babylon komt steeds terug.

anoniem · 30 december 2011

Hallo, Ik zocht een nieuwe driver, dacht die te hebben gevonden en klikte op "installeren". Tja, geen nieuwe driver dus maar wel een opdringerige "Babylon" als toolbar. Ik heb het meeste eraf kunnen krijgen en Windows' zoekfunctie kan niets meer vinden met de naam Babylon erin, maar toch: Babylon is er dus nog altijd. Kan iemand me helpen ? Alvast bedankt.

anoniem · 2 januari 2012

nou het viel mij op dat ik de gewone Google niet als standaardbrowser (via "extra > opties "bij FF) kon aanhouden, en dat vond ik wel heel kwaadaardig en vervelend. Kon wel via de knop "startpagina"Rechts boven. Nu is alles hopelijk goed, voor zo lang als het duurt.fjs

anoniem · 2 januari 2012

Laat maar weten of je dit via een fix opgelost wil hebben.

anoniem · 2 januari 2012

had zelf al (ja ik weet dat dat niet mag door leken) een fix gedaan van een regel met Babylon in HJT die als fout werd aangemerkt. Alles is nu goed. Hartelijk dank.

anoniem · 2 januari 2012

Dat betekent dus dat Babylon nog steeds in Windows zit, ook is het op de beschreven wijze gefit. Dat is dus amateurwerk en is een tijdelijke oplossing.

anoniem · 2 januari 2012

dan hoor ik graag wat ik zou moeten doen.

anoniem · 2 januari 2012

Dan gaan we beginnen: [b:17920c994e]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:17920c994e] [color=blue:17920c994e][list:17920c994e][*:17920c994e]Lees alle instrukties goed door. [*:17920c994e]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken. [*:17920c994e]Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken. [*:17920c994e]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken. [*:17920c994e]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht. [*:17920c994e]De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:17920c994e][/color:17920c994e] [color=#FF0000:17920c994e][b:17920c994e]Stap •1•[/b:17920c994e][/color:17920c994e] [[b:17920c994e]Welk programma[/b:17920c994e]: Kaspersky [b:17920c994e]TDSSKiller[/b:17920c994e] [b:17920c994e]Waarvoor/waarom[/b:17920c994e]: Rootkitscanner [b:17920c994e]Moeilijkheidsgraad[/b:17920c994e]: geen [b:17920c994e]Downloadlokatie[/b:17920c994e]: Dit programma absoluut naar het bureaublad downloaden of anders daar naar toe verplaatsen! [b:17920c994e]Download[/b:17920c994e] [b:17920c994e]TDSSKiller[/b:17920c994e] [url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip][b:17920c994e]hier[/b:17920c994e][/url]. [b:17920c994e]Installatie[/b:17920c994e]: [list:17920c994e][*:17920c994e] pak het bestand uit op je bureaublad.[/list:u:17920c994e] [b:17920c994e]TDSSKiller gebruiken[/b:17920c994e]: [list:17920c994e][*:17920c994e]Windows 2000 en Windows XP: start "TDSSKiller" middels dubbelklik op TDSSKiller.exe. [*:17920c994e]Windows Vista en Windows 7: start "TDSSKiller" middels rechtsklik op TDSSKiller.exe en dan kiezen voor [b:17920c994e]Als Administrator uitvoeren[/b:17920c994e].[/list:u:17920c994e] [list:17920c994e][*:17920c994e]Idien TDSSKiller met een bericht komt over een beschikbare update, dan voer je deze eerst uit, [*:17920c994e]klik daarvoor op de knop "Load update"[/list:u:17920c994e] [img:17920c994e]http://www.malwareinfo.nl/files/screens/TDSSkiller(update).jpg[/img:17920c994e] [list:17920c994e][*:17920c994e]Een nieuwe versie van TDSSkiller zal nu gedownload worden en sla deze op het bureaublad op. [*:17920c994e]Start nu TDSSkiller opnieuw. [*:17920c994e] Klik op "[b:17920c994e]Change parameters[/b:17920c994e]" en zorg dat de onderstaande opties allemaal aangevinkt zijn.[/list:u:17920c994e] [img:17920c994e]http://www.malwareinfo.nl/files/screens/TDSSkiller(opties).jpg[/img:17920c994e] [list:17920c994e][*:17920c994e]Klik vervolgens op de knop [b:17920c994e]"Start Scan"[/b:17920c994e] en volg de instructies. [*:17920c994e] Nadat de scan klaar is klik je op de knop [b:17920c994e]"Report"[/b:17920c994e]. [*:17920c994e]Er opent een kladblokbestand. Post de inhoud van dit bestand.[/list:u:17920c994e] [list:17920c994e][*:17920c994e][b:17920c994e]Herstart de pc indien TDSSKiller die optie aangeeft (Reboot now).[/b:17920c994e] [*:17920c994e]Wanneer het opnieuw opstarten noodzakelijk is, vind je de logfile in [b:17920c994e]C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt[/b:17920c994e][/list:u:17920c994e] [color=#0000FF:17920c994e][b:17920c994e]Belangrijk:[/b:17920c994e][/color:17920c994e] [list:17920c994e][*:17920c994e]Indien je een waarschuwing krijgt over [b:17920c994e]sptd.sys[/b:17920c994e] dan mag je deze 'skippen' deze hoort bij Emulatiesoftware zoals bijv. DaemonTools. [*:17920c994e]De [b:17920c994e]unsigned files[/b:17920c994e] skip je, [*:17920c994e][b:17920c994e]TDSS File System[/b:17920c994e] laat je verwijderen of in quarantaine zetten, [b:17920c994e]delete[/b:17920c994e] of [b:17920c994e]copy to quarantine[/b:17920c994e]. [*:17920c994e][b:17920c994e]Rootkit.Boot.SST.b[/b:17920c994e] en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen [b:17920c994e]Cure[/b:17920c994e].[/list:u:17920c994e] [color=#FF0000:17920c994e][b:17920c994e]Stap •2•[/b:17920c994e][/color:17920c994e] [b:17920c994e]Welk programma[/b:17920c994e]: ComboFix [b:17920c994e]Waarvoor/waarom[/b:17920c994e]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:17920c994e]Moeilijkheidsgraad[/b:17920c994e]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:17920c994e]Downloadlokatie[/b:17920c994e]: Dit programma absoluut naar het bureaublad downloaden! [b:17920c994e]Download ComboFix via één van deze locaties[/b:17920c994e]: [list:17920c994e][*:17920c994e][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:17920c994e]Bleepingcomputer[/b:17920c994e][/url] [*:17920c994e][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:17920c994e]ForoSpyware[/b:17920c994e][/url] [*:17920c994e][url=http://subs.geekstogo.com/ComboFix.exe][b:17920c994e]Geekstogo[/b:17920c994e][/url][/list:u:17920c994e] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:17920c994e]Hier[/b:17920c994e][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:17920c994e]Hier[/b:17920c994e][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:17920c994e]hier[/b:17920c994e][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:17920c994e]Voor alle duidelijkheid nogmaals[/b:17920c994e]: ComboFix dient vanaf het bureaublad gestart te worden. [b:17920c994e]Opmerkingen[/b:17920c994e]: [list:17920c994e][*:17920c994e] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:17920c994e]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:17920c994e]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:17920c994e] [b:17920c994e]ComboFix is opgestart[/b:17920c994e]: [list:17920c994e][*:17920c994e]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:17920c994e]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:17920c994e]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:17920c994e]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:17920c994e]Post de inhoud van dit logbestand in je volgende bericht. [*:17920c994e]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:17920c994e] [b:17920c994e]Belangrijke opmerking[/b:17920c994e]: [list:17920c994e][*:17920c994e][b:17920c994e][color=Red:17920c994e]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:17920c994e][/b:17920c994e] [*:17920c994e][b:17920c994e][color=blue:17920c994e]Illegal operation attempted on a registery key that has been marked for deletion.[/color:17920c994e][/b:17920c994e] [*:17920c994e][b:17920c994e][color=Red:17920c994e]Start dan de computer opnieuw op.[/color:17920c994e][/b:17920c994e][/list:u:17920c994e] [color=#FF0000:17920c994e][b:17920c994e]Stap •3•[/b:17920c994e][/color:17920c994e] [b:17920c994e]Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:[/b:17920c994e] [list:17920c994e][*:17920c994e] TDSSKiller-log [*:17920c994e] ComboFix.txt-log [/list:u:17920c994e]

