Log na combofix (na TDSS ivm MEbroot.A)

angel-style 23 mei 2012, 19:15

Hoi Allemaal,
Door een melding bij Avira antivirus en het niet verwijdert krijgen van het probleem ben ik op deze site terecht gekomen en een topic gevonden waarin hetzelfde verhaal speelde.
Om dat topic niet te vervuilen ben ik een nieuw topic gestart.
Mijn naam is Angelique en werk dagelijks op mijn werk als CAD-tekenaar. Maar tot zover reikt dan ook mijn computerkennis. Via Google al een boel zaken opgelost gekregen, maar dit lijkt me toch een vrij hardnekkig iets.
Als tip in het andere topic en de daar voorgestelde stappen heb ik bovengenoemde programma' s (zoals genoemd in het onderwerp)laten lopen.
Wat ieder geval al opvalt is, dat de window start en afsluitgeluidjes weer aanwezig zijn. Deze heb ik maanden niet meer gehoord. Er zijn echter niet maanden problemen geweest. In feite waren er (met internet en outlook) pas de laatste paar dagen problemen.
na de combofix is dit de logfile;
Kan iemand mij vertellen of er nog iets dreigends op mijn pc zit?
Alvast bedankt
ComboFix 12-05-23.05 - Angelique 23-05-2012 18:42:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1505 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Marc\ntuser.tmp
c:\documents and settings\Marc\WINDOWS
c:\recycle.bin\B6232F3AE5B.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))
.
.
2012-05-23 16:49 . 2012-05-23 16:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-05-23 16:27 . 2012-05-23 16:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS
2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES
2012-05-23 06:06 . 2012-05-23 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED
2012-05-23 05:38 . 2012-05-23 05:38 -------- d-----w- c:\documents and settings\Angelique\Application Data\Avira
2012-05-23 05:32 . 2012-02-03 13:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-23 05:32 . 2012-02-03 13:28 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 05:24 . 2012-05-23 05:24 -------- d-----w- c:\windows\system32\Adobe
2012-05-23 05:23 . 2012-05-23 05:23 -------- d-----w- c:\program files\Avira
2012-05-23 05:23 . 2012-05-23 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-05-23 05:19 . 2012-05-23 05:22 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon
2012-05-23 05:15 . 2012-05-23 05:15 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn
2012-05-23 05:15 . 2012-05-23 05:47 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar
2012-05-23 05:15 . 2012-05-23 16:47 -------- d-----w- c:\documents and settings\Angelique\Application Data\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:55 . 2004-08-03 23:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-09-13 12:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2004-09-13 12:52 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-09-13 12:52 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-09-13 12:52 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-09-13 12:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-09-13 12:52 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-09-13 12:52 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-09-13 12:52 385024 ------w- c:\windows\system32\html.iec
2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-03-02 22:53 . 2011-09-09 17:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R?2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [23-5-2012 7:32 86224]
R?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23-5-2012 7:32 36000]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992]
R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416]
S?2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25-3-2009 19:02 34760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-05-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
2012-05-23 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-4Y3Y0C3AUF7W0E6DHHTVE - c:\recycle.bin\B6232F3AE5B.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3324)
c:\docume~1\ANGELI~1\LOCALS~1\Temp\catchme.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
c:\program files\Babylon\Babylon-Pro\TC\BabylonTC.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-23 18:53:08 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-23 16:52
.
Pre-Run: 102.380.843.008 bytes beschikbaar
Post-Run: 103.763.951.616 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5844918FFC6920616484C4A5C4CBC699

Antwoord niet gevonden? Stel hier je vraag:

Abraham54 23 mei 2012, 20:10

Hallo Angelique, ik zie dat jij TDSSKiller ook gebruikt hebt.
Het gebruik zonder aanwijzingen van dit soort sterke tools is af te raden.
Kijk nu of jij een op dit C:\TDSSKiller.2.5.12.0_23.05.2012_10.45.13_log.txt lijkend bestand vindt.
Zoja dan graag de inhoud van dat log in je volgende bericht posten.

