problemen met explorer
hallo pieter,
heb je advies opgevolgd adware en hijack gedraaid. Nog niets aangepast.
Wil graag wat tips voor opschonen
i-loopu site verschijnt automatisch in mijn browser.
hijack fil en adware file bijgesloten
Logfile of HijackThis v1.97.7
Scan saved at 12:12:46, on 07-12-2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Sophos SWEEP for NT\SWUPDATE.EXE
C:\WINNT\system32\usrbridg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\WINNT\system32\Atiptaxx.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Common Files\Nokia\NCLTools\NCLConf.exe
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
C:\Program Files\ClockSync\Sync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\WINNT\system32\mobsync.exe
C:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://i-lookup.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://i-lookup.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sphb02:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = au.cdri.intranet;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.publishnet.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINNT\system32\windec32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINNT\system32\windec32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINNT\Downloaded Program Files\CONFLICT.2\googlenav.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Common Files\Nokia\NCLTools\NCLConf.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Syscpy] C:\WINNT\system32\syscpy.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
O8 - Extra context menu item: &Email It - C:\Program Files\QuickSend\quicksend.html
O8 - Extra context menu item: &Google Search - res://C:\WINNT\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINNT\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINNT\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINNT\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsimilar.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) -
http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) -
http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} -
http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -
http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) -
http://bis.180solutions.com/activexinstallers/Installer/nCaseInstaller.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) -
http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} -
http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) -
http://dload.ipbill.com/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
adaware
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :zondag 7 december 2003 12:02:55
Created with Ad-aware Personal, free for private use.
Using reference-file :01R236 06.12.2003
______________________________________________________
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
07-12-2003 12:02:55 - Scan started. (Smart mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 07-12-2003 8:32:22
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:32:51
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:32:54
BasePriority : Normal
FileSize : 87 KB
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Besturingssysteem Microsoft(R) Windows (R) 2000
Created on : 11-01-2000
Last accessed : 07-12-2003 11:02:55
Last modified : 19-06-2003 10:05:04
#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:32:54
BasePriority : Normal
FileSize : 36 KB
FileVersion : 5.00.2195.6695
ProductVersion : 5.00.2195.6695
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : DLL-bestand voorLSA Executable en Server (exportversie)
InternalName : lsasrv.dll en lsass.exe
OriginalFilename : lsasrv.dll en lsass.exe
ProductName : Besturingssysteem Microsoft(R) Windows (R) 2000
Created on : 11-11-2002 14:42:56
Last accessed : 07-12-2003 11:02:55
Last modified : 19-06-2003 10:05:04
#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:02
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 11-01-2000
Last accessed : 07-12-2003 11:02:55
Last modified : 11-01-2000
#:6 [svchost.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 07-12-2003 8:33:02