anoniem · 2 januari 2012

Combofix: ComboFix 12-01-02.01 - Administrator 02-01-2012 17:01:22.17.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1177 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . [i:e975dccbee] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i:e975dccbee] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\mdb.bin c:\documents and settings\Administrator\Application Data\PriceGong c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\2258.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\371.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\j.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.txt c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.txt c:\documents and settings\Administrator\Application Data\Toolbar4 c:\documents and settings\Administrator\Start Menu\Internet Explorer.lnk c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\xml6533.tmp c:\documents and settings\All Users\Application Data\xml6535.tmp c:\documents and settings\All Users\Application Data\xml6538.tmp c:\documents and settings\All Users\Application Data\xmlC20.tmp c:\documents and settings\All Users\Application Data\xmlC29.tmp c:\documents and settings\All Users\Application Data\xmlC2B.tmp c:\program files\df.exe c:\windows\IsUn0413.exe c:\windows\system32\drivers\etc\hosts.txt c:\windows\system32\PowerToyReadme.htm S:\autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:53 . 2011-03-18 00:24 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-12-18 12:53 . 2011-03-18 00:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll 2011-12-18 12:53 . 2011-03-18 00:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-12-18 12:53 . 2011-12-18 18:14 -------- d-----w- c:\windows\system32\ZoneLabs 2011-12-18 12:53 . 2011-12-18 12:53 -------- d-----w- c:\program files\Zone Labs 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\searchqutoolbar 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-18 10:54 . 2011-12-18 12:21 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-04 17:50 . 2011-06-22 10:40 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2011-10-04 17:50 . 2010-11-10 13:54 600928 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 74065319 *Deregistered* - 74065319 . Inhoud van de 'Gedeelde Taken' map . 2012-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.hardId - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15340 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-SolutoService . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-02 17:07 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~ *] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1272) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Voltooingstijd: 2012-01-02 17:08:18 ComboFix-quarantined-files.txt 2012-01-02 16:08 . Pre-Run: 186.269.818.880 bytes free Post-Run: 186.234.609.664 bytes free . - - End Of File - - 588FFC1A4EA9E0934A3EEC8404540021 van de TDSSKKiller kon ik geen log produceren; wellicht iets verkeerds gedaan? wel heb ik een printscreentje: [img:e975dccbee]http://i40.tinypic.com/e9c2dc.jpg[/img:e975dccbee] als dat niet goed is probeer ik het opnieuw. Kan waarschijnlijk morgen pas verder achter deze pc.

anoniem · 2 januari 2012

Wat betreft TDSSKiller, daar heb je de handleiding niet goed gevolgd. Al die bestanden had je kunnen skippen! En wat anders: zo te zien zijn er in jouw Windows drie firewalls aktief! 1) die van Eset Smart Security 2) ZoneAlarm 3) Windows Firewall Dat zijn er dus maximaal twee teveel! a) ZoneAlarn via Configutatiescherm\Software verwijderen. b) [b:7a9245a839]Windows Firewall deaktiveren[/b:7a9245a839] Daarvoor ga je naar Start\Uitvoeren en de opdracht luidt: [b:7a9245a839]services.msc[/b:7a9245a839]. Klik op de knop OK. [color=#0000FF:7a9245a839][b:7a9245a839]N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.[/b:7a9245a839][/color:7a9245a839] In het venster Services scroll je naar [b:7a9245a839][color=#0000FF:7a9245a839]Windows Firewall[/color:7a9245a839][/b:7a9245a839]. Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd". Klik nu eerst op de knop [b:7a9245a839]Toepassen[/b:7a9245a839]; vervolgens klik je op de knop [b:7a9245a839]Stoppen[/b:7a9245a839], wacht even en klik uiteindelijk op [b:7a9245a839]OK[/b:7a9245a839]. Hierna jouw PC opnieuw opstarten en dan laat je ComboFix weer een scan doen en post daarvan het log.