angel-style 23 mei 2012, 20:25

oh... :o
Ik zag dat wel staan bij de combofix in de (in de link te vinden) handleiding, maar niet bij de tdsskiller. En omdat in de combofix een herstelpunt werd aangemaakt leek het mij niet zo heel veek kwaad te kunnen.
Aangezien het exact hetzelfde probleem leek te zijn, dacht ik dat het geen kwaad kon.
Wil zo min mogelijk zelfde vragen stellen, vandaar............
Maar de volgende keer toch maar direct een post starten, of beter nog..............voorkomen dat het nog eens voorkomt :D
Bijgaand de gevraagde log
18:25:56.0265 2244 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:25:56.0656 2244 ============================================================
18:25:56.0656 2244 Current date / time: 2012/05/23 18:25:56.0656
18:25:56.0656 2244 SystemInfo:
18:25:56.0656 2244
18:25:56.0656 2244 OS Version: 5.1.2600 ServicePack: 3.0
18:25:56.0656 2244 Product type: Workstation
18:25:56.0656 2244 ComputerName: CP-597526-A
18:25:56.0656 2244 UserName: Angelique
18:25:56.0656 2244 Windows directory: C:\WINDOWS
18:25:56.0656 2244 System windows directory: C:\WINDOWS
18:25:56.0656 2244 Processor architecture: Intel x86
18:25:56.0656 2244 Number of processors: 2
18:25:56.0656 2244 Page size: 0x1000
18:25:56.0656 2244 Boot type: Normal boot
18:25:56.0656 2244 ============================================================
18:25:57.0328 2244 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:25:57.0375 2244 Drive \Device\Harddisk5\DR11 - Size: 0x1DD200000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:25:57.0375 2244 ============================================================
18:25:57.0375 2244 \Device\Harddisk0\DR0:
18:25:57.0375 2244 MBR partitions:
18:25:57.0375 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x129D9EB1
18:25:57.0375 2244 \Device\Harddisk5\DR11:
18:25:57.0375 2244 MBR partitions:
18:25:57.0375 2244 \Device\Harddisk5\DR11\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE7080
18:25:57.0375 2244 ============================================================
18:25:57.0421 2244 C: <-> \Device\Harddisk0\DR0\Partition0
18:25:57.0421 2244 ============================================================
18:25:57.0421 2244 Initialize success
18:25:57.0421 2244 ============================================================
18:26:21.0515 3284 ============================================================
18:26:21.0515 3284 Scan started
18:26:21.0515 3284 Mode: Manual; SigCheck; TDLFS;
18:26:21.0515 3284 ============================================================
18:26:22.0046 3284 Abiosdsk - ok
18:26:22.0062 3284 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:26:22.0218 3284 abp480n5 - ok
18:26:22.0265 3284 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:22.0343 3284 ACPI - ok
18:26:22.0375 3284 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:22.0468 3284 ACPIEC - ok
18:26:22.0515 3284 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:26:22.0531 3284 ADIHdAudAddService - ok
18:26:22.0562 3284 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:26:22.0656 3284 adpu160m - ok
18:26:22.0703 3284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:22.0781 3284 aec - ok
18:26:22.0828 3284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:26:22.0906 3284 AFD - ok
18:26:22.0937 3284 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:26:23.0031 3284 agp440 - ok
18:26:23.0031 3284 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:26:23.0125 3284 agpCPQ - ok
18:26:23.0140 3284 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:26:23.0218 3284 Aha154x - ok
18:26:23.0218 3284 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:26:23.0312 3284 aic78u2 - ok
18:26:23.0312 3284 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:26:23.0406 3284 aic78xx - ok
18:26:23.0453 3284 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
18:26:23.0578 3284 aksfridge - ok
18:26:23.0640 3284 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys
18:26:23.0656 3284 akshasp - ok
18:26:23.0671 3284 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys
18:26:23.0671 3284 aksusb - ok
18:26:23.0718 3284 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
18:26:23.0796 3284 Alerter - ok
18:26:23.0828 3284 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
18:26:23.0875 3284 ALG - ok
18:26:23.0906 3284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:26:24.0015 3284 AliIde - ok
18:26:24.0031 3284 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:26:24.0109 3284 alim1541 - ok
18:26:24.0156 3284 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:26:24.0234 3284 amdagp - ok
18:26:24.0281 3284 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:26:24.0343 3284 amsint - ok
18:26:24.0546 3284 AntiVirSchedulerService (280c41d70b16dc6af4235ff7000e5cd3) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:26:24.0562 3284 AntiVirSchedulerService - ok
18:26:24.0578 3284 AntiVirService (e545beff703229a10b56026b83add8b4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:26:24.0593 3284 AntiVirService - ok
18:26:24.0625 3284 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll
18:26:24.0671 3284 AppMgmt - ok
18:26:24.0718 3284 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:26:24.0796 3284 asc - ok
18:26:24.0812 3284 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:26:24.0859 3284 asc3350p - ok
18:26:24.0875 3284 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:26:25.0000 3284 asc3550 - ok
18:26:25.0046 3284 ASFIPmon (6295dd28d0ecbc4e6e450c279fef5ed9) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
18:26:25.0046 3284 ASFIPmon - ok
18:26:25.0109 3284 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
18:26:25.0125 3284 ASPI ( UnsignedFile.Multi.Generic ) - warning
18:26:25.0125 3284 ASPI - detected UnsignedFile.Multi.Generic (1)
18:26:25.0265 3284 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:26:25.0281 3284 aspnet_state - ok
18:26:25.0328 3284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:25.0406 3284 AsyncMac - ok
18:26:25.0437 3284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:25.0531 3284 atapi - ok
18:26:25.0546 3284 Atdisk - ok
18:26:25.0546 3284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:25.0640 3284 Atmarpc - ok
18:26:25.0687 3284 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
18:26:25.0781 3284 AudioSrv - ok
18:26:25.0828 3284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:25.0906 3284 audstub - ok
18:26:25.0953 3284 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:26:26.0000 3284 avgntflt - ok
18:26:26.0031 3284 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:26:26.0046 3284 avipbb - ok
18:26:26.0078 3284 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:26:26.0078 3284 avkmgr - ok
18:26:26.0125 3284 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:26:26.0125 3284 b57w2k - ok
18:26:26.0187 3284 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
18:26:26.0187 3284 BASFND ( UnsignedFile.Multi.Generic ) - warning
18:26:26.0187 3284 BASFND - detected UnsignedFile.Multi.Generic (1)
18:26:26.0296 3284 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:26:26.0312 3284 BBSvc - ok
18:26:26.0375 3284 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:26:26.0390 3284 BBUpdate - ok
18:26:26.0421 3284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:26.0515 3284 Beep - ok
18:26:26.0578 3284 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
18:26:26.0671 3284 BITS - ok
18:26:26.0718 3284 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
18:26:26.0812 3284 Browser - ok
18:26:26.0843 3284 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:26:26.0937 3284 cbidf - ok
18:26:26.0937 3284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:27.0015 3284 cbidf2k - ok
18:26:27.0031 3284 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:26:27.0109 3284 cd20xrnt - ok
18:26:27.0140 3284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:27.0234 3284 Cdaudio - ok
18:26:27.0296 3284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:27.0390 3284 Cdfs - ok
18:26:27.0406 3284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:27.0484 3284 Cdrom - ok
18:26:27.0484 3284 Changer - ok
18:26:27.0546 3284 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
18:26:27.0625 3284 CiSvc - ok
18:26:27.0656 3284 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
18:26:27.0750 3284 ClipSrv - ok
18:26:27.0890 3284 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:26:27.0906 3284 clr_optimization_v2.0.50727_32 - ok
18:26:27.0984 3284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:26:28.0000 3284 clr_optimization_v4.0.30319_32 - ok
18:26:28.0031 3284 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:26:28.0140 3284 CmdIde - ok
18:26:28.0140 3284 COMSysApp - ok
18:26:28.0171 3284 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:26:28.0281 3284 Cpqarray - ok
18:26:28.0328 3284 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
18:26:28.0406 3284 CryptSvc - ok
18:26:28.0468 3284 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:26:28.0578 3284 dac2w2k - ok
18:26:28.0609 3284 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:26:28.0703 3284 dac960nt - ok
18:26:28.0765 3284 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
18:26:28.0781 3284 DcomLaunch - ok
18:26:28.0843 3284 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
18:26:28.0921 3284 Dhcp - ok
18:26:28.0953 3284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:29.0031 3284 Disk - ok
18:26:29.0031 3284 dmadmin - ok
18:26:29.0093 3284 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:29.0234 3284 dmboot - ok
18:26:29.0234 3284 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
18:26:29.0328 3284 dmio - ok
18:26:29.0343 3284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:29.0453 3284 dmload - ok
18:26:29.0500 3284 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
18:26:29.0593 3284 dmserver - ok
18:26:29.0609 3284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:29.0703 3284 DMusic - ok
18:26:29.0750 3284 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
18:26:29.0765 3284 Dnscache - ok
18:26:29.0828 3284 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
18:26:29.0906 3284 Dot3svc - ok
18:26:29.0953 3284 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:26:30.0031 3284 dpti2o - ok
18:26:30.0078 3284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:30.0156 3284 drmkaud - ok
18:26:30.0218 3284 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:26:30.0296 3284 E100B - ok
18:26:30.0359 3284 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
18:26:30.0437 3284 EapHost - ok
18:26:30.0500 3284 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
18:26:30.0593 3284 ERSvc - ok
18:26:30.0656 3284 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
18:26:30.0656 3284 Eventlog - ok
18:26:30.0718 3284 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
18:26:30.0734 3284 EventSystem - ok
18:26:30.0750 3284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:30.0828 3284 Fastfat - ok
18:26:30.0890 3284 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
18:26:30.0906 3284 FastUserSwitchingCompatibility - ok
18:26:30.0968 3284 Fax (4914736e61f561dad588af2aaa0df0f0) C:\WINDOWS\system32\fxssvc.exe
18:26:31.0062 3284 Fax - ok
18:26:31.0125 3284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:26:31.0203 3284 Fdc - ok
18:26:31.0218 3284 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
18:26:31.0328 3284 Fips - ok
18:26:31.0343 3284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:26:31.0421 3284 Flpydisk - ok
18:26:31.0484 3284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:26:31.0562 3284 FltMgr - ok
18:26:31.0718 3284 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:26:31.0734 3284 FontCache3.0.0.0 - ok
18:26:31.0781 3284 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:26:31.0796 3284 fssfltr - ok
18:26:32.0000 3284 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:26:32.0031 3284 fsssvc - ok
18:26:32.0078 3284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:32.0171 3284 Fs_Rec - ok
18:26:32.0250 3284 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:32.0343 3284 Ftdisk - ok
18:26:32.0390 3284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:32.0484 3284 Gpc - ok
18:26:32.0640 3284 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:26:32.0640 3284 gupdate - ok
18:26:32.0656 3284 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:26:32.0656 3284 gupdatem - ok
18:26:32.0734 3284 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
18:26:32.0843 3284 Hardlock - ok
18:26:32.0843 3284 hasplms - ok
18:26:32.0906 3284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:26:33.0000 3284 HDAudBus - ok
18:26:33.0109 3284 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:26:33.0187 3284 helpsvc - ok
18:26:33.0234 3284 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
18:26:33.0312 3284 HidServ - ok
18:26:33.0359 3284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:26:33.0453 3284 HidUsb - ok
18:26:33.0515 3284 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
18:26:33.0609 3284 hkmsvc - ok
18:26:33.0671 3284 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:26:33.0750 3284 hpn - ok
18:26:33.0812 3284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:33.0828 3284 HTTP - ok
18:26:33.0890 3284 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
18:26:33.0984 3284 HTTPFilter - ok
18:26:34.0046 3284 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:26:34.0140 3284 i2omgmt - ok
18:26:34.0156 3284 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:26:34.0265 3284 i2omp - ok
18:26:34.0281 3284 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:34.0375 3284 i8042prt - ok
18:26:34.0531 3284 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:26:34.0546 3284 IAANTMON - ok
18:26:34.0625 3284 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
18:26:34.0640 3284 iaStor - ok
18:26:34.0718 3284 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:26:34.0718 3284 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:26:34.0718 3284 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:26:34.0906 3284 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:26:34.0937 3284 idsvc - ok
18:26:35.0046 3284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:35.0140 3284 Imapi - ok
18:26:35.0203 3284 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
18:26:35.0296 3284 ImapiService - ok
18:26:35.0343 3284 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:26:35.0453 3284 ini910u - ok
18:26:35.0500 3284 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:26:35.0578 3284 IntelIde - ok
18:26:35.0640 3284 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:26:35.0718 3284 intelppm - ok
18:26:35.0734 3284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:26:35.0812 3284 Ip6Fw - ok
18:26:35.0875 3284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:35.0953 3284 IpFilterDriver - ok
18:26:35.0968 3284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:36.0046 3284 IpInIp - ok
18:26:36.0078 3284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:36.0156 3284 IpNat - ok
18:26:36.0187 3284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:36.0265 3284 IPSec - ok
18:26:36.0312 3284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:36.0359 3284 IRENUM - ok
18:26:36.0421 3284 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:36.0515 3284 isapnp - ok
18:26:36.0703 3284 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
18:26:36.0718 3284 JavaQuickStarterService - ok
18:26:36.0734 3284 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:36.0812 3284 Kbdclass - ok
18:26:36.0843 3284 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:26:36.0921 3284 kbdhid - ok
18:26:36.0984 3284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:37.0078 3284 kmixer - ok
18:26:37.0125 3284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:37.0156 3284 KSecDD - ok
18:26:37.0203 3284 lanmanserver (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
18:26:37.0218 3284 lanmanserver - ok
18:26:37.0265 3284 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
18:26:37.0281 3284 lanmanworkstation - ok
18:26:37.0312 3284 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
18:26:37.0328 3284 Lbd - ok
18:26:37.0328 3284 lbrtfdc - ok
18:26:37.0406 3284 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
18:26:37.0484 3284 LmHosts - ok
18:26:37.0593 3284 LMIGuardianSvc (c6a4fa0beed6e4198ddd8b8ee136cf80) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:26:37.0609 3284 LMIGuardianSvc - ok
18:26:37.0656 3284 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:26:37.0671 3284 LMIInfo - ok
18:26:37.0718 3284 LMIMaint (6295a19e8a6486ff8a13a1b2f4e461e0) C:\Program Files\LogMeIn\x86\RaMaint.exe
18:26:37.0734 3284 LMIMaint - ok
18:26:37.0781 3284 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:26:37.0781 3284 lmimirr - ok
18:26:37.0796 3284 LMIRfsClientNP - ok
18:26:37.0812 3284 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:26:37.0828 3284 LMIRfsDriver - ok
18:26:37.0890 3284 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:26:37.0906 3284 LogMeIn - ok
18:26:37.0984 3284 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
18:26:38.0000 3284 MBAMProtector - ok
18:26:38.0109 3284 MBAMService (94e920be59b9ab65d95e582dbaa136ac) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:26:38.0125 3284 MBAMService - ok
18:26:38.0187 3284 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
18:26:38.0265 3284 Messenger - ok
18:26:38.0312 3284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:38.0421 3284 mnmdd - ok
18:26:38.0468 3284 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
18:26:38.0546 3284 mnmsrvc - ok
18:26:38.0578 3284 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
18:26:38.0656 3284 Modem - ok
18:26:38.0687 3284 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:38.0781 3284 Mouclass - ok
18:26:38.0828 3284 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:26:38.0906 3284 mouhid - ok
18:26:38.0953 3284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:39.0046 3284 MountMgr - ok
18:26:39.0078 3284 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:26:39.0171 3284 mraid35x - ok
18:26:39.0203 3284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:39.0281 3284 MRxDAV - ok
18:26:39.0328 3284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:39.0375 3284 MRxSmb - ok
18:26:39.0531 3284 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:26:39.0531 3284 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:26:39.0531 3284 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
18:26:39.0578 3284 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
18:26:39.0671 3284 MSDTC - ok
18:26:39.0687 3284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:39.0765 3284 Msfs - ok
18:26:39.0781 3284 MSIServer - ok
18:26:39.0812 3284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:39.0921 3284 MSKSSRV - ok
18:26:39.0953 3284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:40.0046 3284 MSPCLOCK - ok
18:26:40.0093 3284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:40.0171 3284 MSPQM - ok
18:26:40.0234 3284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:40.0312 3284 mssmbios - ok