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 11-01-2000
Last accessed : 07-12-2003 11:02:55
Last modified : 11-01-2000
#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:03
BasePriority : Normal
FileSize : 44 KB
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
OriginalFilename : spoolss.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 06-09-2002 15:29:29
Last accessed : 07-12-2003 11:02:55
Last modified : 19-06-2003 10:05:04
#:8 [ati2evxx.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 07-12-2003 8:33:03
BasePriority : Normal
FileSize : 80 KB
Created on : 12-06-2001 2:00:02
Last accessed : 07-12-2003 11:02:55
Last modified : 12-06-2001 2:00:02
#:9 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ThreadCreationTime : 07-12-2003 8:33:09
BasePriority : Normal
FileSize : 1391 KB
FileVersion : 4.0.3 (A)
ProductVersion : 4.0.3 (A)
Copyright : Copyright
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
OriginalFilename : CVPND.EXE
ProductName : Cisco Systems VPN Client
Created on : 21-10-2003 8:53:45
Last accessed : 07-12-2003 10:09:21
Last modified : 17-10-2003 14:43:48
#:10 [dwrcs.exe]
FilePath : C:\WINNT\SYSTEM32\
ThreadCreationTime : 07-12-2003 8:33:14
BasePriority : Normal
FileSize : 244 KB
FileVersion : 3, 72, 0, 0
ProductVersion : 3, 72, 0, 0
Copyright : Copyright
CompanyName : DameWare Development
FileDescription : DWRCS
InternalName : DWRCS
OriginalFilename : DWRCS.exe
ProductName : DameWare Development DWRCS
Created on : 18-09-2003 7:11:40
Last accessed : 07-12-2003 10:27:28
Last modified : 27-08-2003 12:45:00
#:11 [regsvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:18
BasePriority : Normal
FileSize : 66 KB
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
OriginalFilename : REGSVC.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 21-10-2003 9:32:50
Last accessed : 07-12-2003 11:02:56
Last modified : 19-06-2003 10:05:04
#:12 [mstask.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:19
BasePriority : Normal
FileSize : 117 KB
FileVersion : 4.71.2195.6704
ProductVersion : 4.71.2195.6704
Copyright : Copyright (C) Microsoft Corp. 1997
CompanyName : Microsoft Corporation
FileDescription : Taakplanner Engine
InternalName : TaskScheduler
OriginalFilename : mstask.exe
ProductName : Microsoft
Created on : 21-10-2003 9:32:31
Last accessed : 07-12-2003 11:02:56
Last modified : 19-06-2003 10:05:04
#:13 [stisvc.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:21
BasePriority : Normal
FileSize : 60 KB
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
Copyright : Copyright (C) Microsoft Corp. 1996-1997
CompanyName : Microsoft Corporation
FileDescription : Monitor voor Still Image-apparaten
InternalName : STIMON
OriginalFilename : STIMON.EXE
ProductName : Besturingssysteem Microsoft(R) Windows (R) 2000
Created on : 21-10-2003 9:33:01
Last accessed : 07-12-2003 11:02:56
Last modified : 19-06-2003 10:05:04
#:14 [sweepsrv.sys]
FilePath : C:\Program Files\Sophos SWEEP for NT\
ThreadCreationTime : 07-12-2003 8:33:23
BasePriority : Normal
FileSize : 284 KB
FileVersion : 2.01.0227
ProductVersion : 3 (Build 0227)
CompanyName : Sophos Plc
FileDescription : Sophos Anti-Virus detection system service
InternalName : SWEEPSRV
OriginalFilename : SWEEPSRV.SYS
ProductName : Sophos Anti-Virus
Created on : 15-09-2003 10:38:31
Last accessed : 07-12-2003 11:02:56
Last modified : 21-10-2003 6:55:36
#:15 [swupdate.exe]
FilePath : C:\Program Files\Sophos SWEEP for NT\
ThreadCreationTime : 07-12-2003 8:33:38
BasePriority : Normal
FileSize : 244 KB
FileVersion : 1.00.0227
ProductVersion : 3 (Build 0227)
CompanyName : Sophos Plc
FileDescription : Sophos Anti-Virus update service
InternalName : SWUPDATE
OriginalFilename : SWUPDATE.EXE
ProductName : Sophos Anti-Virus
Created on : 15-09-2003 10:37:59
Last accessed : 07-12-2003 11:02:56
Last modified : 21-10-2003 6:55:36
#:16 [usrbridg.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:40
BasePriority : Normal
FileSize : 60 KB
FileVersion : 1, 0, 2, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright
CompanyName : Extended Systems, Inc.