anoniem · 3 januari 2012

Wat betreft TDSSK: kon ik alleen maar vinden met zoekactie. Denk dat dit 'm is: 09:27:28.0375 3720 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 09:27:28.0546 3720 ============================================================ 09:27:28.0546 3720 Current date / time: 2012/01/03 09:27:28.0546 09:27:28.0546 3720 SystemInfo: 09:27:28.0546 3720 09:27:28.0546 3720 OS Version: 5.1.2600 ServicePack: 3.0 09:27:28.0546 3720 Product type: Workstation 09:27:28.0546 3720 ComputerName: DESKTOP 09:27:28.0546 3720 UserName: Administrator 09:27:28.0546 3720 Windows directory: C:\WINDOWS 09:27:28.0546 3720 System windows directory: C:\WINDOWS 09:27:28.0546 3720 Processor architecture: Intel x86 09:27:28.0546 3720 Number of processors: 3 09:27:28.0546 3720 Page size: 0x1000 09:27:28.0546 3720 Boot type: Normal boot 09:27:28.0546 3720 ============================================================ 09:27:30.0515 3720 Initialize success 09:28:14.0390 3836 ============================================================ 09:28:14.0390 3836 Scan started 09:28:14.0390 3836 Mode: Manual; SigCheck; TDLFS; 09:28:14.0390 3836 ============================================================ 09:28:14.0546 3836 Abiosdsk - ok 09:28:14.0546 3836 abp480n5 - ok 09:28:14.0578 3836 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:28:15.0765 3836 ACPI - ok 09:28:15.0843 3836 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 09:28:15.0953 3836 ACPIEC - ok 09:28:16.0031 3836 adpu160m - ok 09:28:16.0078 3836 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:28:16.0171 3836 aec - ok 09:28:16.0203 3836 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 09:28:16.0218 3836 AFD - ok 09:28:16.0234 3836 Aha154x - ok 09:28:16.0234 3836 aic78u2 - ok 09:28:16.0250 3836 aic78xx - ok 09:28:16.0250 3836 AliIde - ok 09:28:16.0343 3836 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 09:28:16.0609 3836 Ambfilt - ok 09:28:16.0703 3836 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 09:28:16.0750 3836 AmdPPM - ok 09:28:16.0812 3836 amsint - ok 09:28:16.0828 3836 asc - ok 09:28:16.0828 3836 asc3350p - ok 09:28:16.0843 3836 asc3550 - ok 09:28:16.0890 3836 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:28:16.0984 3836 AsyncMac - ok 09:28:17.0046 3836 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:28:17.0156 3836 atapi - ok 09:28:17.0203 3836 Atdisk - ok 09:28:17.0343 3836 ati2mtag (0a8b257db810be78ac9fd1860b4ba22b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 09:28:17.0687 3836 ati2mtag - ok 09:28:17.0781 3836 AtiHdmiService (e3b9fe6d478dc12ee9fb5169ee98d1ba) C:\WINDOWS\system32\drivers\AtiHdmi.sys 09:28:17.0843 3836 AtiHdmiService - ok 09:28:17.0906 3836 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:28:18.0000 3836 Atmarpc - ok 09:28:18.0062 3836 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:28:18.0156 3836 audstub - ok 09:28:18.0187 3836 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:28:18.0281 3836 Beep - ok 09:28:18.0359 3836 catchme - ok 09:28:18.0437 3836 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:28:18.0531 3836 cbidf2k - ok 09:28:18.0562 3836 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 09:28:18.0656 3836 CCDECODE - ok 09:28:18.0671 3836 cd20xrnt - ok 09:28:18.0703 3836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:28:18.0812 3836 Cdaudio - ok 09:28:18.0875 3836 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:28:18.0968 3836 Cdfs - ok 09:28:18.0984 3836 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:28:19.0078 3836 Cdrom - ok 09:28:19.0078 3836 Changer - ok 09:28:19.0093 3836 CmdIde - ok 09:28:19.0109 3836 Cpqarray - ok 09:28:19.0187 3836 cpuz134 - ok 09:28:19.0234 3836 dac2w2k - ok 09:28:19.0250 3836 dac960nt - ok 09:28:19.0281 3836 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:28:19.0390 3836 Disk - ok 09:28:19.0453 3836 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 09:28:19.0578 3836 dmboot - ok 09:28:19.0671 3836 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 09:28:19.0781 3836 dmio - ok 09:28:19.0828 3836 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:28:19.0921 3836 dmload - ok 09:28:19.0937 3836 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:28:20.0031 3836 DMusic - ok 09:28:20.0062 3836 dpti2o - ok 09:28:20.0062 3836 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:28:20.0156 3836 drmkaud - ok 09:28:20.0218 3836 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys 09:28:20.0218 3836 eamon - ok 09:28:20.0265 3836 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys 09:28:20.0281 3836 ENTECH - ok 09:28:20.0359 3836 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\WINDOWS\system32\DRIVERS\epfw.sys 09:28:20.0359 3836 epfw - ok 09:28:20.0437 3836 Epfwndis (490329bf80f333e788df9596a752a915) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys 09:28:20.0437 3836 Epfwndis - ok 09:28:20.0453 3836 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys 09:28:20.0468 3836 epfwtdi - ok 09:28:20.0500 3836 epmntdrv - ok 09:28:20.0578 3836 esihdrv - ok 09:28:20.0687 3836 EUBAKUP (369f5f00e6cbf612ea1fd12e5c7cfa30) C:\WINDOWS\system32\drivers\eubakup.sys 09:28:20.0687 3836 EUBAKUP - ok 09:28:20.0703 3836 EUBKMON (55c5c98722c1a89770b4ac50e4c55794) C:\WINDOWS\system32\drivers\EUBKMON.sys 09:28:20.0703 3836 EUBKMON - ok 09:28:20.0734 3836 EUDSKACS (772cb91987dcda3c349e1134857c54ba) C:\WINDOWS\system32\drivers\eudskacs.sys 09:28:20.0734 3836 EUDSKACS - ok 09:28:20.0812 3836 EUFDDISK (47bfdc87edb1d77e507736f25c0391ad) C:\WINDOWS\system32\drivers\EuFdDisk.sys 09:28:20.0812 3836 EUFDDISK - ok 09:28:20.0843 3836 EuGdiDrv - ok 09:28:20.0890 3836 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:28:21.0000 3836 Fastfat - ok 09:28:21.0015 3836 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 09:28:21.0109 3836 Fdc - ok 09:28:21.0140 3836 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 09:28:21.0234 3836 Fips - ok 09:28:21.0312 3836 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 09:28:21.0421 3836 Flpydisk - ok 09:28:21.0453 3836 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 09:28:21.0546 3836 FltMgr - ok 09:28:21.0593 3836 FLxHCIc (a6816b04c18990f6258c9feb7ec57621) C:\WINDOWS\system32\DRIVERS\FLxHCIc.sys 09:28:21.0609 3836 FLxHCIc ( UnsignedFile.Multi.Generic ) - warning 09:28:21.0609 3836 FLxHCIc - detected UnsignedFile.Multi.Generic (1) 09:28:21.0625 3836 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:28:21.0718 3836 Fs_Rec - ok 09:28:21.0796 3836 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:28:21.0890 3836 Ftdisk - ok 09:28:21.0953 3836 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:28:22.0062 3836 Gpc - ok 09:28:22.0109 3836 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:28:22.0203 3836 HDAudBus - ok 09:28:22.0281 3836 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 09:28:22.0375 3836 hidusb - ok 09:28:22.0437 3836 hotcore3 (8be9369d385dc0fdf86a59f70d90ae79) C:\WINDOWS\system32\DRIVERS\hotcore3.sys 09:28:22.0437 3836 hotcore3 - ok 09:28:22.0453 3836 hpn - ok 09:28:22.0468 3836 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 09:28:22.0531 3836 HPZid412 - ok 09:28:22.0609 3836 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 09:28:22.0671 3836 HPZipr12 - ok 09:28:22.0750 3836 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 09:28:22.0796 3836 HPZius12 - ok 09:28:22.0875 3836 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 09:28:22.0921 3836 HTTP - ok 09:28:22.0968 3836 i2omgmt - ok 09:28:22.0968 3836 i2omp - ok 09:28:23.0000 3836 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:28:23.0093 3836 i8042prt - ok 09:28:23.0125 3836 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:28:23.0218 3836 Imapi - ok 09:28:23.0234 3836 ini910u - ok 09:28:23.0343 3836 IntcAzAudAddService (c472fc1d265346e9500095f88a0345f9) C:\WINDOWS\system32\drivers\RtkHDAud.sys 09:28:23.0484 3836 IntcAzAudAddService - ok 09:28:23.0500 3836 IntelIde - ok 09:28:23.0531 3836 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 09:28:23.0625 3836 Ip6Fw - ok 09:28:23.0687 3836 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:28:23.0765 3836 IpFilterDriver - ok 09:28:23.0796 3836 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:28:23.0890 3836 IpInIp - ok 09:28:23.0921 3836 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:28:24.0015 3836 IpNat - ok 09:28:24.0078 3836 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:28:24.0171 3836 IPSec - ok 09:28:24.0187 3836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:28:24.0265 3836 IRENUM - ok 09:28:24.0281 3836 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:28:24.0375 3836 isapnp - ok 09:28:24.0437 3836 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys 09:28:24.0453 3836 ivusb - ok 09:28:24.0484 3836 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:28:24.0578 3836 Kbdclass - ok 09:28:24.0625 3836 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 09:28:24.0703 3836 kbdhid - ok 09:28:24.0750 3836 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:28:24.0859 3836 kmixer - ok 09:28:24.0921 3836 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 09:28:24.0968 3836 KSecDD - ok 09:28:25.0015 3836 lbrtfdc - ok 09:28:25.0031 3836 MagicTune - ok 09:28:25.0062 3836 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys 09:28:25.0062 3836 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning 09:28:25.0062 3836 mbamchameleon - detected UnsignedFile.Multi.Generic (1) 09:28:25.0125 3836 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 09:28:25.0125 3836 MBAMProtector - ok 09:28:25.0156 3836 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:28:25.0234 3836 mnmdd - ok 09:28:25.0250 3836 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 09:28:25.0343 3836 Modem - ok 09:28:25.0390 3836 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 09:28:25.0453 3836 Monfilt - ok 09:28:25.0500 3836 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:28:25.0609 3836 Mouclass - ok 09:28:25.0671 3836 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 09:28:25.0750 3836 mouhid - ok 09:28:25.0828 3836 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:28:25.0921 3836 MountMgr - ok 09:28:25.0921 3836 mraid35x - ok 09:28:25.0953 3836 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:28:26.0046 3836 MRxDAV - ok 09:28:26.0093 3836 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:28:26.0140 3836 MRxSmb - ok 09:28:26.0234 3836 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:28:26.0328 3836 Msfs - ok 09:28:26.0359 3836 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:28:26.0453 3836 MSKSSRV - ok 09:28:26.0468 3836 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:28:26.0546 3836 MSPCLOCK - ok 09:28:26.0609 3836 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:28:26.0703 3836 MSPQM - ok 09:28:26.0765 3836 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:28:26.0859 3836 mssmbios - ok 09:28:26.0921 3836 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 09:28:27.0015 3836 MSTEE - ok 09:28:27.0093 3836 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 09:28:27.0125 3836 Mup - ok 09:28:27.0203 3836 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 09:28:27.0312 3836 NABTSFEC - ok 09:28:27.0390 3836 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:28:27.0468 3836 NDIS - ok 09:28:27.0500 3836 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 09:28:27.0593 3836 NdisIP - ok 09:28:27.0625 3836 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:28:27.0656 3836 NdisTapi - ok 09:28:27.0703 3836 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:28:27.0796 3836 Ndisuio - ok 09:28:27.0812 3836 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:28:27.0921 3836 NdisWan - ok 09:28:27.0953 3836 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 09:28:27.0984 3836 NDProxy - ok 09:28:28.0062 3836 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:28:28.0156 3836 NetBIOS - ok 09:28:28.0203 3836 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:28:28.0296 3836 NetBT - ok 09:28:28.0390 3836 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:28:28.0484 3836 Npfs - ok 09:28:28.0515 3836 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:28:28.0640 3836 Ntfs - ok 09:28:28.0734 3836 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:28:28.0812 3836 Null - ok 09:28:28.0843 3836 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:28:28.0937 3836 NwlnkFlt - ok 09:28:28.0953 3836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:28:29.0031 3836 NwlnkFwd - ok 09:28:29.0109 3836 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 09:28:29.0203 3836 Parport - ok 09:28:29.0250 3836 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:28:29.0343 3836 PartMgr - ok 09:28:29.0359 3836 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 09:28:29.0437 3836 ParVdm - ok 09:28:29.0500 3836 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 09:28:29.0593 3836 PCI - ok 09:28:29.0593 3836 PCIDump - ok 09:28:29.0625 3836 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:28:29.0703 3836 PCIIde - ok 09:28:29.0718 3836 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 09:28:29.0812 3836 Pcmcia - ok 09:28:29.0828 3836 PDCOMP - ok 09:28:29.0828 3836 PDFRAME - ok 09:28:29.0843 3836 PDRELI - ok 09:28:29.0843 3836 PDRFRAME - ok 09:28:29.0859 3836 perc2 - ok 09:28:29.0859 3836 perc2hib - ok 09:28:29.0921 3836 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:28:30.0000 3836 PptpMiniport - ok 09:28:30.0031 3836 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 09:28:30.0125 3836 Processor - ok 09:28:30.0156 3836 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 09:28:30.0250 3836 PSched - ok 09:28:30.0265 3836 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:28:30.0343 3836 Ptilink - ok 09:28:30.0359 3836 pwdrvio (81ac2b3fa0e3b4d7fa03d7463abe2094) C:\WINDOWS\system32\pwdrvio.sys 09:28:30.0468 3836 pwdrvio - ok 09:28:30.0515 3836 pwdspio (2d88214f6b54567eab0a6c42915aa600) C:\WINDOWS\system32\pwdspio.sys 09:28:30.0531 3836 pwdspio - ok 09:28:30.0578 3836 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 09:28:30.0593 3836 PxHelp20 - ok 09:28:30.0625 3836 QCDonner (ae4c2d854f2786eda93e923a4bced983) C:\WINDOWS\system32\DRIVERS\LVCD.sys 09:28:30.0812 3836 QCDonner - ok 09:28:30.0859 3836 ql1080 - ok 09:28:30.0875 3836 Ql10wnt - ok 09:28:30.0875 3836 ql12160 - ok 09:28:30.0890 3836 ql1240 - ok 09:28:30.0906 3836 ql1280 - ok 09:28:30.0937 3836 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:28:31.0031 3836 RasAcd - ok 09:28:31.0093 3836 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:28:31.0187 3836 Rasl2tp - ok 09:28:31.0250 3836 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:28:31.0359 3836 RasPppoe - ok 09:28:31.0390 3836 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:28:31.0468 3836 Raspti - ok 09:28:31.0515 3836 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:28:31.0609 3836 Rdbss - ok 09:28:31.0671 3836 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:28:31.0750 3836 RDPCDD - ok 09:28:31.0796 3836 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:28:31.0890 3836 rdpdr - ok 09:28:31.0968 3836 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 09:28:32.0000 3836 RDPWD - ok 09:28:32.0062 3836 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:28:32.0156 3836 redbook - ok 09:28:32.0250 3836 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 09:28:32.0312 3836 RTLE8023xp - ok 09:28:32.0390 3836 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x86\Sandra.sys 09:28:32.0406 3836 SANDRA - ok 09:28:32.0484 3836 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:28:32.0531 3836 Secdrv - ok 09:28:32.0609 3836 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 09:28:32.0687 3836 Serial - ok 09:28:32.0750 3836 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 09:28:32.0828 3836 Sfloppy - ok 09:28:32.0843 3836 Simbad - ok 09:28:32.0859 3836 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 09:28:32.0937 3836 SLIP - ok 09:28:32.0968 3836 Sparrow - ok 09:28:33.0000 3836 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:28:33.0093 3836 splitter - ok 09:28:33.0156 3836 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys 09:28:33.0156 3836 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a 09:28:33.0156 3836 sptd ( LockedFile.Multi.Generic ) - warning 09:28:33.0156 3836 sptd - detected LockedFile.Multi.Generic (1) 09:28:33.0187 3836 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 09:28:33.0234 3836 sr - ok 09:28:33.0312 3836 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 09:28:33.0343 3836 Srv - ok 09:28:33.0359 3836 StarOpen - ok 09:28:33.0390 3836 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 09:28:33.0484 3836 streamip - ok 09:28:33.0531 3836 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:28:33.0625 3836 swenum - ok 09:28:33.0718 3836 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:28:33.0828 3836 swmidi - ok 09:28:33.0875 3836 symc810 - ok 09:28:33.0875 3836 symc8xx - ok 09:28:33.0890 3836 sym_hi - ok 09:28:33.0890 3836 sym_u3 - ok 09:28:33.0921 3836 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:28:34.0015 3836 sysaudio - ok 09:28:34.0078 3836 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:28:34.0140 3836 Tcpip - ok 09:28:34.0218 3836 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:28:34.0296 3836 TDPIPE - ok 09:28:34.0343 3836 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:28:34.0421 3836 TDTCP - ok 09:28:34.0500 3836 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:28:34.0578 3836 TermDD - ok 09:28:34.0640 3836 TosIde - ok 09:28:34.0671 3836 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:28:34.0765 3836 Udfs - ok 09:28:34.0859 3836 UimBus (16264d4a7f052a7cc516b23e00b14213) C:\WINDOWS\system32\DRIVERS\UimBus.sys 09:28:34.0859 3836 UimBus - ok 09:28:34.0953 3836 Uim_IM (811e4296913821ce402b9e6629740350) C:\WINDOWS\system32\Drivers\Uim_IM.sys 09:28:34.0953 3836 Uim_IM - ok 09:28:35.0015 3836 ultra - ok 09:28:35.0046 3836 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:28:35.0156 3836 Update - ok 09:28:35.0218 3836 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:28:35.0312 3836 usbccgp - ok 09:28:35.0359 3836 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:28:35.0437 3836 usbehci - ok 09:28:35.0468 3836 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:28:35.0562 3836 usbhub - ok 09:28:35.0578 3836 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 09:28:35.0656 3836 usbohci - ok 09:28:35.0687 3836 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 09:28:35.0796 3836 usbprint - ok 09:28:35.0828 3836 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:28:35.0906 3836 usbscan - ok 09:28:35.0953 3836 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:28:36.0031 3836 USBSTOR - ok 09:28:36.0062 3836 VBoxNetAdp (a471884d136dce3cec878ddab5acaebe) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 09:28:36.0078 3836 VBoxNetAdp - ok 09:28:36.0078 3836 VBoxNetFlt - ok 09:28:36.0093 3836 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:28:36.0187 3836 VgaSave - ok 09:28:36.0187 3836 ViaIde - ok 09:28:36.0218 3836 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys 09:28:36.0234 3836 vmm - ok 09:28:36.0265 3836 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 09:28:36.0343 3836 VolSnap - ok 09:28:36.0390 3836 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys 09:28:36.0406 3836 VPCNetS2 - ok 09:28:36.0421 3836 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:28:36.0500 3836 Wanarp - ok 09:28:36.0578 3836 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 09:28:36.0593 3836 Wdf01000 - ok 09:28:36.0609 3836 WDICA - ok 09:28:36.0656 3836 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:28:36.0750 3836 wdmaud - ok 09:28:36.0796 3836 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 09:28:36.0859 3836 WmiAcpi - ok 09:28:36.0890 3836 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 09:28:36.0984 3836 WSTCODEC - ok 09:28:37.0000 3836 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:28:37.0031 3836 WudfPf - ok 09:28:37.0093 3836 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:28:37.0109 3836 WudfRd - ok 09:28:37.0125 3836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 09:28:37.0187 3836 \Device\Harddisk0\DR0 - ok 09:28:37.0187 3836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 09:28:37.0406 3836 \Device\Harddisk1\DR1 - ok 09:28:37.0406 3836 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR4 09:28:38.0015 3836 \Device\Harddisk2\DR4 - ok 09:28:38.0015 3836 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR5 09:28:38.0718 3836 \Device\Harddisk3\DR5 - ok 09:28:38.0718 3836 Boot (0x1200) (ac72ba7f18839e26a22a9320d2625383) \Device\Harddisk1\DR1\Partition0 09:28:38.0718 3836 \Device\Harddisk1\DR1\Partition0 - ok 09:28:38.0718 3836 Boot (0x1200) (5b4dff8205148e5ddb7ee2d9812f32ec) \Device\Harddisk2\DR4\Partition0 09:28:38.0718 3836 \Device\Harddisk2\DR4\Partition0 - ok 09:28:38.0734 3836 Boot (0x1200) (66b37c9d69721400cd46f9c584e5642e) \Device\Harddisk3\DR5\Partition0 09:28:38.0734 3836 \Device\Harddisk3\DR5\Partition0 - ok 09:28:38.0734 3836 ============================================================ 09:28:38.0734 3836 Scan finished 09:28:38.0734 3836 ============================================================ 09:28:38.0859 3828 Detected object count: 3 09:28:38.0859 3828 Actual detected object count: 3 09:28:59.0031 3828 FLxHCIc ( UnsignedFile.Multi.Generic ) - skipped by user 09:28:59.0031 3828 FLxHCIc ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:28:59.0031 3828 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user 09:28:59.0031 3828 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:28:59.0031 3828 sptd ( LockedFile.Multi.Generic ) - skipped by user 09:28:59.0031 3828 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 09:32:00.0906 3716 Deinitialize success en wat betreft Combofix: ComboFix 12-01-02.02 - Administrator 03-01-2012 9:35.18.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1478 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\searchqutoolbar 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-18 10:54 . 2011-12-18 12:21 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-03 08:26 . 2012-01-03 08:26 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat + 2006-02-28 12:00 . 2012-01-03 08:30 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-03 08:30 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - 09707115 *Deregistered* - 09707115 . Inhoud van de 'Gedeelde Taken' map . 2012-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.hardId - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15340 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-03 09:41 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1264) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(1552) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-01-03 09:42:17 ComboFix-quarantined-files.txt 2012-01-03 08:42 ComboFix2.txt 2012-01-02 16:08 . Pre-Run: 186.282.561.536 bytes free Post-Run: 186.262.032.384 bytes free . - - End Of File - - E28120B3285099DA40DBD1B750F896EC en dan zie ik inderdaad nog een hoop Babylon-zooi staan!

