Archief - Hacker aanklagen
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
ozl
Legacy Member
Ik gebruik ook nooit een anti-virus of andere gelijkaardige programma's en momenteel heb ik daar nog nooit echt last van gehad (in de zin van: mijn pc dat vierkant draaide door allerhande virussen en consoorten), maar het zou dus goed kunnen dat er in de achtergrond toch dingen draaien die ik liever niet heb.
Is zo'n HijackThis-logje de ideale manier om dat eens na te kijken? 'Preventief' eigenlijk want ik heb niet echt een probleem met mijn pc op dit moment.
Is zo'n HijackThis-logje de ideale manier om dat eens na te kijken? 'Preventief' eigenlijk want ik heb niet echt een probleem met mijn pc op dit moment.
Fides
Legacy Member
Gebruik keepass en de functie om automatisch wachtwoorden in te vullen (dan wordt het al moeilijker om paswoorden te loggen via een keylogger).
Gebruik een keyscrambler.
Maak geen gebruik van de paswoordmanager van je browser
keepass = gratis
keyscrambler = gratis voor je browser, 30 dollar voor meerdere programma's.
Gebruik een keyscrambler.
Maak geen gebruik van de paswoordmanager van je browser
keepass = gratis
keyscrambler = gratis voor je browser, 30 dollar voor meerdere programma's.
Maser00
Legacy Member
Probeer deze eens. Het is een logje dat al op het internet gepost is en waarvoor ook al een fix te vinden is, daarom heb ik de gebruikersnaam en een paar onnodige details weggelaten/aangepast. Als je geluk hebt kan je nog steeds de fix vinden, maar dan vraag ik wel een verantwoording van wat je doet. Dit logje is gemaakt met OTL van Oldtimer (alternatief voor Hijackthis), guides ervoor zijn op het internet te vinden, maar zonder opleiding (om malware te kunnen verwijderen) bijna niet mogelijk om juist te interpreteren.sypro9000 zei:
Normaal zou ik een logje genomen hebben van Geekstogo.com, die zou beter zijn en de fix is niet te vinden maar Geekstogo is spijtig genoeg even offline.
Dit is btw een kleine en gemakkelijke log, moest Geekstogo online zijn had je een moeilijkere gehad.
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AfaService) -- C:\WINDOWS\system32\afasrv32.exe ()
SRV - (MyWebSearchService) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (MyWebSearch.com)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (lxcg_device) -- C:\WINDOWS\System32\lxcgcoms.exe ( )
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (MHIKEY10) -- C:\WINDOWS\system32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Connexion | Facebook
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\WINDOWS\Downloaded Program Files\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.tattoodle.com?tid={46CFCA29-E367-EABC-9EE1-AF6B139BB2F9}"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:10.3.85.0
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={46CFCA29-E367-EABC-9EE1-AF6B139BB2F9}&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Zango\bin\10.3.85.0\firefox\extensions [2009/08/18 15:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin [2010/03/29 19:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 20:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 18:23:57 | 000,000,000 | ---D | M]
[2009/04/19 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Extensions
[2010/05/02 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Firefox\Profiles\76ki4zwo.default\extensions
[2009/11/01 10:59:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Firefox\Profiles\76ki4zwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/03 17:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Firefox\Profiles\76ki4zwo.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/04/28 20:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/27 13:13:30 | 000,070,408 | ---- | M] (Zango, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/03 17:42:57 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/03 17:42:58 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (ShoppingReport) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (ShopperReports)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (Zango, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\WINDOWS\Downloaded Program Files\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (FaceFun) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\WINDOWS\Downloaded Program Files\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (Zango, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (Zango, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [kjulfynx] C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\gtplacfsu\dartuahtssd.exe ()
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USBestCR] C:\Program Files\USIM Editor\iconcs5139375.exe ()
O4 - HKLM..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe (Zango, Inc.)
O4 - HKLM..\Run: [ZangoSA] C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe (Zango, Inc.)
