[Resolved] restarting topic (former closed due to inactivity)

Computer forums for help with removing malicious software (malware) and improving computer security

grin Welcome to What the Tech! ( Log In | Register ) What tech support ought to be... Fast, friendly and free! Once registered - you'll have the ability to post your question in the appropriate forum below. Additionally, if you can assist another member by sharing your tech knowledge, please post a reply! Best of all - Registration and all assistance is FREE! Once you've completed registration, simply choose the appropriate forum below, click on the "new topic" button, and post your question! What are you waiting for? Register today! *Registered users see NO ADVERTISING.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

[Resolved] restarting topic (former closed due to inactivity), LDTate, this are the logs

Options

red nose View Member Profile	Oct 14 2008, 02:01 PM Post #1
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	hello LDTate, I'm back in Poland, and hoping you're still be able to help me. I did as you suggested, Computer seems to work without trublle, but i noticed that when i'am using real player , the PC stops after a copple of minutes, the screen stands still(frozen) and the mouse does not move on the screen. I have to restart and the pc works fine again. I also noticed that playing games( enemy terittory) is no longer possible, after some time ( minutes) the screen begins to vibrate, and then the computer stops. Some times I also got the message that my system was recoverd from a big failure. Here are the logs: Logfile of HijackThis v1.99.1 Scan saved at 18:14:11, on 14-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Mozilla Firefox\firefox.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Malwarebytes' Anti-Malware 1.28 Database version: 1268 Windows 5.1.2600 Service Pack 3 14-10-2008 18:10:26 mbam-log-2008-10-14 (18-10-26).txt Scan type: Quick Scan Objects scanned: 47119 Time elapsed: 5 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Greetings from Poland Ruud

LDTate View Member Profile	Oct 14 2008, 02:41 PM Post #2
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Download ComboFix from Here or Here to your Desktop. In the event you already have Combofix, this is a new version that I need you to download. It must be saved directly to your desktop. Make sure you are disconnected from the net 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re enable the protection again afterwards before connecting to the net 2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. IF you have not already done so Combofix will disconnect your machine from the Internet when it starts. If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. 3. Now double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze. Give it atleast 20-30 minutes to finish if needed.

red nose View Member Profile	Oct 16 2008, 02:06 AM Post #3
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	hello LDTate, I think something went wrong with my post from yesterday, because i don't see it here. I will reply again. After running combofix ,my pc seems to work better, even real-player worked for a while, i had no time to test it for a longer period, but before it was a matter of minutes befor my PC holds. Here are the Logs: 1)Logfile of HijackThis v1.99.1 Scan saved at 21:54:16, on 15-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files\Outlook Express\msimn.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe 2) ComboFix 08-10-15.01 - ruud 2008-10-15 21:17:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1043.18.412 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\ruud\Bureaublad\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! ( here a translation, because i do not know if this is important: recovery console is not installed on this system) . ((((((((((((((((((((((((((((((((((((((( Usuniêto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\ruud\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-15 do 2008-10-15 ))))))))))))))))))))))))))))))) . 2008-10-15 09:12 . 2008-09-15 17:28 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 08:58 . 2008-08-14 15:27 2,193,536 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 08:58 . 2008-08-14 15:27 2,149,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 08:58 . 2008-08-14 15:27 2,070,400 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 08:58 . 2008-08-14 15:27 2,028,544 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 19:21 . 2008-10-14 19:21 <DIR> d-------- C:\Program Files\DNA 2008-10-14 19:21 . 2008-10-15 02:10 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-14 19:21 . 2008-10-15 21:15 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\DNA 2008-10-14 18:02 . 2008-10-14 18:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 18:02 . 2008-10-14 18:02 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\Malwarebytes 2008-10-14 18:02 . 2008-10-14 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 18:02 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 18:02 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 21:34 . 2008-10-13 21:34 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\ESET 2008-10-13 21:33 . 2008-10-13 21:33 <DIR> d-------- C:\Program Files\ESET 2008-10-13 21:33 . 2008-10-13 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-02 17:02 . 2008-10-02 17:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-01 17:01 . 2008-10-01 17:01 <DIR> d-------- C:\Program Files\APC 2008-10-01 17:01 . 2004-08-10 15:35 4,142,592 --a------ C:\WINDOWS\system32\qtintf.dll 2008-10-01 16:54 . 2008-04-13 20:36 20,352 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys 2008-10-01 16:54 . 2008-04-13 20:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-10-01 16:54 . 2008-04-13 20:36 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-10-01 16:54 . 2008-04-13 20:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys 2008-10-01 16:54 . 2008-04-13 20:36 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-10-01 16:54 . 2008-04-13 20:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys 2008-09-28 23:16 . 2008-09-28 23:16 <DIR> d-------- C:\Program Files\Sun 2008-09-25 09:41 . 2008-09-25 09:41 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-09-25 09:38 . 2008-09-25 09:41 <DIR> d-------- C:\Program Files\Uniblue 2008-09-25 09:37 . 2008-09-25 09:39 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B} 2008-09-25 09:33 . 2008-09-25 09:33 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-09-25 09:25 . 2008-09-25 09:25 <DIR> dr-h----- C:\AHCache 2008-09-25 09:07 . 2008-09-25 09:07 <DIR> d-------- C:\Program Files\Uniblue DriverScanner 2009 2008-09-25 09:07 . 2008-09-25 09:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner 2008-09-25 09:04 . 2008-09-25 09:07 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-09-24 20:04 . 2008-09-24 21:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-09-22 12:24 . 2008-09-22 12:24 <DIR> d-------- C:\Program Files\PS-Wizard 2008-09-22 11:17 . 2004-08-03 23:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-09-22 11:17 . 2004-08-03 23:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-09-21 17:52 . 2008-09-25 09:45 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\Uniblue 2008-09-20 15:56 . 2008-09-20 15:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-20 15:56 . 2008-09-20 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-17 19:48 . 2008-10-01 23:21 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 19:14 --------- d-----w C:\Documents and Settings\ruud\Application Data\MailWasherPro 2008-10-15 19:04 --------- d-----w C:\Documents and Settings\ruud\Application Data\BitTorrent 2008-10-15 11:28 2,556,928 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-10-14 22:07 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-10-13 20:59 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-10-13 19:51 2,525,696 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-10-13 19:30 --------- d-----w C:\Program Files\Symantec 2008-10-13 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-13 19:28 --------- d-----w C:\Program Files\Norton SystemWorks 2008-10-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-13 11:26 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-10-13 11:24 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-10-13 11:19 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-10-13 07:53 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-10-13 07:32 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2008-10-13 07:32 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-10-01 15:12 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-10-01 15:11 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2008-10-01 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-30 21:45 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2008-09-30 21:04 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2008-09-29 20:43 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-09-29 20:25 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-09-28 21:16 --------- d-----w C:\Program Files\Java 2008-09-28 20:24 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2008-09-28 18:58 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2008-09-27 17:50 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2008-09-27 17:50 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-09-25 20:17 2,463,744 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-09-25 19:17 31,232 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-09-25 04:53 80,384 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2008-09-25 04:03 2,332,672 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2008-09-24 18:28 29,696 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2008-09-24 18:28 2,339,328 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2008-09-24 18:06 --------- d-----w C:\Program Files\HFXP2 2008-09-24 06:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-24 06:46 --------- d-----w C:\Program Files\Startup Faster 2008-09-23 07:47 2,326,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-09-23 07:46 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2008-09-21 20:13 89,088 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-09-21 20:13 2,294,272 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-09-21 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-21 16:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-21 15:41 2,254,848 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-09-21 15:40 231,424 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-09-20 14:10 441,344 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-09-20 14:10 2,270,720 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-09-18 19:00 --------- d-----w C:\Program Files\SMAC 2008-09-16 16:50 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-09-16 16:24 244,224 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-09-16 16:23 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp 2008-09-15 18:50 2,214,912 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp 2008-09-15 18:49 223,232 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp 2008-09-15 15:28 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-14 18:17 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp 2008-09-14 18:17 2,215,936 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp 2008-09-14 17:47 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-14 17:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-14 17:35 --------- d-----w C:\Program Files\GameSpy Arcade 2008-09-14 16:19 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp 2008-09-14 16:18 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp 2008-09-14 16:11 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp 2008-09-14 16:11 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp 2008-09-14 14:57 2,212,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2008-09-14 14:55 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp 2008-09-14 02:57 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp 2008-09-14 02:57 2,211,840 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp 2008-08-19 22:19 --------- d-----w C:\Program Files\MSN Messenger 2008-08-15 16:42 --------- d-----w C:\Documents and Settings\ruud\Application Data\URSoft 2008-08-14 13:27 2,193,536 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:27 2,070,400 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-10 20:05 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys 2008-07-29 23:34 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2008-07-29 23:34 83,968 ----a-w C:\WINDOWS\system32\mscories.dll 2008-07-29 23:34 41,984 ----a-w C:\WINDOWS\system32\netfxperf.dll 2008-07-29 23:34 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2008-07-29 23:34 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll 2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll 2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-05-05 09:26 31,704 ----a-w C:\Documents and Settings\ruud\Application Data\GDIPFONTCACHEV1.DAT . CODE <pre> ----a-w 25,088 2006-01-31 19:49:03 C:\Program Files\SlySoft\CloneCD\Crack clone cd 5.2.6.1 .exe </pre> ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-14 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-09 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-14 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe] "nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\ruud\Menu Start\Programma's\Opstarten\ Watch.lnk - C:\WINDOWS\twain_32\A4CIS\WATCH.exe [2008-01-09 176640] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-01 221247] ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2008-01-09 636200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\znetm32] 2004-06-25 21:13 10752 C:\WINDOWS\system32\znetm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"= "C:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "4382:TCP"= 4382:TCP:messenger R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 13824] R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744] R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 22528] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - PROCEXP90 . Zawartoœæ folderu 'Zaplanowane zadania' 2008-10-15 C:\WINDOWS\Tasks\Easy Onderhoud.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 10:05] . . ------- Skan uzupe³niaj¹cy ------- . FireFox -: Profile - C:\Documents and Settings\ruud\Application Data\Mozilla\Firefox\Profiles\4xadhkpv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startpagina.nl/ FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-15 21:20:17 Windows 5.1.2600 Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... C:\sccfg.sys 448 bytes skanowanie pomyœlnie ukoñczone ukryte pliki: 1 ************************************************************************ . Czas ukoñczenia: 2008-10-15 21:22:08 ComboFix-quarantined-files.txt 2008-10-15 19:22:04 Greetings Ruud Przed: 13.181.575.168 bytes beschikbaar Po: 13,167,919,104 bytes beschikbaar 396 --- E O F --- 2008-10-15 07:36:02