anoniem · 3 januari 2012

Dat heb je dan goed gezien, bovendien zit er ook nog een andere vieze toolbar in jouw Windows. zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:eaa561e314]Kladblok (of Notepad)[/b:eaa561e314]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:eaa561e314][color=#0000FF:eaa561e314]KILLALL:: ClearJavaCache:: File:: c:\windows\Temp\Perflib_Perfdata_3d0.dat c:\windows\system32\perfc009.dat c:\windows\system32\perfc009.dat c:\windows\system32\perfh009.dat c:\windows\system32\perfh009.dat Folder:: c:\documents and settings\Administrator\Application Data\searchqutoolbar c:\program files\Windows iLivid Toolbar Firefox:: FF - user.js: extensions.BabylonToolbar_i.babTrack FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt FF - user.js: extensions.BabylonToolbar_i.id - FF - user.js: extensions.BabylonToolbar_i.hardId - FF - user.js: extensions.BabylonToolbar_i.instlDay FF - user.js: extensions.BabylonToolbar_i.vrsn FF - user.js: extensions.BabylonToolbar_i.vrsni FF - user.js: extensions.BabylonToolbar_i.vrsnTs FF - user.js: extensions.BabylonToolbar_i.prtnrId FF - user.js: extensions.BabylonToolbar_i.prdct FF - user.js: extensions.BabylonToolbar_i.aflt FF - user.js: extensions.BabylonToolbar_i.smplGrp FF - user.js: extensions.BabylonToolbar_i.tlbrId FF [/color:eaa561e314][/b:eaa561e314] Sla dit kladblokbestand op je bureaublad op als [b:eaa561e314]CFScript.txt[/b:eaa561e314]. [b:eaa561e314][color=#FF0000:eaa561e314]Nu eerst de antivirus deaktiveren![/color:eaa561e314][/b:eaa561e314] Sleep CFScript.txt in ComboFix.exe [img:eaa561e314]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img:eaa561e314] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:eaa561e314]Belangrijke opmerking[/b:eaa561e314]: [list:eaa561e314][*:eaa561e314][b:eaa561e314][color=Red:eaa561e314]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:eaa561e314][/b:eaa561e314] [*:eaa561e314][b:eaa561e314][color=blue:eaa561e314]Illegal operation attempted on a registery key that has been marked for deletion.[/color:eaa561e314][/b:eaa561e314] [*:eaa561e314][b:eaa561e314][color=Red:eaa561e314]Start dan de computer opnieuw op.[/color:eaa561e314][/b:eaa561e314][/list:u:eaa561e314]

anoniem · 3 januari 2012

hier issie: ComboFix 12-01-02.02 - Administrator 03-01-2012 11:18:52.19.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1480 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Start Menu\Internet Explorer.lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\searchqutoolbar 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-18 10:54 . 2011-12-18 12:21 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-03 10:14 . 2012-01-03 10:14 16384 c:\windows\Temp\Perflib_Perfdata_774.dat + 2006-02-28 12:00 . 2012-01-03 10:19 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-03 10:19 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2012-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.hardId - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15340 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-03 11:24 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1256) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Voltooingstijd: 2012-01-03 11:25:44 ComboFix-quarantined-files.txt 2012-01-03 10:25 ComboFix2.txt 2012-01-03 08:42 ComboFix3.txt 2012-01-02 16:08 . Pre-Run: 186.277.761.024 bytes free Post-Run: 186.258.259.968 bytes free . - - End Of File - - B0F8790A631CE1583E25260D805E2F8E

anoniem · 3 januari 2012

Hallo, zo te zien heb je het script niet gebruikt! Dus graag overdoen en dan met het script ComboFix opstarten! En vervolgens natuurlijk weer graag het log posten.