O4 - HKCU..\Run: [iLike] C:\Program Files\iLike\1.2.17\ilikesidebar.exe (iLike)
O4 - HKCU..\Run: [kjulfynx] C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\gtplacfsu\dartuahtssd.exe ()
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.3.85.0\Weather.exe (Zango, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (ShopperReports)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (ShopperReports)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page introuvable | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {0CE0F418-1010-442D-871C-3454827DD539} http://www.facefun.com/FaceFun_webinstall/...Fun_product.cab (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1240194932609 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Page introuvable | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/19 20:03:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Windows Server\bcryfj.dll) - C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Windows Server\bcryfj.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010/07/09 17:07:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe
[2010/07/09 16:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/07/08 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\gtplacfsu
[2010/07/08 17:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Windows Server
[2009/05/29 22:48:23 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2009/05/29 22:48:23 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2009/05/29 22:48:23 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2009/05/29 22:48:23 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2009/05/29 22:48:22 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2009/05/29 22:48:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2009/05/29 22:48:22 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/09 17:07:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe
[2010/07/09 16:47:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 16:47:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 16:44:58 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\AANGEPAST\ntuser.dat
[2010/07/09 16:44:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\AANGEPAST\ntuser.ini
[2010/07/09 16:44:56 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\IconCache.db
[2010/07/09 12:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FDC5226-2B05-4DC6-B1FF-B20665AC6591}.job
[2010/07/09 12:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 12:30:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6696834B-005D-4A5C-8C9E-5421B5B60F20}.job
[2010/07/09 12:25:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/09 12:05:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/09 09:45:59 | 061,788,923 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/09 08:30:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/04 04:24:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/06/29 16:28:16 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\AANGEPAST\Application Data\mcs.rma
[2010/06/29 16:28:16 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\AANGEPAST\Application Data\78A677
[2010/06/29 16:17:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 13:38:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 03:02:49 | 000,500,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:02:49 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:02:49 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/28 17:30:39 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/28 17:30:33 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/05/29 23:40:12 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/29 22:48:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2009/04/27 20:10:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/19 21:32:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/19 21:24:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/19 21:24:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2009/08/18 15:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2009/04/19 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/25 16:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/09/09 01:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZangoSA
[2010/01/31 10:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Application Data
[2010/03/05 18:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Arkadium
[2009/07/20 17:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/03 18:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\cs
[2010/05/11 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Documents and Settings
[2010/05/18 20:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Facebook
[2010/04/06 20:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\FixCleaner
[2009/04/29 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\GetRightToGo
[2009/07/18 22:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\iLike
[2010/03/05 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\AANGEPAST
[2010/03/03 18:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\report
[2010/07/08 17:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\ShoppingReport
[2010/01/14 21:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Toolbar4
[2009/08/18 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\WeatherDPA
[2010/05/10 19:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Zango
[2010/07/04 04:24:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/07/09 12:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FDC5226-2B05-4DC6-B1FF-B20665AC6591}.job
[2010/07/09 12:30:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6696834B-005D-4A5C-8C9E-5421B5B60F20}.job
[2010/07/09 12:25:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/09 12:05:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/04/19 20:38:32 | 063,752,952 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_en_85_287a1483.exe
[2009/04/19 20:58:04 | 007,518,920 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.0.8.exe
[2009/06/21 18:23:54 | 000,306,960 | ---- | M] (Zango, Inc.) -- C:\Setup.exe
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Drivers\Motherboard Drivers\NVIDIA\nForceWin2KXP\5.10\IDE\Win2K\NvAtaBus.sys
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Drivers\Motherboard Drivers\NVIDIA\nForceWin2KXP\5.10\IDE\WinXP\NvAtaBus.sys
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/04/19 14:38:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/19 14:38:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/19 14:38:01 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
PRC - C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AfaService) -- C:\WINDOWS\system32\afasrv32.exe ()
SRV - (MyWebSearchService) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (MyWebSearch.com)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (lxcg_device) -- C:\WINDOWS\System32\lxcgcoms.exe ( )
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (MHIKEY10) -- C:\WINDOWS\system32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Connexion | Facebook
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\WINDOWS\Downloaded Program Files\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.tattoodle.com?tid={46CFCA29-E367-EABC-9EE1-AF6B139BB2F9}"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:10.3.85.0
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={46CFCA29-E367-EABC-9EE1-AF6B139BB2F9}&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Zango\bin\10.3.85.0\firefox\extensions [2009/08/18 15:08:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin [2010/03/29 19:17:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 20:28:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 18:23:57 | 000,000,000 | ---D | M]
[2009/04/19 21:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Extensions
[2010/05/02 12:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Firefox\Profiles\76ki4zwo.default\extensions
[2009/11/01 10:59:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Firefox\Profiles\76ki4zwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/03 17:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AANGEPAST\Application Data\Mozilla\Firefox\Profiles\76ki4zwo.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/04/28 20:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/27 13:13:30 | 000,070,408 | ---- | M] (Zango, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/03 17:42:57 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/10/03 17:42:58 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (ShoppingReport) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (ShopperReports)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (Zango, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll File not found
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\WINDOWS\Downloaded Program Files\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (FaceFun) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\WINDOWS\Downloaded Program Files\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (Zango, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zango) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll (Zango, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [kjulfynx] C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\gtplacfsu\dartuahtssd.exe ()
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USBestCR] C:\Program Files\USIM Editor\iconcs5139375.exe ()
O4 - HKLM..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe (Zango, Inc.)
O4 - HKLM..\Run: [ZangoSA] C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe (Zango, Inc.)