18:26:40.0359 3284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:26:40.0437 3284 Mup - ok
18:26:40.0515 3284 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
18:26:40.0609 3284 napagent - ok
18:26:40.0671 3284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:40.0750 3284 NDIS - ok
18:26:40.0796 3284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:40.0828 3284 NdisTapi - ok
18:26:40.0875 3284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:40.0953 3284 Ndisuio - ok
18:26:41.0000 3284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:41.0078 3284 NdisWan - ok
18:26:41.0109 3284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:41.0218 3284 NDProxy - ok
18:26:41.0265 3284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:41.0359 3284 NetBIOS - ok
18:26:41.0406 3284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:41.0484 3284 NetBT - ok
18:26:41.0546 3284 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
18:26:41.0640 3284 NetDDE - ok
18:26:41.0640 3284 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
18:26:41.0734 3284 NetDDEdsdm - ok
18:26:41.0765 3284 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:41.0843 3284 Netlogon - ok
18:26:41.0875 3284 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
18:26:41.0968 3284 Netman - ok
18:26:42.0125 3284 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:26:42.0140 3284 NetTcpPortSharing - ok
18:26:42.0203 3284 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
18:26:42.0218 3284 Nla - ok
18:26:42.0234 3284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:42.0328 3284 Npfs - ok
18:26:42.0406 3284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:42.0531 3284 Ntfs - ok
18:26:42.0546 3284 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:42.0640 3284 NtLmSsp - ok
18:26:42.0687 3284 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
18:26:42.0781 3284 NtmsSvc - ok
18:26:42.0890 3284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:42.0984 3284 Null - ok
18:26:43.0343 3284 nv (11d00ba58270a128354f3ea2262587cc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:26:43.0640 3284 nv - ok
18:26:43.0781 3284 NVSvc (6a5560227f7a7597829c8073b5dc704e) C:\WINDOWS\system32\nvsvc32.exe
18:26:43.0796 3284 NVSvc - ok
18:26:43.0843 3284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:43.0921 3284 NwlnkFlt - ok
18:26:43.0937 3284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:44.0031 3284 NwlnkFwd - ok
18:26:44.0125 3284 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:44.0125 3284 ose - ok
18:26:44.0234 3284 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:26:44.0250 3284 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
18:26:44.0250 3284 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
18:26:44.0296 3284 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\WINDOWS\System32\DRIVERS\papycpu2.sys
18:26:44.0312 3284 papycpu2 ( UnsignedFile.Multi.Generic ) - warning
18:26:44.0312 3284 papycpu2 - detected UnsignedFile.Multi.Generic (1)
18:26:44.0312 3284 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\WINDOWS\System32\DRIVERS\papyjoy.sys
18:26:44.0328 3284 papyjoy ( UnsignedFile.Multi.Generic ) - warning
18:26:44.0328 3284 papyjoy - detected UnsignedFile.Multi.Generic (1)
18:26:44.0390 3284 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:44.0468 3284 Parport - ok
18:26:44.0531 3284 Partizan (e228b03a922d46e29b88c4056861ee78) C:\WINDOWS\system32\drivers\Partizan.sys
18:26:44.0546 3284 Partizan - ok
18:26:44.0593 3284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:44.0671 3284 PartMgr - ok
18:26:44.0718 3284 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:44.0796 3284 ParVdm - ok
18:26:44.0812 3284 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:44.0906 3284 PCI - ok
18:26:44.0921 3284 PCIDump - ok
18:26:44.0953 3284 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:45.0062 3284 PCIIde - ok
18:26:45.0109 3284 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:26:45.0187 3284 Pcmcia - ok
18:26:45.0203 3284 PDCOMP - ok
18:26:45.0218 3284 PDFRAME - ok
18:26:45.0218 3284 PDRELI - ok
18:26:45.0234 3284 PDRFRAME - ok
18:26:45.0265 3284 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:26:45.0359 3284 perc2 - ok
18:26:45.0375 3284 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:26:45.0500 3284 perc2hib - ok
18:26:45.0578 3284 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
18:26:45.0593 3284 PlugPlay - ok
18:26:45.0609 3284 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:45.0687 3284 PolicyAgent - ok
18:26:45.0750 3284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:45.0843 3284 PptpMiniport - ok
18:26:45.0843 3284 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:45.0937 3284 ProtectedStorage - ok
18:26:45.0937 3284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:46.0046 3284 PSched - ok
18:26:46.0078 3284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:46.0187 3284 Ptilink - ok
18:26:46.0234 3284 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:26:46.0250 3284 PxHelp20 - ok
18:26:46.0281 3284 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:26:46.0375 3284 ql1080 - ok
18:26:46.0375 3284 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:26:46.0500 3284 Ql10wnt - ok
18:26:46.0531 3284 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:26:46.0609 3284 ql12160 - ok
18:26:46.0656 3284 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:26:46.0750 3284 ql1240 - ok
18:26:46.0796 3284 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:26:46.0906 3284 ql1280 - ok
18:26:46.0953 3284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:47.0031 3284 RasAcd - ok
18:26:47.0093 3284 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
18:26:47.0171 3284 RasAuto - ok
18:26:47.0187 3284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:47.0281 3284 Rasl2tp - ok
18:26:47.0343 3284 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
18:26:47.0421 3284 RasMan - ok
18:26:47.0453 3284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:47.0531 3284 RasPppoe - ok
18:26:47.0562 3284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:47.0656 3284 Raspti - ok
18:26:47.0703 3284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:47.0796 3284 Rdbss - ok
18:26:47.0812 3284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:47.0890 3284 RDPCDD - ok
18:26:47.0953 3284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:26:48.0031 3284 rdpdr - ok
18:26:48.0093 3284 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:48.0171 3284 RDPWD - ok
18:26:48.0203 3284 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
18:26:48.0296 3284 RDSessMgr - ok
18:26:48.0328 3284 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:48.0406 3284 redbook - ok
18:26:48.0468 3284 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
18:26:48.0562 3284 RemoteAccess - ok
18:26:48.0609 3284 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll
18:26:48.0750 3284 RemoteRegistry - ok
18:26:48.0812 3284 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
18:26:48.0890 3284 RpcLocator - ok
18:26:48.0953 3284 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
18:26:48.0968 3284 RpcSs - ok
18:26:49.0046 3284 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
18:26:49.0140 3284 RSVP - ok
18:26:49.0187 3284 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
18:26:49.0265 3284 SamSs - ok
18:26:49.0312 3284 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
18:26:49.0406 3284 SCardSvr - ok
18:26:49.0453 3284 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
18:26:49.0546 3284 Schedule - ok
18:26:49.0593 3284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:49.0640 3284 Secdrv - ok
18:26:49.0687 3284 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
18:26:49.0781 3284 seclogon - ok
18:26:49.0843 3284 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
18:26:49.0859 3284 SenFiltService - ok
18:26:49.0921 3284 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
18:26:50.0015 3284 SENS - ok
18:26:50.0062 3284 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:26:50.0078 3284 Sentinel - ok
18:26:50.0187 3284 SentinelKeysServer (731d9b3de4bc0a3e0830b9bf9dbce2a5) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
18:26:50.0203 3284 SentinelKeysServer - ok
18:26:50.0218 3284 SentinelProtectionServer (925e88d7c5a51e25769d9ceb4f7f2e85) C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
18:26:50.0234 3284 SentinelProtectionServer - ok
18:26:50.0296 3284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:50.0375 3284 serenum - ok
18:26:50.0375 3284 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:50.0468 3284 Serial - ok
18:26:50.0515 3284 sermouse (e45e17f93a7692a040c7bcd63907d505) C:\WINDOWS\system32\DRIVERS\sermouse.sys
18:26:50.0609 3284 sermouse - ok
18:26:50.0687 3284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:50.0781 3284 Sfloppy - ok
18:26:50.0843 3284 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
18:26:50.0937 3284 SharedAccess - ok
18:26:51.0000 3284 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
18:26:51.0015 3284 ShellHWDetection - ok
18:26:51.0015 3284 Simbad - ok
18:26:51.0062 3284 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:26:51.0140 3284 sisagp - ok
18:26:51.0203 3284 SNTNLUSB (9de6e60ce7fd82b4985de5d9c22265ad) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:26:51.0218 3284 SNTNLUSB - ok
18:26:51.0328 3284 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
18:26:51.0328 3284 SonicStage Back-End Service - ok
18:26:51.0375 3284 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:26:51.0453 3284 Sparrow - ok
18:26:51.0484 3284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:51.0578 3284 splitter - ok
18:26:51.0625 3284 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:26:51.0656 3284 Spooler - ok
18:26:51.0703 3284 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:26:51.0703 3284 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
18:26:51.0703 3284 SPTISRV - detected UnsignedFile.Multi.Generic (1)
18:26:51.0765 3284 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:51.0812 3284 sr - ok
18:26:51.0859 3284 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
18:26:51.0906 3284 srservice - ok
18:26:51.0937 3284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:51.0984 3284 Srv - ok
18:26:52.0000 3284 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
18:26:52.0046 3284 SSDPSRV - ok
18:26:52.0093 3284 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:26:52.0109 3284 ssmdrv - ok
18:26:52.0140 3284 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
18:26:52.0140 3284 SSScsiSV - ok
18:26:52.0187 3284 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
18:26:52.0281 3284 stisvc - ok
18:26:52.0296 3284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:52.0390 3284 swenum - ok
18:26:52.0437 3284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:26:52.0531 3284 swmidi - ok
18:26:52.0546 3284 SwPrv - ok
18:26:52.0593 3284 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:26:52.0687 3284 symc810 - ok
18:26:52.0734 3284 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:26:52.0812 3284 symc8xx - ok
18:26:52.0828 3284 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:26:52.0953 3284 sym_hi - ok
18:26:52.0953 3284 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:26:53.0046 3284 sym_u3 - ok
18:26:53.0078 3284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:26:53.0156 3284 sysaudio - ok
18:26:53.0187 3284 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
18:26:53.0265 3284 SysmonLog - ok
18:26:53.0312 3284 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
18:26:53.0406 3284 TapiSrv - ok
18:26:53.0468 3284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:26:53.0500 3284 Tcpip - ok
18:26:53.0546 3284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:26:53.0625 3284 TDPIPE - ok
18:26:53.0640 3284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:26:53.0734 3284 TDTCP - ok
18:26:53.0781 3284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:26:53.0875 3284 TermDD - ok
18:26:53.0937 3284 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
18:26:54.0046 3284 TermService - ok
18:26:54.0109 3284 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
18:26:54.0125 3284 Themes - ok
18:26:54.0171 3284 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe
18:26:54.0218 3284 TlntSvr - ok
18:26:54.0250 3284 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys
18:26:54.0359 3284 TosIde - ok
18:26:54.0421 3284 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
18:26:54.0500 3284 TrkWks - ok
18:26:54.0640 3284 TrueSwordSchedulerService (29d085fdca4734c4dda1db5448c1ab6a) C:\Program Files\True Sword 5\TrueSwordSchedule.exe
18:26:54.0656 3284 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - warning
18:26:54.0656 3284 TrueSwordSchedulerService - detected UnsignedFile.Multi.Generic (1)
18:26:54.0718 3284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:26:54.0812 3284 Udfs - ok
18:26:54.0859 3284 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:26:54.0921 3284 ultra - ok
18:26:54.0984 3284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:26:55.0078 3284 Update - ok
18:26:55.0125 3284 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
18:26:55.0171 3284 upnphost - ok
18:26:55.0218 3284 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
18:26:55.0296 3284 UPS - ok
18:26:55.0343 3284 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
18:26:55.0359 3284 usbbus - ok
18:26:55.0390 3284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:26:55.0468 3284 usbccgp - ok
18:26:55.0515 3284 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
18:26:55.0546 3284 UsbDiag - ok
18:26:55.0609 3284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:26:55.0687 3284 usbehci - ok
18:26:55.0734 3284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:26:55.0812 3284 usbhub - ok
18:26:55.0875 3284 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
18:26:55.0890 3284 USBModem - ok
18:26:55.0937 3284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:26:56.0031 3284 usbscan - ok
18:26:56.0078 3284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:26:56.0156 3284 USBSTOR - ok
18:26:56.0187 3284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:26:56.0281 3284 usbuhci - ok
18:26:56.0328 3284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:26:56.0437 3284 VgaSave - ok
18:26:56.0453 3284 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:26:56.0531 3284 viaagp - ok
18:26:56.0562 3284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:26:56.0671 3284 ViaIde - ok
18:26:56.0718 3284 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
18:26:56.0796 3284 VolSnap - ok
18:26:56.0859 3284 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
18:26:56.0906 3284 VSS - ok
18:26:56.0937 3284 w32time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
18:26:57.0015 3284 w32time - ok
18:26:57.0046 3284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:26:57.0125 3284 Wanarp - ok
18:26:57.0125 3284 WDICA - ok
18:26:57.0171 3284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:26:57.0265 3284 wdmaud - ok
18:26:57.0312 3284 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
18:26:57.0406 3284 WebClient - ok
18:26:57.0484 3284 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:26:57.0578 3284 winmgmt - ok
18:26:57.0640 3284 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
18:26:57.0640 3284 WmBEnum - ok
18:26:57.0703 3284 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:26:57.0734 3284 WmdmPmSN - ok
18:26:57.0750 3284 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
18:26:57.0750 3284 WmFilter - ok
18:26:57.0765 3284 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\WINDOWS\system32\drivers\WmHidLo.sys
18:26:57.0781 3284 WmHidLo - ok
18:26:57.0843 3284 Wmi (93f8eb8c7cd4e325ec92edbfc545103d) C:\WINDOWS\System32\advapi32.dll
18:26:57.0875 3284 Wmi - ok
18:26:57.0921 3284 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:26:58.0015 3284 WmiApSrv - ok
18:26:58.0187 3284 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:26:58.0203 3284 WMPNetworkSvc - ok
18:26:58.0296 3284 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
18:26:58.0312 3284 WmVirHid - ok
18:26:58.0359 3284 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
18:26:58.0359 3284 WmXlCore - ok
18:26:58.0593 3284 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:26:58.0625 3284 WPFFontCache_v0400 - ok
18:26:58.0671 3284 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
18:26:58.0765 3284 wscsvc - ok
18:26:58.0781 3284 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
18:26:58.0875 3284 wuauserv - ok
18:26:58.0937 3284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:26:58.0968 3284 WudfPf - ok
18:26:58.0984 3284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:26:59.0000 3284 WudfRd - ok
18:26:59.0015 3284 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:26:59.0031 3284 WudfSvc - ok
18:26:59.0093 3284 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
18:26:59.0203 3284 WZCSVC - ok
18:26:59.0203 3284 xcpip - ok
18:26:59.0265 3284 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
18:26:59.0359 3284 xmlprov - ok
18:26:59.0359 3284 xpsec - ok
18:26:59.0406 3284 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
18:26:59.0406 3284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:26:59.0406 3284 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:26:59.0484 3284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR11
18:26:59.0609 3284 \Device\Harddisk5\DR11 - ok
18:26:59.0640 3284 Boot (0x1200) (d7d68ccdd29528c210a18cbf741ba615) \Device\Harddisk0\DR0\Partition0
18:26:59.0640 3284 \Device\Harddisk0\DR0\Partition0 - ok
18:26:59.0640 3284 Boot (0x1200) (938abd51bca1b2f72e10815330436741) \Device\Harddisk5\DR11\Partition0
18:26:59.0640 3284 \Device\Harddisk5\DR11\Partition0 - ok
18:26:59.0640 3284 ============================================================
18:26:59.0640 3284 Scan finished
18:26:59.0640 3284 ============================================================
18:26:59.0765 3612 Detected object count: 10
18:26:59.0765 3612 Actual detected object count: 10
18:27:53.0203 3612 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0203 3612 papycpu2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0203 3612 papycpu2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0218 3612 papyjoy ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0218 3612 papyjoy ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0218 3612 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0218 3612 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0218 3612 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:53.0218 3612 TrueSwordSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:53.0750 3612 \Device\Harddisk0\DR0\# - copied to quarantine
18:27:53.0750 3612 \Device\Harddisk0\DR0 - copied to quarantine
18:27:53.0750 3612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:27:53.0765 3612 \Device\Harddisk0\DR0 - ok
18:27:53.0765 3612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:28:00.0968 3524 Deinitialize success