anoniem · 3 januari 2012

heb dus nu de script gesleept en losgelaten boven CF: ComboFix 12-01-02.02 - Administrator 03-01-2012 11:48:09.20.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1290 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\windows\system32\perfc009.dat" "c:\windows\system32\perfh009.dat" "c:\windows\Temp\Perflib_Perfdata_3d0.dat" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\searchqutoolbar c:\documents and settings\Administrator\Application Data\searchqutoolbar\geoip.xml c:\documents and settings\Administrator\Application Data\searchqutoolbar\guid.dat c:\documents and settings\Administrator\Application Data\searchqutoolbar\setupCfg.xml c:\program files\Windows iLivid Toolbar c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\overlay.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\overlay.xul c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content\Settings.xml c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\install.rdf c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\as_guid.dat c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\bandoocode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\data\search\engines.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\data\search\search.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\about.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\bandoocode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\dtxpanel.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\dtxpaneltransparent.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\dtxpanelwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\dtxprefwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\dtxtransparentwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\dtxwin.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\emailnotifierproviders.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\external.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\imeshcode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\neterror.xhtml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\vmncode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\lib\wmpstreamer.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\modules\datastore.jsm c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\modules\nsDragAndDrop.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\neterror.xhtml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\partner.coupons.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\preferences.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\radiobeta.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\template.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\toolbar.htm c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\toolbar.xul c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\vmncode.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\vmnrsswin.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\widgets\net.vmn.www.PPCBully\widget.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\content\widgets\net.vmn.www.PPCBully\widget_version c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\bandoo.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\bluelite.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\bluesky.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn-search-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn-search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn-settings-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn-settings.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn-widgets-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn-widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\btn_settings.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\ca.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\dictionary.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\divider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\downloadcom.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\dtxlogo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\ebay.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\email.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\email_on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\facebook.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\games.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred0.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred0_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred1.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred1_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred2.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred2_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred3.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred3_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred4.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred4_5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphred5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\graphredna.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\grey.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\ico-shield.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\icon_amazon.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\icon_games.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\icon_radio_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\icon_seperator_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\icon_twitter.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\icon_youtube.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\images.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\imesh.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\add.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\aol.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\arrow-dn.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\arrow-right-disabled.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\arrow-right.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\arrow-up.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btn-divider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btn-end.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btn-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btn-start.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btnover-divider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btnover-end.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btnover-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\bg-btnover-start.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\blank.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btn-widgets-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btn-widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btn_slider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btnback-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btnback-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btnleft-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btnleft-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btnright-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\btnright-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\button-splitter-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\button-splitter-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\checkmark.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\chevron.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\collapse.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\comcast.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\dtx.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\edit-back-hot.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\edit-back.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\expand.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\found.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\gmail.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\highlight.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\highlight_blue.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\highlight_cyan.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\highlight_lime.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\highlight_magenta.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\highlight_yellow.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\hotmail.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\ico-check.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\imap.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\loadingMid.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\lock.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\logo-separator.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\mailcom.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menu_bg-basic.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menu_separator_bar.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menu_separator_white.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitem-splitter.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitemback-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitemback-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitemleft-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitemleft-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitemright-down-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\menuitemright-vista.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\modify.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\move.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\movetarget.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\css\panels.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\css\popupAbout.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\css\popupGames.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\css\popupRSS.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\css\popupWidgets.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\css\dialog.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\bg.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\btn-search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\default.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\tab-off-r.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\tab-on-l.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\tab-on-r.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\transparent.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\win-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\images\win-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\main.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\footer.htm c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\gamecategory.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\gameData.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\gameList.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\games.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\gametype.xsl c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\arrow-dn.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\arrow-up.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\bg-btnover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-back.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-drag.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-mdl-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-mdl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-moredetails.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-next-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-next.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-play-left-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-play-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-previous.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-right-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-try-left-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\btn-try-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\bullet-orange.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-calendar.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-dollar.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-download.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-news24.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-play.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\ico-tags.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\icon-Add.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\icon-download.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\icon-Info.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\icon-play.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\icon-shop.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\menul-bgover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scroll-bg.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollb-down.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollb.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollt-down.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollt-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\scrollt.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\star_x_grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\star_x_orange.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\images\widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\initHTML.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\popupGames.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\popupHTML.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\popupRSS.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\popupWidgets.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\panels\scroll.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\pop.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\css\manager.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\css\slider.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\bg-pnl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\expanded_button.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\ico-playstation.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\ico-radio.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\music-note.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-options-design.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-options-on.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-options.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\slider.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\slideron.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\images\track.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\managerpanel.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radio\volumeslider.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radiobeta-buffering.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radiobeta-connecting.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radiobeta-playing.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\radiobeta-stopped.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\reload.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\remove.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\rename.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\resize-box.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\rss.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\rsschannelback.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\RSSLogo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\rsstabdivider.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\scroll-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\scroll-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\search-go.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\text-ellipsis.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\throbber.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\toolbarsplitter.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\transparent_1px.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_02.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_03.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_04.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_06.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_07.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_08.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_09.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_10.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_11.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_12.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_13.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_14.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_15.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_16.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_18.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_19.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_20.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\border_21.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\close-hot.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\close-normal.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\loadingMid.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\proxy.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\template.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\template.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\templateFF.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\uwa\throbber.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\icons\na-t.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\icons\na.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lib\yahoo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\lichen.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\logo-about.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\logo-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\logo-separator.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\logo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\mail.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\maps.bmp c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\menuseparatorback.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\modify-save.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\modify.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\modifyhot.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\music.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\news.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\options\options-main.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\options\options-search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\options\options-weather.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\options\options-weather.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\options\options-widgets.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\orange.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\pixsy.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\protect-id.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\radiobeta-buffering.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\radiobeta-connecting.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\radiobeta-playing.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\radiobeta-stopped.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\relatedlinks.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-collapse.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-delete.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-expand.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-feed.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-folder-remove.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-folder-rename.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-folder.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-found.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-reload.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss-subscribe.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rss.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rssback.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\rsstopback.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\search-over.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\search.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\search_button_over_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\search_button_png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\searchbar\searchbar-background-left.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\searchbar\searchbar-background-middle.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\searchbar\searchbar-background-right.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\settings.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\shopping.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\siteinfo.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin-bluelite.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin-bluesky.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin-grey.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin-lichen.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin-orange.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin-yellow.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\skin.xml c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\technorati.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\throbber.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\toolbarsplitter.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\translate.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\video.bmp c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\vmn.css c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\vmn.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\weather.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\web.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\widgets-square-16px.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\wikipedia.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\yahoosearch.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\yellow.gif c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\youtube.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\chrome\skin\zoom.png c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\components\windowmediator.js c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar(2)\manifest.xml . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-03 10:54 . 2012-01-03 10:54 16384 c:\windows\temp\Perflib_Perfdata_744.dat + 2006-02-28 12:00 . 2012-01-03 10:59 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-03 10:59 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\w

anoniem · 3 januari 2012

Nu heb je het goed gedaan en er zijn legio verwijderingen gedaan - maar nu is log weer niet compleet, dus ik heb nu geen flauw idee of alles conform het script is gebeurd..... Dus navigeer nu naar C:Combofix.txt.... en open het hoogste nummer. En selekteer/kopieer vervolgens alles en post de gegevens in je volgende bericht.

anoniem · 3 januari 2012

voor alle zekerheid maar een nieuwe gemaakt: ComboFix 12-01-02.02 - Administrator 03-01-2012 12:27:01.21.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1415 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . FILE :: "c:\windows\system32\perfc009.dat" "c:\windows\system32\perfh009.dat" "c:\windows\Temp\Perflib_Perfdata_3d0.dat" . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-03 11:33 . 2012-01-03 11:33 16384 c:\windows\temp\Perflib_Perfdata_750.dat + 2006-02-28 12:00 . 2012-01-03 10:59 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-03 10:59 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2012-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.hardId - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15340 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-03 12:34 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1268) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(1328) c:\windows\system32\WININET.dll c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\MAILWA~1\MAILWA~1.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Voltooingstijd: 2012-01-03 12:39:28 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-03 11:39 ComboFix2.txt 2012-01-03 10:59 ComboFix3.txt 2012-01-03 10:25 ComboFix4.txt 2012-01-03 08:42 ComboFix5.txt 2012-01-03 11:26 . Pre-Run: 186.259.881.984 bytes free Post-Run: 186.246.365.184 bytes free . - - End Of File - - DD002697ECA71B3F2C034F875473848C en tusendoor kon ik mooi wafels bakken met kleinzoon!