FileDescription : usrbridg.exe
InternalName : USRBRIDG
OriginalFilename : usrbridg.sys
Created on : 24-10-2002 8:18:39
Last accessed : 07-12-2003 11:02:57
Last modified : 06-07-2000 7:57:06
#:17 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ThreadCreationTime : 07-12-2003 8:33:46
BasePriority : Normal
FileSize : 192 KB
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
Copyright : Copyright (C) Microsoft Corp. 1995-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
ProductName : Windows Management Instrumentation
Created on : 21-10-2003 9:33:25
Last accessed : 07-12-2003 11:02:57
Last modified : 19-06-2003 10:05:04
#:18 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ThreadCreationTime : 07-12-2003 8:33:48
BasePriority : Normal
FileSize : 56 KB
FileVersion : 7.10.00.3068
ProductVersion : 7.10.00.3068
Copyright : Copyright (C) Microsoft Corp. 1981-2000
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
OriginalFilename : MSPMSPSV.EXE
ProductName : Microsoft (R) DRM
Created on : 06-09-2002 15:12:19
Last accessed : 07-12-2003 11:02:57
Last modified : 17-05-2002 0:24:48
#:19 [svchost.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:33:48
BasePriority : Normal
FileSize : 7 KB
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 11-01-2000
Last accessed : 07-12-2003 11:02:55
Last modified : 11-01-2000
#:20 [hkss.exe]
FilePath : C:\Program Files\Compaq\Hotkey Software\
ThreadCreationTime : 07-12-2003 8:34:43
BasePriority : Normal
FileSize : 188 KB
FileVersion : 1.1.D3
ProductVersion : 1.1.D3
CompanyName : Compaq Computer Corporation
FileDescription : Hot Key Support Software Loader
InternalName : HKSS
OriginalFilename : hkss.exe
ProductName : Hot Key Support Software
Created on : 06-09-2002 14:58:43
Last accessed : 07-12-2003 10:09:08
Last modified : 19-03-2002 9:12:40
#:21 [atiptaxx.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:34:45
BasePriority : Normal
FileSize : 200 KB
FileVersion : 5.13.2506
ProductVersion : 5.13.2506
Copyright : Copyright (C) 1998-2001 ATI Technologies Inc.
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
OriginalFilename : Atiptaxx.exe
ProductName : ATI Desktop Component
Created on : 28-05-2001 8:19:48
Last accessed : 07-12-2003 11:02:57
Last modified : 28-05-2001 8:19:48
#:22 [prpcui.exe]
FilePath : C:\WINNT\system32\
ThreadCreationTime : 07-12-2003 8:34:47
BasePriority : Normal
FileSize : 41 KB
FileVersion : 2.1.0.0
ProductVersion : 2.1.0.0
Copyright : Copyright
CompanyName : Intel Corporation
FileDescription : Intel(R) SpeedStep(TM) technology User Interface
InternalName : prpcui.exe
OriginalFilename : prpcui.exe
ProductName : Intel(R) SpeedStep(TM) technology applet
Created on : 09-09-2002 12:50:18
Last accessed : 07-12-2003 11:02:57
Last modified : 24-04-2001 8:00:00
#:23 [nclconf.exe]
FilePath : C:\Program Files\Common Files\Nokia\NCLTools\
ThreadCreationTime : 07-12-2003 8:34:49
BasePriority : Normal
FileSize : 120 KB
FileVersion : 4.00.014
ProductVersion : 4.0
Copyright : Copyright
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : NclConf taskbar application
InternalName : NclConf
OriginalFilename : NclConf.exe
ProductName : Nokia Connectivity Library
Created on : 24-10-2002 8:25:44
Last accessed : 07-12-2003 11:02:57
Last modified : 23-03-2001 9:08:42
#:24 [sync.exe]
FilePath : C:\Program Files\ClockSync\
ThreadCreationTime : 07-12-2003 8:34:54
BasePriority : Normal
FileSize : 65 KB
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
Copyright : Copyright 2003
CompanyName : WhenU.com
FileDescription : DnldStub
InternalName : DnldStub
OriginalFilename : dnldstub.exe
ProductName : DnldStub Module
Created on : 06-12-2003 15:38:08
Last accessed : 07-12-2003 11:02:57
Last modified : 19-11-2003 14:53:34
#:25 [icmon.exe]
FilePath : C:\Program Files\Sophos SWEEP for NT\
ThreadCreationTime : 07-12-2003 8:35:02
BasePriority : Normal
FileSize : 204 KB
FileVersion : 1.00.0227
ProductVersion : 3 (Build 0227)
CompanyName : Sophos Plc
FileDescription : Sophos Anti-Virus InterCheck activity monitor (ENG)
InternalName : ICMON
OriginalFilename : ICMON.EXE
ProductName : Sophos Anti-Virus
Created on : 15-09-2003 10:38:35
Last accessed : 07-12-2003 11:02:57
Last modified : 21-10-2003 6:55:30
#:26 [wpc54cfg.exe]
FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter\
ThreadCreationTime : 07-12-2003 8:35:07
BasePriority : Normal
FileSize : 4506 KB
FileVersion : 1.0.5.98
ProductVersion : 1.0.5.0
Copyright : Copyright (C) 2003, Linksys
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
OriginalFilename : WLANMonitor.EXE
ProductName : Linksys Instant WLAN Monitor
Created on : 18-05-2003 19:05:14
Last accessed : 07-12-2003 10:09:07
Last modified : 24-12-2002 7:53:18
#:27 [sync.exe]
FilePath : C:\Program Files\ClockSync\
ThreadCreationTime : 07-12-2003 8:59:20
BasePriority : Normal
FileSize : 65 KB
FileVersion : 0, 1, 5, 1
ProductVersion : 0, 1, 5, 1
Copyright : Copyright 2003
CompanyName : WhenU.com
FileDescription : DnldStub
InternalName : DnldStub
OriginalFilename : dnldstub.exe
ProductName : DnldStub Module
Created on : 06-12-2003 15:38:08
Last accessed : 07-12-2003 11:02:57
Last modified : 19-11-2003 14:53:34
#:28 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 07-12-2003 9:22:43
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Besturingssysteem Microsoft
Created on : 04-09-2002 8:23:58
Last accessed : 07-12-2003 10:22:17
Last modified : 04-09-2002 8:23:58
#:29 [explorer.exe]
FilePath : C:\WINNT\
ThreadCreationTime : 07-12-2003 9:26:02
BasePriority : Normal
FileSize : 238 KB
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
Copyright : Copyright (C) Microsoft Corp. 1981-1999
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows (R) 2000 Operating System
Created on : 21-10-2003 9:33:14
Last accessed : 07-12-2003 10:49:50
Last modified : 19-06-2003 10:05:04
#:30 [msimn.exe]
FilePath : C:\Program Files\Outlook Express\
ThreadCreationTime : 07-12-2003 10:21:29
BasePriority : Normal
FileSize : 56 KB
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
OriginalFilename : MSIMN.EXE
ProductName : Besturingssysteem Microsoft
Created on : 04-09-2002 8:07:58
Last accessed : 07-12-2003 10:21:29
Last modified : 04-09-2002 8:07:58
#:31 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ThreadCreationTime : 07-12-2003 10:22:02
BasePriority : Normal
FileSize : 8608 KB
FileVersion : 9.0.6328
ProductVersion : 9.0.6328
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft Word for Windows
InternalName : WinWord
OriginalFilename : WinWord.exe
ProductName : Microsoft Office 2000
Created on : 03-04-2002 0:58:50
Last accessed : 07-12-2003 10:22:02
Last modified : 03-04-2002 0:58:50
#:32 [agentsvr.exe]
FilePath : C:\WINNT\msagent\
ThreadCreationTime : 07-12-2003 10:22:27
BasePriority : Normal
FileSize : 236 KB
FileVersion : 2.00.0.3422
ProductVersion : 2.00.0.3422
Copyright : Copyright (C) Microsoft Corp. 1997-98
CompanyName : Microsoft Corporation
FileDescription : Microsoft Agent Server
InternalName : AgentServer
OriginalFilename : AgentSvr.exe
ProductName : Microsoft Agent Server
Created on : 11-01-2000
Last accessed : 07-12-2003 11:02:58
Last modified : 11-01-2000
#:33 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 07-12-2003 11:02:12
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 07-12-2003 10:13:46
Last accessed : 07-12-2003 11:02:12
Last modified : 12-07-2003 21:00:20
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Alexa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
BonziBuddy Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18B79968-1A76-4953-9EBB-B651407F8998}
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{266f948a-3dee-4270-8f55-e79accd569fa}
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Coulomb
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : comload.loader2.1
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : comload.loader2
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : comload.loader.1
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : comload.loader
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{ad7fafb0-16d6-40c3-af27-585d6e6453fd}
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{9e1089bc-1ae8-4685-8d77-6721e5c318a8}
Dial XS Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\DialXS
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\EGDHTML
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : EGDialObject.EGDial.1
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : EGDialObject.EGDial
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : EGDHTML.EGDialHTML.1
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : EGDHTML.EGDialHTML
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
e-Group Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}
Holystic-Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : software\holistyc
Holystic-Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : HOL_PRELOAD.FULL.1
Holystic-Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{03C543A1-C090-418F-A1D0-FB96380D601D}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.ohb.1
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.ohb
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.momo.1
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.momo
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.iiittt.1
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.iiittt
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.dbi.1
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.dbi
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.amo.1
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : windec.amo