O4 - HKCU..\Run: [iLike] C:\Program Files\iLike\1.2.17\ilikesidebar.exe (iLike)
O4 - HKCU..\Run: [kjulfynx] C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\gtplacfsu\dartuahtssd.exe ()
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [WeatherDPA] C:\Program Files\Zango\bin\10.3.85.0\Weather.exe (Zango, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (ShopperReports)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (ShopperReports)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} Page introuvable | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {0CE0F418-1010-442D-871C-3454827DD539} http://www.facefun.com/FaceFun_webinstall/...Fun_product.cab (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1240194932609 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Page introuvable | Facebook (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/19 20:03:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Windows Server\bcryfj.dll) - C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Windows Server\bcryfj.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010/07/09 17:07:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe
[2010/07/09 16:47:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/07/08 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\gtplacfsu
[2010/07/08 17:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\Windows Server
[2009/05/29 22:48:23 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2009/05/29 22:48:23 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[2009/05/29 22:48:23 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2009/05/29 22:48:23 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2009/05/29 22:48:22 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2009/05/29 22:48:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2009/05/29 22:48:22 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/09 17:07:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AANGEPAST\Desktop\OTL.exe
[2010/07/09 16:47:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 16:47:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 16:44:58 | 003,407,872 | ---- | M] () -- C:\Documents and Settings\AANGEPAST\ntuser.dat
[2010/07/09 16:44:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\AANGEPAST\ntuser.ini
[2010/07/09 16:44:56 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\AANGEPAST\Local Settings\Application Data\IconCache.db
[2010/07/09 12:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FDC5226-2B05-4DC6-B1FF-B20665AC6591}.job
[2010/07/09 12:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/09 12:30:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6696834B-005D-4A5C-8C9E-5421B5B60F20}.job
[2010/07/09 12:25:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/09 12:05:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/07/09 09:45:59 | 061,788,923 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/09 08:30:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/04 04:24:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2010/06/29 16:28:16 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\AANGEPAST\Application Data\mcs.rma
[2010/06/29 16:28:16 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\AANGEPAST\Application Data\78A677
[2010/06/29 16:17:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 13:38:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 03:02:49 | 000,500,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:02:49 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:02:49 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/28 17:30:39 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/28 17:30:33 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/05/29 23:40:12 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/05/29 22:48:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2009/04/27 20:10:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/04/19 21:32:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/19 21:24:48 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/04/19 21:24:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
========== LOP Check ==========
[2009/08/18 15:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2009/04/19 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/04/25 16:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/09/09 01:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZangoSA
[2010/01/31 10:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Application Data
[2010/03/05 18:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Arkadium
[2009/07/20 17:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/03 18:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\cs
[2010/05/11 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Documents and Settings
[2010/05/18 20:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Facebook
[2010/04/06 20:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\FixCleaner
[2009/04/29 20:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\GetRightToGo
[2009/07/18 22:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\iLike
[2010/03/05 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\AANGEPAST
[2010/03/03 18:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\report
[2010/07/08 17:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\ShoppingReport
[2010/01/14 21:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Toolbar4
[2009/08/18 15:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\WeatherDPA
[2010/05/10 19:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AANGEPAST\Application Data\Zango
[2010/07/04 04:24:00 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/07/09 12:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FDC5226-2B05-4DC6-B1FF-B20665AC6591}.job
[2010/07/09 12:30:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6696834B-005D-4A5C-8C9E-5421B5B60F20}.job
[2010/07/09 12:25:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/07/09 12:05:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/04/19 20:38:32 | 063,752,952 | ---- | M] (AVG Technologies) -- C:\avg_free_stf_en_85_287a1483.exe
[2009/04/19 20:58:04 | 007,518,920 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.0.8.exe
[2009/06/21 18:23:54 | 000,306,960 | ---- | M] (Zango, Inc.) -- C:\Setup.exe
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/06/06 17:52:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Drivers\Motherboard Drivers\NVIDIA\nForceWin2KXP\5.10\IDE\Win2K\NvAtaBus.sys
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Drivers\Motherboard Drivers\NVIDIA\nForceWin2KXP\5.10\IDE\WinXP\NvAtaBus.sys
[2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/04/19 14:38:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/19 14:38:01 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/19 14:38:01 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
Th1x4nG
Legacy Member
TS, ik ben al vele jaren 8 uur per dag online en heb nog niks meegemaakt van de onzin die ge vertelt. Formatteer uwe pc, doe ne clean install, gebruik Chrome/Firefox en klik er wa minder lustig op los. Benader vooral de waarschijnlijk louche bestanden die ge hebt niet opnieuw. En check uw bronnen voor warez/porno. 
Ik werk ook al een jaar of 3 zonder anti-virus en ja, ik WEET da der geen narigheid op mijne Windows draait.
Ik werk ook al een jaar of 3 zonder anti-virus en ja, ik WEET da der geen narigheid op mijne Windows draait.
Li1quid
Legacy Member
gthizzang zei:TS, ik ben al vele jaren 8 uur per dag online en heb nog niks meegemaakt van de onzin die ge vertelt. Formatteer uwe pc, doe ne clean install, gebruik Chrome/Firefox en klik er wa minder lustig op los. Benader vooral de waarschijnlijk louche bestanden die ge hebt niet opnieuw. En check uw bronnen voor warez/porno.
Ik werk ook al een jaar of 3 zonder anti-virus en ja, ik WEET da der geen narigheid op mijne Windows draait.
slim...
rafbanaan
Legacy Member
gthizzang zei:TS, ik ben al vele jaren 8 uur per dag online en heb nog niks meegemaakt van de onzin die ge vertelt. Formatteer uwe pc, doe ne clean install, gebruik Chrome/Firefox en klik er wa minder lustig op los. Benader vooral de waarschijnlijk louche bestanden die ge hebt niet opnieuw. En check uw bronnen voor warez/porno.
Ik werk ook al een jaar of 3 zonder anti-virus en ja, ik WEET da der geen narigheid op mijne Windows draait.
zou bij u wel eens willen komen scannen
Bumbolt
Legacy Member
Een jaartje geleden stond er een artikel in de clickx waarbij ze een oude pc tussen de model en router stoken. Daarop een soort firewall OS. Daar geraakt die hacker niet zo makkelijk door denk ik. Als je het zou willen proberen dan scan ik het wel even in. De pc heeft wel 2 enthernet aansluitingen nodig (kabel gaat in en uit, logisch)
Parnakra
Legacy Member
Hé, bedankt!makila zei:1. Formateer je PC en zet er Linux op ipv windows!
2. Schaf een deftige Linux firewall aan
3. Installeer Ad Aware voor Linux
4. Installeer een Anti-Virus voor Linux
5. Installeer daarna een router ipv zo'n stomme hub.
En voila de hacker is weg.
Oh ja, én maak je passwoorden nu niet te simpel. Ik heb al wel eens mensen hun accounts gekraakt (mag niet ik weet het, maar ze moeten het maar goed beveiligen!) omdat het passwoord hun nicknaam was die ze gebruikten op forums.Zo maak je het natuurlijk erg simpel om te hacken hé? Nadien heb ik dit natuurlijk altijd netjes gemeld aan die mensen, maar toch .. opletten dus!
sypro9000
Legacy Member
Maser00 zei:
Wel ik wou eens kijken hoe ver je zou gaan. Jij wint, ik verlies. Het is geen chinees voor mij, die log, maar ik ben er zeker geen pro in. Maar het is wel zo dat ik weet wat er mag draaien op mijn pc en wat niet. Als er een bepaald process is die ik niet ken kun je dat gewoon google'en en weet je direct wat het is of zou kunnen zijn. Ik persoonlijk ben nogal gesteld op de performance van mijn PC en dus bij gevolg heb er weinig brol op staan. Preventie is de grootste reden waardoor ik me veilig voel. Door de jaren heen weet je wel wat je "niet" moet doen op het internet.
Maar ik ben niet zo voor die clean shittzle programma's, formateer gewoon en daar is de kous mee af. Je moet je materiaal maar op andere hard drives zetten. Formatje en fresh install duurt amper 10min en uw drivers en nog eens 30min, dat is niet zo lang. Mensen doen daar altijd zo extreem over, big deal.
Fatalix
Legacy Member
Carrion zei:
Ehm, nee, totaal niet.
Als je wachtwoord je voor+achternaam+geboortedatum is, dan wel ja.
Hou maar op met "ik ben gehacked". Nee, je bent niet gehacked, je bent zelf te dom geweest om
1) een te simpel wachtwoord te gebruiken
2) britney.spears.naked.xxx.exe te openen die je via je player-buddy kreeg
3) je boze zusje die je is goed hebt liggen
DEnk is na; wat willen hackers nu met JOUW informatie? Met jouw mailtjes van de vriend van je ex die boos is dat em is vreemdgegaan. yeah, uiterst gevoelige info van staatsbelang. Get real.
Tuurlijk zijn er ECHTE hackers die dat zouden kunnen, maar die gaan hun tijd zeker niet wasten aan dit soort zaken.
Nooby4Ever
Legacy Member
Dude87 zei:
same
@ Fatalix : hotmail accounts zijn wel makkelijk te hacken volgens sommige bronnen die ik hier waarschijnlijk beter niet post
wat ik doe is verschillende passwoorden voor vb forums, e-mail account, games enz dan hebben ze nooit alles in 1 keer tenzij ze me keyloggen natuurlijk
Feit is als ze willen hebben ze u toch
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.