Abraham54 23 mei 2012, 20:44

Eerst even dit, er is geen Windows die gelijk is aan een andere Windows!
Daarom alleen al is het verstandiger je probleem in een eigen topic te posten!
Hoe lang is het geleden dat jij geïnternetbankierd hebt.
Want Mebroot/Sinowal is ook een backdoor, gespecialiseerd in identiteitsdiefstal!

angel-style 23 mei 2012, 20:53

die vraag zag ik in het vorige topic ook al staan en ben daar bij mezelf al even over te rade gegaan.
Ik zou het echter eerlijk gezegd niet meer precies weten, maar volgens mij vorige week zeker een keer.
Zondagavond valt mij ineens in, toen heb ik gekeken op internetbankieren. Ik heb toen geen overboekingen gedaan.
Zijn daar nog zaken die ik zou moeten regelen??
Overigens zijn de problemen die ik merkte met internet enzo, wel verholpen.
Ook heb ik ineens weer de windows opstart/afsluitgeluiden die al tijden weg waren.
Thanx voor de reacties tot dusver

Abraham54 23 mei 2012, 21:23

Bij welke bank zit jij?
En je mag het volgende gaan doen:
Welk programma: [color=#008000:498d2930dd]Emsisoft Emergency Kit 1.0[/color:498d2930dd]
Waarvoor/waarom: Detecteert en verwijdert malware
Moeilijkheidsgraad: geen.
Download: [color=#FF0000:498d2930dd]Emsisoft Emergency Kit[/color:498d2930dd]
Opmerkingen:[list:498d2930dd][*:498d2930dd]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
[*:498d2930dd]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:498d2930dd]
Emsisoft Emergency Kit opstarten door de map "EmsisoftEmergencyKit" te openen
[list:498d2930dd][list:498d2930dd][*:498d2930dd][color=#0000FF:498d2930dd]Windows 2000[/color:498d2930dd] en [color=#0000FF:498d2930dd]Windows XP[/color:498d2930dd]: dubbelklik op "Start.exe".
[*:498d2930dd][color=#0000FF:498d2930dd]Windows Vista[/color:498d2930dd] en [color=#0000FF:498d2930dd]Windows 7[/color:498d2930dd]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:498d2930dd][/list:u:498d2930dd]
Scannen:
[list:498d2930dd][*:498d2930dd] Klik nu in het keuzescherm op "Emergency Kit Scanner" en aansluitend komt dan de melding,
dat het is aanbevolen om eerst te updaten.

[*:498d2930dd]Doe dit dan ook door te klikken op "Ja"
[*:498d2930dd]Wanneer het updaten gereed is volgt de melding "Update proces is succesvol afgerond"
[*:498d2930dd]Klik nu op"Menu" en dan op "Scan PC"
[*:498d2930dd] Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
[*:498d2930dd] Klik aansluitend op de knop "Scan"
[list:498d2930dd][*:498d2930dd]Wees geduldig en doe verder niets met de computer gedurende de scan,
daar de scan geruime tijd kan duren.[/list:u:498d2930dd]
[*:498d2930dd] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.
[*:498d2930dd] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "Verwijder geselecteerde" - dan zal de volgende melding komen:

[*:498d2930dd]Klik aansluitend dus op "Ja"
[*:498d2930dd] Wanneer het verwijderen klaar is, klik dan op de knop "View report" en selecteer het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
[*:498d2930dd] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:498d2930dd]
[color=#008000:498d2930dd]Notabene:[/color:498d2930dd] Herstart nu de computer.

angel-style 24 mei 2012, 06:39

bij de rabobank.
hier is de log:
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 23-5-2012 21:32:36
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 23-5-2012 21:33:00
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313352618437000 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859000 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859001 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314251800250000 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307915 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307916 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307964 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307979 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307994 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310033 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310920 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310921 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314277 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314967 Ontdekt: Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314968 Ontdekt: Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107320173 Ontdekt: Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107323575 Ontdekt: Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107335426 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107337886 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107341764 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107342673 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346290 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346291 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107347732 Ontdekt: Trace.TrackingCookie.www.etracker.de!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107363503 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107365619 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367022 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367023 Ontdekt: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107372912 Ontdekt: Trace.TrackingCookie.sex!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107375478 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377471 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377472 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384412 Ontdekt: Trace.TrackingCookie.adfarm1.adition.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384420 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387055 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387056 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387057 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107390022 Ontdekt: Trace.TrackingCookie.1xxx.cqcounter.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107392449 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107397488 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398215 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398216 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398757 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398758 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107399430 Ontdekt: Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107415975 Ontdekt: Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107420540 Ontdekt: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107428758 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429267 Ontdekt: Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429746 Ontdekt: Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107430230 Ontdekt: Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432175 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432183 Ontdekt: Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432221 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432248 Ontdekt: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Qohoza\xaepz.exe Ontdekt: Trojan-Spy.Zbot!IK
C:\Documents and Settings\Marc\Application Data\Sun\Java\Deployment\cache\6.0\36\2f60364-293e5b4d/Update.class Ontdekt: Exploit.Java.CVE-2011-3544!IK
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_0010a8/unnamed Ontdekt: HTML.Crypted!IK
C:\Documents and Settings\Marc\Local Settings\Temp\plugtmp-33\plugin-adfp2.php Ontdekt: Exploit.PDF!IK
C:\TDSSKiller_Quarantine\23.05.2012_18.25.56\mbr0000\mbr0000\tsk0000.dta Ontdekt: Trojan.DOS.Sinowal!IK
Gescand
Bestanden: 414943
Sporen: 555017
Cookies: 2183
Processen: 48
Gevonden
Bestanden: 5
Sporen: 0
Cookies: 66
Processen: 0
Registersleutels: 0
Scan Geëindigd: 24-5-2012 0:35:55
Scantijd: 3:02:55
C:\TDSSKiller_Quarantine\23.05.2012_18.25.56\mbr0000\mbr0000\tsk0000.dta Verwijderd Trojan.DOS.Sinowal!IK
C:\Documents and Settings\Marc\Local Settings\Temp\plugtmp-33\plugin-adfp2.php Verwijderd Exploit.PDF!IK
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache(2)\f_0010a8/unnamed Verwijderd HTML.Crypted!IK
C:\Documents and Settings\Marc\Application Data\Sun\Java\Deployment\cache\6.0\36\2f60364-293e5b4d/Update.class Verwijderd Exploit.Java.CVE-2011-3544!IK
C:\Documents and Settings\Marc\Application Data\Qohoza\xaepz.exe Verwijderd Trojan-Spy.Zbot!IK
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429267 Verwijderd Trace.TrackingCookie.tribalfusion.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107428758 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432175 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432183 Verwijderd Trace.TrackingCookie.www.belstat.nl!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107399430 Verwijderd Trace.TrackingCookie.ad.zanox.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107392449 Verwijderd Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107430230 Verwijderd Trace.TrackingCookie.www.belstat.be!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107390022 Verwijderd Trace.TrackingCookie.1xxx.cqcounter.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384412 Verwijderd Trace.TrackingCookie.adfarm1.adition.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107372912 Verwijderd Trace.TrackingCookie.sex!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107347732 Verwijderd Trace.TrackingCookie.www.etracker.de!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107337886 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367022 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107367023 Verwijderd Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107320173 Verwijderd Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107323575 Verwijderd Trace.TrackingCookie.eas4.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314967 Verwijderd Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314968 Verwijderd Trace.TrackingCookie.fr.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310920 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310921 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107335426 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107341764 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107397488 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107420540 Verwijderd Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107310033 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107384420 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432221 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107432248 Verwijderd Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314251800250000 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387055 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387056 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107387057 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107429746 Verwijderd Trace.TrackingCookie.adbrite.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313352618437000 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313300705093001 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859000 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1313697959859001 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307915 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307916 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307964 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307979 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107307994 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107314277 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107342673 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346290 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107346291 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107363503 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107365619 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107375478 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377471 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107377472 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398215 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398216 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398757 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107398758 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\5f78860i.default\cookies.sqlite:1314307107415975 Verwijderd Trace.TrackingCookie.nl.sitestat.com!A2
Verwijderd
Bestanden: 5
Sporen: 0
Cookies: 57