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{660b38cb-6349-4c67-a418-aadabae09c38}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{F3A898B0-6D64-4155-BDF9-C26C99E15071}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{E432B411-6E00-4A49-B715-A88E1CC90CC5}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{D28B0B4C-C2A8-4F2D-8A9C-E98844D293D2}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{C8418B66-7898-4131-A131-F2B839308C15}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{B7383D80-81AA-4FD7-8AC2-D852677CDEAE}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{3FD0EE3A-96AF-434B-8B05-6970699905AE}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{fe1a240f-b247-4e06-a600-30e28f5af3a0}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{895fdaae-9464-458d-a2f8-0dbe95788620}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{89580613-09bb-4df6-8c2f-41896f7ea5cd}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{6ef3ae25-5a7d-40c2-9b44-9ed0068621c0}
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{18b79968-1a76-4953-9ebb-b651407f8998}
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\ISTsvc
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\ISTbar
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\IST
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ISTactivex.Installer.1
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ISTactivex.Installer
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{5f1abcdb-a875-46c1-8345-b72a4567e486}
istbar Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}
MainPean Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\MainPean Highspeed
NCase Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{18dd1792-64fb-42db-acbe-435c598045f4}
NCase Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ncaseinstaller.ncaseinstaller.1
NCase Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ncaseinstaller.ncaseinstaller
NCase Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{6eb5b540-1e74-4d91-a7f0-5b758d333702}
SaveNow Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\WhenUSave
TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\WebSiteViewer
WeatherCast Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\WhenU
Atztecmarketing.syscpy Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : Syscpy
istbar Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : IST Service
Powerscan Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Powerscan
Value : account_id
Windows Object recognized!
Type : RegData
Data :
Rootkey : HKEY_USERS
Object : .DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings
Value : Client ID
Data :
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 68
Objects found so far: 68
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagei-lookup.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://i-lookup.com/search.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://i-lookup.com/search.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagei-lookup.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://i-lookup.com/"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://i-lookup.com/"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bari-lookup.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://i-lookup.com/search.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://i-lookup.com/search.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanti-lookup.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://i-lookup.com/search.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://i-lookup.com/search.html"
Possible browser hijack attempt : Software\Microsoft\Internet ExplorerSearchURLi-lookup.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://i-lookup.com/search.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer
Value : SearchURL
Data : "http://i-lookup.com/search.html"
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanti-lookup.com
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "http://i-lookup.com/search.html"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://i-lookup.com/search.html"
Possible browser hijack attempt : {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (
http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab)
Possible browser hijack attempt : {6EB5B540-1E74-4D91-A7F0-5B758D333702} (
http://bis.180solutions.com/activexinstallers/installer/ncaseinstaller.cab)
Possible Browser Hijack attempt Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6EB5B540-1E74-4D91-A7F0-5B758D333702}
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 7
Objects found so far: 75
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : ardonr@metriweb[1].txt
Object : C:\Documents and Settings\ArdonR\Cookies\
Created on : 07-12-2003 9:37:52
Last accessed : 07-12-2003 11:05:40
Last modified : 07-12-2003 9:37:52
Tracking Cookie Object recognized!
