Thread: red background privacy in danger
View Single Post
Old 06-13-2008, 04:27 PM   #2 (permalink)
timmeuh
Registered User
 
Join Date: Jun 2008
Posts: 10
OS: win xp


Re: red background privacy in danger
this is the main.txt


Deckard's System Scanner v20071014.68
Run by Tim on 2008-06-12 12:58:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-12 10:58:41 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-06-11 20:28:34 UTC - RP4 - Software Distribution Service 3.0
3: 2008-06-11 17:07:36 UTC - RP3 - Removed Ad-Aware 2007
2: 2008-06-11 15:51:44 UTC - RP2 - Installed Ad-Aware 2007
1: 2008-06-10 13:43:44 UTC - RP1 - Controlepunt van systeem


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tim\Bureaublad\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: rtsplgob - {0939FF27-A717-4F67-96B5-555F9510F17F} - C:\WINDOWS\rtsplgob.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O21 - SSODL: xkefqtgs - {115537A0-1B27-4BBA-9244-8A6ABA157E0B} - C:\WINDOWS\xkefqtgs.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8633 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 13:00:38 0 d-------- C:\Program Files\Trend Micro
2008-06-11 19:42:15 0 d--h----- C:\WINDOWS\PIF
2008-06-11 17:51:45 0 d-------- C:\Program Files\Lavasoft
2008-06-11 10:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 08:53:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 15:00:01 68096 --a------ C:\WINDOWS\zip.exe
2008-06-10 15:00:01 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-10 15:00:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-10 15:00:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-10 15:00:01 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-10 15:00:01 98816 --a------ C:\WINDOWS\sed.exe
2008-06-10 15:00:01 80412 --a------ C:\WINDOWS\grep.exe
2008-06-10 15:00:01 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 10:40:20 0 d-------- C:\Program Files\ColorUtility
2008-06-10 09:33:44 0 d-------- C:\Program Files\Alwil Software
2008-06-10 08:55:31 0 d-------- C:\Documents and Settings\Tim\Application Data\TmpRecentIcons
2008-06-10 08:55:22 200704 -----n--- C:\WINDOWS\d
2008-06-08 17:33:17 0 d-------- C:\WINDOWS\ShellNew
2008-06-08 17:33:05 0 d-------- C:\Documents and Settings\Tim\Application Data\Microsoft Web Folders
2008-06-08 16:37:55 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 16:36:58 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-08 16:36:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-08 16:29:13 0 d-------- C:\Program Files\Drivers
2008-06-08 14:18:17 0 d-------- C:\Documents and Settings\Tim\Application Data\LimeWire
2008-06-08 11:40:08 0 d-------- C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-06-08 11:39:58 0 d-------- C:\Program Files\iPod
2008-06-08 11:39:54 0 d-------- C:\Program Files\iTunes
2008-06-08 11:39:21 0 d-------- C:\Program Files\QuickTime
2008-06-08 11:39:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-08 11:38:40 0 d-------- C:\Program Files\Common Files\Apple
2008-06-08 11:38:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-08 10:28:31 0 d-------- C:\Program Files\SokkerOrganizer
2008-06-03 11:23:30 0 d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-06-03 11:22:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-03 10:34:42 0 dr-hs---- C:\autorun.inf
2008-06-02 17:13:54 0 d-------- C:\Program Files\AutoCAD Architecture 2008
2008-06-02 13:58:50 0 d-------- C:\Documents and Settings\Tim\Application Data\AdobeUM
2008-05-30 19:47:15 0 d-------- C:\Program Files\MSXML 6.0
2008-05-30 15:34:36 0 d-------- C:\Program Files\Chaos Group
2008-05-30 11:10:54 0 d-------- C:\Program Files\DWG TrueView 2007
2008-05-30 11:10:32 0 d-------- C:\Program Files\Microsoft WSE
2008-05-30 10:47:21 0 d-------- C:\Program Files\AutoCAD Civil 3D 2008
2008-05-30 10:47:21 0 d-------- C:\Documents and Settings\Tim\Application Data\Autodesk
2008-05-30 10:47:21 0 d-------- C:\Civil 3D Project Templates
2008-05-30 10:36:35 0 d-------- C:\AUTOCAD
2008-05-29 22:24:47 0 d-------- C:\Program Files\MSXML 4.0
2008-05-29 22:11:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-29 17:48:43 0 d-------- C:\Program Files\LimeWire
2008-05-29 17:46:51 0 d-------- C:\WINDOWS\Sun
2008-05-29 17:46:51 0 d-------- C:\Documents and Settings\Tim\Application Data\Sun
2008-05-29 17:45:59 0 d-------- C:\Program Files\Java
2008-05-29 17:44:47 0 d-------- C:\Program Files\Common Files\Java
2008-05-29 16:49:22 0 d-------- C:\Documents and Settings\Tim\Application Data\vlc
2008-05-29 16:46:41 0 d-------- C:\Program Files\VideoLAN
2008-05-29 16:40:25 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-29 16:40:04 0 d-------- C:\Program Files\Windows Live
2008-05-29 16:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-29 16:35:20 0 d-------- C:\Program Files\Common Files\ChaosGroup
2008-05-29 16:34:56 0 d-------- C:\Documents and Settings\Tim\Application Data\WinRAR
2008-05-29 16:33:52 0 d-------- C:\autodesk
2008-05-29 16:33:12 0 d-------- C:\Program Files\Autodesk Student Community Download Tool
2008-05-29 16:28:15 0 d-------- C:\Documents and Settings\Tim\Application Data\Adobe
2008-05-29 16:26:58 0 d-------- C:\Documents and Settings\Tim\Contacts
2008-05-29 16:26:28 0 d-------- C:\WINDOWS\system32\DRVSTORE
2008-05-29 16:16:04 0 d-------- C:\Documents and Settings\Tim\Application Data\Google
2008-05-29 16:10:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-29 16:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-29 16:08:42 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-29 16:08:42 0 d-------- C:\Program Files\Google
2008-05-29 16:08:34 0 d-------- C:\WINDOWS\system32\nl-nl
2008-05-29 16:05:15 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-29 16:05:15 0 d-------- C:\Program Files\Autodesk
2008-05-29 16:02:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-29 15:55:05 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-29 15:55:03 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-28 17:00:00 0 d-------- C:\Documents and Settings\Tim\Application Data\Macromedia
2008-05-28 14:15:21 0 d-------- C:\Documents and Settings\NetworkService\Menu Start
2008-05-28 14:15:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-28 14:00:47 0 d-------- C:\AcerBKTemp
2008-05-28 13:58:34 0 d-------- C:\WINDOWS\system32\autorun
2008-05-28 13:32:51 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-28 13:31:07 245760 --a------ C:\WINDOWS\system32\Check.exe <Not Verified; acer Inc.; OBRCheck>
2008-05-28 13:31:05 0 d-------- C:\Program Files\acer
2008-05-28 13:30:45 0 d-------- C:\Program Files\Launch Manager
2008-05-28 13:30:44 147456 --a------ C:\WINDOWS\UNINST32.EXE <Not Verified; Dritek System Inc.; Dritek System Inc. Uninstall Application>
2008-05-28 13:30:44 49152 --a------ C:\WINDOWS\system32\QtBtLib.dll <Not Verified; Dritek System Inc.; Dritek System Inc. QtBtLib.DLL>
2008-05-28 13:30:44 16896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS <Not Verified; Dritek System Inc.; Dritek Keyboard Filter>
2008-05-28 13:28:23 17119 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
2008-05-28 13:28:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-28 13:28:05 0 d-------- C:\Program Files\WinPCap
2008-05-28 13:27:19 221258 --a------ C:\WINDOWS\system32\Epm-Po.dll <Not Verified; Acer Labs USA; EPM-PO Dynamic Link Library>
2008-05-28 13:27:19 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
2008-05-28 13:27:19 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
2008-05-28 13:27:19 0 d-------- C:\Acer
2008-05-28 13:26:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Sjablonen
2008-05-28 13:26:14 0 dr-h----- C:\Documents and Settings\Tim\SendTo
2008-05-28 13:26:14 0 dr-h----- C:\Documents and Settings\Tim\Onlangs geopend
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Netwerkprinteromgeving
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\NetHood
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Mijn documenten
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Menu Start
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Local Settings
2008-05-28 13:26:14 0 dr------- C:\Documents and Settings\Tim\Favorieten
2008-05-28 13:26:14 0 d--hs---- C:\Documents and Settings\Tim\Cookies
2008-05-28 13:26:14 0 d-------- C:\Documents and Settings\Tim\Bureaublad
2008-05-28 13:26:14 0 d--h----- C:\Documents and Settings\Tim\Application Data
2008-05-28 13:26:14 0 d-------- C:\Documents and Settings\Tim\Application Data\Identities
2008-05-28 13:26:13 4718592 --ah----- C:\Documents and Settings\Tim\NTUSER.DAT
2008-05-28 13:25:24 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-05-28 13:25:21 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities


-- Find3M Report ---------------------------------------------------------------

2008-06-11 22:29:26 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-06-11 10:35:58 457684 --a------ C:\WINDOWS\system32\perfh013.dat
2008-06-11 10:35:58 77946 --a------ C:\WINDOWS\system32\perfc013.dat
2008-05-28 12:41:04 471 --a------ C:\WINDOWS\CLEANUP.CMD
2008-05-28 12:41:02 797 --a------ C:\WINDOWS\HotFix.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/02/2005 19:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/02/2005 19:32]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/10/2004 23:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/10/2004 23:43]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [09/03/2005 18:59]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/02/2005 21:05]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [28/03/2005 18:04]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [24/03/2005 09:13]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [28/03/2005 12:20]
"eRecoveryService"="C:\Windows\System32\Check.exe" [23/03/2005 10:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"wsctf.exe"="wsctf.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 21:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xkefqtgs"= {115537A0-1B27-4BBA-9244-8A6ABA157E0B} - C:\WINDOWS\xkefqtgs.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1379fd8-2cc5-11dd-b4cc-00c09fb72d20}]
AutoRun\command- F:\EXPLORER.EXE
explore\Command- F:\EXPLORER.EXE
open\Command- F:\EXPLORER.EXE




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-12 13:01:22 ------------
timmeuh is offline