c_20905.nls - OK
    C:\WINDOWS\system32\c_21866.nls - OK
    C:\WINDOWS\system32\c_28591.nls - OK
    C:\WINDOWS\system32\c_28592.nls - OK
    C:\WINDOWS\system32\c_28593.nls - OK
    C:\WINDOWS\system32\C_28594.NLS - OK
    C:\WINDOWS\system32\C_28595.NLS - OK
    C:\WINDOWS\system32\C_28597.NLS - OK
    C:\WINDOWS\system32\c_28598.nls - OK
    C:\WINDOWS\system32\c_28599.nls - OK
    C:\WINDOWS\system32\c_28603.nls - OK
    C:\WINDOWS\system32\c_28605.nls - OK
    C:\WINDOWS\system32\c_437.nls - OK
    C:\WINDOWS\system32\c_500.nls - OK
    C:\WINDOWS\system32\c_737.nls - OK
    C:\WINDOWS\system32\c_775.nls - OK
    C:\WINDOWS\system32\c_850.nls - OK
    C:\WINDOWS\system32\c_852.nls - OK
    C:\WINDOWS\system32\c_855.nls - OK
    C:\WINDOWS\system32\c_857.nls - OK
    C:\WINDOWS\system32\c_860.nls - OK
    C:\WINDOWS\system32\c_861.nls - OK
    C:\WINDOWS\system32\c_863.nls - OK
    C:\WINDOWS\system32\c_865.nls - OK
    C:\WINDOWS\system32\c_866.nls - OK
    C:\WINDOWS\system32\c_869.nls - OK
    C:\WINDOWS\system32\c_874.nls - OK
    C:\WINDOWS\system32\c_875.nls - OK
    C:\WINDOWS\system32\c_932.nls - OK
    C:\WINDOWS\system32\c_936.nls - OK
    C:\WINDOWS\system32\c_949.nls - OK
    C:\WINDOWS\system32\c_950.nls - OK
    C:\WINDOWS\system32\d3d8.dll - OK
    C:\WINDOWS\system32\d3d8thk.dll - OK
    C:\WINDOWS\system32\d3d9.dll - OK
    C:\WINDOWS\system32\d3d9caps.dat - OK
    C:\WINDOWS\system32\D3DCompiler_33.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_33.dll - OK
    C:\WINDOWS\system32\D3DCompiler_34.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_34.dll - OK
    C:\WINDOWS\system32\D3DCompiler_35.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_35.dll - OK
    C:\WINDOWS\system32\D3DCompiler_36.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_36.dll - OK
    C:\WINDOWS\system32\D3DCompiler_37.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_37.dll - OK
    C:\WINDOWS\system32\D3DCompiler_38.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_38.dll - OK
    C:\WINDOWS\system32\D3DCompiler_39.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_39.dll - OK
    C:\WINDOWS\system32\D3DCompiler_40.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_40.dll - OK
    C:\WINDOWS\system32\D3DCompiler_41.dll gepakt door PESTUB
    >C:\WINDOWS\system32\D3DCompiler_41.dll - OK
    C:\WINDOWS\system32\D3DCompiler_42.dll - OK
    C:\WINDOWS\system32\d3dcsx_42.dll - OK
    C:\WINDOWS\system32\d3dim.dll - OK
    C:\WINDOWS\system32\d3dim700.dll - OK
    C:\WINDOWS\system32\d3dpmesh.dll - OK
    C:\WINDOWS\system32\d3dramp.dll - OK
    C:\WINDOWS\system32\d3drm.dll - OK
    C:\WINDOWS\system32\d3dx10_33.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_33.dll - OK
    C:\WINDOWS\system32\d3dx10_34.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_34.dll - OK
    C:\WINDOWS\system32\d3dx10_35.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_35.dll - OK
    C:\WINDOWS\system32\d3dx10_36.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_36.dll - OK
    C:\WINDOWS\system32\d3dx10_37.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_37.dll - OK
    C:\WINDOWS\system32\d3dx10_38.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_38.dll - OK
    C:\WINDOWS\system32\d3dx10_39.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_39.dll - OK
    C:\WINDOWS\system32\d3dx10_40.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_40.dll - OK
    C:\WINDOWS\system32\d3dx10_41.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx10_41.dll - OK
    C:\WINDOWS\system32\d3dx10_42.dll - OK
    C:\WINDOWS\system32\d3dx11_42.dll - OK
    C:\WINDOWS\system32\d3dx9_24.dll - OK
    C:\WINDOWS\system32\d3dx9_25.dll - OK
    C:\WINDOWS\system32\d3dx9_26.dll - OK
    C:\WINDOWS\system32\d3dx9_27.dll - OK
    C:\WINDOWS\system32\d3dx9_28.dll - OK
    C:\WINDOWS\system32\d3dx9_29.dll - OK
    C:\WINDOWS\system32\d3dx9_30.dll - OK
    C:\WINDOWS\system32\d3dx9_31.dll - OK
    C:\WINDOWS\system32\d3dx9_32.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx9_32.dll - OK
    C:\WINDOWS\system32\d3dx9_33.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx9_33.dll - OK
    C:\WINDOWS\system32\d3dx9_34.dll gepakt door PESTUB
    >C:\WINDOWS\system32\d3dx9_34.dll - OK
    C:\WINDOWS\system32\d3dx9_35.dll - OK
    C:\WINDOWS\system32\d3dx9_36.dll - OK
    C:\WINDOWS\system32\D3DX9_37.dll - OK
    C:\WINDOWS\system32\D3DX9_38.dll - OK
    C:\WINDOWS\system32\D3DX9_39.dll - OK
    C:\WINDOWS\system32\D3DX9_40.dll - OK
    C:\WINDOWS\system32\D3DX9_41.dll - OK
    C:\WINDOWS\system32\D3DX9_42.dll - OK
    C:\WINDOWS\system32\d3dxof.dll - OK
    C:\WINDOWS\system32\danim.dll - OK
    C:\WINDOWS\system32\dataclen.dll - OK
    C:\WINDOWS\system32\datime.dll - OK
    C:\WINDOWS\system32\davclnt.dll - OK
    C:\WINDOWS\system32\daxctle.ocx - OK
    C:\WINDOWS\system32\dbgeng.dll - OK
    C:\WINDOWS\system32\dbghelp.dll - OK
    C:\WINDOWS\system32\dbmsrpcn.dll - OK
    C:\WINDOWS\system32\dbnetlib.dll - OK
    C:\WINDOWS\system32\dbnmpntw.dll - OK
    C:\WINDOWS\system32\Dcache.bin - OK
    C:\WINDOWS\system32\dciman32.dll - OK
    C:\WINDOWS\system32\dcomcnfg.exe - OK
    C:\WINDOWS\system32\ddeml.dll - OK
    C:\WINDOWS\system32\ddeshare.exe - OK
    C:\WINDOWS\system32\ddraw.dll - OK
    C:\WINDOWS\system32\ddrawex.dll - OK
    C:\WINDOWS\system32\debug.exe gepakt door EXEPACK
    >C:\WINDOWS\system32\debug.exe - OK
    C:\WINDOWS\system32\decdnet.dll - OK
    C:\WINDOWS\system32\defrag.exe - OK
    C:\WINDOWS\system32\deploytk.dll - OK
    C:\WINDOWS\system32\desk.cpl - OK
    C:\WINDOWS\system32\deskadp.dll - OK
    C:\WINDOWS\system32\deskmon.dll - OK
    C:\WINDOWS\system32\deskperf.dll - OK
    C:\WINDOWS\system32\desktop.ini - OK
    C:\WINDOWS\system32\devenum.dll - OK
    C:\WINDOWS\system32\devmgmt.msc - OK
    C:\WINDOWS\system32\devmgr.dll - OK
    C:\WINDOWS\system32\dfrg.msc - OK
    C:\WINDOWS\system32\dfrgfat.exe - OK
    C:\WINDOWS\system32\dfrgntfs.exe - OK
    C:\WINDOWS\system32\dfrgres.dll - archief BINARYRES
    >C:\WINDOWS\system32\dfrgres.dll/data001 - OK
    C:\WINDOWS\system32\dfrgres.dll - OK
    C:\WINDOWS\system32\dfrgsnap.dll - OK
    C:\WINDOWS\system32\dfrgui.dll - OK
    C:\WINDOWS\system32\dfshim.dll - OK
    C:\WINDOWS\system32\dfsshlex.dll - OK
    C:\WINDOWS\system32\dgnet.dll - OK
    C:\WINDOWS\system32\dgrpsetu.dll - OK
    C:\WINDOWS\system32\dgsetup.dll - OK
    C:\WINDOWS\system32\dhcpcsvc.dll - OK
    C:\WINDOWS\system32\dhcpmon.dll - OK
    C:\WINDOWS\system32\dhcpqec.dll - OK
    C:\WINDOWS\system32\dhcpsapi.dll - OK
    C:\WINDOWS\system32\diactfrm.dll - OK
    C:\WINDOWS\system32\diantz.exe - OK
    C:\WINDOWS\system32\digest.dll - OK
    C:\WINDOWS\system32\dimap.dll - OK
    C:\WINDOWS\system32\dimsntfy.dll - OK
    C:\WINDOWS\system32\dimsroam.dll - OK
    C:\WINDOWS\system32\dinput.dll - OK
    C:\WINDOWS\system32\dinput8.dll - OK
    C:\WINDOWS\system32\diskcomp.com - OK
    C:\WINDOWS\system32\diskcopy.com - OK
    C:\WINDOWS\system32\diskcopy.dll - OK
    C:\WINDOWS\system32\diskmgmt.msc - OK
    C:\WINDOWS\system32\diskpart.exe - OK
    C:\WINDOWS\system32\diskperf.exe - OK
    C:\WINDOWS\system32\dispex.dll - OK
    C:\WINDOWS\system32\dllhost.exe - OK
    C:\WINDOWS\system32\dllhst3g.exe - OK
    C:\WINDOWS\system32\dmadmin.exe - OK
    C:\WINDOWS\system32\dmband.dll - OK
    C:\WINDOWS\system32\dmcompos.dll - OK
    C:\WINDOWS\system32\dmconfig.dll - OK
    C:\WINDOWS\system32\dmdlgs.dll - OK
    C:\WINDOWS\system32\dmdskmgr.dll - OK
    C:\WINDOWS\system32\dmdskres.dll - OK
    C:\WINDOWS\system32\dmime.dll - OK
    C:\WINDOWS\system32\dmintf.dll - OK
    C:\WINDOWS\system32\dmloader.dll - OK
    C:\WINDOWS\system32\dmocx.dll - OK
    C:\WINDOWS\system32\dmremote.exe - OK
    C:\WINDOWS\system32\dmscript.dll - OK
    C:\WINDOWS\system32\dmserver.dll - OK
    C:\WINDOWS\system32\dmstyle.dll - OK
    C:\WINDOWS\system32\dmsynth.dll - OK
    C:\WINDOWS\system32\dmusic.dll - OK
    C:\WINDOWS\system32\dmutil.dll - OK
    C:\WINDOWS\system32\dmview.ocx - OK
    C:\WINDOWS\system32\dnsapi.dll - OK
    C:\WINDOWS\system32\dnsrslvr.dll - OK
    C:\WINDOWS\system32\docprop.dll - OK
    C:\WINDOWS\system32\docprop2.dll - OK
    C:\WINDOWS\system32\doskey.exe - OK
    C:\WINDOWS\system32\dosx.exe - OK
    C:\WINDOWS\system32\dot3api.dll - OK
    C:\WINDOWS\system32\dot3cfg.dll - OK
    C:\WINDOWS\system32\dot3dlg.dll - OK
    C:\WINDOWS\system32\dot3gpclnt.dll - OK
    C:\WINDOWS\system32\dot3msm.dll - OK
    C:\WINDOWS\system32\dot3svc.dll - OK
    C:\WINDOWS\system32\dot3ui.dll - OK
    C:\WINDOWS\system32\dpcdll.dll - OK
    C:\WINDOWS\system32\dplay.dll - OK
    C:\WINDOWS\system32\dplaysvr.exe - OK
    C:\WINDOWS\system32\dplayx.dll - OK
    C:\WINDOWS\system32\dpmodemx.dll - OK
    C:\WINDOWS\system32\dpnaddr.dll - OK
    C:\WINDOWS\system32\dpnet.dll - OK
    C:\WINDOWS\system32\dpnhpast.dll - OK
    C:\WINDOWS\system32\dpnhupnp.dll - OK
    C:\WINDOWS\system32\dpnlobby.dll - OK
    C:\WINDOWS\system32\dpnmodem.dll - OK
    C:\WINDOWS\system32\dpnsvr.exe - OK
    C:\WINDOWS\system32\dpnwsock.dll - OK
    C:\WINDOWS\system32\dpserial.dll - OK
    C:\WINDOWS\system32\dpvacm.dll - OK
    C:\WINDOWS\system32\dpvoice.dll - OK
    C:\WINDOWS\system32\dpvsetup.exe - OK
    C:\WINDOWS\system32\dpvvox.dll - OK
    C:\WINDOWS\system32\dpwsock.dll - OK
    C:\WINDOWS\system32\dpwsockx.dll - OK
    C:\WINDOWS\system32\driverquery.exe - OK
    C:\WINDOWS\system32\drmclien.dll - OK
    C:\WINDOWS\system32\drmstor.dll - OK
    C:\WINDOWS\system32\drmupgds.exe gepakt door FLY-CODE
    >C:\WINDOWS\system32\drmupgds.exe - OK
    C:\WINDOWS\system32\drmv2clt.dll - archief BINARYRES
    >C:\WINDOWS\system32\drmv2clt.dll/data001 - archief HTML
    >>C:\WINDOWS\system32\drmv2clt.dll/data001/JavaScript.0 - OK
    >C:\WINDOWS\system32\drmv2clt.dll/data001 - OK
    C:\WINDOWS\system32\drmv2clt.dll - OK
    C:\WINDOWS\system32\drprov.dll - OK
    C:\WINDOWS\system32\drwatson.exe - OK
    C:\WINDOWS\system32\drwtsn32.exe - OK
    C:\WINDOWS\system32\ds16gt.dLL - OK
    C:\WINDOWS\system32\ds32gt.dll - OK
    C:\WINDOWS\system32\dsauth.dll - OK
    C:\WINDOWS\system32\dsdmo.dll - OK
    C:\WINDOWS\system32\dsdmoprp.dll - OK
    C:\WINDOWS\system32\dskquota.dll - OK
    C:\WINDOWS\system32\dskquoui.dll - OK
    C:\WINDOWS\system32\dsound.dll - OK
    C:\WINDOWS\system32\dsound.vxd - OK
    C:\WINDOWS\system32\dsound3d.dll - OK
    C:\WINDOWS\system32\dsprop.dll - OK
    C:\WINDOWS\system32\dsprpres.dll - OK
    C:\WINDOWS\system32\dsquery.dll - OK
    C:\WINDOWS\system32\dssec.dat - OK
    C:\WINDOWS\system32\dssec.dll - OK
    C:\WINDOWS\system32\dssenh.dll - OK
    C:\WINDOWS\system32\dsuiext.dll - OK
    C:\WINDOWS\system32\dswave.dll - OK
    C:\WINDOWS\system32\dumprep.exe - OK
    C:\WINDOWS\system32\duser.dll - OK
    C:\WINDOWS\system32\dvdplay.exe - OK
    C:\WINDOWS\system32\dvdupgrd.exe - OK
    C:\WINDOWS\system32\dwwin.exe - OK
    C:\WINDOWS\system32\dx7vb.dll - OK
    C:\WINDOWS\system32\dx8vb.dll - OK
    C:\WINDOWS\system32\dxdiag.exe - OK
    C:\WINDOWS\system32\dxdiagn.dll - OK
    C:\WINDOWS\system32\dxdllreg.exe - OK
    C:\WINDOWS\system32\dxmasf.dll - OK
    C:\WINDOWS\system32\dxtmeta2.dll - OK
    C:\WINDOWS\system32\dxtmsft.dll - OK
    C:\WINDOWS\system32\dxtrans.dll - OK
    C:\WINDOWS\system32\dxva2.dll - OK
    C:\WINDOWS\system32\eapolqec.dll - OK
    C:\WINDOWS\system32\eapp3hst.dll - OK
    C:\WINDOWS\system32\eappcfg.dll - OK
    C:\WINDOWS\system32\eappgnui.dll - OK
    C:\WINDOWS\system32\eapphost.dll - OK
    C:\WINDOWS\system32\eappprxy.dll - OK
    C:\WINDOWS\system32\eapqec.dll - OK
    C:\WINDOWS\system32\eapsvc.dll - OK
    C:\WINDOWS\system32\edit.com gepakt door EXEPACK
    >C:\WINDOWS\system32\edit.com - OK
    C:\WINDOWS\system32\edit.hlp - OK
    C:\WINDOWS\system32\edlin.exe gepakt door EXEPACK
    >C:\WINDOWS\system32\edlin.exe - OK
    C:\WINDOWS\system32\efsadu.dll - OK
    C:\WINDOWS\system32\ega.cpi - OK
    C:\WINDOWS\system32\els.dll - OK
    C:\WINDOWS\system32\emptyregdb.dat - OK
    C:\WINDOWS\system32\encapi.dll - OK
    C:\WINDOWS\system32\encdec.dll - OK
    C:\WINDOWS\system32\encdnet.dll - OK
    C:\WINDOWS\system32\EqnClass.Dll - OK
    C:\WINDOWS\system32\ersvc.dll - OK
    C:\WINDOWS\system32\es.dll - OK
    C:\WINDOWS\system32\esent.dll - OK
    C:\WINDOWS\system32\esent97.dll - OK
    C:\WINDOWS\system32\esentprf.dll - OK
    C:\WINDOWS\system32\esentprf.hxx - OK
    C:\WINDOWS\system32\esentprf.ini - OK
    C:\WINDOWS\system32\esentutl.exe - OK
    C:\WINDOWS\system32\eudcedit.exe - OK
    C:\WINDOWS\system32\eula.txt - OK
    C:\WINDOWS\system32\eventcls.dll - OK
    C:\WINDOWS\system32\eventcreate.exe - OK
    C:\WINDOWS\system32\eventlog.dll - OK
    C:\WINDOWS\system32\eventquery.vbs - OK
    C:\WINDOWS\system32\eventtriggers.exe - OK
    C:\WINDOWS\system32\eventvwr.exe - OK
    C:\WINDOWS\system32\eventvwr.msc - OK
    C:\WINDOWS\system32\evr.dll - OK
    C:\WINDOWS\system32\exe2bin.exe gepakt door EXEPACK
    >C:\WINDOWS\system32\exe2bin.exe - OK
    C:\WINDOWS\system32\expand.exe gepakt door BINARYRES
    >C:\WINDOWS\system32\expand.exe gepakt door MS COMPRESS
    >>C:\WINDOWS\system32\expand.exe - OK
    C:\WINDOWS\system32\expsrv.dll - OK