anoniem · 3 januari 2012

Zijn er nog wafels over? We gaan nogmaals ComboFix gebruiken en nu moet ook Firefox ontdaan gaan worden van Babylon: zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:447be2b188]Kladblok (of Notepad)[/b:447be2b188]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:447be2b188][color=#0000FF:447be2b188]Firefox:: FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ [/color:447be2b188][/b:447be2b188] Sla dit kladblokbestand op je bureaublad op als [b:447be2b188]CFScript.txt[/b:447be2b188]. [b:447be2b188][color=#FF0000:447be2b188]Nu eerst de antivirus deaktiveren![/color:447be2b188][/b:447be2b188] Sleep CFScript.txt in ComboFix.exe [img:447be2b188]http://crew.nucia.eu/smeenk/CFScript.gif[/img:447be2b188] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:447be2b188]Belangrijke opmerking[/b:447be2b188]: [list:447be2b188][*:447be2b188][b:447be2b188][color=Red:447be2b188]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:447be2b188][/b:447be2b188] [*:447be2b188][b:447be2b188][color=blue:447be2b188]Illegal operation attempted on a registery key that has been marked for deletion.[/color:447be2b188][/b:447be2b188] [*:447be2b188][b:447be2b188][color=Red:447be2b188]Start dan de computer opnieuw op.[/color:447be2b188][/b:447be2b188][/list:u:447be2b188]

anoniem · 3 januari 2012

die wafels gaan moeilijk per email.. ComboFix 12-01-02.02 - Administrator 03-01-2012 14:44:28.22.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1281 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-03 11:33 . 2012-01-03 11:33 16384 c:\windows\temp\Perflib_Perfdata_750.dat + 2012-01-03 12:04 . 2012-01-03 12:04 16384 c:\windows\temp\Perflib_Perfdata_694.dat + 2006-02-28 12:00 . 2012-01-03 11:38 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-03 11:38 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2012-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.hardId - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15340 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-03 14:49 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1268) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(2152) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-01-03 14:50:19 ComboFix-quarantined-files.txt 2012-01-03 13:50 ComboFix2.txt 2012-01-03 11:39 ComboFix3.txt 2012-01-03 10:59 ComboFix4.txt 2012-01-03 10:25 ComboFix5.txt 2012-01-03 13:43 . Pre-Run: 186.494.885.888 bytes free Post-Run: 186.474.426.368 bytes free . - - End Of File - - F90E31BAA618E98450759FB40D331F5F

anoniem · 3 januari 2012

Humor, leuk - wafels per e-mail...... We gaan wederom ComboFix gebruiken en nu moet ook Firefox ontdaan gaan worden van Babylon - maar dat gebeurde dus nog niet! Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn. Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:0564526cb3]Kladblok (of Notepad)[/b:0564526cb3]". . Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:0564526cb3][color=#0000FF:0564526cb3]Firefox:: FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ FF - user.js: extensions.BabylonToolbar_ [/color:0564526cb3][/b:0564526cb3] Sla dit kladblokbestand op je bureaublad op als [b:0564526cb3]CFScript.txt[/b:0564526cb3]. [b:0564526cb3][color=#FF0000:0564526cb3]Nu eerst de antivirus deaktiveren![/color:0564526cb3][/b:0564526cb3] Sleep CFScript.txt in ComboFix.exe [img:0564526cb3]http://crew.nucia.eu/smeenk/CFScript.gif[/img:0564526cb3] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! [b:0564526cb3]Belangrijke opmerking[/b:0564526cb3]: [list:0564526cb3][*:0564526cb3][b:0564526cb3][color=Red:0564526cb3]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:0564526cb3][/b:0564526cb3] [*:0564526cb3][b:0564526cb3][color=blue:0564526cb3]Illegal operation attempted on a registery key that has been marked for deletion.[/color:0564526cb3][/b:0564526cb3] [*:0564526cb3][b:0564526cb3][color=Red:0564526cb3]Start dan de computer opnieuw op.[/color:0564526cb3][/b:0564526cb3][/list:u:0564526cb3]