Abraham54 24 mei 2012, 08:18

Hoi - gooi de oude ComboFix naar de prullenbak.
Welk programma: [color=#008000:6859b30cfc]ComboFix[/color:6859b30cfc]
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
Moeilijkheidsgraad: Lees alles eerst goed vanwege de voorbereidingsfase.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via één van deze locaties:
[list:6859b30cfc][*:6859b30cfc]Bleepingcomputer
[*:6859b30cfc]ForoSpyware
[*:6859b30cfc]Geekstogo[/list:u:6859b30cfc]
Hier zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
Voor alle duidelijkheid nogmaals: ComboFix dient vanaf het bureaublad gestart te worden.
Opmerkingen:
[list:6859b30cfc][*:6859b30cfc] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
[*:6859b30cfc]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
[*:6859b30cfc]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:6859b30cfc]
ComboFix is opgestart:
[list:6859b30cfc][*:6859b30cfc]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:6859b30cfc]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
[*:6859b30cfc]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:6859b30cfc]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
[*:6859b30cfc]Post de inhoud van dit logbestand in je volgende bericht.
[*:6859b30cfc]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:6859b30cfc]
Belangrijke opmerking:
[list:6859b30cfc][*:6859b30cfc][color=#0000FF:6859b30cfc]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6859b30cfc]
[*:6859b30cfc][color=#FF0000:6859b30cfc]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6859b30cfc]
[*:6859b30cfc][color=#008000:6859b30cfc]Start dan de computer opnieuw op.[/color:6859b30cfc][/list:u:6859b30cfc]

angel-style 24 mei 2012, 22:22

Bij deze de nieuwe log,
nu weer vlug avira erop zetten, die kreeg ik namelijk zo vlug niet uitgeschakeld, bij de vorige combifix had ik namelijk een waarschuwing genegeerd, maar dat wilde ik nu niet doen.
ComboFix 12-05-24.03 - Angelique 24-05-2012 22:09:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1565 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-24 to 2012-05-24 ))))))))))))))))))))))))))))))
.
.
2012-05-23 18:53 . 2012-05-23 18:53 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend
2012-05-23 17:30 . 2012-05-23 19:29 -------- d-----w- c:\windows\system32\NtmsData
2012-05-23 16:27 . 2012-05-23 16:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS
2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED
2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES
2012-05-23 05:24 . 2012-05-23 05:24 -------- d-----w- c:\windows\system32\Adobe
2012-05-23 05:19 . 2012-05-23 05:22 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon
2012-05-23 05:15 . 2012-05-23 05:15 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn
2012-05-23 05:15 . 2012-05-23 20:25 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar
2012-05-23 05:15 . 2012-05-23 17:37 -------- d-----w- c:\documents and settings\Angelique\Application Data\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:55 . 2004-08-03 23:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-09-13 12:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2004-09-13 12:52 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-09-13 12:52 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-09-13 12:52 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-09-13 12:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-09-13 12:52 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-09-13 12:52 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-09-13 12:52 385024 ------w- c:\windows\system32\html.iec
2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-03-02 22:53 . 2011-09-09 17:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.49.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-24 20:07 . 2012-05-24 20:07 16384 c:\windows\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2012-01-03 3184240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992]
R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [25-3-2009 19:02 34760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-05-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-24 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3756)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-05-24 22:18:29
ComboFix-quarantined-files.txt 2012-05-24 20:18
ComboFix2.txt 2012-05-23 16:53
.
Pre-Run: 103.602.896.896 bytes beschikbaar
Post-Run: 103.591.497.728 bytes beschikbaar
.
- - End Of File - - 463F19080495CFED1066F2EB8B58E6DE

angel-style 29 mei 2012, 09:03

Ik breng het topic nog eens even onder de aandacht.
Is de geplaatste combofix log oke?
En is het weer veilig om thuis internetbankieren te starten?
Alvast bedankt voor reacties.
Groet
Angelique

Abraham54 29 mei 2012, 09:42

Hallo Angelique, ik heb jou schijnbaar over het hoofd heen gezien, dus die bump van je is perfekt.
Ja, in principe mag je alweer internetbankieren hoor.
Maar er moet nog het een en ander gedaan worden - we gebruiken daarvoor ComboFix opnieuw met een script.
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)".
Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster
[color=#0000FF:6684b9c373]ClearJavaCache::
File::
c:\program files\Ask.com\Updater\Updater.exe
c:\windows\system32\drivers\Partizan.sys
Folder::
c:\program files\Ask.com
Driver::
Partizan
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
"Babylon Client"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
DDS::
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm[/color:6684b9c373]

Sla dit kladblokbestand op je bureaublad op als CFScript.txt.
[color=#FF0000:6684b9c373]Nu eerst de antivirus en eventuele spywarescanners deaktiveren![/color:6684b9c373]
[color=#008000:6684b9c373]Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.[/color:6684b9c373]
Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post het Combofix-log dat na het opnieuw starten wordt getoond.
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt
Belangrijke opmerking:
[list:6684b9c373][*:6684b9c373][color=#FF0000:6684b9c373]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:6684b9c373]
[*:6684b9c373][color=#0000FF:6684b9c373]Illegal operation attempted on a registery key that has been marked for deletion.[/color:6684b9c373]
[*:6684b9c373][color=#FF0000:6684b9c373]Start dan de computer opnieuw op.[/color:6684b9c373][/list:u:6684b9c373]

angel-style 29 mei 2012, 19:06

Hoi Abraham54,
Dank je alweer voor je reactie.
Ik heb geduld hoor, ik kan me ook voorstellen dat je niet iedere dag tijd hebt om anderen te helpen :roll:
goed,
daar komt de logfile weer.
Combofix had trouwens zelf de pc opnieuw opgestart.
ComboFix 12-05-29.01 - Angelique 29-05-2012 18:49:40.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2046.1468 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Angelique\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Angelique\Bureaublad\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt
.
FILE ::
"c:\program files\Ask.com\Updater\Updater.exe"
"c:\windows\system32\drivers\Partizan.sys"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\drivers\Partizan.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PARTIZAN
-------\Service_Partizan
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-29 ))))))))))))))))))))))))))))))
.
.
2012-05-25 05:37 . 2012-05-25 05:37 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-25 05:30 . 2012-05-25 05:37 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-24 20:28 . 2012-05-24 20:28 -------- d-----w- c:\documents and settings\Angelique\Application Data\Avira
2012-05-24 20:23 . 2012-02-03 13:28 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-24 20:23 . 2012-02-03 13:28 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-24 20:23 . 2012-02-03 13:28 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-24 20:23 . 2012-05-24 20:23 -------- d-----w- c:\program files\Avira
2012-05-24 20:23 . 2012-05-24 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-05-23 18:53 . 2012-05-23 18:53 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend
2012-05-23 17:30 . 2012-05-23 19:29 -------- d-----w- c:\windows\system32\NtmsData
2012-05-23 16:27 . 2012-05-23 16:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS
2012-05-23 06:06 . 2012-05-23 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED
2012-05-23 06:06 . 2012-05-23 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES
2012-05-23 05:24 . 2012-05-23 05:24 -------- d-----w- c:\windows\system32\Adobe
2012-05-23 05:19 . 2012-05-23 05:22 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\Babylon
2012-05-23 05:15 . 2012-05-23 05:15 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\LogMeIn
2012-05-23 05:15 . 2012-05-23 20:25 -------- d-----w- c:\documents and settings\Angelique\Local Settings\Application Data\AskToolbar
2012-05-23 05:15 . 2012-05-23 17:37 -------- d-----w- c:\documents and settings\Angelique\Application Data\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 05:37 . 2011-09-29 19:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:55 . 2004-08-03 23:58 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2004-09-13 12:52 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:55 . 2004-09-13 12:52 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-09-13 12:52 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-09-13 12:52 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-09-13 12:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-03-02 22:53 . 2011-09-09 17:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_16.49.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-29 16:57 . 2012-05-29 16:57 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
+ 2012-05-25 05:30 . 2012-05-25 05:30 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-25 05:37 . 2012-05-25 05:37 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-25 05:37 . 2012-05-25 05:37 424096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-05-25 05:30 . 2012-05-25 05:37 257696 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-25 05:30 . 2012-05-25 05:30 8797856 c:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-13 8523776]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-11-28 1036288]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-07-06 14:32 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27-1-2010 19:33 64288]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-5-2012 22:23 36000]
R2 AntiVirSchedulerService;Avira Planner;c:\program files\Avira\AntiVir Desktop\sched.exe [24-5-2012 22:23 86224]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [20-6-2007 15:30 79168]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21-10-2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13-10-2011 18:21 249648]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6-7-2011 16:32 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11-1-2011 19:04 12856]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [27-4-2007 1:00 316992]
R2 TrueSwordSchedulerService;True Sword 5 Scheduler;c:\program files\True Sword 5\TrueSwordSchedule.exe [15-8-2011 19:48 828416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25-5-2012 7:30 257696]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [5-7-2010 22:59 16512]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 7:58 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-1-2010 8:26 22216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [28-1-2010 8:26 366152]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 05:37]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 05:58]
.
2012-05-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-04-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 18:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3568)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-29 19:03:30 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-29 17:03
ComboFix2.txt 2012-05-24 20:18
ComboFix3.txt 2012-05-23 16:53
.
Pre-Run: 102.759.084.032 bytes beschikbaar
Post-Run: 102.769.627.136 bytes beschikbaar
.
- - End Of File - - 8E26DE5CB095AD7AF1CFB62737D650F0

Abraham54 29 mei 2012, 20:26

Hoe gaat het nu?

angel-style 29 mei 2012, 21:03

De problemen die ik had met internet waren in feite al weg na de eerste combifix,.
met andere woorden, ik merk niets meer.
Ik begrijp uit jouw vraag, dat er ook niets meer in de log terug te vinden is??