LDTate View Member Profile	Oct 16 2008, 06:02 AM Post #4
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	CODE 25,088 2006-01-31 19:49:03 C:\Program Files\SlySoft\CloneCD\[b]Crack[/b] clone cd 5.2.6.1 .exe 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: SlySoft Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

red nose View Member Profile	Oct 17 2008, 03:04 PM Post #5
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	Hello LDTate, In my programlist i can't find the program sly soft, however this is the company that made clone-cd i think. The program clone cd is listed in the list, but i hesitate to remove it, because (sure it is cracked), but i use this for years now ,and it never gave me problems. My PC runs much better, also does real-player, i only get the next error pop-up from time to time,when i'm opening a map where i store downloaded movies, i do not know what to do with it so i have to click it away(several times before it is gone) OS: Windows XP Professional, SP3 CPU: GenuineIntel, Intel Pentium 4, MMX @ 1620 MHz Application data: VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDBBQjUwMDAwDQpFaXA6IDQ2M UNFQjANCkVheDogOTk1MDAwMA0KRWN4OiBDOTg0QzcwDQpFZHg6IDAN CkVieDogMA0KRXNpOiBDOTg0QkI4DQpFZGk6IDUyQTAwMDANCkVicDo gNDUwRTY0Qw0KRXNwOiA0NTBFNTIwDQotMQ0KQ29kZSA9IFsyMDRdDQ otIDANCi0gMjA0DQotIDIyNw0KLSAwDQotIFtdDQo+IEM6XFdJTkRPV 1NcZXhwbG9yZXIuZXhlDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRk bGwuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGx sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQURWQVBJMzIuZGxsDQo+IE M6XFdJTkRPV1Ncc3lzdGVtMzJcUlBDUlQ0LmRsbA0KPiBDOlxXSU5ET 1dTXHN5c3RlbTMyXFNlY3VyMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz dGVtMzJcQlJPV1NFVUkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ cR0RJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVVNFUjMyLm RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zdmNydC5kbGwNCj4gQ zpcV0lORE9XU1xzeXN0ZW0zMlxvbGUzMi5kbGwNCj4gQzpcV0lORE9X U1xzeXN0ZW0zMlxTSExXQVBJLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R lbTMyXE9MRUFVVDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXF NIRE9DVlcuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFQzM i5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FTTjEuZGxsDQo+ IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFRVSS5kbGwNCj4gQzpcV0l ORE9XU1xzeXN0ZW0zMlxORVRBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1 xzeXN0ZW0zMlxWRVJTSU9OLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb TMyXFdJTklORVQuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lO VFJVU1QuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcSU1BR0VITFA uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0xEQVAzMi5kbGwNCj 4gQzpcV0lORE9XU1xzeXN0ZW0zMlxTSEVMTDMyLmRsbA0KPiBDOlxXS U5ET1dTXHN5c3RlbTMyXFV4VGhlbWUuZGxsDQo+IEM6XFdJTkRPV1Nc c3lzdGVtMzJcU2hpbUVuZy5kbGwNCj4gQzpcV0lORE9XU1xBcHBQYXR jaFxBY0dlbnJhbC5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXSU 5NTS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FDTTMyLmRsb A0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFVTRVJFTlYuZGxsDQo+IEM6 XFdJTkRPV1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuV2luZG93cy5Db21 tb24tQ29udHJvbHNfNjU5NWI2NDE0NGNjZjFkZl82LjAuMjYwMC41NT EyX3gtd3dfMzVkNGNlODNcY29tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV 1Ncc3lzdGVtMzJcY29tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz dGVtMzJcbnZpZXcuZGxsDQoNCjYuMTQuMTAuMTExMjINCjYuMTQuMTA uMTExMjINCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFBTQVBJLkRMTA 0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE5UTUFSVEEuRExMDQo+IEM6X FdJTkRPV1Ncc3lzdGVtMzJcU0FNTElCLmRsbA0KPiBDOlxXSU5ET1dT XHN5c3RlbTMyXE5WV1JTTkwuRExMDQoNCk5WSURJQSBDb3Jwb3JhdGl vbg0KTlZJRElBIG5WaWV3IERlc2t0b3AgYW5kIFdpbmRvdyBNYW5hZ2 VyDQo2LjE0LjEwLjExMTIyDQpOVldSU05MDQpDb3B5cmlnaHQgKGMpM jAwMS0yMDA0IE5WSURJQSBDb3Jwb3JhdGlvbg0KTlZXUlNOTC5kbGwN CjYuMTQuMTAuMTExMjINCk5WSURJQSBuVmlldyBEZXNrdG9wIGFuZCB XaW5kb3cgTWFuYWdlcg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTV NDVEYuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcYXBwSGVscC5kb GwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxDTEJDQVRRLkRMTA0KPiBD OlxXSU5ET1dTXHN5c3RlbTMyXENPTVJlcy5kbGwNCj4gQzpcV0lORE9 XU1xTeXN0ZW0zMlxjc2N1aS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW 0zMlxDU0NETEwuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcdGhlb WV1aS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxNU0lNRzMyLmRs bA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHhwc3AycmVzLmRsbA0KPiB DOlxXSU5ET1dTXFN5c3RlbTMyXG1zdXRiLmRsbA0KPiBDOlxXSU5ET1 dTXHN5c3RlbTMyXExJTktJTkZPLmRsbA0KPiBDOlxXSU5ET1dTXHN5c 3RlbTMyXG50c2hydWkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc QVRMLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE5FVFNIRUxMLmR sbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGNyZWR1aS5kbGwNCj4gQz pcV0lORE9XU1xzeXN0ZW0zMlxkb3QzYXBpLmRsbA0KPiBDOlxXSU5ET 1dTXHN5c3RlbTMyXHJ0dXRpbHMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz dGVtMzJcZG90M2RsZy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx PbmVYLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdUU0FQSTMyLm RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTlNUQS5kbGwNCj4gQ zpcV0lORE9XU1xzeXN0ZW0zMlxlYXBwY2ZnLmRsbA0KPiBDOlxXSU5E T1dTXHN5c3RlbTMyXE1TVkNQNjAuZGxsDQo+IEM6XFdJTkRPV1Ncc3l zdGVtMzJcZWFwcHByeHkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz JcaXBobHBhcGkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV1MyX zMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdTMkhFTFAuZGxs DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU0VUVVBBUEkuZGxsDQo+IEM 6XFdJTkRPV1Ncc3lzdGVtMzJcbXNpLmRsbA0KPiBDOlxXSU5ET1dTXF N5c3RlbTMyXHdlYmNoZWNrLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rlb TMyXFdTT0NLMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc3Rv YmplY3QuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQmF0TWV0ZXI uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUE9XUlBST0YuZGxsDQ o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnZ3ZGRpLmRsbA0KDQpOVklES UEgQ29ycG9yYXRpb24NCk5WSURJQSBuVmlldyBEaXNwbGF5IERyaXZl ciBJbnRlcmZhY2UgTGliLCBWZXJzaW9uIDE2My43NQ0KNi4xNC4xMS4 2Mzc1DQpudndkZGkNCihDKSBOVklESUEgQ29ycG9yYXRpb24uIEFsbC ByaWdodHMgcmVzZXJ2ZWQuDQpudndkZGkuZGxsDQo2LjE0LjExLjYzN zUNCk5WSURJQSBuVmlldyBEaXNwbGF5IERyaXZlciBJbnRlcmZhY2Ug TGliLCBWZXJzaW9uIDE2My43NQ0KDQo+IEM6XFdJTkRPV1Ncc3lzdGV tMzJcYnJvd3NlbGMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcd2 RtYXVkLmRydg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zYWNtMzIuZ HJ2DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbWlkaW1hcC5kbGwNCj4g QzpcV0lORE9XU1xzeXN0ZW0zMlx1cmxtb24uZGxsDQo+IEM6XFdJTkR PV1Ncc3lzdGVtMzJcU1hTLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbT MyXE1QUi5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxkcnByb3YuZ GxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcbnRsYW5tYW4uZGxsDQo+ IEM6XFdJTkRPV1NcU3lzdGVtMzJcTkVUVUkwLmRsbA0KPiBDOlxXSU5 ET1dTXFN5c3RlbTMyXE5FVFVJMS5kbGwNCj4gQzpcV0lORE9XU1xTeX N0ZW0zMlxORVRSQVAuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcZ GF2Y2xudC5kbGwNCj4gQzpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jv c29mdC5XaW5kb3dzLkdkaVBsdXNfNjU5NWI2NDE0NGNjZjFkZl8xLjA uMjYwMC41NTgxX3gtd3dfZGZiYzRmYzRcZ2RpcGx1cy5kbGwNCj4gQz pcV0lORE9XU1xzeXN0ZW0zMlxEVVNFUi5kbGwNCj4gQzpcV0lORE9XU 1xzeXN0ZW0zMlxNU0dJTkEuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVt MzJcT0RCQzMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGNvbWR sZzMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG9kYmNpbnQuZG xsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTUxBTkcuZGxsDQo+IEM6X FByb2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxNU1ZD UjcxLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc1x BaGVhZFxsaWJcTVNWQ1A3MS5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1 xDb21tb24gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXFBERlNoZ WxsLk5MRA0KDQpBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREYgU2hlbGwg RXh0ZW5zaW9uDQo4LjAuMC4wDQpQREZTaGVsbA0KQ29weXJpZ2h0IDI wMDAtMjAwNiBBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREZTaGVsbC5kbG wNCjguMC4wLjANCkFkb2JlIFBERiBTaGVsbCBFeHRlbnNpb24NCg0KP iBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zY21zLmRsbA0KPiBDOlxXSU5E T1dTXHN5c3RlbTMyXFdJTlNQT09MLkRSVg0KPiBDOlxXSU5ET1dTXHN 5c3RlbTMyXGR4bWFzZi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl xEUk1DbGllbi5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkZHJhd y5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxEQ0lNQU4zMi5kbGwN Cj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlYWRcbGl iXEFkdnJDbnRyMi5kbGwNCg0KTmVybyBBRw0KQWR2ckNudHIgTW9kdW xlDQoyLDAsNCwgMzAzMQ0KQWR2ckNudHINCkNvcHlyaWdodCAoYykgM jAwNSBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3JzDQpBZHZyQ250ci5E TEwNCjIsMCw0LCAzMDMxDQpBZHZyQ250ciBNb2R1bGUNCg0KPiBDOlx XSU5ET1dTXHN5c3RlbTMyXHJzYWVuaC5kbGwNCj4gQzpcV0lORE9XU1 xzeXN0ZW0zMlxzaGRvY2xjLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rlb TMyXGFjdHhwcnh5LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXExR Q1VJMi5kbGwNCg0KTG9naXRlY2ggSW5jLg0KUXVpY2tDYW0gVXNlciB JbnRlcmZhY2UgTGFuZ3VhZ2UNCjguNC43LjEwMzQNCkxRQ1VJLkRMTA 0KKGMpIDE5OTYtMjAwNSBMb2dpdGVjaC4gIEFsbCByaWdodHMgcmVzZ XJ2ZWQuDQpMUUNVSS5ETEwNCjguNC43LjEwMzQNCkxvZ2l0ZWNoIFF1 aWNrQ2FtDQoNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxzdGkuZGxsDQo +IEM6XFdJTkRPV1NcU3lzdGVtMzJcQ0ZHTUdSMzIuZGxsDQo+IEM6XF Byb2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxOTURhd GFTZXJ2aWNlcy5kbGwNCg0KTmVybyBBRw0KTmVybyBIb21lDQoxLCAw LCAxLCA5DQpOTURhdGFTZXJ2aWNlcw0KQ29weXJpZ2h0IChjKSAxOTk 1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vuc29ycw0KTk1EYXRhU2 VydmljZXMuZGxsDQoxLCAwLCAxLCA5DQpOZXJvIEhvbWUNCjEsIDAsI DEsIDkNCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc1xB aGVhZFxsaWJcTk1Db0ZvdW5kYXRpb24uZGxsDQoNCk5lcm8gQUcNCk5 lcm8gSG9tZQ0KMSwgMCwgMSwgOQ0KTk1Db0ZvdW5kYXRpb24NCkNvcH lyaWdodCAoYykgMTk5NS0yMDA1IE5lcm8gQUcgYW5kIGl0cyBsaWNlb nNvcnMNCk5NQ29Gb3VuZGF0aW9uLmRsbA0KMSwgMCwgMSwgOQ0KTmVy byBIb21lDQoxLCAwLCAxLCA5DQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1x Db21tb24gRmlsZXNcQWhlYWRcbGliXE5NVkRTLmRsbA0KDQpOZXJvIE FHDQpOZXJvIEhvbWUNCjEsIDAsIDEsIDkNCk5NVkRTDQpDb3B5cmlna HQgKGMpIDE5OTUtMjAwNSBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3Jz DQpOTVZEUy5kbGwNCjEsIDAsIDEsIDkNCk5lcm8gSG9tZQ0KMSwgMCw gMSwgOQ0KDQo+IEM6XFByb2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXE FoZWFkXGxpYlxOTUluZGV4U3RvcmVTdnJQUy5kbGwNCg0KTmVybyBBR w0KTmVybyBIb21lDQoxLCAwLCAxLCA5DQpOTUluZGV4U3RvcmVTdnJQ Uw0KQ29weXJpZ2h0IChjKSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXR zIGxpY2Vuc29ycw0KTk1JbmRleFN0b3JlU3ZyUFMuZGxsDQoxLCAwLC AxLCA5DQpOZXJvIEhvbWUNCjEsIDAsIDEsIDkNCg0KPiBDOlxQcm9nc mFtIEZpbGVzXExvZ2l0ZWNoXFZpZGVvXEFsYnVEQnBzLmRsbA0KDQpM b2dpdGVjaCBJbmMuDQpBbGJ1bSBEYXRhYmFzZSBQcm94eS9TdHViIER MTA0KOC40LjcuMTAzNA0KQWxidW1EQnBzLmRsbA0KKGMpIDE5OTYtMj AwNSBMb2dpdGVjaC4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpBbGJ1b URCcHMuZGxsDQo4LjQuNy4xMDM0DQpMb2dpdGVjaCBRdWlja0NhbQ0K DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUkFTQVBJMzIuRExMDQo+IEM 6XFdJTkRPV1Ncc3lzdGVtMzJccmFzbWFuLmRsbA0KPiBDOlxXSU5ET1 dTXHN5c3RlbTMyXFRBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0Z W0zMlxtc3YxXzAuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc2Vu c2FwaS5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xNaWNyb3NvZnQgT2Z maWNlXE9mZmljZTEwXG1zb2hldi5kbGwNCj4gQzpcV0lORE9XU1xzeX N0ZW0zMlx4cHNwMXJlcy5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb 21tb24gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXEFjcm9JRUhl bHBlci5kbGwNCg0KQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQNCkF kb2JlIFBERiBIZWxwZXIgZm9yIEludGVybmV0IEV4cGxvcmVyDQo4Lj AuMC4yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZXINCkNvcHlyaWdodCAxO Tg0LTIwMDYgQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQgYW5kIGl0 cyBsaWNlbnNvcnMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpBY3JvSUV IZWxwZXIuRExMDQo4LjAuMC4yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZX IgTGlicmFyeQ0KDQo+IEM6XFdJTkRPV1NcV2luU3hTXHg4Nl9NaWNyb 3NvZnQuVkM4MC5DUlRfMWZjOGIzYjlhMWUxOGUzYl84LjAuNTA3Mjcu MzA1M194LXd3X2I4MGZhOGNhXE1TVkNSODAuZGxsDQo+IEM6XFByb2d yYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxNZWRpYUxpYn JhcnlOU0UuZGxsDQoNCk5lcm8gQUcNCk5lcm8gRmlsZSBEaWFsb2cNC jEsIDAsIDEsIDgNCk1lZGlhTGlicmFyeU5TRQ0KQ29weXJpZ2h0IChj KSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vuc29ycw0KTWV kaWFMaWJyYXJ5TlNFLmRsbA0KMSwgMCwgMSwgOA0KTmVybyBGaWxlIE RpYWxvZw0KMSwgMCwgMSwgOA0KDQo+IEM6XFByb2dyYW0gRmlsZXNcQ 29tbW9uIEZpbGVzXEFoZWFkXGxpYlxNRkM3MVUuRExMDQo+IEM6XFBy b2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxOTVBsdWd pbkJhc2UuZGxsDQoNCk5lcm8gQUcNCk5lcm8gSG9tZQ0KMSwgMCwgMS wgOQ0KTk1QbHVnaW5CYXNlDQpDb3B5cmlnaHQgKGMpIDE5OTUtMjAwN SBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3JzDQpOTVBsdWdpbkJhc2Uu ZGxsDQoxLCAwLCAxLCA5DQpOZXJvIEhvbWUNCjEsIDAsIDEsIDkNCg0 KPiBDOlxQcm9ncmFtIEZpbGVzXExvZ2l0ZWNoXFZpZGVvXE5hbWVzcG MyLmRsbA0KDQpMb2dpdGVjaCBJbmMuDQpMb2dpdGVjaCBOYW1lc3BhY 2UyDQo4LjQuNy4xMDM0DQpOYW1lc3BjMi5kbGwNCihjKSAxOTk2LTIw MDUgTG9naXRlY2guICBBbGwgcmlnaHRzIHJlc2VydmVkLg0KTmFtZXN wYzIuZGxsDQo4LjQuNy4xMDM0DQpMb2dpdGVjaCBRdWlja0NhbQ0KDQ o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTUZDNzEuRExMDQo+IEM6XFBST 0dSQX4xXE1JQ1JPU340XFdjZXN2aWV3LmRsbA0KPiBDOlxQUk9HUkF+ MVxNSUNST1N+NFxwZWdjb252LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R lbTMyXENFVVRJTC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxSQV BJLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXE1TTiBNZXNzZW5nZXJcZ nNzaGV4dC44LjEuMDE3OC4wMC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxl c1xOZXJvXE5lcm8gN1xOZXJvIEJhY2tJdFVwXE5CU2hlbGwuZGxsDQp DcmVhdGUgYmFja3VwcyBvZiBzZWxlY3RlZCBmaWxlcy9mb2xkZXJzL3 BhcnRpdGlvbnMvY29tcGxldGUgaGFyZCBkaXNrIHRvIGhhcmQgZGlza ywgbmV0d29yayBkcml2ZSwgQ0QvRFZEIG9yIEZUUC4NCk5lcm8gQUcN Ck5lcm8gQmFja0l0VXAgQXBwbGljYXRpb24NCjIsIDAsIDAsIDYNCk5 lcm8gQmFja0l0VXANCkNvcHlyaWdodCAoYykgMTk5NS0yMDA1IE5lcm 8gQUcgYW5kIGl0cyBsaWNlbnNvcnMNCk5CU2hlbGwuZGxsDQoyLCAwL CAwLCA2DQpOZXJvIEJhY2tJdFVwDQoyLCAwLCAwLCA2DQoNCj4gQzpc UHJvZ3JhbSBGaWxlc1xXaW5SQVJccmFyZXh0LmRsbA0KPiBDOlxQcm9 ncmFtIEZpbGVzXFVubG9ja2VyXFVubG9ja2VyQ09NLmRsbA0KPiBDOl xQcm9ncmFtIEZpbGVzXE1hbHdhcmVieXRlcycgQW50aS1NYWx3YXJlX G1iYW1leHQuZGxsDQpNYWx3YXJlYnl0ZXMnIEFudGktTWFsd2FyZQ0K TWFsd2FyZWJ5dGVzIENvcnBvcmF0aW9uDQpNYWx3YXJlYnl0ZXMnIEF udGktTWFsd2FyZQ0KMSwgMSwgMCwgMA0KbWJhbWV4dC5kbGwNCqkgTW Fsd2FyZWJ5dGVzIENvcnBvcmF0aW9uLiBBbGwgcmlnaHRzIHJlc2Vyd mVkLg0KbWJhbWV4dC5kbGwNCjEsIDEsIDAsIDANCk1hbHdhcmVieXRl cycgQW50aS1NYWx3YXJlDQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx BdWRpb2Rldi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXTVZDb3 JlLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdNQVNGLkRMTA0KP iBDOlxXSU5ET1dTXHN5c3RlbTMyXGRpc2tjb3B5LmRsbA0KPiBDOlxQ cm9ncmFtIEZpbGVzXEVTRVRcRVNFVCBTbWFydCBTZWN1cml0eVxzaGV sbEV4dC5kbGwNCg0KRVNFVA0KU2hlbGwgRXh0ZW5zaW9uDQozLjAuNj Y5IA0Kc2hlbGxFeHQuZGxsDQpDb3B5cmlnaHQgKGMpIEVzZXQgMTk5M i0yMDA4LiBBbGwgcmlnaHRzIHJlc2VydmVkLg0KTk9ELCBOT0QzMiwg QU1PTiwgRVNFVCBhcmUgcmVnaXN0ZXJlZCB0cmFkZW1hcmtzIG9mIEV TRVQuDQpzaGVsbEV4dC5kbGwNCjMuMC42NjkgDQpFU0VUIFNtYXJ0IF NlY3VyaXR5DQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxyc2h4MzIuZ GxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQVVUSFouZGxsDQo+IEM6 XFdJTkRPV1Ncc3lzdGVtMzJcdHdleHQuZGxsDQo+IEM6XFdJTkRPV1N cc3lzdGVtMzJcQUNUSVZFRFMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdG VtMzJcYWRzbGRwYy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkc 2txdW91aS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkc2txdW90 YS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxkZnNzaGxleC5kbGw NCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxNU1ZGVzMyLmRsbA0KPiBDOl xXSU5ET1dTXFN5c3RlbTMyXHFlZGl0LmRsbA0KPiBDOlxXSU5ET1dTX HN5c3RlbTMyXHF1YXJ0ei5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0z MlxkZXZlbnVtLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXERWb2J TdWIuYXgNClZpc2l0IGh0dHA6Ly92b2JzdWIuZWRlbnNyaXNpbmcuY2 9tIGZvciB1cGRhdGVzLg0KR2FiZXN0DQpEaXJlY3RWb2JTdWINCjIsI DAsIDIzLCAwDQpEaXJlY3RWb2JTdWINCkNvcHlyaWdodCAoQykgMjAw MS0yMDAyIEdhYmVzdA0KRGlyZWN0Vm9iU3ViLkRMTA0KMiwgMCwgMjM sIDANCkRpcmVjdFZvYlN1Yg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz Jcdm9ic3ViLmRsbA0KVmlzaXQgaHR0cDovL3ZvYnN1Yi5lZGVuc3Jpc 2luZy5jb20gZm9yIHVwZGF0ZXMNCkdhYmVzdA0Kdm9ic3ViDQoyLCAw LCAyMywgMA0Kdm9ic3ViDQpDb3B5cmlnaHQgKEMpIDIwMDAtMjAwMiB HYWJlc3QNCnZvYnN1Yi5ETEwNCjIsIDAsIDIzLCAwDQp2b2JzdWIgRH luYW1pYyBMaW5rIExpYnJhcnkNCg0KPiBDOlxXSU5ET1dTXHN5c3Rlb TMyXE1GQzQydS5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxPTEVQ Uk8zMi5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNRkM0MkxPQy5 ETEwNCj4gQzpcUFJPR1JBfjFcVE9UQUxWfjFcUmVhbE1lZGlhU3BsaX R0ZXIuYXgNCmh0dHA6Ly9nYWJlc3Qub3JnLw0KR2FiZXN0DQpSZWFsT WVkaWEgU3BsaXR0ZXINCjEsIDAsIDEsIDENClJlYWxNZWRpYSBTcGxp dHRlcg0KQ29weXJpZ2h0IChDKSAyMDAzLTIwMDUNClJlYWxNZWRpYVN wbGl0dGVyLmF4DQoxLCAwLCAxLCAxDQpSZWFsTWVkaWEgU3BsaXR0ZX INCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGRpdnhkZWMuYXgNCkJ1a WxkOiBUb3BTZWNyZXRCdWlsZCBwcm8rc3RkIA0KRGl2WCwgSW5jLg0K RGl2WK4gRGVjb2RlciBGaWx0ZXINCjYuMS4xLjINCkRpdlhkZWMuYXg NCkNvcHlyaWdodCCpIERpdlgsIEluYy4sIDIwMDEtMjAwNQ0KRGl2WG RlYy5heA0KNi4xLjEuMg0KRGl2WK4gRGVjb2RlciBGaWx0ZXINCg0KP iBDOlxXSU5ET1dTXHN5c3RlbTMyXHh2aWQuYXgNCj4gQzpcV0lORE9X U1xzeXN0ZW0zMlxxZHZkLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTM yXG1zd3NvY2suZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcaG5ldG NmZy5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlx3c2h0Y3BpcC5kb GwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxzaG1lZGlhLmRsbA0KPiBD OlxXSU5ET1dTXFN5c3RlbTMyXEFWSUZJTDMyLmRsbA0KPiBDOlxXSU5 ET1dTXHN5c3RlbTMyXGx2Y29kZWMyLmRsbA0KDQpMb2dpdGVjaCBJbm MuDQpWaWRlbyBDb2RlYw0KOC40LjcuMTAzMg0KTFZDb2RlYzIuZGxsD QooYykgMTk5Ni0yMDA1IExvZ2l0ZWNoLiAgQWxsIHJpZ2h0cyByZXNl cnZlZC4NCkxWQ29kZWMyLmRsbA0KOC40LjcuMTAzMg0KTG9naXRlY2g gUXVpY2tDYW0NCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaW xlc1xBaGVhZFxEU0ZpbHRlclxOZVZpZGVvLmF4DQoNCk5lcm8gQUcNC k1QRUctMS8yLzQgJiBBVkMgdmlkZW8gZGVjb2RlciB3LyBEeFZBDQo0 LCAyLCAyLCAzDQpDb3B5cmlnaHQgKGMpIDIwMDUgTmVybyBBRyBhbmQ gaXRzIGxpY2Vuc29ycw0KTmVWaWRlby5heA0KMiwgMCwgMiwgNTQNCk 5lcm8gU3VpdGUNCg== Here is my log from hijack-this: Logfile of HijackThis v1.99.1 Scan saved at 23:02:06, on 17-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HFXP2\hfxp.exe C:\WINDOWS\explorer.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Greetings Ruud

LDTate View Member Profile	Oct 19 2008, 01:15 PM Post #6
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	We do not support the use of illegal Pirated/Warez/Cracked software.

red nose View Member Profile	Oct 20 2008, 02:08 AM Post #7
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	hello LDTate, I've read the topic and will remove the programm. clone -cd. At the moment i'm in Holland again, but will be back in Poland at the end of the week, and will post a new log a.s.a.p. So please don't close the topic, at the moment i have no acces to my PC in Poland. Best Regards Ruud

LDTate View Member Profile	Oct 20 2008, 05:31 AM Post #8
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276

red nose View Member Profile	Oct 24 2008, 12:24 PM Post #9
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	Hello LDTate, My Pc seems to run normal. I removed the program, and made a new log: Logfile of HijackThis v1.99.1 Scan saved at 20:18:58, on 24-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Greetings Ruud

LDTate View Member Profile	Oct 24 2008, 04:50 PM Post #10
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: C:\WINDOWS\SYSTEM32\znetm32.dll Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. If Jotti is too busy you can try these. http://www.kaspersky.com/scanforvirus.html http://www.virustotal.com/en/indexf.html

red nose View Member Profile	Oct 25 2008, 01:09 PM Post #11
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	Goodevening LDTate, Here is the log( or rather the whole result page), something was found I think? I noticed, that while my whole PC runs fine, playing movies in windows media player still not running smooth, the movie seems to stop for less then a second while the audio keeps running at normal speed. Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Virus Service Service load: 0% 100% File: znetm32.dll Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5: 08b6b3ff60a685bf38ea79dcd93eb733 Packers detected: PE_PATCH.UPX, UPX Scanner results Scan taken on 25 Oct 2008 19:00:51 (GMT) A-Squared Found nothing AntiVir Found TR/Crypt.FKM.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Crypt.GH ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found Trojan.Crypt.EN Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/gdata.png images/ikarus.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.gif images/sophos.gif images/virusbuster.gif images/vba32.png Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by HotelScraper.com. Statistics Last file scanned at least one scanner reported something about: asdfghjkl.exe_BF3B072FE51890ED46FD6CC448866B59.tmp (MD5: bf3b072fe51890ed46fd6cc448866b59, size: 44280 bytes), detected by: Scanner Malware name A-Squared X AntiVir TR/ATRAPS.Gen ArcaVir Heur.Win32.I Avast X AVG Antivirus X BitDefender X ClamAV X CPsecure X Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus Trojan-PSW.Win32.QQPass.dxe G DATA X Ikarus X Kaspersky Anti-Virus Trojan-PSW.Win32.QQPass.dxe NOD32 X Norman Virus Control W32/Packed_Upack.A Panda Antivirus X Sophos Antivirus Sus/ComPack-K VirusBuster X VBA32 Backdoor.XiaoBird.5 (paranoid heuristics) You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Frequently asked questions - Feedback - Privacy policy Debian Page generated by JTPL © 2004-2008 Jotti <jotti@jotti.org> Greetings Ruud

LDTate View Member Profile	Oct 25 2008, 01:18 PM Post #12
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	* IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. "copy/paste" a new HijackThis log file into this thread as well. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL** CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Give it atleast 20-30 minutes to finish if needed. Also please describe how your computer behaves at the moment.

red nose View Member Profile	Oct 26 2008, 12:30 PM Post #13
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	Goodevening LDTate, With an activ internetconnection movies played wit mediaplayer don't run smooth, with internetconnection disabled everything seems ok. Here are the logs: 1)ComboFix 08-10-25.01 - ruud 2008-10-26 17:37:04.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.428 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\ruud\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((( Bestanden Gemaakt van 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))) . 2008-10-25 21:34 . 2008-10-25 21:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-10-24 18:57 . 2008-10-15 17:37 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-15 09:28 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 08:12 . 2008-09-15 16:28 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 07:58 . 2008-08-14 14:27 2,193,536 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 07:58 . 2008-08-14 14:27 2,149,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 07:58 . 2008-08-14 14:27 2,070,400 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 07:58 . 2008-08-14 14:27 2,028,544 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 18:21 . 2008-10-14 18:21 <DIR> d-------- C:\Program Files\DNA 2008-10-14 18:21 . 2008-10-17 21:44 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-14 18:21 . 2008-10-26 17:32 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\DNA 2008-10-14 17:02 . 2008-10-14 17:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 17:02 . 2008-10-14 17:02 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\Malwarebytes 2008-10-14 17:02 . 2008-10-14 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 17:02 . 2008-09-09 23:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 17:02 . 2008-09-09 23:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 20:34 . 2008-10-13 20:34 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\ESET 2008-10-13 20:33 . 2008-10-13 20:33 <DIR> d-------- C:\Program Files\ESET 2008-10-13 20:33 . 2008-10-13 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-02 16:02 . 2008-10-02 16:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-01 16:01 . 2008-10-01 16:01 <DIR> d-------- C:\Program Files\APC 2008-10-01 16:01 . 2004-08-10 14:35 4,142,592 --a------ C:\WINDOWS\system32\qtintf.dll 2008-10-01 15:54 . 2008-04-13 19:36 20,352 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys 2008-10-01 15:54 . 2008-04-13 19:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-10-01 15:54 . 2008-04-13 19:36 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-10-01 15:54 . 2008-04-13 19:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys 2008-10-01 15:54 . 2008-04-13 19:36 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-10-01 15:54 . 2008-04-13 19:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys 2008-09-28 22:16 . 2008-09-28 22:16 <DIR> d-------- C:\Program Files\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-26 09:36 --------- d-----w C:\Documents and Settings\ruud\Application Data\MailWasherPro 2008-10-25 20:15 --------- d-----w C:\Documents and Settings\ruud\Application Data\BitTorrent 2008-10-15 11:28 2,556,928 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-10-14 22:07 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-10-13 20:59 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-10-13 19:51 2,525,696 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-10-13 19:30 --------- d-----w C:\Program Files\Symantec 2008-10-13 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-13 19:28 --------- d-----w C:\Program Files\Norton SystemWorks 2008-10-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-13 11:26 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-10-13 11:24 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-10-13 11:19 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-10-13 07:53 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-10-13 07:32 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2008-10-13 07:32 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-10-01 21:21 --------- d-----w C:\Documents and Settings\ruud\Application Data\U3 2008-10-01 15:12 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-10-01 15:11 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2008-10-01 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-30 21:45 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2008-09-30 21:04 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2008-09-29 20:43 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-09-29 20:25 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-09-28 21:16 --------- d-----w C:\Program Files\Java 2008-09-28 20:24 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2008-09-28 18:58 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2008-09-27 17:50 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2008-09-27 17:50 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-09-25 20:17 2,463,744 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-09-25 19:17 31,232 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-09-25 07:45 --------- d-----w C:\Documents and Settings\ruud\Application Data\Uniblue 2008-09-25 07:41 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-09-25 07:41 --------- d-----w C:\Program Files\Uniblue 2008-09-25 07:39 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B} 2008-09-25 07:33 --------- d-----w C:\Program Files\Reference Assemblies 2008-09-25 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DriverScanner 2008-09-25 07:07 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-09-25 07:07 --------- d-----w C:\Program Files\Uniblue DriverScanner 2009 2008-09-25 04:53 80,384 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2008-09-25 04:03 2,332,672 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2008-09-24 18:28 29,696 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2008-09-24 18:28 2,339,328 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2008-09-24 18:06 --------- d-----w C:\Program Files\HFXP2 2008-09-24 06:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-24 06:46 --------- d-----w C:\Program Files\Startup Faster 2008-09-23 07:47 2,326,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-09-23 07:46 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2008-09-22 10:24 --------- d-----w C:\Program Files\PS-Wizard 2008-09-21 20:13 89,088 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-09-21 20:13 2,294,272 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-09-21 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-21 16:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-21 15:41 2,254,848 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-09-21 15:40 231,424 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-09-20 14:10 441,344 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-09-20 14:10 2,270,720 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-09-20 13:56 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-20 13:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-18 19:00 --------- d-----w C:\Program Files\SMAC 2008-09-16 16:50 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-09-16 16:24 244,224 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-09-16 16:23 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp 2008-09-15 18:50 2,214,912 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp 2008-09-15 18:49 223,232 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp 2008-09-15 15:28 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-14 18:17 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp 2008-09-14 18:17 2,215,936 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp 2008-09-14 17:47 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-14 17:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-14 17:35 --------- d-----w C:\Program Files\GameSpy Arcade 2008-09-14 16:19 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp 2008-09-14 16:18 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp 2008-09-14 16:11 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp 2008-09-14 16:11 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp 2008-09-14 14:57 2,212,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2008-09-14 14:55 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp 2008-09-14 02:57 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp 2008-09-14 02:57 2,211,840 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-20 05:30 669,184 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 13:27 2,193,536 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:27 2,070,400 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-10 20:05 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys 2008-07-29 23:34 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2008-07-29 23:34 83,968 ----a-w C:\WINDOWS\system32\mscories.dll 2008-07-29 23:34 41,984 ----a-w C:\WINDOWS\system32\netfxperf.dll 2008-07-29 23:34 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2008-07-29 23:34 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll 2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll 2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-05-05 09:26 31,704 ----a-w C:\Documents and Settings\ruud\Application Data\GDIPFONTCACHEV1.DAT . CODE <pre> ----a-w 25,088 2006-01-31 19:49:03 C:\Program Files\SlySoft\CloneCD\Crack clone cd 5.2.6.1 .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-14 289088] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-09 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-14 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe] "nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\ruud\Menu Start\Programma's\Opstarten\ Watch.lnk - C:\WINDOWS\twain_32\A4CIS\WATCH.exe [2008-01-09 176640] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-01 221247] ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2008-01-09 636200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\znetm32] 2004-06-25 20:13 10752 C:\WINDOWS\system32\znetm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"= "C:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "4382:TCP"= 4382:TCP:messenger R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 13824] R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744] R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 22528] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2008-10-25 C:\WINDOWS\Tasks\Easy Onderhoud.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 09:05] . . ------- Bijkomende Scan ------- . FireFox -: Profile - C:\Documents and Settings\ruud\Application Data\Mozilla\Firefox\Profiles\4xadhkpv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startpagina.nl/ FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-26 17:39:11 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... C:\sccfg.sys 448 bytes Scan succesvol afgerond verborgen bestanden: 1 ************************************************************************ . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCES: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . Voltooingstijd: 2008-10-26 17:40:52 ComboFix-quarantined-files.txt 2008-10-26 16:40:35 ComboFix2.txt 2008-10-15 19:44:18 ComboFix3.txt 2008-10-15 19:22:11 Pre-Run: 10.520.399.872 bytes beschikbaar Post-Run: 10,505,957,376 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 392 --- E O F --- 2008-10-26 14:00:07 2)Logfile of HijackThis v1.99.1 Scan saved at 17:43:48, on 26-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Greetings Ruud Ps: can it be that my videocard is bad? My pc also stopped(with frozen screen) after playing some youtube movies.

LDTate View Member Profile	Oct 26 2008, 12:42 PM Post #14
Forum God Group: Root Admin Posts: 45,676 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Lets see what happens after this before we try anything with the video card. Copy/paste the text in the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. CODE File:: C:\Program Files\SlySoft\CloneCD\Crack clone cd 5.2.6.1 .exe C:\WINDOWS\SYSTEM32\znetm32.dll Registry:: [KEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\znetm32] Save this file to your desktop, Save this as "CFScript" Here's how to do that: 1.Click File; 2.Click Save As... Change the directory to your desktop; 3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript 5.Click Save ... Drag CFScript.txt into ComboFix.exe Then post the results log and a new HijackThis log. Also please describe how your computer behaves at the moment.

red nose View Member Profile	Oct 27 2008, 03:57 PM Post #15
Authentic Member Group: Authentic Member Posts: 33 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	goodevening LDTate, Yesterday I did as suggested by you and today I tested my pc , everything seems to works as normal, also playing movies in media player works fine. here are the logs: 1)ComboFix 08-10-25.01 - ruud 2008-10-26 19:57:17.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.373 [GMT 1:00] Gestart vanuit: C:\Documents and Settings\ruud\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: C:\Documents and Settings\ruud\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt * Resident AV is active FILE :: C:\Program Files\SlySoft\CloneCD\Crack clone cd 5.2.6.1 .exe C:\WINDOWS\SYSTEM32\znetm32.dll . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\SlySoft\CloneCD\Crack clone cd 5.2.6.1 .exe C:\WINDOWS\SYSTEM32\znetm32.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))) . 2008-10-25 21:34 . 2008-10-25 21:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-10-24 18:57 . 2008-10-15 17:37 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-10-15 09:28 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 08:12 . 2008-09-15 16:28 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 07:58 . 2008-08-14 14:27 2,193,536 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 07:58 . 2008-08-14 14:27 2,149,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 07:58 . 2008-08-14 14:27 2,070,400 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 07:58 . 2008-08-14 14:27 2,028,544 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 18:21 . 2008-10-14 18:21 <DIR> d-------- C:\Program Files\DNA 2008-10-14 18:21 . 2008-10-17 21:44 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-14 18:21 . 2008-10-26 19:59 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\DNA 2008-10-14 17:02 . 2008-10-26 18:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 17:02 . 2008-10-14 17:02 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\Malwarebytes 2008-10-14 17:02 . 2008-10-14 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 17:02 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 17:02 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 20:34 . 2008-10-13 20:34 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\ESET 2008-10-13 20:33 . 2008-10-13 20:33 <DIR> d-------- C:\Program Files\ESET 2008-10-13 20:33 . 2008-10-13 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-02 16:02 . 2008-10-02 16:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-01 16:01 . 2008-10-01 16:01 <DIR> d-------- C:\Program Files\APC 2008-10-01 16:01 . 2004-08-10 14:35 4,142,592 --a------ C:\WINDOWS\system32\qtintf.dll 2008-10-01 15:54 . 2008-04-13 19:36 20,352 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys 2008-10-01 15:54 . 2008-04-13 19:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-10-01 15:54 . 2008-04-13 19:36 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-10-01 15:54 . 2008-04-13 19:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys 2008-10-01 15:54 . 2008-04-13 19:36 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-10-01 15:54 . 2008-04-13 19:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys 2008-09-28 22:16 . 2008-09-28 22:16 <DIR> d-------- C:\Program Files\Sun . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-26 18:56 --------- d-----w C:\Documents and Settings\ruud\Application Data\MailWasherPro 2008-10-25 20:15 --------- d-----w C:\Documents and Settings\ruud\Application Data\BitTorrent 2008-10-15 11:28 2,556,928 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-10-14 22:07 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-10-13 20:59 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-10-13 19:51 2,525,696 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-10-13 19:30 --------- d-----w C:\Program Files\Symantec 2008-10-13 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-13 19:28 --------- d-----w C:\Program Files\Norton SystemWorks 2008-10-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-13 11:26 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-10-13 11:24 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-10-13 11:19 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-10-13 07:53 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-10-13 07:32 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2008-10-13 07:32 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-10-01 21:21 --------- d-----w C:\Documents and Settings\ruud\Application Data\U3 2008-10-01 15:12 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-10-01 15:11 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2008-10-01 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-30 21:45 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2008-09-30 21:04 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2008-09-29 20:43 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-09-29 20:25 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-09-28 21:16 --------- d-----w C:\Program Files\Java 2008-09-28 20:24 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2008-09-28 18:58 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2008-09-27 17:50 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2008-09-27 17:50 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-09-25 20:17 2,463,744 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-09-25 19:17 31,232 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-09-25 07:45 --------- d-----w C:\Documents and Settings\ruud\Application Data\Uniblue 2008-09-25 07:41 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-09-25 07:41 --------- d-----w C:\Program Files\Uniblue 2008-09-25 07:39 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B} 2008-09-25 07:33 --------- d-----w C:\Program Files\Reference Assemblies 2008-09-25 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DriverScanner 2008-09-25 07:07 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-09-25 07:07 --------- d-----w C:\Program Files\Uniblue DriverScanner 2009 2008-09-25 04:53 80,384 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2008-09-25 04:03 2,332,672 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2008-09-24 18:28 29,696 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2008-09-24 18:28 2,339,328 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2008-09-24 18:06 --------- d-----w C:\Program Files\HFXP2 2008-09-24 06:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-24 06:46 --------- d-----w C:\Program Files\Startup Faster 2008-09-23 07:47 2,326,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-09-23 07:46 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2008-09-22 10:24 --------- d-----w C:\Program Files\PS-Wizard 2008-09-21 20:13 89,088 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-09-21 20:13 2,294,272 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-09-21 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-21 16:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-21 15:41 2,254,848 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-09-21 15:40 231,424 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-09-20 14:10 441,344 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-09-20 14:10 2,270,720 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-09-20 13:56 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-20 13:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-18 19:00 --------- d-----w C:\Program Files\SMAC 2008-09-16 16:50 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-09-16 16:24 244,224 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-09-16 16:23 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp 2008-09-15 18:50 2,214,912 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp 2008-09-15 18:49 223,232 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp 2008-09-14 18:17 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp 2008-09-14 18:17 2,215,936 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp 2008-09-14 17:47 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-14 17:35 --------- d-----w C:\Program Files\GameSpy Arcade 2008-09-14 16:19 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp 2008-09-14 16:18 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp 2008-09-14 16:11 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp 2008-09-14 16:11 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp 2008-09-14 14:57 2,212,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2008-09-14 14:55 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp 2008-09-14 02:57 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp 2008-09-14 02:57 2,211,840 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-05-05 09:26 31,704 ----a-w C:\Documents and Settings\ruud\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-14 289088] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-09 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-14 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe] "nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\ruud\Menu Start\Programma's\Opstarten\ Watch.lnk - C:\WINDOWS\twain_32\A4CIS\WATCH.exe [2008-01-09 176640] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-01 221247] ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2008-01-09 636200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"= "C:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "4382:TCP"= 4382:TCP:messenger R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 13824] R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744] R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 22528] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map 2008-10-25 C:\WINDOWS\Tasks\Easy Onderhoud.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 09:05] . - - - - ORPHANS VERWIJDERD - - - - Notify-znetm32 - znetm32.dll ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-26 20:01:28 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ********************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- PROCES: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\nview.dll . ------------------------ Andere Aktieve Processen ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe . ************************************************************************ . Voltooingstijd: 2008-10-26 20:07:46 - machine werd herstart ComboFix-quarantined-files.txt 2008-10-26 19:07:39 ComboFix2.txt 2008-10-26 16:40:54 ComboFix3.txt 2008-10-15 19:44:18 ComboFix4.txt 2008-10-15 19:22:11 Pre-Run: 10.475.909.120 bytes beschikbaar Post-Run: 10,496,139,264 bytes beschikbaar 382 --- E O F --- 2008-10-26 14:00:07 2)Logfile of HijackThis v1.99.1 Scan saved at 20:09:30, on 26-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVComsX.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\explorer.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Greetings Ruud

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Resolved] spyware/ fake antivirus 12	29	83valentine	342	Today, 11:38 AM Last post by: ken545
Infections Removal [Resolved] laptop running slow	14	juibre	179	Today, 11:37 AM Last post by: ken545
Infections Removal [Resolved] Trojan Detected 12	20	toyotomi	372	Today, 11:16 AM Last post by: CatByte
Infections Removal [Resolved] Need help removing re-generating virus/trojan 12	17	Granny Mouse	259	Today, 05:04 AM Last post by: CatByte