    C:\WINDOWS\system32\extmgr.dll - OK
    C:\WINDOWS\system32\extrac32.exe - OK
    C:\WINDOWS\system32\exts.dll - OK
    C:\WINDOWS\system32\ezsidmv.dat - OK
    C:\WINDOWS\system32\fastopen.exe gepakt door EXEPACK
    >C:\WINDOWS\system32\fastopen.exe gepakt door COM2EXE
    >>C:\WINDOWS\system32\fastopen.exe - OK
    C:\WINDOWS\system32\faultrep.dll - OK
    C:\WINDOWS\system32\fc.exe - OK
    C:\WINDOWS\system32\fdco1.dll - OK
    C:\WINDOWS\system32\fdco1ins.dll - OK
    C:\WINDOWS\system32\fde.dll - OK
    C:\WINDOWS\system32\fdeploy.dll - OK
    C:\WINDOWS\system32\feclient.dll - OK
    C:\WINDOWS\system32\filemgmt.dll - OK
    C:\WINDOWS\system32\find.exe - OK
    C:\WINDOWS\system32\findstr.exe - OK
    C:\WINDOWS\system32\finger.exe - OK
    C:\WINDOWS\system32\firewall.cpl - OK
    C:\WINDOWS\system32\fixmapi.exe - OK
    C:\WINDOWS\system32\fldrclnr.dll - OK
    C:\WINDOWS\system32\fltlib.dll - OK
    C:\WINDOWS\system32\fltMc.exe - OK
    C:\WINDOWS\system32\FM20.DLL - OK
    C:\WINDOWS\system32\FM20ENU.DLL - OK
    C:\WINDOWS\system32\FM20NLD.DLL - OK
    C:\WINDOWS\system32\fmifs.dll - OK
    C:\WINDOWS\system32\FNTCACHE.DAT - OK
    C:\WINDOWS\system32\fontext.dll - archief BINARYRES
    >C:\WINDOWS\system32\fontext.dll/data001 gepakt door MS COMPRESS
    >>C:\WINDOWS\system32\fontext.dll/data001 - OK
    >C:\WINDOWS\system32\fontext.dll/data002 gepakt door MS COMPRESS
    >>C:\WINDOWS\system32\fontext.dll/data002 - OK
    C:\WINDOWS\system32\fontext.dll - OK
    C:\WINDOWS\system32\fontsub.dll - OK
    C:\WINDOWS\system32\fontview.exe - OK
    C:\WINDOWS\system32\forcedos.exe - OK
    C:\WINDOWS\system32\format.com - OK
    C:\WINDOWS\system32\framebuf.dll - OK
    C:\WINDOWS\system32\freecell.exe - OK
    C:\WINDOWS\system32\fsmgmt.msc - OK
    C:\WINDOWS\system32\fsquirt.exe - OK
    C:\WINDOWS\system32\fsusd.dll - OK
    C:\WINDOWS\system32\fsutil.exe - OK
    C:\WINDOWS\system32\ftp.exe - OK
    C:\WINDOWS\system32\ftsrch.dll - OK
    C:\WINDOWS\system32\fwcfg.dll - OK
    C:\WINDOWS\system32\g711codc.ax - OK
    C:\WINDOWS\system32\gb2312.uce - OK
    C:\WINDOWS\system32\gcdef.dll - OK
    C:\WINDOWS\system32\gdi.exe - OK
    C:\WINDOWS\system32\gdi32.dll - OK
    C:\WINDOWS\system32\geo.nls - OK
    C:\WINDOWS\system32\getmac.exe - OK
    C:\WINDOWS\system32\getuname.dll - OK
    C:\WINDOWS\system32\giveio.sys - OK
    C:\WINDOWS\system32\glmf32.dll - OK
    C:\WINDOWS\system32\glu32.dll - OK
    C:\WINDOWS\system32\gpedit.dll - OK
    C:\WINDOWS\system32\gpedit.msc - OK
    C:\WINDOWS\system32\gpkcsp.dll - OK
    C:\WINDOWS\system32\gpkrsrc.dll - OK
    C:\WINDOWS\system32\gpresult.exe - OK
    C:\WINDOWS\system32\gptext.dll - OK
    C:\WINDOWS\system32\gpupdate.exe - OK
    C:\WINDOWS\system32\graftabl.com - OK
    C:\WINDOWS\system32\graphics.com - OK
    C:\WINDOWS\system32\graphics.pro - OK
    C:\WINDOWS\system32\grpconv.exe - OK
    C:\WINDOWS\system32\h323.tsp - OK
    C:\WINDOWS\system32\h323log.txt - OK
    C:\WINDOWS\system32\h323msp.dll - OK
    C:\WINDOWS\system32\hal.dll - OK
    C:\WINDOWS\system32\hccoin.dll - OK
    C:\WINDOWS\system32\hdwwiz.cpl - OK
    C:\WINDOWS\system32\help.exe - OK
    C:\WINDOWS\system32\HHActiveX.dll - archief BINARYRES
    >C:\WINDOWS\system32\HHActiveX.dll/data001 - OK
    C:\WINDOWS\system32\HHActiveX.dll - OK
    C:\WINDOWS\system32\hhctrl.ocx - OK
    C:\WINDOWS\system32\hhsetup.dll - OK
    C:\WINDOWS\system32\hid.dll - OK
    C:\WINDOWS\system32\hidphone.tsp - OK
    C:\WINDOWS\system32\hidserv.dll - OK
    C:\WINDOWS\system32\himem.sys - OK
    C:\WINDOWS\system32\hlink.dll - OK
    C:\WINDOWS\system32\hnetcfg.dll - OK
    C:\WINDOWS\system32\hnetmon.dll - OK
    C:\WINDOWS\system32\hnetwiz.dll - OK
    C:\WINDOWS\system32\homepage.inf - OK
    C:\WINDOWS\system32\hostname.exe - OK
    C:\WINDOWS\system32\hotplug.dll - OK
    C:\WINDOWS\system32\hticons.dll - OK
    C:\WINDOWS\system32\html.iec gepakt door PESTUB
    >C:\WINDOWS\system32\html.iec - OK
    C:\WINDOWS\system32\httpapi.dll - OK
    C:\WINDOWS\system32\htui.dll - OK
    C:\WINDOWS\system32\hypertrm.dll - OK
    C:\WINDOWS\system32\iac25_32.ax - OK
    C:\WINDOWS\system32\iasacct.dll - OK
    C:\WINDOWS\system32\iasads.dll - OK
    C:\WINDOWS\system32\iashlpr.dll - OK
    C:\WINDOWS\system32\iasnap.dll - OK
    C:\WINDOWS\system32\iaspolcy.dll - OK
    C:\WINDOWS\system32\iasrad.dll - OK
    C:\WINDOWS\system32\iasrecst.dll - OK
    C:\WINDOWS\system32\iassam.dll - OK
    C:\WINDOWS\system32\iassdo.dll - OK
    C:\WINDOWS\system32\iassvcs.dll - OK
    C:\WINDOWS\system32\icaapi.dll - OK
    C:\WINDOWS\system32\icardagt.exe - OK
    C:\WINDOWS\system32\icardie.dll - OK
    C:\WINDOWS\system32\icardres.dll - OK
    C:\WINDOWS\system32\icardres.dll.mui - archief BINARYRES
    >C:\WINDOWS\system32\icardres.dll.mui/data001 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data002 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data003 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data004 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data005 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data006 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data007 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data008 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data009 - OK
    >C:\WINDOWS\system32\icardres.dll.mui/data010 - OK
    C:\WINDOWS\system32\icardres.dll.mui - OK
    C:\WINDOWS\system32\iccvid.dll - OK
    C:\WINDOWS\system32\icfgnt5.dll - OK
    C:\WINDOWS\system32\icm32.dll - OK
    C:\WINDOWS\system32\icmp.dll - OK
    C:\WINDOWS\system32\icmui.dll - OK
    C:\WINDOWS\system32\icrav03.rat - OK
    C:\WINDOWS\system32\icwdial.dll - OK
    C:\WINDOWS\system32\icwphbk.dll - OK
    C:\WINDOWS\system32\ideograf.uce - OK
    C:\WINDOWS\system32\idndl.dll - OK
    C:\WINDOWS\system32\idq.dll - OK
    C:\WINDOWS\system32\ie4uinit.exe - OK
    C:\WINDOWS\system32\ie4uinit.exe.mui - OK
    C:\WINDOWS\system32\IE8Eula.rtf - OK
    C:\WINDOWS\system32\ieakeng.dll - OK
    C:\WINDOWS\system32\ieaksie.dll - OK
    C:\WINDOWS\system32\ieakui.dll - OK
    C:\WINDOWS\system32\ieapfltr.dat - OK
    C:\WINDOWS\system32\ieapfltr.dll - OK
    C:\WINDOWS\system32\iedkcs32.dll - OK
    C:\WINDOWS\system32\iedkcs32.dll.mui - OK
    C:\WINDOWS\system32\ieframe.dll - OK
    C:\WINDOWS\system32\ieframe.dll.mui - OK
    C:\WINDOWS\system32\iepeers.dll - OK
    C:\WINDOWS\system32\iernonce.dll - OK
    C:\WINDOWS\system32\iertutil.dll - OK
    C:\WINDOWS\system32\iesetup.dll - OK
    C:\WINDOWS\system32\ieudinit.exe - OK
    C:\WINDOWS\system32\ieui.dll - OK
    C:\WINDOWS\system32\ieuinit.inf - OK