Abraham54 29 mei 2012, 21:16

Fijn dat alles weer oké lijkt.
Als de laatste test ook schoon blijft, moet het goed zijn.
Doe de ESET online scan (Klik).
[list:56ef3731fe]
[*:56ef3731fe]Klik op de knop ESET Online Scanner
[*:56ef3731fe]Zet een vinkje bij YES, I accept the Terms of Use
[*:56ef3731fe]Klik op Start
[*:56ef3731fe]Sta het ActiveX control toe om te installeren.
[*:56ef3731fe]Zet een vinkje bij de volgende opties:
[list:56ef3731fe][*:56ef3731fe]Remove found threats
[*:56ef3731fe]Scan archives[/list:u:56ef3731fe]
[*:56ef3731fe]Klik vervolgens op [color=#0000FF:56ef3731fe]"Advanced Settings"[/color:56ef3731fe]
[list:56ef3731fe][*:56ef3731fe]Scan for potentially unwanted applications
[*:56ef3731fe]Scan for potentially unsafe applications
[*:56ef3731fe]Enable Anti-Stealth technology [/list:u:56ef3731fe]
[*:56ef3731fe]Klik op Start
[*:56ef3731fe]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
[*:56ef3731fe]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
[*:56ef3731fe]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
[*:56ef3731fe]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:56ef3731fe]
[color=#0000FF:56ef3731fe]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/color:56ef3731fe]

angel-style 29 mei 2012, 23:29

klaar............
maaruh,
toch nog 6 meldingen gekregen :cry:
Maar wie weet valt het toch wel mee
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=de376b363ca46f47a4fad7305ffad576
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-29 09:26:12
# local_time=2012-05-29 11:26:12 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 428911 428911 0 0
# compatibility_mode=8192 67108863 100 0 100 100 0 0
# scanned=158846
# found=6
# cleaned=6
# scan_time=6874
C:\Documents and Settings\Marc\Local Settings\Temp\sivSetup.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Marc\Local Settings\Temp\ICReinstall\cnet_PrintSpoolerFixUtility_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Marc\Mijn documenten\Downloads\cnet_PrintSpoolerFixUtility_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP1124\A0288375.exe a variant of Win32/Kryptik.ZNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{CB32FFED-FFB0-4F82-9D41-E1A8368D0A19}\RP1129\A0289192.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Abraham54 30 mei 2012, 08:03

Hallo, we gaan nog een keer uitgebreid kijken:
Welk programma: [color=#008000:fbfdae6836]OTL.com[/color:fbfdae6836]
Waarvoor/waarom: multifunktioneel tool - analyse en fix
Moeilijkheidsgraad: geen.
Download: OTL en plaats het bestand op het bureaublad.
[color=#008000:fbfdae6836]OTL.com[/color:fbfdae6836] gebruiken:
[list:fbfdae6836][*:fbfdae6836] [color=#0000FF:fbfdae6836]Sluit nu eerst alle nog openstaande programmavensters![/color:fbfdae6836]
[list:fbfdae6836][*:fbfdae6836]Dubblklik op
[/list:u:fbfdae6836][/list:u:fbfdae6836]
[list:fbfdae6836][*:fbfdae6836]Zet een vinkje bij [color=#0000FF:fbfdae6836]Scan All Users[/color:fbfdae6836].
[*:fbfdae6836]Klik op .
[*:fbfdae6836]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
[*:fbfdae6836]De scan zal niet heel erg lang duren.
[list:fbfdae6836][*:fbfdae6836]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: OTL.Txt en Extras.txt.
[*:fbfdae6836]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:fbfdae6836]
[*:fbfdae6836][color=#008000:fbfdae6836]Notabene:[/color:fbfdae6836] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:fbfdae6836]

angel-style 30 mei 2012, 18:52

hoihoi,
Terug van mijn werk de scan laten lopen.
Bijgaand de logfiles
OTL logfile created on: 30-5-2012 18:44:31 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Angelique\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,65% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,93 Gb Total Space | 95,57 Gb Free Space | 64,17% Space Free | Partition Type: NTFS

Computer Name: CP-597526-A | User Name: Angelique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:a20cf19a8f]========== Processes (SafeList) ==========[/color:a20cf19a8f]

PRC - [2012-05-30 18:41:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelique\Bureaublad\OTL.com
PRC - [2012-02-03 15:28:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012-02-03 15:28:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-02-03 15:28:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012-02-03 15:28:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-10-21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011-10-13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011-07-06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011-01-11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010-04-06 01:26:36 | 000,828,416 | ---- | M] (Security Stronghold) -- C:\Program Files\True Sword 5\TrueSwordSchedule.exe
PRC - [2009-11-18 13:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008-07-17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2007-10-03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-10-03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007-06-20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2007-04-27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007-04-27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2006-10-20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


[color=#E56717:a20cf19a8f]========== Modules (No Company Name) ==========[/color:a20cf19a8f]

MOD - [2012-02-03 15:28:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009-11-05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


[color=#E56717:a20cf19a8f]========== Win32 Services (SafeList) ==========[/color:a20cf19a8f]

SRV - [2012-05-25 07:37:18 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-02-03 15:28:22 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-02-03 15:28:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-10-21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-10-13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011-08-31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-07-06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011-07-06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011-01-11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010-04-06 01:26:36 | 000,828,416 | ---- | M] (Security Stronghold) [Auto | Running] -- C:\Program Files\True Sword 5\TrueSwordSchedule.exe -- (TrueSwordSchedulerService)
SRV - [2008-07-29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-17 16:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2008-04-14 19:03:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008-04-14 19:03:08 | 000,113,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008-04-14 19:02:31 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008-04-14 19:02:29 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008-04-14 19:02:22 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007-10-03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007-06-20 15:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2007-04-27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007-04-27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007-02-05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007-02-05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006-12-14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006-12-14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006-12-14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2003-01-17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\drivers\papycpu2.sys -- (papycpu2)
SRV - [2003-01-17 03:59:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


[color=#E56717:a20cf19a8f]========== Driver Services (SafeList) ==========[/color:a20cf19a8f]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012-02-03 15:28:37 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-02-03 15:28:37 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012-02-03 15:28:37 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011-08-31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-07-06 16:32:50 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011-01-11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011-01-11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010-12-03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010-06-17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-08-05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008-11-11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-11-11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-11-11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-07-11 07:05:00 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2008-07-11 07:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2008-04-14 18:43:25 | 000,120,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008-04-14 18:40:12 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008-04-14 18:37:32 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008-04-13 20:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008-04-13 20:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008-04-13 20:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008-04-13 20:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008-04-13 20:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008-04-13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008-03-27 18:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008-02-11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008-01-24 15:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008-01-24 15:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008-01-24 15:09:14 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2008-01-24 15:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008-01-24 15:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007-11-28 21:59:14 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007-07-05 15:16:56 | 000,238,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2007-07-05 15:16:56 | 000,014,976 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2007-06-20 15:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2007-06-06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004-08-04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004-08-04 13:00:00 | 000,006,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003-01-17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\WINDOWS\system32\drivers\papycpu2.sys -- (papycpu2)
DRV - [2003-01-17 03:59:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)
DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001-09-06 21:14:20 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001-09-06 20:02:58 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001-09-06 19:37:58 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2001-08-17 23:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2001-08-17 23:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 23:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 23:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2001-08-17 23:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2001-08-17 23:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001-08-17 23:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 22:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2001-08-17 22:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2001-08-17 22:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 22:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2001-08-17 22:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001-08-17 22:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2001-08-17 22:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2001-08-17 22:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001-08-17 22:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2001-08-17 22:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2001-08-17 22:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001-08-17 22:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)


[color=#E56717:a20cf19a8f]========== Standard Registry (SafeList) ==========[/color:a20cf19a8f]


[color=#E56717:a20cf19a8f]========== Internet Explorer ==========[/color:a20cf19a8f]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes,DefaultScope = {DF0F4CF1-7C0D-4E0C-BBBD-4FD081AD78FD}
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{DF0F4CF1-7C0D-4E0C-BBBD-4FD081AD78FD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{E4AAD716-DA23-4BED-BAA6-CDE282F0F14D}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={C462929C-7DFA-4403-B580-0529591231C2}
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717:a20cf19a8f]========== FireFox ==========[/color:a20cf19a8f]

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2009-05-01 23:54:22 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009-05-01 23:54:22 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-03-03 00:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-08-25 23:27:31 | 000,000,000 | ---D | M]

[2010-01-27 19:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Extensions
[2011-08-15 21:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions
[2010-01-27 19:57:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-11-06 13:07:22 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2011-07-31 22:23:33 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011-11-10 13:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008-12-09 18:22:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012-03-03 00:53:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-05-04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-03-31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010-04-08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010-07-05 23:05:17 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012-02-25 17:40:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-02-25 17:40:48 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-02-25 17:40:48 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012-02-25 17:40:48 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

[color=#E56717:a20cf19a8f]========== Chrome ==========[/color:a20cf19a8f]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Angelique\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Angelique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Babylon Translator = C:\Documents and Settings\Angelique\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\

O1 HOSTS File: ([2012-05-29 18:56:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Marc\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game04.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB46CA2-4499-462D-BE7B-E03BC71D50DC}: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-09-13 15:06:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717:a20cf19a8f]========== Files/Folders - Created Within 30 Days ==========[/color:a20cf19a8f]

[2012-05-30 18:42:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Angelique\Bureaublad\OTL.com
[2012-05-29 23:36:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-05-29 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-24 22:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Application Data\Avira
[2012-05-24 22:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Avira
[2012-05-24 22:23:08 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012-05-24 22:23:08 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012-05-24 22:23:08 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012-05-24 22:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012-05-24 22:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012-05-24 21:59:42 | 004,530,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Angelique\Bureaublad\ComboFix.exe
[2012-05-23 21:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Bureaublad\EmsisoftEmergencyKit
[2012-05-23 19:30:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012-05-23 18:38:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-23 18:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-23 18:36:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-23 18:36:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-23 18:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-23 18:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-23 18:31:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-23 18:31:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Angelique\Menu Start\Programma's\Systeembeheer
[2012-05-23 18:27:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012-05-23 18:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Bureaublad\tdsskiller
[2012-05-23 08:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2012-05-23 08:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2012-05-23 08:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2012-05-23 07:24:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012-05-23 07:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Local Settings\Application Data\Babylon
[2012-05-23 07:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Local Settings\Application Data\LogMeIn
[2012-05-23 07:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Local Settings\Application Data\AskToolbar
[2012-05-23 07:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angelique\Application Data\Babylon
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717:a20cf19a8f]========== Files - Modified Within 30 Days ==========[/color:a20cf19a8f]

[2012-05-30 18:41:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angelique\Bureaublad\OTL.com
[2012-05-30 18:40:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-30 18:39:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-05-30 18:39:43 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-30 18:39:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-30 18:39:32 | 2144,980,992 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-30 09:37:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-30 08:55:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-29 19:14:23 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job
[2012-05-29 18:56:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-29 18:48:10 | 004,530,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Angelique\Bureaublad\ComboFix.exe
[2012-05-28 17:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2012-05-24 22:23:21 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Avira Control Center.lnk
[2012-05-24 06:57:01 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk
[2012-05-23 21:27:48 | 133,736,152 | ---- | M] () -- C:\Documents and Settings\Angelique\Bureaublad\EmsisoftEmergencyKit.zip
[2012-05-23 18:38:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-05-23 07:21:43 | 087,546,928 | ---- | M] () -- C:\Documents and Settings\Angelique\Bureaublad\avira_free_antivirus_nl.exe
[2012-05-10 07:08:15 | 000,630,186 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-05-10 07:08:15 | 000,552,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-05-10 07:08:15 | 000,128,304 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-05-10 07:08:15 | 000,101,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-05-10 07:00:50 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-09 22:06:55 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-05-03 18:10:04 | 000,081,747 | ---- | M] () -- C:\Documents and Settings\Angelique\Mijn documenten\Afschrift-114405522-0220.pdf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717:a20cf19a8f]========== Files Created - No Company Name ==========[/color:a20cf19a8f]