Type : File
Data : ardonr@tmpad[2].txt
Object : C:\Documents and Settings\ArdonR\Cookies\
Created on : 07-12-2003 10:12:22
Last accessed : 07-12-2003 10:12:22
Last modified : 07-12-2003 10:12:22
Tracking Cookie Object recognized!
Type : File
Data : ardonr@tradedoubler[1].txt
Object : C:\Documents and Settings\ArdonR\Cookies\
Created on : 07-12-2003 11:00:29
Last accessed : 07-12-2003 11:00:29
Last modified : 07-12-2003 11:00:29
Tracking Cookie Object recognized!
Type : File
Data : ardonr@trafficmp[1].txt
Object : C:\Documents and Settings\ArdonR\Cookies\
Created on : 07-12-2003 10:12:22
Last accessed : 07-12-2003 10:12:22
Last modified : 07-12-2003 10:12:22
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
NCase Object recognized!
Type : File
Data : msbb.exe
Object : C:\WINNT\system32\
FileSize : 160 KB
Created on : 05-12-2003 8:33:05
Last accessed : 07-12-2003 11:05:55
Last modified : 05-12-2003 8:33:05
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Interface\{19E91D82-7AD7-419F-866A-58C122DB1459}
Coulomb Dialer Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : dctl
Coulomb Dialer Object recognized!
Type : File
Data : comload.dll
Object : c:\winnt\system32\
FileSize : 27 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
CompanyName : Coulomb Ltd
InternalName : comload
OriginalFilename : comload.dll
Created on : 28-10-2003 20:07:45
Last accessed : 07-12-2003 11:04:13
Last modified : 28-10-2003 20:07:48
e-Group Object recognized!
Type : File
Data : egdhtml.inf
Object : c:\winnt\downloaded program files\
Created on : 13-11-2003 11:13:28
Last accessed : 07-12-2003 11:06:15
Last modified : 13-11-2003 11:13:28
e-Group Object recognized!
Type : File
Data : egdhtml_pack.inf
Object : c:\winnt\downloaded program files\
Created on : 29-10-2003 16:23:26
Last accessed : 07-12-2003 11:06:15
Last modified : 29-10-2003 16:23:26
e-Group Object recognized!
Type : File
Data : mseggrpid.dll
Object : c:\winnt\system32\
Created on : 14-11-2003 13:14:12
Last accessed : 07-12-2003 11:06:15
Last modified : 06-12-2003 8:23:57
e-Group Object recognized!
Type : File
Data : ia.dll
Object : c:\winnt\system32\
FileSize : 6 KB
Created on : 13-10-2003 15:05:50
Last accessed : 07-12-2003 11:05:50
Last modified : 13-10-2003 15:05:50
e-Group Object recognized!
Type : File
Data : egdial.dll
Object : c:\winnt\system32\
FileSize : 10 KB
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
Copyright : Copyright
CompanyName : E-Group
FileDescription : EGDial
InternalName : EGDial
OriginalFilename : EGDial.dll
ProductName : E-Group EGDial
Created on : 14-10-2003 15:16:12
Last accessed : 07-12-2003 11:04:12
Last modified : 14-10-2003 15:16:12
e-Group Object recognized!
Type : File
Data : egdhtml_1024.dll
Object : c:\winnt\system32\
FileSize : 59 KB
FileVersion : 1, 0, 2, 4
ProductVersion : 1, 0, 2, 4
Copyright : Copyright
CompanyName : E-Group
FileDescription : EGDHTML
InternalName : EGDHTML
OriginalFilename : EGDHTML_1024.dll
ProductName : E-Group EGDHTML
Created on : 13-11-2003 10:53:22
Last accessed : 07-12-2003 11:03:42
Last modified : 13-11-2003 10:53:22
Holystic-Dialer Object recognized!
Type : Folder
Object : c:\winnt\Icons
Holystic-Dialer Object recognized!
Type : File
Data : preload.ocx
Object : c:\winnt\system32\
FileSize : 13 KB
FileVersion : 1.0.391102
ProductVersion : 1.0
CompanyName : Holistyc Limited
FileDescription : preload plugin
InternalName : preload
OriginalFilename : preload.ocx
ProductName : preload
Created on : 04-08-2003 14:39:50
Last accessed : 07-12-2003 11:03:29
Last modified : 04-08-2003 14:39:50
I-LookUp Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\share_docs
I-LookUp Object recognized!
Type : Folder
Object : c:\documents and settings\ardonr\favorieten\Messenger Links
I-LookUp Object recognized!
Type : Folder
Object : c:\documents and settings\ardonr\favorieten\I-lookup Favorites
I-LookUp Object recognized!
Type : Folder
Object : c:\documents and settings\ardonr\favorieten\Hot Links
I-LookUp Object recognized!
Type : Folder
Object : c:\documents and settings\ardonr\favorieten\Gambling
I-LookUp Object recognized!
Type : File
Data : dice.ico
Object : c:\winnt\system32\
FileSize : 3 KB
Created on : 06-12-2003 15:37:49
Last accessed : 07-12-2003 10:56:47
Last modified : 07-12-2003 10:56:47
I-LookUp Object recognized!
Type : File
Data : aim.url
Object : c:\documents and settings\ardonr\favorieten\messenger links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : icq.url
Object : c:\documents and settings\ardonr\favorieten\messenger links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : black planet love.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : college recruiter.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : dating direct.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : email psychic.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : for sale by owner.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : foreclosure free search.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : gay.com.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : hot jobs.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : i connect here.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : i-lookup.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : life-answers.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : move out.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : music 123.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:29
Last modified : 07-12-2003 11:00:29
I-LookUp Object recognized!
Type : File
Data : norton antivirus.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:31
Last modified : 07-12-2003 11:00:31
I-LookUp Object recognized!
Type : File
Data : online drugstore.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : phone shark.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : planet out.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : private for sale.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : room mate menu.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : roommate.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:31
Last modified : 07-12-2003 11:00:31
I-LookUp Object recognized!
Type : File
Data : tel 3.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : the online psychic.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:31
Last modified : 07-12-2003 11:00:31
I-LookUp Object recognized!
Type : File
Data : zaptel.url
Object : c:\documents and settings\ardonr\favorieten\i-lookup favorites\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:32
Last modified : 07-12-2003 11:00:32
I-LookUp Object recognized!
Type : File
Data : date a hottie.url
Object : c:\documents and settings\ardonr\favorieten\hot links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : espn.url
Object : c:\documents and settings\ardonr\favorieten\hot links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : free software.url
Object : c:\documents and settings\ardonr\favorieten\hot links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : pc cillin.url
Object : c:\documents and settings\ardonr\favorieten\hot links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : penis patch.url
Object : c:\documents and settings\ardonr\favorieten\hot links\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:34
Last modified : 07-12-2003 11:00:34
I-LookUp Object recognized!
Type : File
Data : weather.url
Object : c:\documents and settings\ardonr\favorieten\hot links\
Created on : 06-12-2003 19:58:48
Last accessed : 07-12-2003 11:00:33
Last modified : 07-12-2003 11:00:33
I-LookUp Object recognized!
Type : File
Data : golden palace casino.url
Object : c:\documents and settings\ardonr\favorieten\gambling\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:35
Last modified : 07-12-2003 11:00:35
I-LookUp Object recognized!
Type : File
Data : poker club.url
Object : c:\documents and settings\ardonr\favorieten\gambling\
Created on : 06-12-2003 19:58:49
Last accessed : 07-12-2003 11:00:35
Last modified : 07-12-2003 11:00:35
istbar Object recognized!
Type : Folder
Object : c:\program files\ISTsvc
istbar Object recognized!
Type : File
Data : istactivex.dll
Object : c:\winnt\downloaded program files\
FileSize : 64 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003
FileDescription : ISTactivex Module
InternalName : ISTactivex
OriginalFilename : ISTactivex.DLL
ProductName : ISTactivex Module
Created on : 18-09-2003 14:19:26
Last accessed : 07-12-2003 11:05:16
Last modified : 18-09-2003 14:19:26
istbar Object recognized!
Type : File
Data : ruud
Object : c:\program files\istsvc\
FileSize : 7 KB
Created on : 06-12-2003 15:37:55
Last accessed : 07-12-2003 11:06:16
Last modified : 06-12-2003 15:37:55
MainPean Dialer Object recognized!
Type : Folder
Object : c:\winnt\Coder
MainPean Dialer Object recognized!
Type : File
Data : coder.log
Object : c:\winnt\
Created on : 24-05-2003 14:57:58
Last accessed : 07-12-2003 11:06:16
Last modified : 24-05-2003 15:02:13
MainPean Dialer Object recognized!
Type : File
Data : coder.ini
Object : c:\winnt\
Created on : 24-05-2003 14:57:58
Last accessed : 07-12-2003 11:06:16
Last modified : 24-05-2003 15:02:13
NCase Object recognized!
Type : File
Data : ncaseinstaller.dll
Object : c:\winnt\downloaded program files\
FileSize : 325 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright(C) 180 Solutions. 2002
CompanyName : 180 Solutions
FileDescription : nCaseInstaller Module
InternalName : nCaseInstaller
OriginalFilename : nCaseInstaller.DLL
ProductName : nCaseInstaller Module
Created on : 12-09-2003 15:24:50
Last accessed : 07-12-2003 11:06:16
Last modified : 12-09-2003 15:24:50
NCase Object recognized!
Type : File
Data : ncaseinstaller.inf
Object : c:\winnt\downloaded program files\
Created on : 12-09-2003 15:24:50
Last accessed : 07-12-2003 11:06:16
Last modified : 12-09-2003 15:24:50
NCase Object recognized!
Type : File
Data : ncaselib.dll
Object : c:\winnt\downloaded program files\
FileSize : 116 KB
Created on : 04-09-2003 11:04:02
Last accessed : 07-12-2003 11:05:16
Last modified : 04-09-2003 11:04:02
Atztecmarketing.syscpy Object recognized!
Type : File
Data : syscpy.exe
Object : c:\winnt\system32\
FileSize : 52 KB
Created on : 06-12-2003 15:37:42
Last accessed : 07-12-2003 11:05:17
Last modified : 02-12-2003 15:54:28
Atztecmarketing.syscpy Object recognized!
Type : File
Data : syscpy1.exe
Object : c:\winnt\system32\
FileSize : 52 KB
Created on : 02-12-2003 15:54:28
Last accessed : 07-12-2003 11:06:11
Last modified : 02-12-2003 15:54:28
Powerscan Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : Power Scan
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 63
Objects found so far: 143
12:06:20 Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:03:21:780
Objects scanned :35842
Objects identified :143
Objects ignored :0
New objects :143
gaarne je reactie
mvg Ruud
):