    C:\WINDOWS\system32\iexpress.exe - OK
    C:\WINDOWS\system32\ifmon.dll - OK
    C:\WINDOWS\system32\ifsutil.dll - OK
    C:\WINDOWS\system32\igmpagnt.dll - OK
    C:\WINDOWS\system32\iissuba.dll - OK
    C:\WINDOWS\system32\ils.dll - OK
    C:\WINDOWS\system32\imaadp32.acm - OK
    C:\WINDOWS\system32\imagehlp.dll - OK
    C:\WINDOWS\system32\imapi.exe - OK
    C:\WINDOWS\system32\imeshare.dll - OK
    C:\WINDOWS\system32\imgutil.dll - OK
    C:\WINDOWS\system32\imm32.dll - OK
    C:\WINDOWS\system32\Indeo4.qtx - OK
    C:\WINDOWS\system32\inetcfg.dll - OK
    C:\WINDOWS\system32\inetcomm.dll - OK
    C:\WINDOWS\system32\inetcpl.cpl - OK
    C:\WINDOWS\system32\inetcplc.dll - OK
    C:\WINDOWS\system32\inetmib1.dll - OK
    C:\WINDOWS\system32\inetpp.dll - OK
    C:\WINDOWS\system32\inetppui.dll - OK
    C:\WINDOWS\system32\inetres.dll - archief BINARYRES
    >C:\WINDOWS\system32\inetres.dll/data001 - archief HTML
    >>C:\WINDOWS\system32\inetres.dll/data001/JavaScript.0 - OK
    >C:\WINDOWS\system32\inetres.dll/data001 - OK
    C:\WINDOWS\system32\inetres.dll - OK
    C:\WINDOWS\system32\infocardapi.dll - OK
    C:\WINDOWS\system32\infocardcpl.cpl - OK
    C:\WINDOWS\system32\infosoft.dll - OK
    C:\WINDOWS\system32\initdebug.nfo - OK
    C:\WINDOWS\system32\initpki.dll - OK
    C:\WINDOWS\system32\INKED.DLL - OK
    C:\WINDOWS\system32\input.dll - OK
    C:\WINDOWS\system32\inseng.dll - OK
    C:\WINDOWS\system32\instcat.sql - OK
    C:\WINDOWS\system32\intl.cpl - OK
    C:\WINDOWS\system32\iologmsg.dll - OK
    C:\WINDOWS\system32\ipconf.tsp - OK
    C:\WINDOWS\system32\ipconfig.exe - OK
    C:\WINDOWS\system32\iphlpapi.dll - OK
    C:\WINDOWS\system32\ipmontr.dll - OK
    C:\WINDOWS\system32\ipnathlp.dll - OK
    C:\WINDOWS\system32\ippromon.dll - OK
    C:\WINDOWS\system32\iprop.dll - OK
    C:\WINDOWS\system32\iprtprio.dll - OK
    C:\WINDOWS\system32\iprtrmgr.dll - OK
    C:\WINDOWS\system32\ipsec6.exe - OK
    C:\WINDOWS\system32\ipsecsnp.dll - OK
    C:\WINDOWS\system32\ipsecsvc.dll - OK
    C:\WINDOWS\system32\ipsink.ax - OK
    C:\WINDOWS\system32\ipsmsnap.dll - OK
    C:\WINDOWS\system32\ipv6.exe - OK
    C:\WINDOWS\system32\ipv6mon.dll - OK
    C:\WINDOWS\system32\ipxmontr.dll - OK
    C:\WINDOWS\system32\ipxpromn.dll - OK
    C:\WINDOWS\system32\ipxrip.dll - OK
    C:\WINDOWS\system32\ipxroute.exe - OK
    C:\WINDOWS\system32\ipxrtmgr.dll - OK
    C:\WINDOWS\system32\ipxsap.dll - OK
    C:\WINDOWS\system32\ipxwan.dll - OK
    C:\WINDOWS\system32\ir32_32.dll - OK
    C:\WINDOWS\system32\ir41_32.ax - OK
    C:\WINDOWS\system32\ir41_qc.dll - OK
    C:\WINDOWS\system32\ir41_qcx.dll - OK
    C:\WINDOWS\system32\ir50_32.dll - OK
    C:\WINDOWS\system32\ir50_qc.dll - OK
    C:\WINDOWS\system32\ir50_qcx.dll - OK
    C:\WINDOWS\system32\irclass.dll - OK
    C:\WINDOWS\system32\irprops.cpl - OK
    C:\WINDOWS\system32\isign32.dll - OK
    C:\WINDOWS\system32\isrdbg32.dll - OK
    C:\WINDOWS\system32\ISUSPM.cpl - OK
    C:\WINDOWS\system32\itircl.dll - OK
    C:\WINDOWS\system32\itss.dll - OK
    C:\WINDOWS\system32\iuengine.dll - OK
    C:\WINDOWS\system32\ivfsrc.ax - OK
    C:\WINDOWS\system32\ixsso.dll - OK
    C:\WINDOWS\system32\iyuv_32.dll - OK
    C:\WINDOWS\system32\java.exe - OK
    C:\WINDOWS\system32\javacpl.cpl - OK
    C:\WINDOWS\system32\javaw.exe - OK
    C:\WINDOWS\system32\javaws.exe - OK
    C:\WINDOWS\system32\jet500.dll - OK
    C:\WINDOWS\system32\jgaw400.dll - OK
    C:\WINDOWS\system32\jgdw400.dll - OK
    C:\WINDOWS\system32\jgmd400.dll - OK
    C:\WINDOWS\system32\jgpl400.dll - OK
    C:\WINDOWS\system32\jgsd400.dll - OK
    C:\WINDOWS\system32\jgsh400.dll - OK
    C:\WINDOWS\system32\jobexec.dll - OK
    C:\WINDOWS\system32\joy.cpl - OK
    C:\WINDOWS\system32\jscript.dll - OK
    C:\WINDOWS\system32\jsnl.dll - OK
    C:\WINDOWS\system32\jsproxy.dll - OK
    C:\WINDOWS\system32\Kanalen bekijken.scf - OK
    C:\WINDOWS\system32\kanji_1.uce - OK
    C:\WINDOWS\system32\kanji_2.uce - OK
    C:\WINDOWS\system32\kb16.com - OK
    C:\WINDOWS\system32\KBDAL.DLL - OK
    C:\WINDOWS\system32\kbdaze.dll - OK
    C:\WINDOWS\system32\kbdazel.dll - OK
    C:\WINDOWS\system32\kbdbe.dll - OK
    C:\WINDOWS\system32\kbdbene.dll - OK
    C:\WINDOWS\system32\kbdbhc.dll - OK
    C:\WINDOWS\system32\kbdblr.dll - OK
    C:\WINDOWS\system32\kbdbr.dll - OK
    C:\WINDOWS\system32\kbdbu.dll - OK
    C:\WINDOWS\system32\kbdca.dll - OK
    C:\WINDOWS\system32\kbdcan.dll - OK
    C:\WINDOWS\system32\kbdcr.dll - OK
    C:\WINDOWS\system32\kbdcz.dll - OK
    C:\WINDOWS\system32\kbdcz1.dll - OK
    C:\WINDOWS\system32\kbdcz2.dll - OK
    C:\WINDOWS\system32\kbdda.dll - OK
    C:\WINDOWS\system32\kbddv.dll - OK
    C:\WINDOWS\system32\kbdes.dll - OK
    C:\WINDOWS\system32\kbdest.dll - OK
    C:\WINDOWS\system32\kbdfc.dll - OK
    C:\WINDOWS\system32\kbdfi.dll - OK
    C:\WINDOWS\system32\kbdfi1.dll - OK
    C:\WINDOWS\system32\kbdfo.dll - OK
    C:\WINDOWS\system32\kbdfr.dll - OK
    C:\WINDOWS\system32\kbdgae.dll - OK
    C:\WINDOWS\system32\kbdgkl.dll - OK
    C:\WINDOWS\system32\kbdgr.dll - OK
    C:\WINDOWS\system32\kbdgr1.dll - OK
    C:\WINDOWS\system32\kbdhe.dll - OK
    C:\WINDOWS\system32\kbdhe220.dll - OK
    C:\WINDOWS\system32\kbdhe319.dll - OK
    C:\WINDOWS\system32\kbdhela2.dll - OK
    C:\WINDOWS\system32\kbdhela3.dll - OK
    C:\WINDOWS\system32\kbdhept.dll - OK
    C:\WINDOWS\system32\kbdhu.dll - OK
    C:\WINDOWS\system32\kbdhu1.dll - OK
    C:\WINDOWS\system32\kbdic.dll - OK
    C:\WINDOWS\system32\kbdinbe1.dll - OK
    C:\WINDOWS\system32\kbdinben.dll - OK
    C:\WINDOWS\system32\kbdinmal.dll - OK
    C:\WINDOWS\system32\kbdir.dll - OK
    C:\WINDOWS\system32\kbdit.dll - OK
    C:\WINDOWS\system32\kbdit142.dll - OK
    C:\WINDOWS\system32\kbdiultn.dll - OK
    C:\WINDOWS\system32\kbdkaz.dll - OK
    C:\WINDOWS\system32\kbdkyr.dll - OK
    C:\WINDOWS\system32\kbdla.dll - OK
    C:\WINDOWS\system32\kbdlt.dll - OK
    C:\WINDOWS\system32\kbdlt1.dll - OK
    C:\WINDOWS\system32\kbdlv.dll - OK
    C:\WINDOWS\system32\kbdlv1.dll - OK
    C:\WINDOWS\system32\kbdmac.dll - OK
    C:\WINDOWS\system32\kbdmaori.dll - OK
    C:\WINDOWS\system32\kbdmlt47.dll - OK
    C:\WINDOWS\system32\kbdmlt48.dll - OK
    C:\WINDOWS\system32\kbdmon.dll - OK
    C:\WINDOWS\system32\kbdne.dll - OK
    C:\WINDOWS\system32\kbdnec.dll - OK
    C:\WINDOWS\system32\kbdnepr.dll - OK
    C:\WINDOWS\system32\kbdno.dll - OK
    C:\WINDOWS\system32\kbdno1.dll - OK
    C:\WINDOWS\system32\kbdpash.dll - OK
    C:\WINDOWS\system32\kbdpl.dll - OK
    C:\WINDOWS\system32\kbdpl1.dll - OK
    C:\WINDOWS\system32\kbdpo.dll - OK
    C:\WINDOWS\system32\kbdro.dll - OK
    C:\WINDOWS\system32\kbdru.dll - OK
    C:\WINDOWS\system32\kbdru1.dll - OK
    C:\WINDOWS\system32\kbdsf.dll - OK
    C:\WINDOWS\system32\kbdsg.dll - OK
    C:\WINDOWS\system32\kbdsl.dll - OK
    C:\WINDOWS\system32\kbdsl1.dll - OK
    C:\WINDOWS\system32\kbdsmsfi.dll - OK
    C:\WINDOWS\system32\kbdsmsno.dll - OK
    C:\WINDOWS\system32\kbdsp.dll - OK
    C:\WINDOWS\system32\kbdsw.dll - OK
    C:\WINDOWS\system32\kbdtat.dll - OK
    C:\WINDOWS\system32\kbdtuf.dll - OK
    C:\WINDOWS\system32\kbdtuq.dll - OK
    C:\WINDOWS\system32\kbduk.dll - OK
    C:\WINDOWS\system32\kbdukx.dll - OK
    C:\WINDOWS\system32\kbdur.dll - OK
    C:\WINDOWS\system32\kbdus.dll - OK
    C:\WINDOWS\system32\kbdusl.dll - OK
    C:\WINDOWS\system32\kbdusr.dll - OK
    C:\WINDOWS\system32\kbdusx.dll - OK
    C:\WINDOWS\system32\kbduzb.dll - OK
    C:\WINDOWS\system32\kbdycc.dll - OK
    C:\WINDOWS\system32\kbdycl.dll - OK
    C:\WINDOWS\system32\kd1394.dll - OK
    C:\WINDOWS\system32\kdcom.dll - OK
    C:\WINDOWS\system32\kemutb.dll - OK
    C:\WINDOWS\system32\KemUtil.dll - OK
    C:\WINDOWS\system32\KemWnd.dll - OK
    C:\WINDOWS\system32\KemXML.dll - OK
    C:\WINDOWS\system32\kerberos.dll - OK
    C:\WINDOWS\system32\kernel32.dll - OK
    C:\WINDOWS\system32\key01.sys - OK
    C:\WINDOWS\system32\keyboard.drv - OK
    C:\WINDOWS\system32\keyboard.sys - OK
    C:\WINDOWS\system32\keymgr.dll - OK
    C:\WINDOWS\system32\kmddsp.tsp - OK
    C:\WINDOWS\system32\kmsvc.dll - OK
    C:\WINDOWS\system32\korean.uce - OK
    C:\WINDOWS\system32\krnl386.exe - OK
    C:\WINDOWS\system32\ksolay.ax - OK
    C:\WINDOWS\system32\ksproxy.ax - OK
    C:\WINDOWS\system32\kstvtune.ax - OK
    C:\WINDOWS\system32\ksuser.dll - OK
    C:\WINDOWS\system32\kswdmcap.ax - OK
    C:\WINDOWS\system32\ksxbar.ax - OK
    C:\WINDOWS\system32\l2gpstore.dll - OK
    C:\WINDOWS\system32\l3codeca.acm - OK
    C:\WINDOWS\system32\l3codecx.ax - OK
    C:\WINDOWS\system32\label.exe - OK
    C:\WINDOWS\system32\lame_enc.dll gepakt door ASPACK
    >C:\WINDOWS\system32\lame_enc.dll - OK
    C:\WINDOWS\system32\langwrbk.dll - OK
    C:\WINDOWS\system32\lanman.drv - OK
    C:\WINDOWS\system32\LAPRXY.dll gepakt door PESTUB
    >C:\WINDOWS\system32\LAPRXY.dll - OK
    C:\WINDOWS\system32\LCCoin30.dll - OK
    C:\WINDOWS\system32\LcProxy.ax - OK
    C:\WINDOWS\system32\LCWizard.dll - OK
    C:\WINDOWS\system32\LegitCheckControl.dll - OK
    C:\WINDOWS\system32\licdll.dll - OK
    C:\WINDOWS\system32\licmgr10.dll - OK
    C:\WINDOWS\system32\licwmi.dll - OK
    C:\WINDOWS\system32\lights.exe - OK
    C:\WINDOWS\system32\linkinfo.dll - OK
    C:\WINDOWS\system32\lmhsvc.dll - OK
    C:\WINDOWS\system32\lmrt.dll - OK
    C:\WINDOWS\system32\lnkstub.exe - OK
    C:\WINDOWS\system32\loadfix.com - OK
    C:\WINDOWS\system32\loadperf.dll - OK
    C:\WINDOWS\system32\LocalCOM.cpl - OK
    C:\WINDOWS\system32\locale.nls - OK
    C:\WINDOWS\system32\localsec.dll - OK
    C:\WINDOWS\system32\localspl.dll - OK
    C:\WINDOWS\system32\localui.dll - OK
    C:\WINDOWS\system32\locator.exe - OK
    C:\WINDOWS\system32\lodctr.exe - OK
    C:\WINDOWS\system32\logagent.exe - OK
    C:\WINDOWS\system32\loghours.dll - OK
    C:\WINDOWS\system32\login.cmd - OK
    C:\WINDOWS\system32\logman.exe - OK
    C:\WINDOWS\system32\logoff.exe - OK
    C:\WINDOWS\system32\logon.scr - OK
    C:\WINDOWS\system32\logonui.exe - OK
    C:\WINDOWS\system32\logonui.exe.manifest - OK
    C:\WINDOWS\system32\LoopyMusic.wav - OK
    C:\WINDOWS\system32\lpk.dll - OK
    C:\WINDOWS\system32\lpq.exe - OK
    C:\WINDOWS\system32\lpr.exe - OK
    C:\WINDOWS\system32\lprhelp.dll - OK
    C:\WINDOWS\system32\lprmonui.dll - OK
    C:\WINDOWS\system32\lsasrv.dll - OK
    C:\WINDOWS\system32\lsass.exe - OK
    C:\WINDOWS\system32\lusrmgr.msc - OK
    C:\WINDOWS\system32\lz32.dll - OK
    C:\WINDOWS\system32\lzexpand.dll - OK
    C:\WINDOWS\system32\l_except.nls - OK
    C:\WINDOWS\system32\l_intl.nls - OK
    C:\WINDOWS\system32\M-AudioTaskBarIcon.exe - OK
    C:\WINDOWS\system32\magnify.exe - OK
    C:\WINDOWS\system32\mag_hook.dll - OK
    C:\WINDOWS\system32\main.cpl - OK
    C:\WINDOWS\system32\makecab.exe - OK
    C:\WINDOWS\system32\mapi32.dll - OK
    C:\WINDOWS\system32\mapistub.dll - OK
    C:\WINDOWS\system32\ma_cmidn.dll - OK
    C:\WINDOWS\system32\mcastmib.dll - OK
    C:\WINDOWS\system32\mcd32.dll - OK
    C:\WINDOWS\system32\mcdsrv32.dll - OK
    C:\WINDOWS\system32\mchgrcoi.dll - OK
    C:\WINDOWS\system32\MCI32.OCX - OK
    C:\WINDOWS\system32\mciavi.drv - OK
    C:\WINDOWS\system32\mciavi32.dll - OK
    C:\WINDOWS\system32\mcicda.dll - OK
    C:\WINDOWS\system32\mciole16.dll - OK
    C:\WINDOWS\system32\mciole32.dll - OK
    C:\WINDOWS\system32\mciqtz32.dll - OK
    C:\WINDOWS\system32\mciseq.dll - OK
    C:\WINDOWS\system32\mciseq.drv - OK
    C:\WINDOWS\system32\mciwave.dll - OK
    C:\WINDOWS\system32\mciwave.drv - OK
    C:\WINDOWS\system32\mdhcp.dll - OK
    C:\WINDOWS\system32\mdminst.dll - OK
    C:\WINDOWS\system32\mdwmdmsp.dll - OK
    C:\WINDOWS\system32\mem.exe gepakt door EXEPACK
    >C:\WINDOWS\system32\mem.exe - OK
    C:\WINDOWS\system32\mf3216.dll - OK
    C:\WINDOWS\system32\mfc40.dll - OK
    C:\WINDOWS\system32\mfc40loc.dll - OK
    C:\WINDOWS\system32\mfc40u.dll - OK
    C:\WINDOWS\system32\mfc42.dll - OK
    C:\WINDOWS\system32\mfc42loc.dll - OK
    C:\WINDOWS\system32\mfc42u.dll - OK
    C:\WINDOWS\system32\mfc70.dll - OK
    C:\WINDOWS\system32\mfc70u.dll - OK
    C:\WINDOWS\system32\mfc71.dll - OK
    C:\WINDOWS\system32\mfc71u.dll - OK
    C:\WINDOWS\system32\mfcsubs.dll - OK
    C:\WINDOWS\system32\MFPLAT.dll - OK
    C:\WINDOWS\system32\mgmtapi.dll - OK
    C:\WINDOWS\system32\mib.bin - OK
    C:\WINDOWS\system32\microsoft.managementconsole.dll - OK
    C:\WINDOWS\system32\midimap.dll - OK
    C:\WINDOWS\system32\miglibnt.dll - OK
    C:\WINDOWS\system32\migpwd.exe - OK
    C:\WINDOWS\system32\mimefilt.dll - OK
    C:\WINDOWS\system32\mlang.dat - OK
    C:\WINDOWS\system32\mlang.dll - OK
    C:\WINDOWS\system32\mll_hp.dll - OK
    C:\WINDOWS\system32\mll_mtf.dll - OK
    C:\WINDOWS\system32\mll_qic.dll - OK
    C:\WINDOWS\system32\mmc.exe - archief BINARYRES
    >C:\WINDOWS\system32\mmc.exe/data001 - archief HTML
    >>C:\WINDOWS\system32\mmc.exe/data001/JavaScript.0 - OK
    >C:\WINDOWS\system32\mmc.exe/data001 - OK
    >C:\WINDOWS\system32\mmc.exe/data002 - archief HTML
    >>C:\WINDOWS\system32\mmc.exe/data002/JavaScript.0 - OK
    >C:\WINDOWS\system32\mmc.exe/data002 - OK
    >C:\WINDOWS\system32\mmc.exe/data003 - archief HTML
    >>C:\WINDOWS\system32\mmc.exe/data003/JavaScript.0 - OK
    >C:\WINDOWS\system32\mmc.exe/data003 - OK
    >C:\WINDOWS\system32\mmc.exe/data004 - archief HTML
    >>C:\WINDOWS\system32\mmc.exe/data004/JavaScript.0 - OK
    >C:\WINDOWS\system32\mmc.exe/data004 - OK
    >C:\WINDOWS\system32\mmc.exe/data005 - OK
    >C:\WINDOWS\system32\mmc.exe/data006 - archief HTML
    >>C:\WINDOWS\system32\mmc.exe/data006/JavaScript.0 - OK
    >C:\WINDOWS\system32\mmc.exe/data006 - OK
    >C:\WINDOWS\system32\mmc.exe/data007 - archief HTML
    >>C:\WINDOWS\system32\mmc.exe/data007/JavaScript.0 - OK
    >C:\WINDOWS\system32\mmc.exe/data007 - OK
    >C:\WINDOWS\system32\mmc.exe/data008 - OK
    C:\WINDOWS\system32\mmc.exe - OK
    C:\WINDOWS\system32\mmcbase.dll - OK
    C:\WINDOWS\system32\mmcex.dll - OK
    C:\WINDOWS\system32\mmcfxcommon.dll - OK
    C:\WINDOWS\system32\mmcndmgr.dll - archief BINARYRES
    >C:\WINDOWS\system32\mmcndmgr.dll/data001 - archief HTML
    >>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.0 - OK
    >>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.1 - OK
    >>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.2 - OK
    >>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.3 - OK
    >>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.4 - OK
    >>C:\WINDOWS\system32\mmcndmgr.dll/data001/JavaScript.5 - OK
    >C:\WINDOWS\system32\mmcndmgr.dll/data001 - OK
    C:\WINDOWS\system32\mmcndmgr.dll - OK
    C:\WINDOWS\system32\mmcperf.exe - OK
    C:\WINDOWS\system32\mmcshext.dll - OK
    C:\WINDOWS\system32\mmdriver.inf - OK
    C:\WINDOWS\system32\mmdrv.dll - OK
    C:\WINDOWS\system32\mmfutil.dll - OK
    C:\WINDOWS\system32\mmsys.cpl - OK
    C:\WINDOWS\system32\mmsystem.dll - OK
    C:\WINDOWS\system32\mmtask.tsk - OK
    C:\WINDOWS\system32\mmutilse.dll - OK
    C:\WINDOWS\system32\mnmdd.dll - OK
    C:\WINDOWS\system32\mnmsrvc.exe - OK
    C:\WINDOWS\system32\mobsync.dll - OK
    C:\WINDOWS\system32\mobsync.exe - OK
    C:\WINDOWS\system32\mode.com - OK
    C:\WINDOWS\system32\modemui.dll - OK
    C:\WINDOWS\system32\modex.dll - OK
    C:\WINDOWS\system32\more.com - OK
    C:\WINDOWS\system32\moricons.dll - OK
    C:\WINDOWS\system32\mountvol.exe - OK
    C:\WINDOWS\system32\mouse.drv - OK
    C:\WINDOWS\system32\MP43DECD.dll - OK
    C:\WINDOWS\system32\MP43DMOD.dll - OK
    C:\WINDOWS\system32\MP4SDECD.dll - OK
    C:\WINDOWS\system32\MP4SDMOD.dll - OK
    C:\WINDOWS\system32\mpeg2data.ax - OK
    C:\WINDOWS\system32\mpg2splt.ax - OK
    C:\WINDOWS\system32\MPG4DECD.dll - OK
    C:\WINDOWS\system32\MPG4DMOD.dll - OK
    C:\WINDOWS\system32\mpg4ds32.ax - OK
    C:\WINDOWS\system32\mplay32.exe - OK
    C:\WINDOWS\system32\mpnotify.exe - OK
    C:\WINDOWS\system32\mpr.dll - OK
    C:\WINDOWS\system32\mprapi.dll - OK
    C:\WINDOWS\system32\mprddm.dll - OK
    C:\WINDOWS\system32\mprdim.dll - OK
    C:\WINDOWS\system32\mprmsg.dll - OK
    C:\WINDOWS\system32\mprui.dll - OK
    C:\WINDOWS\system32\mqad.dll - OK
    C:\WINDOWS\system32\mqbkup.exe - OK
    C:\WINDOWS\system32\mqcertui.dll - OK
    C:\WINDOWS\system32\mqdscli.dll - OK
    C:\WINDOWS\system32\mqgentr.dll - OK
    C:\WINDOWS\system32\mqise.dll - OK
    C:\WINDOWS\system32\mqlogmgr.dll - OK
    C:\WINDOWS\system32\mqoa.dll - OK
    C:\WINDOWS\system32\mqoa.tlb - OK
    C:\WINDOWS\system32\mqoa10.tlb - OK
    C:\WINDOWS\system32\mqoa20.tlb - OK
    C:\WINDOWS\system32\mqperf.dll - OK
    C:\WINDOWS\system32\mqperf.ini - OK
    C:\WINDOWS\system32\mqprfsym.h - OK
    C:\WINDOWS\system32\mqqm.dll - OK
    C:\WINDOWS\system32\mqrt.dll - OK
    C:\WINDOWS\system32\mqrtdep.dll - OK
    C:\WINDOWS\system32\mqsec.dll - OK
    C:\WINDOWS\system32\mqsnap.dll - OK
    C:\WINDOWS\system32\mqsvc.exe - OK
    C:\WINDOWS\system32\mqtgsvc.exe - OK
    C:\WINDOWS\system32\mqtrig.dll - OK
    C:\WINDOWS\system32\mqupgrd.dll - OK
    C:\WINDOWS\system32\mqutil.dll - OK
    C:\WINDOWS\system32\mrinfo.exe - OK
    C:\WINDOWS\system32\MRT.exe - archief BINARYRES
    >C:\WINDOWS\system32\MRT.exe/data001 - OK
    >C:\WINDOWS\system32\MRT.exe/data002 - archief BINARYRES
    >>C:\WINDOWS\system32\MRT.exe/data002/data001 - OK
    >>C:\WINDOWS\system32\MRT.exe/data002/data002 - OK
    >>C:\WINDOWS\system32\MRT.exe/data002/data003 - OK
    >C:\WINDOWS\system32\MRT.exe/data002 - OK
    C:\WINDOWS\system32\MRT.exe - OK
    C:\WINDOWS\system32\msaatext.dll - OK
    C:\WINDOWS\system32\msacm.dll - OK
    C:\WINDOWS\system32\msacm32.dll - OK
    C:\WINDOWS\system32\msacm32.drv - OK
    C:\WINDOWS\system32\msadds32.ax - OK
    C:\WINDOWS\system32\msadp32.acm - OK
    C:\WINDOWS\system32\msafd.dll - OK
    C:\WINDOWS\system32\msapsspc.dll - OK
    C:\WINDOWS\system32\msasn1.dll - OK
    C:\WINDOWS\system32\msaud32.acm - OK
    C:\WINDOWS\system32\msaudite.dll - OK
    C:\WINDOWS\system32\mscat32.dll - OK
    C:\WINDOWS\system32\mscdexnt.exe - OK
    C:\WINDOWS\system32\mscms.dll - OK
    C:\WINDOWS\system32\MSCOMCT2.OCX - OK
    C:\WINDOWS\system32\MSCOMCTL.OCX - OK
    C:\WINDOWS\system32\msconf.dll - OK
    C:\WINDOWS\system32\mscoree.dll - OK
    C:\WINDOWS\system32\mscorier.dll - OK
    C:\WINDOWS\system32\mscories.dll - OK
    C:\WINDOWS\system32\mscpx32r.dLL - OK
    C:\WINDOWS\system32\mscpxl32.dLL - OK
    C:\WINDOWS\system32\MSCTF.dll - OK
    C:\WINDOWS\system32\msctfime.ime - OK
    C:\WINDOWS\system32\MSCTFP.dll - OK
    C:\WINDOWS\system32\msdadiag.dll - OK
    C:\WINDOWS\system32\msdart.dll - OK
    C:\WINDOWS\system32\msdatsrc.tlb - OK
    C:\WINDOWS\system32\msdbg2.dll - OK
    C:\WINDOWS\system32\msdmo.dll - OK
    C:\WINDOWS\system32\msdtc.exe - OK
    C:\WINDOWS\system32\msdtclog.dll - OK
    C:\WINDOWS\system32\msdtcprf.h - OK
    C:\WINDOWS\system32\msdtcprf.ini - OK
    C:\WINDOWS\system32\msdtcprx.dll - OK
    C:\WINDOWS\system32\msdtctm.dll - OK
    C:\WINDOWS\system32\msdtcuiu.dll - OK
    C:\WINDOWS\system32\msdvbnp.ax - OK
    C:\WINDOWS\system32\msdxm.ocx - OK
    C:\WINDOWS\system32\msdxmlc.dll - OK
    C:\WINDOWS\system32\msencode.dll - OK
    C:\WINDOWS\system32\msexch40.dll - OK
    C:\WINDOWS\system32\msexcl40.dll - OK
    C:\WINDOWS\system32\msfeeds.dll - OK
    C:\WINDOWS\system32\msfeedsbs.dll - OK
    C:\WINDOWS\system32\msfeedssync.exe - OK
    C:\WINDOWS\system32\MSFLXGRD.OCX - OK
    C:\WINDOWS\system32\msftedit.dll - OK
    C:\WINDOWS\system32\msg.exe - OK
    C:\WINDOWS\system32\msg711.acm - OK
    C:\WINDOWS\system32\msg723.acm - OK
    C:\WINDOWS\system32\msgina.dll - OK
    C:\WINDOWS\system32\msgsm32.acm - OK
    C:\WINDOWS\system32\msgsvc.dll - OK
    C:\WINDO
  • Hoi, ik denk dat het probleem dus dieper in jouw Windows zit en dat daarom het Dr.Web-tool a.h.w. op ho; slaat!

    Dus we vergeten Dr,Web voor dit moment.

    En doe het volgende: download en installeer [b:9f947404ac]Emsisoft Anti-Malware 5[/b:9f947404ac].
    Je download het als sharewareversie en bij installatie krijg je dan de optie om of voor 3- of voor 30 dagen volledige werking te kiezen!
    Wat houdt dat in: dat de actieve achtergrondscan en de automatische updates werken! Aan jou dus deze keus.

    Verder: na installatie dien je eerst te kiezen voor upgraden.
    Zet bij de upgrade configuratie het downloaden van extrat talen uit!

    http://www.emsisoft.nl/asquared/index.htm

    Start daarna het tool voor een grondige scan!
  • Ok ga ik doen.

    Ik zag dat in mijn eerdere post geen combofix log stond.. toch nog even hier dan


    ComboFix 10-08-19.02 - Sander 20-08-2010 22:08:42.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1508 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Sander\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Sander\Menu Start\Programma's\Antimalware Doctor
    c:\documents and settings\Sander\Menu Start\Programma's\Antimalware Doctor\Antimalware Doctor.lnk
    c:\documents and settings\Sander\Menu Start\Programma's\Antimalware Doctor\Uninstall.lnk

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_SSHNAS


    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))
    .

    2010-08-20 17:41 . 2010-08-20 17:41 ——– d—–w- c:\program files\NT Registry Optimizer
    2010-08-19 17:39 . 2010-08-20 19:07 ——– d—–w- c:\documents and settings\Sander\DoctorWeb
    2010-08-18 17:39 . 2010-08-18 17:39 ——– d—–w- c:\windows\system32\wbem\Repository
    2010-08-14 12:55 . 2010-08-14 12:55 ——– d—–w- c:\program files\Total Video Converter
    2010-08-04 04:01 . 2010-08-04 04:02 ——– d—–w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-29 19:08 . 2010-08-02 21:02 ——– d-sh–w- c:\documents and settings\Sander\Phone Browser
    2010-07-29 18:56 . 2010-07-29 18:56 ——– d—–w- c:\program files\PC Connectivity Solution
    2010-07-29 18:55 . 2010-02-26 12:32 662016 —-a-w- c:\windows\system32\nmwcdcocls.dll
    2010-07-29 18:55 . 2010-02-26 12:32 18176 —-a-w- c:\windows\system32\drivers\ccdcmb.sys
    2010-07-29 18:55 . 2010-02-26 12:19 1461992 —-a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2010-07-29 18:54 . 2010-07-29 18:54 35633752 —-a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2NP.exe
    2010-07-29 18:54 . 2010-07-29 18:54 3351812 —-a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
    2010-07-29 18:54 . 2010-07-29 18:54 36864 —-a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
    2010-07-29 18:54 . 2010-07-29 18:54 3203453 —-a-w- c:\documents and settings\All Users\Application Data\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-20 20:19 . 2001-09-07 12:00 91668 —-a-w- c:\windows\system32\perfc013.dat
    2010-08-20 20:19 . 2001-09-07 12:00 512878 —-a-w- c:\windows\system32\perfh013.dat
    2010-08-20 20:17 . 2009-10-03 15:02 ——– d—–w- c:\documents and settings\LocalService\Application Data\VMware
    2010-08-20 20:17 . 2009-10-03 15:00 ——– d—–w- c:\documents and settings\All Users\Application Data\VMware
    2010-08-20 05:19 . 2009-06-03 17:42 1324 —-a-w- c:\windows\system32\d3d9caps.dat
    2010-08-16 18:08 . 2009-05-11 15:17 ——– d—–w- c:\documents and settings\Sander\Application Data\uTorrent
    2010-08-15 20:16 . 2009-05-11 14:19 68752 —-a-w- c:\documents and settings\Sander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-29 19:00 . 2010-07-29 19:00 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
    2010-07-29 19:00 . 2010-07-29 19:00 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2010-07-29 18:56 . 2009-05-11 18:38 ——– d—–w- c:\documents and settings\All Users\Application Data\Installations
    2010-07-29 18:54 . 2009-05-11 18:42 ——– d—–w- c:\program files\Common Files\Nokia
    2010-07-29 18:54 . 2009-05-11 18:38 ——– d—–w- c:\program files\Nokia
    2010-07-19 21:29 . 2010-03-16 18:37 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-14 11:03 . 2009-05-13 12:28 ——– d—–w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-05 19:57 . 2009-06-06 14:06 ——– d—–w- c:\program files\SpeedFan
    2010-07-01 06:22 . 2009-05-26 19:43 ——– d—–w- c:\documents and settings\Sander\Application Data\Skype
    2010-07-01 06:05 . 2009-05-26 19:46 ——– d—–w- c:\documents and settings\Sander\Application Data\skypePM
    2010-06-14 14:31 . 2009-05-11 11:30 744448 —-a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FTD Watchdog Monitor"="c:\program files\FTD Watchdog\FtdMonitor.exe" [2009-03-14 176640]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
    "AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
    "RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
    "NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
    "VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762208]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2009-03-08 128512]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-13 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 00:42 72208 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi1"=ma_cmidn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Linksys\\KiSS PC-Link\\KiSS_PC-Link.exe"=
    "d:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
    "d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "d:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
    "d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
    "d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
    "d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
    "d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
    "d:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "f:\\ProgramXPFiles\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
    "f:\\ProgramXPFiles\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
    "f:\\ProgramXPFiles\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
    "f:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"=
    "f:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11-5-2009 16:17 108289]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [20-10-2009 15:22 54960]
    R2 VMwareHostd;VMware Host Agent;f:\program files\VMware\VMware Server\vmware-hostd.exe [20-10-2009 15:21 322096]
    R2 VMwareServerWebAccess;VMware Server Web Access;f:\program files\VMware\VMware Server\tomcat\bin\tomcat6.exe [20-10-2009 23:27 57344]
    S0 ffewjm;ffewjm; [x]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20-2-2010 21:39 135664]
    S3 vmwriter;VMware VSS Writer;f:\program files\VMware\VMware Server\vmVssWriter.exe [20-10-2009 15:22 29744]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11-5-2009 14:22 717296]
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 19:39]

    2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 19:39]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: f:\program files\VMware\VMware Server\vsocklib.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-20 22:18
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A40DB4C]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
    \Driver\ACPI -> ACPI.sys @ 0xb9f7ecb8
    \Driver\atapi -> atapi.sys @ 0xb9f10852
    IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
    \Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
    NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9e09bb0
    PacketIndicateHandler -> NDIS.sys @ 0xb9e16a21
    SendHandler -> NDIS.sys @ 0xb9df487b
    user & kernel MBR OK

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{051C7FCF-BFF5-075F-B3FA-3C200CD89ED2}\InProcServer32*]
    "janenppfhkpegphhdpjb"=hex:6a,61,6f,6e,61,6e,6f,66,64,62,66,69,6c,67,65,64,64,
    66,63,6f,00,fa
    "ianehafaphiolkeopk"=hex:69,61,6f,6e,6a,65,64,61,6e,6c,70,65,67,6e,63,63,65,65,
    00,00

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(820)
    c:\windows\system32\VMGINA.DLL
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(3864)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\CDBurnerXP\NMSAccessU.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\windows\system32\vmnat.exe
    c:\windows\system32\vmnetdhcp.exe
    f:\program files\VMware\VMware Server\vmware-authd.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-08-20 22:22:43 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-08-20 20:22

    Pre-Run: 4.546.797.568 bytes beschikbaar
    Post-Run: 4.504.944.640 bytes beschikbaar

    - - End Of File - - 36E45979CD05AB9FC47B252C56EF9C01
  • Ben ik weer.. Ik ben overigens een beetje eigenwijs geweest door de slimme variant te kiezen ipv de diepe. Ik zag er het nut niet zo van in om mijn 1TB partitie te laten scannen terwijl ik 99.9% zeker weet dat die schoon is. Mocht onderstaand logje toch aanleiding zijn voor een diepe scan dan doe ik dat vannacht wel.

    Ik zie wat het log zegt maar zijn de meeste (FTD en S&D) geen false positives? Hoe dan ook, EmiSoft staat nog aan, klaar om op te ruimen indien nodig


    Emsisoft Anti-Malware - Versie 5.0
    Laatste Update: 21-8-2010 15:01:40

    Scaninstellingen:

    Scantype: N/A
    Objecten: Geheugen, Sporen, Cookies, C:\WINDOWS\, C:\Program Files
    Scan archieven: Uit
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 21-8-2010 15:03:00

    [2012] C:\Program Files\FTD Watchdog\FtdMonitor.exe Ontdekt: Trojan-Downloader.Win32.Banload!IK
    Value: HKEY_CLASSES_ROOT\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 –> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
    Value: HKEY_CLASSES_ROOT\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 –> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
    Value: HKEY_CLASSES_ROOT\CLSID\{D322CFB6-5195-4EDA-87CA-6D624CCF2751}\InprocServer32 –> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AF8185C-26D7-4607-A005-7D586B750C38}\InprocServer32 –> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BF31631-3D94-4267-B6F4-0CE18B008928}\InprocServer32 –> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D322CFB6-5195-4EDA-87CA-6D624CCF2751}\InprocServer32 –> ThreadingModel Ontdekt: Trace.Registry.Blubster!A2
    C:\Program Files\FTD Watchdog\FtdMonitor.exe Ontdekt: Trojan-Downloader.Win32.Banload!IK
    C:\Program Files\FTD Watchdog\FTDMonitor.exe.new Ontdekt: Trojan-Downloader.Win32.Banload!IK
    C:\Program Files\Spybot - Search & Destroy\SDFiles.exe Ontdekt: Trojan.Win32.Genome.idko!A2

    Gescand

    Bestanden: 46760
    Sporen: 684125
    Cookies: 35
    Processen: 46

    Gevonden

    Bestanden: 3
    Sporen: 6
    Cookies: 0
    Processen: 1
    Registersleutels: 0

    Scan Geëindigd: 21-8-2010 15:31:01
    Scantijd: 0:28:01
  • Kijk aan - heb je de bestanden ook laten verwijderen?

    Ik zag nu ook, dat je Combofix hebt laten draaien.
    De analyze van het log laat even op zich wachten - daar kom ik nog op terug!
  • en nee nog niet.. ik zat op jouw reactie te wachten.

    Weet je zeker dat FTD watchdog en S&D hier fout zijn?

    Na wat googlen wordt het me niet duidelijk of ze echt malware zijn…
  • Hoi Lord Wodan - de malware in jouw Widows heeft dus ook Monitor.exe van FTD Watchdog geïnfecteerd!

    Dus: lat AntiMalware zijn werk afmaken!

    Ik kom nog terug op ComboFix!
  • done

    kan S&D er eigenlijk niet gewoon af?
  • Emisoft zette 1 bestand na de update van net weer terug..

    Bleek geen malware.. was de S&D
  • Hoi Lord Wodan - Spybot mag je geheel deïnstalleren.

    De virusherkenning van dit tool haalt het niet bij MBAM en AntMalware!

    Vertel eens: hoe draait jouw Windows nu?
  • Tja, ik merk niet veel verschil. De performance was het probleem ook niet.

    Dat die virussen mij steeds weer wisten te vinden.. dat verbaasde me en was knap vervelend.

    Wat is het nut eigenlijk van Avira? Die blehrde soms wat maar tegenhouden ho maar
  • Avira is voor een gratis versie een goede keus.

    Maar betaalde AV's zijn doorgaans stukken beter!
    Hoe staat het bij jou met de kennis van de Duitse taal?
    Kan je evntueel een Duitstalige internetsecurityset gebeheren?
  • Dat zal me wel moeten lukken ;-)

    Waarmee was ik nou geinfecteerd? In de laatste 10 jaar heb ik nog nooit een serieuze besmetting gehad..
  • Hoi Lord Wodan - ik kan een aantal topics die we eerder hadden niet meer terugvinden.

    Maar je moet weten, dat die roguescanners steeds gemener worden.
    Eenmaal geïnstalleerd pesten ze je met allerlij fake-waarschuwingen en tegelijkerijd wordt nog meer malware gedownload en geïnstalleerd!

    Om terug te komen op de antivirus: G-DATA Internet Security 2010 is een topantivirus!

    Via het Duitse Magazin PCWelt kan je middels de meegeleverde DVD-rom de PCWelt verise van G-DATA Internet Security 2010 gratis installeren en gratis een jaar lang gebruiken!
    Wel moet je daarvoor elke 3 maanden je opnieuw even aanmelden!
    Overigens: PCWelt behoort ook tot het IDG-concern!
    Dus het kost je eenmalig een kleine 5 euro om een jaar lang goed beveiligd te zijn!
  • Klopt maar dat waren vergeleken met dit simpeltjes, onhandig maar niet meer.

    Deze keer was het redelijk fors en ik kan me serieus niet herinneren waardoor dit erop gekomen is. ik weet heel goed waar niet te klikken.

    S&D biedt dan wel geen perfecte bescherming maar ik zag wel dat hij nuttige wijzigingen aan mijn hosts file had gedaan, allerlei slecht bekendstaande site doorwijzen naar localhost.. Dit viel me op toen ik die verrekte partypoker site daar aan toevoegde, samen met nog wat ad-servers. Weet jij een lijst te vinden van dit soort sites die ik aan het host bestand kan toevoegen?

    thanks voor de tip, ik ga daar zeker naar kijken!
  • Weet dat cybercriminals veel bezochte sites, bijv die van celebrities hacken.
    Je hoeft dan maar de hoofdpagina te openen en zonder hetzelf in de gaten te hebben wordt per DriveByDownload het begin van grote ellende in je PC geïnstalleerd!
    _______________________________________________________________

    Indien je Spywareblaster erbij neemt, wordt je Windows beschermt tegen het installeren van ongewilde ActiveX-elementen!

    Na starten van jouw Windows start je het tool op, klik op Enable all !!protection en dan klik je Spywareblaster uit!

    http://www.javacoolsoftware.com/spywareblaster.html
  • Hoi Lord Wodan, je mag Combofix verwijderen - het tool heeft zijn werk gedaan!

    [list:6b49c8efc5][*:6b49c8efc5] Ga daarvoor naar Start - Uitvoeren,
    [*:6b49c8efc5] kopieer en plak hierin het volgende: [b:6b49c8efc5]Combofix /Uninstall[/b:6b49c8efc5]
    [*:6b49c8efc5] klik daarna op [b:6b49c8efc5]OK[/b:6b49c8efc5].
    [*:6b49c8efc5] Indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:6b49c8efc5]

    Voorbeeld:

    [img:6b49c8efc5]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:6b49c8efc5]

    Uitvoeren kan ook gestart worden door de toetsencombinatie [img:6b49c8efc5]http://home.kpn.nl/stefsmeenk/W+R.jpg[/img:6b49c8efc5]


    Merk je nog vreemde dingen of werkt alles weer als vanouds?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.