[2012-05-25 07:30:28 | 000,000,940 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-24 23:06:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-05-24 22:23:21 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Avira Control Center.lnk
[2012-05-23 21:26:52 | 133,736,152 | ---- | C] () -- C:\Documents and Settings\Angelique\Bureaublad\EmsisoftEmergencyKit.zip
[2012-05-23 18:38:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-05-23 18:38:30 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2012-05-23 18:36:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-23 18:36:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-23 18:36:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-23 18:36:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-23 18:36:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-23 07:21:35 | 087,546,928 | ---- | C] () -- C:\Documents and Settings\Angelique\Bureaublad\avira_free_antivirus_nl.exe
[2012-05-03 18:10:04 | 000,081,747 | ---- | C] () -- C:\Documents and Settings\Angelique\Mijn documenten\Afschrift-114405522-0220.pdf
[2012-02-14 22:53:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-04-23 07:02:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-04-23 07:02:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-04-05 22:56:58 | 000,531,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2138607393-1720253505-3263822841-1006-0.dat
[2011-04-05 22:56:58 | 000,281,694 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010-07-23 21:07:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[color=#E56717:a20cf19a8f]========== LOP Check ==========[/color:a20cf19a8f]

[2010-11-06 13:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1D3E
[2012-05-29 18:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012-03-01 20:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2009-01-31 18:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011-09-25 10:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Het Digitale Huis
[2010-01-28 08:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012-05-23 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\INFECTED
[2012-05-23 18:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LOGFILES
[2011-08-17 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2008-07-22 16:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011-08-15 21:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2012-05-23 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REPORTS
[2008-05-06 08:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012-05-23 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\Babylon
[2010-11-06 13:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\bearsharemediabartb
[2012-01-14 09:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Babylon
[2012-05-03 18:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Belastingdienst
[2011-07-14 16:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Bytue
[2012-03-01 20:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\DraftSight
[2011-08-14 22:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\ElevatedDiagnostics
[2011-04-05 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Garmin
[2011-05-25 19:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Huer
[2012-01-27 09:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Ivib
[2010-11-17 08:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\LG Electronics
[2009-10-04 10:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\OpenOffice.org
[2011-09-09 23:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Opera
[2011-08-26 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\PriceGong
[2012-05-24 06:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Qohoza
[2011-08-18 23:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\QuickScan
[2011-05-25 09:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Ugyf
[2011-07-08 13:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Yvytre
[2008-09-24 19:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Zylom
[2012-05-28 17:00:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2012-04-05 06:19:42 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2012-05-29 19:14:23 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E9AF3B0A-C52E-445B-845F-676F41AB08FF}.job

[color=#E56717:a20cf19a8f]========== Purity Check ==========[/color:a20cf19a8f]



[color=#E56717:a20cf19a8f]========== Alternate Data Streams ==========[/color:a20cf19a8f]

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

angel-style 30 mei 2012, 18:55

de extras.txt staat er dus inderdaad niet helemaal op,
dus maar even in een nieuw bericht.
OTL Extras logfile created on: 30-5-2012 18:44:31 - Run 1
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Documents and Settings\Angelique\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,65% Memory free
3,85 Gb Paging File | 3,45 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,93 Gb Total Space | 95,57 Gb Free Space | 64,17% Space Free | Partition Type: NTFS

Computer Name: CP-597526-A | User Name: Angelique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:53068ea8cc]========== Extra Registry (SafeList) ==========[/color:53068ea8cc]


[color=#E56717:53068ea8cc]========== File Associations ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[color=#E56717:53068ea8cc]========== Shell Spawning ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717:53068ea8cc]========== Security Center Settings ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717:53068ea8cc]========== System Restore Settings ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717:53068ea8cc]========== Firewall Settings ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"80:TCP" = 80:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

[color=#E56717:53068ea8cc]========== Authorized Applications List ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe" = C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season -- (Sierra Entertainment, Inc.
Bellevue, WA 98005)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


[color=#E56717:53068ea8cc]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:53068ea8cc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{1714C437-23D3-423a-8D78-7ECE5C6BD2AD}_is1" = DBB Regelgeving 2008 1.2
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
"{30ED8F74-4222-4500-95A4-89651D56D349}" = OpenOffice.org 3.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34EE7FA0-B2D5-11D3-A666-9AC0085B326B}" = ASD tekenmethodiek 5.8
"{34EE7FA0-B2D5-11D3-A666-9AC0085B326B}_is1" = ASD 6.4 6.4
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87A003CE-22FD-4952-9B0F-B98304A13427}" = DraftSight
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A81300000003}" = Adobe Reader 8.1.3 - Nederlands
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B843C05E-B363-4F50-B594-F37E9C3CB2EE}_is1" = DBB 1.5.0.13
"{BBCDD043-4A5F-409C-B4E0-2759F459D1B9}_is1" = DBB Regelgeving 2011-1 1.0.0.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}" = Windows Live Family Safety
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{E56D5DC8-4C73-44B1-B650-AAD75C7A2701}" = Broadcom ASF Management Applications
"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
"Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010
"Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ARKEY 8" = ARKEY 8
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Babylon" = Babylon
"CCleaner" = CCleaner (remove only)
"Chord Finder" = Uninstall Super Guitar Chord Finder
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2008" = Finale NotePad 2008
"Free WMA to MP3 Changer_is1" = Free WMA to MP3 Changer version 1.0
"Google Chrome" = Google Chrome
"Het Digitale Huis Software Overzicht_is1" = Het Digitale Huis Software Overzicht 2.0
"Het Digitale Huis Software Updater_is1" = Het Digitale Huis Software Updater 2.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versie 1.51.2.1300
"mc3b626_is1" = MusiCAD 3.1 (build 626)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Normworm_is1" = Normworm 8.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Opera 11.64.1403" = Opera 11.64
"popupcard_en" = Pop-Up Card Designer
"Spyware Doctor" = Spyware Doctor 7.0
"True Sword 5_is1" = True Sword 5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717:53068ea8cc]========== HKEY_USERS Uninstall List ==========[/color:53068ea8cc]

[HKEY_USERS\S-1-5-21-2138607393-1720253505-3263822841-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

[color=#E56717:53068ea8cc]========== Last 10 Event Log Errors ==========[/color:53068ea8cc]

[ Application Events ]
Error - 23-5-2012 12:24:29 | Computer Name = CP-597526-A | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 23-5-2012 12:52:57 | Computer Name = CP-597526-A | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 23-5-2012 17:00:00 | Computer Name = CP-597526-A | Source = TrueSwordSchedule.exe | ID = 0
Description =

Error - 24-5-2012 1:12:34 | Computer Name = CP-597526-A | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 24-5-2012 16:23:33 | Computer Name = CP-597526-A | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 24-5-2012 16:23:33 | Computer Name = CP-597526-A | Source = crypt32 | ID = 131083
Description = Het uitpakken van een basislijst uit de cab voor automatische updates
is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
met de fout: Een vereist certificaat valt niet binnen de geldigheidsperiode als
gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende
bestand.

Error - 24-5-2012 16:23:48 | Computer Name = CP-597526-A | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: Deze bewerking is geretourneerd omdat de time-outperiode
verlopen is.

Error - 24-5-2012 17:00:00 | Computer Name = CP-597526-A | Source = TrueSwordSchedule.exe | ID = 0
Description =

Error - 27-5-2012 4:57:08 | Computer Name = CP-597526-A | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 29-5-2012 17:00:00 | Computer Name = CP-597526-A | Source = TrueSwordSchedule.exe | ID = 0
Description =

[ System Events ]
Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat TEAC USB HS-xD/SM USB Device (USBSTOR\Disk&Ven_TEAC&Prod_USB___HS-xD/SM&Rev_4.08\00000114F40E&1)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat TEAC USB HS-MS Card USB Device (USBSTOR\Disk&Ven_TEAC&Prod_USB___HS-MS_Card&Rev_4.08\00000114F40E&2)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat TEAC USB HS-SD Card USB Device (USBSTOR\Disk&Ven_TEAC&Prod_USB___HS-SD_Card&Rev_4.08\00000114F40E&3)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&11957f07&0&RM)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&11b93931&0&RM)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&16f76511&0&RM)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 24-5-2012 0:36:17 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 12
Description = Het apparaat Algemeen volume (STORAGE\RemovableMedia\7&6c7ed&0&RM)
is uit het systeem verdwenen zonder dat de verwijdering is voorbereid.

Error - 26-5-2012 2:56:54 | Computer Name = CP-597526-A | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: COM-service voor IMAPI cd-branders.

Error - 26-5-2012 2:56:54 | Computer Name = CP-597526-A | Source = Service Control Manager | ID = 7000
Description = De COM-service voor IMAPI cd-branders-service kan vanwege de volgende
fout niet worden gestart: %%1053

Error - 29-5-2012 12:56:40 | Computer Name = CP-597526-A | Source = PlugPlayManager | ID = 11
Description = Het apparaat Root\LEGACY_PARTIZAN\0000 is uit het systeem verdwenen
zonder dat de verwijdering is voorbereid.


< End of report >

Abraham54 30 mei 2012, 19:14

Hoi, ik wil dat je nu eerst het volgende doet:
ga naar Configuratiescherm\Software en verwijder daar
a) Lavasoft AdAware
en
b) PCTools Spyware Doctor
Beide tools heb je niet meer nodig.
Daarna:
sluit voordat [color=#008000:67e0985a9b]OTL[/color:67e0985a9b] de fix laat doen, eerst alle andere openstaande vensters!
[list:67e0985a9b][*:67e0985a9b]Dubblklik op
[*:67e0985a9b]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder
[color=#0000FF:67e0985a9b]
:OTL
IE - HKU\S-1-5-21-2138607393-1720253505-3263822841-1005\..\SearchScopes\{E4AAD716-DA23-4BED-BAA6-CDE282F0F14D}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={C462929C-7DFA-4403-B580-0529591231C2}
[2010-11-06 13:07:22 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010-07-05 23:05:17 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010-09-14 14:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Angelique\Local Settings\Application
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
[2012-05-29 18:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010-01-28 08:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012-05-23 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\Babylon
[2010-11-06 13:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Angelique\Application Data\bearsharemediabartb
[2012-01-14 09:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Babylon
[2011-08-26 07:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\PriceGong
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[createrestorepoint]
[reboot][/color:67e0985a9b]

[*:67e0985a9b]Klik daarna bovenaan op
[*:67e0985a9b]Laat het programma ongestoord zijn werk doen.
[*:67e0985a9b][color=#FF0000:67e0985a9b]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/color:67e0985a9b]
[*:67e0985a9b]Klik op OK
[*:67e0985a9b]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
[*:67e0985a9b]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:67e0985a9b]

angel-style 30 mei 2012, 19:28

lavasoft adaware vond ik onder adaware oulook email scan of iets dergelijks. Die heb ik verwijderd/
spywaredoctor krijg ik niet verwijdert,
de volgende foutmelding komt dan:
Message file" :\program Files\spyware Doctor\unins000.msg" is missing.
Please correct the problem or obtain a new copy of the program.
Een nieuwe versie eroverheen zetten lukt niet, dan wordt gezegd dat de oude eerst verwijdert dient te worden.
Wat is nu wijsheid in deze?
Kan ik jouw vervolgstappen dan nu toch gewoon uitvoeren?