anoniem · 3 januari 2012

duurde even, maar hier: ComboFix 12-01-02.02 - Administrator 03-01-2012 15:07:01.23.3 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2047.1480 [GMT 1:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Persoonlijke firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Start Menu\Internet Explorer.lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))) . . 2012-01-02 15:51 . 2012-01-02 15:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-01-01 13:31 . 2012-01-01 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\SumatraPDF 2012-01-01 13:30 . 2012-01-01 13:30 237 ----a-w- C:\user.js 2011-12-29 14:42 . 2011-12-29 14:42 -------- d-----w- c:\program files\MailWasher Pro 2011-12-29 13:05 . 2011-12-29 13:06 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2011-12-29 11:47 . 2011-12-29 11:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-12-29 11:00 . 2011-12-29 11:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-12-29 10:59 . 2011-12-29 10:59 -------- d-----w- c:\program files\Microsoft Easy Assist 2011-12-27 14:46 . 2011-12-21 08:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-12-27 14:46 . 2011-12-21 04:29 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-12-27 14:46 . 2011-12-21 04:29 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-12-27 14:46 . 2011-12-21 04:29 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-12-19 19:34 . 2011-12-19 19:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\DxO Labs 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PACE Anti-Piracy 2011-12-19 19:32 . 2011-12-19 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\DxO_Labs 2011-12-19 19:32 . 2005-07-27 12:43 150224 ----a-w- c:\windows\system32\RGB9Rast_1.dll 2011-12-18 14:02 . 2010-03-18 18:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll 2011-12-18 14:02 . 2010-03-18 16:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll 2011-12-18 14:02 . 2010-03-18 16:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll 2011-12-18 14:02 . 2010-03-18 16:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll 2011-12-18 13:51 . 2010-01-13 05:03 94208 ----a-w- c:\windows\system32\CNC5200O.dll 2011-12-18 13:51 . 2010-03-10 23:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL 2011-12-18 12:59 . 2011-12-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher 2011-12-18 12:50 . 2011-12-18 12:50 -------- d-----w- c:\program files\Paragon Software 2011-12-18 10:55 . 2011-12-18 10:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player 2011-12-18 10:55 . 2011-12-18 12:21 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318} 2011-12-18 10:54 . 2011-12-18 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2011-12-17 20:06 . 2011-12-17 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonBJ 2011-12-17 15:31 . 2011-12-17 15:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PrimoPDF 2011-12-17 15:31 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2011-12-17 15:30 . 2011-12-17 15:39 -------- d-----w- c:\program files\Nitro PDF 2011-12-17 15:18 . 2011-12-17 15:18 -------- d-----w- c:\program files\Common Files\Bullzip 2011-12-17 15:18 . 1999-05-06 23:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX 2011-12-17 14:56 . 2011-12-17 14:56 -------- d-----w- c:\program files\GPLGS 2011-12-17 14:56 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2011-12-15 11:44 . 2011-12-30 08:22 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJScan 2011-12-15 10:32 . 2011-12-15 10:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\GlarySoft 2011-12-15 10:25 . 2012-01-01 13:25 -------- d-----w- c:\program files\BrowserCompanion 2011-12-15 10:25 . 2011-12-15 10:25 -------- d-----w- c:\documents and settings\Administrator\AppData 2011-12-14 14:09 . 2011-12-14 14:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEGV 2011-12-14 13:36 . 2011-12-14 13:36 -------- d-----w- c:\program files\Common Files\Java 2011-12-14 13:35 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2011-12-14 13:17 . 2011-12-14 13:17 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2011-12-14 13:13 . 2008-08-25 17:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2011-12-14 13:12 . 2011-12-14 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJMSetup 2011-12-14 13:11 . 2011-12-14 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2011-12-14 13:06 . 2010-04-07 04:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL 2011-12-14 13:06 . 2010-04-07 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL 2011-12-14 12:44 . 2011-12-14 12:44 -------- d-----w- c:\windows\system32\STRING 2011-12-14 12:44 . 2010-02-05 01:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL 2011-12-14 12:44 . 2010-02-05 01:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL 2011-12-12 07:49 . 2011-12-12 07:49 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2011-12-12 07:49 . 2011-12-12 07:49 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2011-12-11 20:06 . 2011-12-11 20:06 -------- d-----w- c:\program files\Microsoft Virtual PC 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield 2011-12-11 13:58 . 2011-12-11 13:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\ScanSoft 2011-12-11 13:57 . 2011-12-12 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft 2011-12-10 14:06 . 2011-12-10 14:07 -------- d-----w- c:\program files\HP . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-30 14:55 . 2011-11-09 13:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-30 14:55 . 2011-11-02 09:06 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-12-16 08:11 . 2011-10-20 08:55 165232 ---ha-w- c:\documents and settings\Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll 2011-12-10 14:24 . 2010-09-28 18:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2010-07-21 06:59 1859584 ------w- c:\windows\system32\win32k.sys 2011-11-17 17:06 . 2010-07-26 17:34 567184 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-17 16:56 . 2011-10-23 13:49 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-11 14:01 . 2011-11-11 14:01 22032 ----a-w- c:\windows\DCEBoot.exe 2011-11-08 23:42 . 2011-11-08 23:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys 2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 12:42 . 2011-11-04 18:31 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2011-11-04 12:42 . 2011-11-04 18:31 91440 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2011-11-04 12:42 . 2011-08-15 14:06 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2011-11-04 11:23 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2006-02-28 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2010-07-21 06:59 33280 ------w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2010-07-21 06:59 2148864 ------w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2010-07-21 06:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-22 11:21 . 2011-10-22 11:21 65536 ----a-w- c:\windows\system32\frapsvid.dll 2011-10-21 21:47 . 2011-11-29 12:00 20616 ----a-w- c:\windows\system32\fbnative.exe 2011-10-21 21:46 . 2011-09-29 07:02 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2011-10-21 21:46 . 2011-09-29 07:02 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2011-10-21 21:46 . 2011-09-29 07:02 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2011-10-21 21:46 . 2011-09-29 07:02 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys 2011-10-18 11:13 . 2006-02-28 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-10-12 12:13 . 2002-02-09 23:00 72748 ----a-w- c:\windows\unins000.exe 2011-10-10 14:22 . 2010-04-15 23:22 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-13 09:46 . 2011-09-13 09:46 153296 ----a-w- c:\program files\uninst.exe 2011-09-13 09:45 . 2011-09-13 09:45 2365248 ----a-w- c:\program files\Defraggler.exe 2011-12-21 08:02 . 2011-12-15 15:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-02_16.07.16 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-03 14:02 . 2012-01-03 14:02 16384 c:\windows\temp\Perflib_Perfdata_450.dat + 2006-02-28 12:00 . 2012-01-03 14:07 86624 c:\windows\system32\perfc009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 86624 c:\windows\system32\perfc009.dat + 2006-02-28 12:00 . 2012-01-03 14:07 498840 c:\windows\system32\perfh009.dat - 2006-02-28 12:00 . 2012-01-02 11:07 498840 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-05 98304] "RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296] "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoPopUpsOnBoot"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^ERUNT AutoBackup.lnk] backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup kan niet weg^OpenOffice.org 3.3 .lnk] backup=c:\windows\pss\OpenOffice.org 3.3 .lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2 .lnk] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^USB Alert.lnk] backup=c:\windows\pss\USB Alert.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-06-16 15:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare] 2010-03-04 12:31 311296 ------w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com] 2010-08-09 12:47 248832 ------w- c:\program files\filehippo.com\UpdateChecker.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 16:54 127022 ------w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 15:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\RpcAgentSrv.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011.SP3\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [29-9-2011 8:02 38920] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [29-9-2011 8:02 42376] R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [30-8-2010 11:26 57112] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2-10-2011 13:23 436792] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [29-9-2011 8:02 16008] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [29-9-2011 8:02 184072] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-9-2008 11:03 169312] R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [29-11-2011 12:59 60552] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12-1-2011 15:41 810144] R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [29-11-2011 12:59 23176] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 13:21 92592] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [21-7-2010 8:47 77824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2-11-2011 10:06 253600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21-7-2010 8:49 1691480] S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;\??\c:\windows\system32\epmntdrv.sys --> c:\windows\system32\epmntdrv.sys [?] S3 esihdrv;esihdrv;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\esihdrv.sys [?] S3 EuGdiDrv;EuGdiDrv;\??\c:\windows\system32\EuGdiDrv.sys --> c:\windows\system32\EuGdiDrv.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23-9-2011 15:26 136176] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10-3-2010 7:18 24216] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [29-12-2011 14:05 24064] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28-9-2010 19:47 20464] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [30-8-2010 12:42 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [30-8-2010 12:42 11104] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe [29-6-2011 7:55 93848] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [15-8-2011 15:06 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . Inhoud van de 'Gedeelde Taken' map . 2012-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-02 14:55] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-23 14:25] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: google.nl\www TCP: DhcpNameServer = 10.0.0.138 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pkqhpqx7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=171&systemid=406&sr=0&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.hardId - b867757600000000000000252243cb72 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15340 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:30 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-03 15:12 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run MailWasher = c:\progra~1\MAILWA~1\MAILWA~1.EXE? . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,bd,81,93,a0,02,37,4f,89,c2,93,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ee,bd,66,4c,32,4f,49,4e,b9,82,ab,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0a,fc,0a,51,b3,6e,d3,42,a3,c5,73,\ . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-1547161642-1767777339-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2B73F5A-DB9F-9875-EB6B-1A3E94AB0B21}\InProcServer32*] "kapffnboifaaaignnaoeli"=hex:62,61,70,61,00,fc "japfomdjemhlembmnjll"=hex:63,61,6b,70,6b,6d,00,7c "kapfjneppglggkhafldhoc"=hex:6d,61,63,68,6f,6c,67,68,70,70,6f,68,69,70,64,6f, 6c,67,66,62,6a,70,66,68,67,6a,00,00 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\¤–¤|ÿÿÿÿÀ•¤|ù•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1256) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Voltooingstijd: 2012-01-03 15:13:50 ComboFix-quarantined-files.txt 2012-01-03 14:13 ComboFix2.txt 2012-01-03 13:50 ComboFix3.txt 2012-01-03 11:39 ComboFix4.txt 2012-01-03 10:59 ComboFix5.txt 2012-01-03 14:06 . Pre-Run: 186.488.668.160 bytes free Post-Run: 186.469.842.944 bytes free . - - End Of File - - A02F13906F0910DB11F4DB8F99442A58

anoniem · 4 januari 2012

Hoi, m.b.t. het verwijderen van Babylon in Firefox kom ik daar nog op terug. Maarik wil nu wel graag dat je de ZoneAlarm firewall firewall alsnog deïnstalleert, zodat de Eset Firewall normaal gaat funktioneren.

babylon komt steeds terug.

Vraag

Link naar reactie

Beste reacties voor deze vraag

Populaire dagen

Beste reacties voor deze vraag

Populaire dagen

80 antwoorden op deze vraag

Aanbevolen berichten

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Link naar reactie

Om een reactie te plaatsen, moet je eerst inloggen

Populaire leden

Leden

Recente topics