Abraham54 30 mei 2012, 19:37

Eerst OTL doen en het log posten.
Daarna kom ik er op terug en moeten we Java gaan regelen, want ook daarvan zit er een redelijke hoop rotzooi in jouw Windows!

angel-style 30 mei 2012, 20:01

daar zijn we weer
de OTL heeft gedraaid opnieuw opgestart en dit is de log
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2138607393-1720253505-3263822841-1005\Software\Microsoft\Internet Explorer\SearchScopes\{E4AAD716-DA23-4BED-BAA6-CDE282F0F14D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4AAD716-DA23-4BED-BAA6-CDE282F0F14D}\ not found.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\components folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\data\search folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\data folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Mozilla\Firefox\Profiles\2rynkuch.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml moved successfully.
File C:\Documents and Settings\Angelique\Local Settings\Application not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\js folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\rslt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\Ftxt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\frameIE6 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\frame2_ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\frame\Tabs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\frame folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\dropdown folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\controls folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\Btn folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6\banner1_ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img-ie6 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\rslt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\Ftxt folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\frame2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\frame\Tabs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\frame folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\dropdown folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\crsl_ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\controls folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\cmnty folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\Btn folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img\banner_ folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\img folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\WelcomeScreen folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\WaitForRes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\MsgResult folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\KeyHandlerJS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\img folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\GlossResult folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\ExpTransCap folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\ExpNag folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\ExpDefault folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\ExpDailyCap folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\EmptyTrans folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\DwnldInst folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\CorrectResult folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\CorpGlossResult folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\ConvertResult folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\Convert folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\ConjWait folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\Conjugation folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\AutoComp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\AskComm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\AddGloss folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content\AcrbtOcrHelp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Content folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Config\img folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI\Config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\LocalUI folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon\Gloss folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Hitman Pro\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Hitman Pro folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Babylon\updates folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Babylon\Content\icons folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Babylon\Content folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Angelique\Application Data\bearsharemediabartb folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Babylon\updates folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Babylon\Content\icons folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Babylon\Content folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\Marc\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Marc\Application Data\PriceGong folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
[color=#A23BEC:a706724d70]< ipconfig /flushdns /c >[/color:a706724d70]
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Documents and Settings\Angelique\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Angelique\Bureaublad\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Angelique
->Temp folder emptied: 4115 bytes
->Temporary Internet Files folder emptied: 8549690 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23185138 bytes
->Google Chrome cache emptied: 288663139 bytes
->Flash cache emptied: 4893 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Marc
->Temp folder emptied: 2548479514 bytes
->Temporary Internet Files folder emptied: 10948589 bytes
->Java cache emptied: 561495 bytes
->FireFox cache emptied: 789563484 bytes
->Google Chrome cache emptied: 334327332 bytes
->Opera cache emptied: 19462244 bytes
->Flash cache emptied: 96388 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1478813 bytes
%systemroot%\System32 .tmp files removed: 2845 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3583 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.839,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Angelique
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: Marc
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Angelique
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: Marc
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.44.0 log created on 05302012_194249
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Marc\Local Settings\Temp\Temporary Internet Files\Content.IE5\S56ZS5I7\ra=0ST8R7UI9X7WZBZDEWDOKIJST0WAMTOF&sessioncookie=QYWGRZT3CMPXLO3I4E1UXNH7JRX7XA8F&cookie=6KRR9KMX1GAFEMBOV0HXN3MOFGRN[1].html%3Bprev_next%3Dnext&screen=1280x1024&localtime=18%3A15 not found!
File\Folder C:\Documents and Settings\Marc\Local Settings\Temp\Temporary Internet Files\Content.IE5\S56ZS5I7\ra=GOWG2AD3W43SRQ2DYGBJSR88DOKT5MOL&sessioncookie=QYWGRZT3CMPXLO3I4E1UXNH7JRX7XA8F&cookie=6KRR9KMX1GAFEMBOV0HXN3MOFGRN1KK9&browsertoken=U[1].html&screen=1280x1024&localtime=18%3A15 not found!
File\Folder C:\Documents and Settings\Marc\Local Settings\Temp\Temporary Internet Files\Content.IE5\S56ZS5I7\ra=MRNZ3PALQ1SXKHT6K0HKGFYXZEKXKSAJ&sessioncookie=QYWGRZT3CMPXLO3I4E1UXNH7JRX7XA8F&cookie=6KRR9KMX1GAFEMBOV0HXN3MOFGRN[1].html%3Bprev_next%3Dprev&screen=1280x1024&localtime=18%3A16 not found!
File\Folder C:\Documents and Settings\Marc\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PYJGTAB\ra=W[1].nl%2Fsearch%3Fhl%3Dnl%26rlz%3D1T4SUNA_enNL274NL274%26q%3Dvochtafdrijvend%2Bvoedsel%2Bbij%2Bvasthouden%2Bvan%2Bvocht%26start%3D10%26sa%3DN&screen=1280x1024&localtime=18%3A14 not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...

Abraham54 30 mei 2012, 22:52

Doe nu een test, om te kijken hoe goed de huidige veiligheidssituatie in Windows is.
Download naar je bureaublad [color=#0000FF:0622d961d1]Security Check[/color:0622d961d1].
[list:0622d961d1][*:0622d961d1] Klik/dubbelklik op SecurityCheck.exe en let op de instrukties in het zwarte venster.
[*:0622d961d1] Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
[*:0622d961d1] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:0622d961d1]
Post de inhoud van checkup.txt in je volgende post.

angel-style 30 mei 2012, 23:22

dat was snel gedaan,
bijgaand het txt bestand
Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off (uit).
A
v
i
r
a
ECHO is off (uit).
D
e
s
k
t
o
p
ECHO is off (uit).
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0
CCleaner (remove only)
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (Firefox,. Firefox out of Date!
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Abraham54 31 mei 2012, 07:35

Drie Java's, die oud zijn en dus een beveiligingsrisiko vormen.
Dat zelfde geldt voor Adobe Reader.
En ook de Flashplayer is al weer verouderd.
Nu is het belangrijk te weten welke browser jij standaard gebruikt,
En die Marc, welke brwser gebruikt deze gebruiker standaard?
Daar wil ik graag antwoord op hebben.
Ook vreemd overigens, dat er twee versies van Chrome zijn geïnstalleerd!
We gaan nu eerst Java aanpakken:
download daarom nu eerst Java 7 Update 4 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline naar het bureaublad.
Echter nog niet de nieuwe versie installeren!
Je gaat daarna eerst naar Configuratiescherm
[list:3c81fbe8ce][*:3c81fbe8ce]Software - Windows 2000/Windows XP
[*:3c81fbe8ce]Programma's en onderdelen - Windows Vista en Windows 7[/list:u:3c81fbe8ce] en je verwijdert daar
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Vervolgens start jij je PC opnieuw op.
Dan mag je daarna de nieuwste Java versie installeren.

angel-style 31 mei 2012, 08:02

oke............géén idee hoe dat allemaal komt.
Als basisbrowser gebruik ikzelf chrome.
Marc (mijn echtgenoot) heeft vroeger gewoon internetexplorer gebruikt, toen die problemen gaf, overgestapt naar mozilla en nu eigenlijk standaard opera.
We hebben twee inlogprofielen op de pc. Feitelijk gebruiken we alleen het profiel van Marc.
Alle fixen e.d. heb ik nu vanaf Angelique gedaan.
Kan dat er iets mee te maken hebben met dubbele programma's?
Ik zal straks de volgende geadviseerde stappen ondernemen. Moet nu naar mijn werk.
Thanx alweer voor de reactie!!

Abraham54 31 mei 2012, 08:15

Wat je nu vertelt is mij duidelijk.
Eigenlijk had je dus de hele fix vanuit dat andere account moeten doen!
Maar verwijder dan de oudste versie van Chrome!
En ik heb mij overigens vergist: de Flashplayer in Windows is up to date.
Dus moet enkel ook nog Adobe Reader vernieuwd worden.
Adobe Reader Versie X (10.1.0) is uit - deze is veiliger dan de voorgaande Readers, doordat deze versie in een virtuele omgeving opstart!
Dus: verwijder eerst de oude Adobe Reader en dan ga naar http://get.adobe.com/nl/reader/ om de nieuwste versie te verkrijgen!
Vink wel eerst de meeliftende software van Google of McAfee uit, indien je die niet erbij wil hebben!
Doordat Adobe de download van de Reader zelf niet heeft geupdated, dien je alsnog dat zelf te doen - hoe, dat lees je hieronder.
Adobe Reader updaten:
dat doe je door in de menubalk van Adobe Reader op de knop Help te klikken
en vervolgens in het uitklapmenu op Controleren op updates... te klikken.
De updater zal dan aktief worden, let op meldingen.
Is er een update beschikbaar, geef akkoord en wacht verdere meldingen in de systray af.
N.B. - zorg er wel voor dat Adobe Reader afgesloten is indien de update wordt geïnstalleerd.

angel-style 31 mei 2012, 22:38

De twee inlogprofielen zijn volgens mij geheel met elkaar verbonden.
Ik kan via de verkenner gewoon alles op het profiel van marc via angelique bereiken en vice verza. Tevens komt, als een programma op het ene profiel is geinstalleerd de snelkoppeling ook gewoon op het andere bureaublad te staan en in de lijst.
Missschien is dat wel normaal, dat weet ik niet. :roll:
In het configuratiescherm kan ik maar 1 versie van Chrome vinden? En op beide profielen wordt bij chrome hetzelfde versienummer getoond.
Hier heb ik dus even niets mee gedaan.
Ook met java heb ik dus niets gedaan, aangezien je schreef dat deze naderhand toch juist bleek te zijn, of moeten de updates toch verwijderd worden?
Adobe is dus nu wel eerst verwijderd om daarna (na nieuw opstarten) via jouw link de laatste versie te installeren en tevens nog een update gedraaid.
Overigens heb ik dit dus nu weer vanaf het profiel van " angelique" gedaan.
Tot zover dan weer de acties.

Abraham54 31 mei 2012, 22:46

Welnu, start SecurityCheck dan nogmaals en post het nieuwe log.

angel-style 1 juni 2012, 07:19

Hiebij dan weer de nieuwe log
Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 7.0
CCleaner (remove only)
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (Firefox,. Firefox out of Date!
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Abraham54 1 juni 2012, 08:51

Het is maar goed dat je nogmaals een log hebt gepost.
Je heb schijnbaar een bericht van mij deels gemist, dus nogmaals:
[color=#008000:d039d432f2]gaan we nu alsnog Java aanpakken:[/color:d039d432f2]
download nu eerst Java 7 Update 4 (x86) voor Windows 7/XP/Vista/2000/2003/2008 Offline naar het bureaublad.
Echter nog niet de nieuwe versie installeren!
Je gaat daarna eerst naar Configuratiescherm
[list:d039d432f2][*:d039d432f2]Software - Windows 2000/Windows XP
[*:d039d432f2]Programma's en onderdelen - Windows Vista en Windows 7[/list:u:d039d432f2] en je verwijdert daar
Java(TM) 6 Update 26
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Vervolgens start jij je PC opnieuw op.
Dan mag je daarna de nieuwste Java versie installeren.

Antwoord niet gevonden? Stel hier je vraag: