Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32/Patched.UB detected in services.exe


  • This topic is locked This topic is locked
18 replies to this topic

#1 basko

basko

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 26 June 2012 - 05:55 AM

Hi all,

This far I've been helped out by Boopme and was advised to start a topic here and post my logs. See topic.

I tried follwoing the prep guide, but was unable to get DDS to run. Instead OTL was used. Also I had to skip the GMER step and post the ComboFix log instead.

How to proceed on removing the infected file?
(meanwhile all tips on disabling useless services/programs to start during starting Windows are very welcome. This good oldy gets started pretty slow)

Thanks for helping out!
Bas.

_____________________________________
ComboFix log

ComboFix 12-06-25.05 - basko 06/26/2012 10:36:28.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.1060 [GMT 2:00]
Gestart vanuit: c:\users\basko\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: SPYWAREfighter *Disabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\basko\AppData\Roaming\Izut
c:\users\basko\AppData\Roaming\Izut\quudn.apy
c:\windows\TEMP\xlp6vhbx.vbt
.
c:\windows\system32\Services.exe . . . is geïnfecteerd!!
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-26 to 2012-06-26 ))))))))))))))))))))))))))))))
.
.
2012-06-26 09:54 . 2012-06-26 09:59 -------- d-----w- c:\users\basko\AppData\Local\temp
2012-06-26 09:54 . 2012-06-26 09:54 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-06-26 09:54 . 2012-06-26 09:54 -------- d-----w- c:\users\postgres.baskos_pc\AppData\Local\temp
2012-06-26 09:54 . 2012-06-26 09:54 -------- d-----w- c:\users\postgres.baskos_pc.000\AppData\Local\temp
2012-06-26 09:54 . 2012-06-26 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 11:16 . 2012-06-25 11:16 -------- d-----w- c:\users\basko\AppData\Roaming\Avira
2012-06-25 11:10 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-25 11:10 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-25 11:10 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\programdata\Avira
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\program files\Avira
2012-06-21 18:30 . 2012-06-21 18:30 -------- d-----w- c:\users\basko\AppData\Local\twitter
2012-06-21 08:40 . 2012-06-21 08:40 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\8472de741cd4f893f\bingbarsetup.exe
2012-06-21 08:37 . 2012-06-21 08:37 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\2075f1f41cd4f892a\MeshBetaRemover.exe
2012-06-21 08:36 . 2012-06-21 08:36 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\dsetup32.dll
2012-06-21 08:36 . 2012-06-21 08:36 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\dsetup32.dll
2012-06-21 07:16 . 2012-06-21 07:16 -------- d-----w- c:\program files\iPod
2012-06-21 07:16 . 2012-06-21 07:18 -------- d-----w- c:\program files\iTunes
2012-06-21 07:08 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:08 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:08 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:08 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:07 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:07 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:37 . 2012-06-26 08:21 -------- d-----w- c:\users\basko\AppData\Local\Windows Live
2012-06-15 12:52 . 2012-06-20 10:31 -------- d-----w- c:\users\basko\AppData\Local\Albelli Fotoboeken
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\SpeedyPC Software
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\DriverCure
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-04 06:12 . 2012-06-04 07:42 -------- d-----w- c:\program files\Win 32. Trojan . Small Removal Tool
2012-06-04 06:12 . 2011-02-17 16:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-06-04 06:12 . 2011-02-17 16:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-06-01 21:32 . 2012-06-01 21:32 -------- d-----w- c:\program files\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 09:19 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 07:36 . 2012-05-15 06:11 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FD70566-8B74-4A3D-AB8D-6D70EDC98F13}\mpengine.dll
2012-04-13 07:34 . 2012-04-13 07:34 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-13 07:34 . 2012-04-13 07:34 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-13 07:34 . 2012-04-13 07:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-13 07:34 . 2012-04-13 07:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-13 07:34 . 2012-04-13 07:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-13 07:34 . 2012-04-13 07:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-04-13 07:34 . 2012-04-13 07:34 367104 ----a-w- c:\windows\system32\html.iec
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-04-13 07:34 . 2012-04-13 07:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-04-13 07:34 . 2012-04-13 07:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-13 07:34 . 2012-04-13 07:34 152064 ----a-w- c:\windows\system32\wextract.exe
2012-04-13 07:34 . 2012-04-13 07:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-04-13 07:34 . 2012-04-13 07:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-13 07:34 . 2012-04-13 07:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-13 07:34 . 2012-04-13 07:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-13 07:34 . 2012-04-13 07:34 11776 ----a-w- c:\windows\system32\mshta.exe
2012-04-13 07:34 . 2012-04-13 07:34 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-13 07:34 . 2012-04-13 07:34 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-13 07:34 . 2012-04-13 07:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-04-13 07:34 . 2012-04-13 07:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-13 07:32 . 2012-04-13 07:32 98816 ----a-w- c:\windows\system32\mfps.dll
2012-04-13 07:32 . 2012-04-13 07:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-04-13 07:32 . 2012-04-13 07:32 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-04-13 07:32 . 2012-04-13 07:32 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-04-13 07:32 . 2012-04-13 07:32 2873344 ----a-w- c:\windows\system32\mf.dll
2012-04-13 07:32 . 2012-04-13 07:32 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-04-13 07:32 . 2012-04-13 07:32 586240 ----a-w- c:\windows\system32\stobject.dll
2012-04-13 07:32 . 2012-04-13 07:32 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-04-13 07:32 . 2012-04-13 07:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-13 07:32 . 2012-04-13 07:32 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-13 07:32 . 2012-04-13 07:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-13 07:32 . 2012-04-13 07:32 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-13 07:32 . 2012-04-13 07:32 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-13 07:32 . 2012-04-13 07:32 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-04-13 07:32 . 2012-04-13 07:32 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-04-13 07:32 . 2012-04-13 07:32 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-13 07:32 . 2012-04-13 07:32 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-04-13 07:32 . 2012-04-13 07:32 37376 ----a-w- c:\windows\system32\cdd.dll
2012-04-13 07:32 . 2012-04-13 07:32 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-04-13 07:32 . 2012-04-13 07:32 258048 ----a-w- c:\windows\system32\winspool.drv
2012-04-13 07:32 . 2012-04-13 07:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-13 07:32 . 2012-04-13 07:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-04-13 07:32 . 2012-04-13 07:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-13 07:32 . 2012-04-13 07:32 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-04-13 07:32 . 2012-04-13 07:32 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-13 07:32 . 2012-04-13 07:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-05-14 07:03 . 2011-05-01 09:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-01-12 249856]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 14:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\Spel\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWPROguard]
2010-10-13 14:26 979592 ----a-w- c:\program files\Fighters\SPYWAREfighter\swproTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 14:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-05-20 160704]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-20 2480048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000Core.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000UA.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-06-26 c:\windows\Tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job
- c:\windows\system32\msfeedssync.exe [2012-04-13 07:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: senterloket.nl\www
Trusted Zone: senternovem.nl
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: NameServer = 10.0.0.2
DPF: {357A4655-A056-43C6-902F-11D3B02D6826} - hxxp://www.webstudio.com/bt/5-0-21/web%20studio%205.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\users\basko\AppData\Roaming\Mozilla\Firefox\Profiles\1v4cyoqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.ask.com?o=15003&l=dis
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
.
.
.
**************************************************************************
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?ng 13, GenuineIntel?PROCESSOR_LtL??F9??0:??????_REVISION=0f0d?ProgramData=c:\programdata?programfiles=c:\Program Files?PUBLIC=c:\users\Public?QTJAVA=c:\program files\Java\jre6\lib\ext\QTJava.
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBE932E3-F00C-6760-395F-F5F506E76BF7}*]
"eaghdgpdhl"=hex:66,61,6d,67,69,6d,70,62,6d,61,66,70,00,fc
"dadhoiad"=hex:64,62,63,6a,63,6d,6e,66,6c,6a,66,6c,66,61,6f,66,63,68,6f,6c,6d,
64,66,65,65,62,65,61,6f,69,70,69,68,67,64,63,61,66,6c,6d,00,00
"iaofilimlocjofnkee"=hex:69,61,70,6b,6b,65,6e,64,6e,67,69,6d,6a,6d,61,69,70,61,
00,00
"haejobhipemgcgml"=hex:69,61,6d,6b,66,6e,66,66,68,61,6a,65,6b,6c,68,66,6a,6d,
00,00
.
[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D158708E-E2BF-5701-C32E-04FC946BD863}*]
"iahdbbbhinpggofoaa"=hex:69,61,6a,61,67,6f,65,6a,6c,70,6a,6d,67,6f,65,61,65,70,
00,00
"habehaamehlkaaai"=hex:6a,61,64,61,64,65,66,64,64,66,6f,6f,62,6a,6a,64,6f,70,
62,6f,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000007b
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(5436)
c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\atashost.exe
c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-06-26 12:09:36 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-26 10:09
ComboFix2.txt 2012-06-25 10:57
.
Pre-Run: 64,740,192,256 bytes beschikbaar
Post-Run: 64,553,422,848 bytes beschikbaar
.
- - End Of File - - 3F06DE3652B7451824C88983EDFF747B
___________________________________________________________


___________________________________________________________
OTL log


OTL logfile created on: 6/26/2012 12:18:45 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\basko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.87% Memory free
4.21 Gb Paging File | 2.85 Gb Available in Paging File | 67.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.12 Gb Total Space | 60.18 Gb Free Space | 33.60% Space Free | Partition Type: NTFS

Computer Name: baskoS_PC | User Name: basko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\basko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
PRC - C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\ReaConverter 5.5 Pro\context.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Suite Service) -- C:\Program Files\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (B-Service) -- C:\Users\basko\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (rcp_service) -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe (ReaSoft)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ctredr15.sys) -- C:\Windows\system32\drivers\ctredr15.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\System32\drivers\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NETw4v32) Stuurprogramma voor Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {395A05B3-E73A-472E-8BAA-ED59BED9D010}
IE - HKLM\..\SearchScopes\{395A05B3-E73A-472E-8BAA-ED59BED9D010}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes,DefaultScope = {BF5C0154-8BC8-4AB5-8AD0-98AD47248BD5}
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes\{5CAA528A-2356-409E-AE22-C46BB3AEE023}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPA
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes\{B504F8BB-F233-4D89-A8D0-410E20894833}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes\{BF5C0154-8BC8-4AB5-8AD0-98AD47248BD5}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://nl.ask.com?o=15003&l=dis"
FF - prefs.js..extensions.enabledItems: ImproveROISystemTool@ImproveROISystemTool:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2d8d9acc-f6d7-4362-8876-a275ca929591}:3.2.5.2
FF - prefs.js..keyword.URL: "http://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/21 08:59:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/21 08:59:37 | 000,000,000 | ---D | M]

[2009/09/06 14:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\basko\AppData\Roaming\mozilla\Extensions
[2009/07/08 15:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\basko\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/05/31 22:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\basko\AppData\Roaming\mozilla\Firefox\Profiles\1v4cyoqm.default\extensions
[2011/01/08 13:57:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\basko\AppData\Roaming\mozilla\Firefox\Profiles\1v4cyoqm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/31 10:12:17 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\basko\AppData\Roaming\mozilla\Firefox\Profiles\1v4cyoqm.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2010/05/08 16:44:38 | 000,002,253 | ---- | M] () -- C:\Users\basko\AppData\Roaming\Mozilla\Firefox\Profiles\1v4cyoqm.default\searchplugins\askcom.xml
[2012/01/19 10:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/14 09:03:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/01 17:16:14 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/09 05:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2012/03/06 00:01:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/06 00:01:58 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/03/06 00:01:58 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/03/06 00:01:58 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\basko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\basko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\basko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\basko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/26 11:57:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe ()
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..Trusted Domains: senterloket.nl ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..Trusted Domains: senternovem.nl ([]* in Trusted sites)
O15 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {357A4655-A056-43C6-902F-11D3B02D6826} http://www.webstudio.com/bt/5-0-21/web%20studio%205.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7075DEB6-F254-4931-BA48-13EC75802E26}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BD1CFB-00C8-4D2D-9214-3A343976679B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: DhcpNameServer = 87.236.0.10 62.166.128.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: NameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66A305D-CD2F-40EF-B989-715ECCCAB0E7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBB571A6-9B22-4ECE-A5D7-287DA2378314}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\basko\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\basko\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 12:14:08 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\basko\Desktop\OTL.exe
[2012/06/26 11:57:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/26 11:54:26 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\temp
[2012/06/26 10:32:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/26 10:30:30 | 004,569,239 | R--- | C] (Swearware) -- C:\Users\basko\Desktop\ComboFix.exe
[2012/06/26 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{1E99C01C-9FB3-485F-BB5A-76947D9012E9}
[2012/06/26 10:20:52 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{D2760666-F0A7-4EF5-A2B5-4F3889D88A82}
[2012/06/25 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{00F35815-8880-4B0D-BDC0-3BEF11814FA3}
[2012/06/25 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{FB302AFD-DE8E-4D70-9983-79FF708064A7}
[2012/06/25 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\Avira
[2012/06/25 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/25 13:10:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/06/25 13:10:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/06/25 13:10:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/06/25 13:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/25 13:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/06/25 10:54:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 10:54:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 10:54:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/25 10:38:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 10:37:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/25 10:19:40 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{4F633833-9E2C-4263-8D38-7C708B6E8E8F}
[2012/06/25 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{AE174725-5D50-47F0-9364-E18587852F17}
[2012/06/24 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{9A6014DF-E6ED-4628-BF49-8F645991073A}
[2012/06/24 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{C9E42DC1-EEB9-4927-AA72-CAEB8692FF43}
[2012/06/24 10:11:13 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{52347AFC-D58B-4919-8FFD-F3DA26E67B8E}
[2012/06/24 10:11:02 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{CF7AA084-7738-4722-9163-85C8AE0CB60D}
[2012/06/23 11:56:08 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{59394AB7-78B4-4E6B-8514-6220DA3870B5}
[2012/06/23 11:55:56 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{3F42009B-6183-4E13-A9B2-C7EA40B5D123}
[2012/06/22 23:55:26 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{E640E54F-BAE1-43C2-B1B3-62A016E27813}
[2012/06/22 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{66BB7081-0E20-4222-BA71-12130B3D08D4}
[2012/06/22 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{4C9159E9-D810-431A-A6A6-F72DCBB33107}
[2012/06/22 11:54:32 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{9B3D125F-FC67-452C-868C-925E40DA5198}
[2012/06/22 10:26:17 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{4CBFF448-98EF-413A-8886-C49849B3707A}
[2012/06/21 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\twitter
[2012/06/21 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{FF1BA493-7E69-4DE7-BF79-0E398005BEB3}
[2012/06/21 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{B3E731AF-B986-418A-9664-4120B87BB9D0}
[2012/06/21 09:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/21 09:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/21 09:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/21 09:08:49 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/21 09:08:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/21 09:08:17 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/21 09:08:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/21 09:08:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/21 09:07:46 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/21 09:07:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/21 08:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/21 08:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/20 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\Windows Live
[2012/06/15 15:01:08 | 000,000,000 | ---D | C] -- C:\Users\basko\Desktop\Fotoboek
[2012/06/15 14:52:10 | 000,000,000 | ---D | C] -- C:\Users\basko\Documents\Albelli Fotoboeken
[2012/06/15 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Fotoboeken
[2012/06/15 14:52:03 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\Albelli Fotoboeken
[2012/06/04 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\SpeedyPC Software
[2012/06/04 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\DriverCure
[2012/06/04 11:59:01 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/06/04 11:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/06/04 11:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/06/04 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/04 08:12:00 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2012/06/04 08:12:00 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2012/06/04 08:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win 32. Trojan . Small Removal Tool
[2012/06/04 08:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32. Trojan . Small Removal Tool
[2012/06/01 23:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 12:21:59 | 000,000,464 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job
[2012/06/26 12:14:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\basko\Desktop\OTL.exe
[2012/06/26 11:57:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/26 11:56:28 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 11:56:28 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 11:56:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 11:55:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/26 11:44:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000UA.job
[2012/06/26 10:30:51 | 004,569,239 | R--- | M] (Swearware) -- C:\Users\basko\Desktop\ComboFix.exe
[2012/06/25 21:58:03 | 000,000,020 | ---- | M] () -- C:\Users\basko\defogger_reenable
[2012/06/25 11:10:00 | 311,294,289 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/24 10:31:12 | 000,076,749 | ---- | M] () -- C:\Users\basko\Desktop\puma.jpg
[2012/06/22 22:44:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000Core.job
[2012/06/21 19:27:54 | 003,829,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 14:52:05 | 000,001,763 | ---- | M] () -- C:\Users\basko\Desktop\Albelli.lnk
[2012/06/12 14:52:37 | 000,000,132 | ---- | M] () -- C:\Users\basko\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 14:25:09 | 000,544,968 | ---- | M] () -- C:\Users\basko\Desktop\fb-marketing-infographic1.jpg
[2012/06/04 15:17:30 | 000,670,308 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/06/04 15:17:30 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/04 15:17:30 | 000,127,900 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/06/04 15:17:30 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/04 12:00:47 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/04 11:59:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/04 11:59:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/04 11:53:21 | 000,001,356 | ---- | M] () -- C:\Users\basko\AppData\Local\d3d9caps.dat
[2012/06/03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/01 23:33:11 | 000,001,000 | ---- | M] () -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/25 21:57:31 | 000,000,020 | ---- | C] () -- C:\Users\basko\defogger_reenable
[2012/06/25 11:10:00 | 311,294,289 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/25 10:54:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 10:54:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 10:54:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 10:54:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 10:54:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/24 10:31:33 | 000,076,749 | ---- | C] () -- C:\Users\basko\Desktop\puma.jpg
[2012/06/21 11:22:09 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/15 14:52:05 | 000,001,763 | ---- | C] () -- C:\Users\basko\Desktop\Albelli.lnk
[2012/06/12 14:52:37 | 000,000,132 | ---- | C] () -- C:\Users\basko\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 14:25:17 | 000,544,968 | ---- | C] () -- C:\Users\basko\Desktop\fb-marketing-infographic1.jpg
[2012/06/04 12:00:47 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/04 11:59:00 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/04 11:59:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/01 23:33:11 | 000,001,000 | ---- | C] () -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/23 11:53:48 | 000,004,096 | -H-- | C] () -- C:\Users\basko\AppData\Local\keyfile3.drm
[2011/11/16 20:23:28 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/04/13 11:10:13 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/10/13 16:09:35 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2010/03/11 21:17:34 | 000,000,600 | -H-- | C] () -- C:\Users\basko\PUTTY.RND
[2009/12/10 15:26:51 | 000,001,532 | -H-- | C] () -- C:\Users\basko\.recently-used.xbel
[2009/06/30 00:18:42 | 000,000,383 | -H-- | C] () -- C:\Users\basko\AppData\Local\postgresinstall.bat
[2008/07/31 19:53:53 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/21 12:29:08 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/11/03 21:05:48 | 000,036,352 | ---- | C] () -- C:\Users\basko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/03 21:02:22 | 000,001,356 | ---- | C] () -- C:\Users\basko\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
____________________________________________________________


____________________________________________________________
OTL Extras log

OTL Extras logfile created on: 6/26/2012 12:18:45 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\basko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.87% Memory free
4.21 Gb Paging File | 2.85 Gb Available in Paging File | 67.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.12 Gb Total Space | 60.18 Gb Free Space | 33.60% Space Free | Partition Type: NTFS

Computer Name: baskoS_PC | User Name: basko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{844D5F66-1C56-4726-9ADD-1B6D044705AA}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{192CBB7C-B814-4C6D-A1C9-4C47F0816E32}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{059D6814-73F9-480B-B0B2-D6428F1C1F99}" = SolidWorks eDrawings 2010
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1C63AA59-66B2-418C-BDF5-53A534DA5690}_is1" = Sothink SWF to Video Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{29262C96-A8B9-467B-ADA9-592974677D6E}" = VAIO Content Metadata XML Interface Library
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{356A54A6-D85A-470E-AA28-DBC76BBEA89E}" = LizaFlex MM Client
"{374F03BB-9C09-4DB3-9C9B-C71E63292950}" = Google Earth
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E78C3B0-553D-4453-9BFA-123FD4406CB8}" = SOSOS
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{694816A9-3108-46FB-B7D8-327C56FDF463}" = Foto Klein Album Editor
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84FD3428-28D4-4EA5-A930-5C9AD7DDE37F}" = ASPEncrypt
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Apparaatcentrum
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1B8F66E-0076-4403-B835-BEF1A91E89D8}" = Norton Security Scan
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A27CAF84-656A-4D4D-9D95-D5B1368074C7}" = PokerStrategy Elephant
"{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1043-7B44-A83000000003}" = Adobe Reader 8.3.1 - Nederlands
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Aangifte inkomstenbelasting 2008 voor ondernemers" = Aangifte inkomstenbelasting 2008 voor ondernemers
"Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
"Aangifte inkomstenbelasting voor ondernemers 2009" = Aangifte inkomstenbelasting voor ondernemers 2009
"Aangifte inkomstenbelasting voor ondernemers 2010" = Aangifte inkomstenbelasting voor ondernemers 2010
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Android SDK Tools" = Android SDK Tools
"Any Video Converter_is1" = Any Video Converter 3.0.1
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crystal Button 2008 InMotion! Pack_is1" = Crystal Button 2008 InMotion! (v.3.2)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"dt icon module" =
"eBay HTML" =
"FileZilla Client" = FileZilla Client 3.3.5.1
"FLAC" = FLAC 1.2.1a (remove only)
"foobar2000" = foobar2000 v1.0
"FormatFactory" = FormatFactory 2.60
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"gtfirstboot Setting Request" =
"HDMI" = Intel® Graphics Media Accelerator Driver
"HoldemManager" = Holdem Manager
"Huur- en zorgtoeslag 2009" = Huur- en zorgtoeslag 2009
"ImgBurn" = ImgBurn
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{356A54A6-D85A-470E-AA28-DBC76BBEA89E}" = LizaFlex MM Client
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mozilla Firefox 12.0 (x86 nl)" = Mozilla Firefox 12.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa 3" = Picasa 3
"Pokerazor" = Pokerazor 1.38
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"Project Templates" = Project Templates
"PROPLUS" = Microsoft Office Professional Plus 2007
"QuickPar" = QuickPar 0.9
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SABnzbd" = SABnzbd (remove only)
"SitNGoWizard" = SitNGo Wizard
"Skype_is1" = Skype 3.2
"Some PDF Image Extract_is1" = Some PDF Image Extractr 1.5
"SopCast" = SopCast 3.2.9
"SPYWAREfighter" = SPYWAREfighter
"TeamViewer 6" = TeamViewer 6
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"VAIO Help and Support" =
"VAIO MFU Module" =
"Veetle TV" = Veetle TV 0.9.18
"Verzoek of wijziging voorlopige aanslag 2009" = Verzoek of wijziging voorlopige aanslag 2009
"Video Cutter_is1" = Video Cutter 1.0
"Virtual Villagers" = Virtual Villagers (remove only)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"Win 32. Trojan . Small Removal Tool_is1" = Win 32. Trojan . Small Removal Tool
"Windows Mobile Device Handbook" = Windows Mobile-hulpbronnen
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMind" = XMind

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1" = Albelli Fotoboeken
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2012 4:51:41 PM | Computer Name = baskos_pc | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 6/25/2012 4:51:41 PM | Computer Name = baskos_pc | Source = PostgreSQL | ID = 0
Description = 2012-06-25 22:51:41 CESTFATAL: the database system is starting up


Error - 6/25/2012 4:51:43 PM | Computer Name = baskos_pc | Source = PostgreSQL | ID = 0
Description = 2012-06-25 22:51:43 CESTFATAL: the database system is starting up


Error - 6/25/2012 4:51:44 PM | Computer Name = baskos_pc | Source = PostgreSQL | ID = 0
Description = 2012-06-25 22:51:44 CESTFATAL: the database system is starting up


Error - 6/25/2012 4:51:45 PM | Computer Name = baskos_pc | Source = PostgreSQL | ID = 0
Description = 2012-06-25 22:51:45 CESTFATAL: the database system is starting up


Error - 6/26/2012 4:05:01 AM | Computer Name = baskos_pc | Source = PostgreSQL | ID = 0
Description = 2012-06-26 10:05:01 CESTFATAL: the database system is starting up


Error - 6/26/2012 4:05:01 AM | Computer Name = baskos_pc | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 6/26/2012 4:30:55 AM | Computer Name = baskos_pc | Source = Windows Search Service | ID = 3013
Description =

Error - 6/26/2012 4:32:33 AM | Computer Name = baskos_pc | Source = Application Error | ID = 1000
Description = Toepassing met fout Explorer.EXE, versie 6.0.6002.18005, tijdstempel
0x49e01da5, module met fout DropboxExt.14.dll, versie 1.0.0.14, tijdstempel 0x4bfd6926,
uitzonderingscode 0xc0000005, foutmarge 0x0000446c, proces-id 0x44c, starttijd van
toepassing 0x01cd5372a4641d4f.

Error - 6/26/2012 5:56:45 AM | Computer Name = baskos_pc | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 6/26/2012 5:56:51 AM | Computer Name = baskos_pc | Source = PostgreSQL | ID = 0
Description = 2012-06-26 11:56:51 CESTFATAL: the database system is starting up


Error - 6/26/2012 6:14:18 AM | Computer Name = baskos_pc | Source = Windows Search Service | ID = 3013
Description =

[ ODiag Events ]
Error - 5/14/2009 6:31:49 PM | Computer Name = baskos_pc | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

Error - 5/14/2009 6:33:36 PM | Computer Name = baskos_pc | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 4/1/2008 3:37:31 PM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8386
seconds with 3360 seconds of active time. This session ended with a crash.

Error - 1/24/2009 1:44:22 PM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 313
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/18/2009 7:13:58 AM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/14/2009 6:31:48 PM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/24/2009 6:24:22 PM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 10046
seconds with 9000 seconds of active time. This session ended with a crash.

Error - 12/23/2009 6:09:11 AM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4820
seconds with 180 seconds of active time. This session ended with a crash.

Error - 5/20/2010 8:50:08 AM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18324
seconds with 840 seconds of active time. This session ended with a crash.

Error - 10/11/2010 7:41:55 AM | Computer Name = baskos_pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3446
seconds with 240 seconds of active time. This session ended with a crash.

[ SitNGoWizard Events ]
Error - 1/28/2010 6:48:45 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = Invoke of BeginInvoke kan niet op een besturingselement worden aangeroepen
tot de vensterkoppeling is gemaakt.

Error - 1/28/2010 6:48:45 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = bij System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) bij System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) bij System.Windows.Forms.Control.Invoke(Delegate method)

bij SitNGoWizard.MainForm.onPokerSiteTimerTick(Object sender, EventArgs e)
bij System.Windows.Forms.Timer.OnTick(EventArgs e) bij System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) bij System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

Error - 1/28/2010 7:38:19 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description =

Error - 1/28/2010 7:41:26 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = De parameter sectionGroupName is ongeldig. Parameternaam: sectionGroupName

Error - 1/28/2010 7:41:26 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = bij System.Configuration.MgmtConfigurationRecord.GetSectionGroup(String
configKey) bij System.Configuration.Configuration.GetSectionGroup(String sectionGroupName)

bij System.Configuration.ClientSettingsStore.DeclareSection(Configuration config,
String sectionName) bij System.Configuration.ClientSettingsStore.GetConfigSection(Configuration
config, String sectionName, Boolean declare) bij System.Configuration.ClientSettingsStore.WriteSettings(String
sectionName, Boolean isRoaming, IDictionary newSettings) bij System.Configuration.LocalFileSettingsProvider.SetPropertyValues(SettingsContext
context, SettingsPropertyValueCollection values) bij System.Configuration.SettingsBase.SaveCore()

bij System.Configuration.SettingsBase.Save() bij System.Configuration.ApplicationSettingsBase.Save()

bij SitNGoWizard.MainForm.MainForm_Shown(Object sender, EventArgs e) bij System.Windows.Forms.Form.OnShown(EventArgs
e) bij System.Windows.Forms.Form.CallShownEvent() bij System.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry
tme) bij System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj)

bij System.Threading.ExecutionContext.runTryCode(Object userData) bij System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode
code, CleanupCode backoutCode, Object userData) bij System.Threading.ExecutionContext.RunInternal(ExecutionContext
executionContext, ContextCallback callback, Object state) bij System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) bij System.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry
tme) bij System.Windows.Forms.Control.InvokeMarshaledCallbacks()

Error - 1/28/2010 7:42:20 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = De parameter sectionGroupName is ongeldig. Parameternaam: sectionGroupName

Error - 1/28/2010 7:42:20 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = bij System.Configuration.MgmtConfigurationRecord.GetSectionGroup(String
configKey) bij System.Configuration.Configuration.GetSectionGroup(String sectionGroupName)

bij System.Configuration.ClientSettingsStore.DeclareSection(Configuration config,
String sectionName) bij System.Configuration.ClientSettingsStore.GetConfigSection(Configuration
config, String sectionName, Boolean declare) bij System.Configuration.ClientSettingsStore.WriteSettings(String
sectionName, Boolean isRoaming, IDictionary newSettings) bij System.Configuration.LocalFileSettingsProvider.SetPropertyValues(SettingsContext
context, SettingsPropertyValueCollection values) bij System.Configuration.SettingsBase.SaveCore()

bij System.Configuration.SettingsBase.Save() bij System.Configuration.ApplicationSettingsBase.Save()

bij SitNGoWizard.NewGameForm.buttonOK_Click(Object sender, EventArgs e) bij
System.Windows.Forms.Control.OnClick(EventArgs e) bij System.Windows.Forms.Button.OnClick(EventArgs
e) bij System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) bij System.Windows.Forms.Control.WmMouseUp(Message&
m, MouseButtons button, Int32 clicks) bij System.Windows.Forms.Control.WndProc(Message&
m) bij System.Windows.Forms.ButtonBase.WndProc(Message& m) bij System.Windows.Forms.Button.WndProc(Message&
m) bij System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)

bij System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) bij
System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam,
IntPtr lparam)

Error - 2/2/2010 8:52:31 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = De index valt buiten het bereik. Deze mag niet negatief zijn en moet
kleiner zijn dan de grootte van de verzameling. Parameternaam: index

Error - 2/2/2010 8:52:31 AM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = bij System.Collections.ArrayList.get_Item(Int32 index) bij SitNGoWizard.NewGameForm.EditAction(Int32
rowIndex, Point location) bij SitNGoWizard.NewGameForm.dataGridViewPlayers_CellMouseClick(Object
sender, DataGridViewCellMouseEventArgs e) bij System.Windows.Forms.DataGridView.OnCellMouseClick(DataGridViewCellMouseEventArgs
e) bij System.Windows.Forms.DataGridView.OnMouseClick(MouseEventArgs e) bij
System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)

bij System.Windows.Forms.Control.WndProc(Message& m) bij System.Windows.Forms.DataGridView.WndProc(Message&
m) bij System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)

bij System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) bij
System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam,
IntPtr lparam)

Error - 3/14/2010 5:54:46 PM | Computer Name = baskos_pc | Source = SitNGoWizard | ID = 1
Description = Invoke of BeginInvoke kan niet op een besturingselement worden aangeroepen
tot de vensterkoppeling is gemaakt.

[ System Events ]
Error - 6/26/2012 5:54:32 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7030
Description =

Error - 6/26/2012 5:57:55 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7000
Description =

Error - 6/26/2012 5:59:33 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7026
Description =

Error - 6/26/2012 6:00:08 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7009
Description =

Error - 6/26/2012 6:00:33 AM | Computer Name = baskos_pc | Source = DCOM | ID = 10005
Description =

Error - 6/26/2012 6:00:33 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7000
Description =

Error - 6/26/2012 6:00:33 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7001
Description =

Error - 6/26/2012 6:00:38 AM | Computer Name = baskos_pc | Source = DCOM | ID = 10005
Description =

Error - 6/26/2012 6:00:38 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7009
Description =

Error - 6/26/2012 6:00:38 AM | Computer Name = baskos_pc | Source = Service Control Manager | ID = 7000
Description =


< End of report >
__________________________________________________

Edited by etavares, 05 July 2012 - 09:58 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 30 June 2012 - 10:32 AM

Welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    /md5start
    services.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 01 July 2012 - 05:52 AM

Hi,

Thanks for your response and glad you're helping out. The problem is Avira keeps popping up and giving a warning on the services.exe file. Avira isn't able to remove the file.

I am not sure if it is related, but it might be usefull to mention last month some file was infected with Small.FI. For that one I tried several trojan removers etc. Since that didn't work out I finally just deleted the infected file manually.

Now being faced with a new infected file I googled for a solution and found this forum. After creating my first topic I used my laptop as less as possible awaiting the replies. I did not try or do anything to solve the problem. Besides Avira popping up constantly the laptop seems to run normal.

Now I tried running GMER, but it keeps crashing. This happens while scanning \Device\Harddisk\VolumeShadowCopyX (where X is 7 in the last case, have seen crashing on 5 as well). I have ran Defogger before starting the scan and I unchecked the right boxes.

I did manage to run OTL though. This is the log:

OTL logfile created on: 7/1/2012 11:44:15 AM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\basko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.05% Memory free
4.22 Gb Paging File | 2.78 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 179.12 Gb Total Space | 59.79 Gb Free Space | 33.38% Space Free | Partition Type: NTFS

Computer Name: BASKOS_PC | User Name: Basko| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\basko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
PRC - C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Windows\System32\services.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)


========== Modules (No Company Name) ==========

MOD - C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Users\basko\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libglesv2.dll ()
MOD - C:\Users\basko\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libegl.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\ReaConverter 5.5 Pro\context.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (Suite Service) -- C:\Program Files\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (AV Engine Scanning Service) -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (B-Service) -- C:\Users\basko\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (rcp_service) -- C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe (ReaSoft)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ctredr15.sys) -- C:\Windows\system32\drivers\ctredr15.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AVFSFilter) -- C:\Windows\System32\drivers\avfsfilter.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\System32\drivers\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NETw4v32) Stuurprogramma voor Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {395A05B3-E73A-472E-8BAA-ED59BED9D010}
IE - HKLM\..\SearchScopes\{395A05B3-E73A-472E-8BAA-ED59BED9D010}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes,DefaultScope = {BF5C0154-8BC8-4AB5-8AD0-98AD47248BD5}
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes\{5CAA528A-2356-409E-AE22-C46BB3AEE023}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WZPA
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes\{B504F8BB-F233-4D89-A8D0-410E20894833}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=BIE9DF&amp;pc=BIE9&amp;src=IE-SearchBox
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\SearchScopes\{BF5C0154-8BC8-4AB5-8AD0-98AD47248BD5}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://nl.ask.com?o=15003&l=dis"
FF - prefs.js..extensions.enabledItems: ImproveROISystemTool@ImproveROISystemTool:1.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {2d8d9acc-f6d7-4362-8876-a275ca929591}:3.2.5.2
FF - prefs.js..keyword.URL: "http://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\basko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\basko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 11:20:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/21 08:59:37 | 000,000,000 | ---D | M]

[2009/09/06 14:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\basko\AppData\Roaming\mozilla\Extensions
[2009/07/08 15:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\basko\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/05/31 22:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\basko\AppData\Roaming\mozilla\Firefox\Profiles\1v4cyoqm.default\extensions
[2011/01/08 13:57:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\basko\AppData\Roaming\mozilla\Firefox\Profiles\1v4cyoqm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/31 10:12:17 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\basko\AppData\Roaming\mozilla\Firefox\Profiles\1v4cyoqm.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2010/05/08 16:44:38 | 000,002,253 | ---- | M] () -- C:\Users\basko\AppData\Roaming\Mozilla\Firefox\Profiles\1v4cyoqm.default\searchplugins\askcom.xml
[2012/01/19 10:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 11:20:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/01 17:16:14 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/09 05:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2012/03/06 00:01:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/06 00:01:58 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/03/06 00:01:58 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/03/06 00:01:58 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\basko\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\basko\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\basko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\basko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\basko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/26 11:57:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe ()
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..Trusted Domains: senterloket.nl ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..Trusted Domains: senternovem.nl ([]* in Trusted sites)
O15 - HKU\S-1-5-21-960749172-2722181803-4115584216-1008\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {357A4655-A056-43C6-902F-11D3B02D6826} http://www.webstudio.com/bt/5-0-21/web%20studio%205.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7075DEB6-F254-4931-BA48-13EC75802E26}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BD1CFB-00C8-4D2D-9214-3A343976679B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: DhcpNameServer = 87.236.0.10 62.166.128.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: NameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66A305D-CD2F-40EF-B989-715ECCCAB0E7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBB571A6-9B22-4ECE-A5D7-287DA2378314}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\basko\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\basko\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\Spel\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SWPROguard - hkey= - key= - C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 11:41:58 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\basko\Desktop\OTL.exe
[2012/06/26 11:57:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/26 11:54:26 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\temp
[2012/06/26 10:32:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/26 10:30:30 | 004,569,239 | R--- | C] (Swearware) -- C:\Users\basko\Desktop\ComboFix.exe
[2012/06/26 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{1E99C01C-9FB3-485F-BB5A-76947D9012E9}
[2012/06/26 10:20:52 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{D2760666-F0A7-4EF5-A2B5-4F3889D88A82}
[2012/06/25 22:20:23 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{00F35815-8880-4B0D-BDC0-3BEF11814FA3}
[2012/06/25 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{FB302AFD-DE8E-4D70-9983-79FF708064A7}
[2012/06/25 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\Avira
[2012/06/25 13:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/25 13:10:06 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/06/25 13:10:06 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/06/25 13:10:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/06/25 13:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/25 13:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/06/25 10:54:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 10:54:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 10:54:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/25 10:38:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 10:37:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/25 10:19:40 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{4F633833-9E2C-4263-8D38-7C708B6E8E8F}
[2012/06/25 10:19:29 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{AE174725-5D50-47F0-9364-E18587852F17}
[2012/06/24 22:11:57 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{9A6014DF-E6ED-4628-BF49-8F645991073A}
[2012/06/24 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{C9E42DC1-EEB9-4927-AA72-CAEB8692FF43}
[2012/06/24 10:11:13 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{52347AFC-D58B-4919-8FFD-F3DA26E67B8E}
[2012/06/24 10:11:02 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{CF7AA084-7738-4722-9163-85C8AE0CB60D}
[2012/06/23 11:56:08 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{59394AB7-78B4-4E6B-8514-6220DA3870B5}
[2012/06/23 11:55:56 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{3F42009B-6183-4E13-A9B2-C7EA40B5D123}
[2012/06/22 23:55:26 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{E640E54F-BAE1-43C2-B1B3-62A016E27813}
[2012/06/22 23:55:15 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{66BB7081-0E20-4222-BA71-12130B3D08D4}
[2012/06/22 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{4C9159E9-D810-431A-A6A6-F72DCBB33107}
[2012/06/22 11:54:32 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{9B3D125F-FC67-452C-868C-925E40DA5198}
[2012/06/22 10:26:17 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{4CBFF448-98EF-413A-8886-C49849B3707A}
[2012/06/21 20:30:05 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\twitter
[2012/06/21 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{FF1BA493-7E69-4DE7-BF79-0E398005BEB3}
[2012/06/21 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\{B3E731AF-B986-418A-9664-4120B87BB9D0}
[2012/06/21 09:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/21 09:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/21 09:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/21 08:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/21 08:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/20 23:37:00 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\Windows Live
[2012/06/15 15:01:08 | 000,000,000 | ---D | C] -- C:\Users\basko\Desktop\Fotoboek
[2012/06/15 14:52:10 | 000,000,000 | ---D | C] -- C:\Users\basko\Documents\Albelli Fotoboeken
[2012/06/15 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Fotoboeken
[2012/06/15 14:52:03 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Local\Albelli Fotoboeken
[2012/06/04 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\SpeedyPC Software
[2012/06/04 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\DriverCure
[2012/06/04 11:59:01 | 000,000,000 | ---D | C] -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/06/04 11:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/06/04 11:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/06/04 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/04 08:12:00 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2012/06/04 08:12:00 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2012/06/04 08:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win 32. Trojan . Small Removal Tool
[2012/06/04 08:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32. Trojan . Small Removal Tool
[2012/06/01 23:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 11:57:00 | 000,000,464 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job
[2012/07/01 11:44:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000UA.job
[2012/07/01 11:42:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\basko\Desktop\OTL.exe
[2012/07/01 10:42:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 10:42:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 10:42:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 13:29:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/29 12:43:59 | 000,035,155 | ---- | M] () -- C:\Users\basko\Desktop\duif.jpg
[2012/06/26 22:44:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000Core.job
[2012/06/26 11:57:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/26 10:30:51 | 004,569,239 | R--- | M] (Swearware) -- C:\Users\basko\Desktop\ComboFix.exe
[2012/06/25 21:58:03 | 000,000,020 | ---- | M] () -- C:\Users\basko\defogger_reenable
[2012/06/25 11:10:00 | 311,294,289 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 19:27:54 | 003,829,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/15 14:52:05 | 000,001,763 | ---- | M] () -- C:\Users\basko\Desktop\Albelli.lnk
[2012/06/12 14:52:37 | 000,000,132 | ---- | M] () -- C:\Users\basko\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 14:25:09 | 000,544,968 | ---- | M] () -- C:\Users\basko\Desktop\fb-marketing-infographic1.jpg
[2012/06/04 15:17:30 | 000,670,308 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/06/04 15:17:30 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/04 15:17:30 | 000,127,900 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/06/04 15:17:30 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/04 12:00:47 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/04 11:59:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/04 11:59:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/04 11:53:21 | 000,001,356 | ---- | M] () -- C:\Users\basko\AppData\Local\d3d9caps.dat
[2012/06/01 23:33:11 | 000,001,000 | ---- | M] () -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 12:44:22 | 000,035,155 | ---- | C] () -- C:\Users\basko\Desktop\duif.jpg
[2012/06/25 21:57:31 | 000,000,020 | ---- | C] () -- C:\Users\basko\defogger_reenable
[2012/06/25 11:10:00 | 311,294,289 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/25 10:54:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 10:54:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 10:54:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 10:54:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 10:54:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/21 11:22:09 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/15 14:52:05 | 000,001,763 | ---- | C] () -- C:\Users\basko\Desktop\Albelli.lnk
[2012/06/12 14:52:37 | 000,000,132 | ---- | C] () -- C:\Users\basko\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 14:25:17 | 000,544,968 | ---- | C] () -- C:\Users\basko\Desktop\fb-marketing-infographic1.jpg
[2012/06/04 12:00:47 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/04 11:59:00 | 000,000,450 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/04 11:59:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/06/01 23:33:11 | 000,001,000 | ---- | C] () -- C:\Users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/23 11:53:48 | 000,004,096 | -H-- | C] () -- C:\Users\basko\AppData\Local\keyfile3.drm
[2011/11/16 20:23:28 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/04/13 11:10:13 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/10/13 16:09:35 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2010/03/11 21:17:34 | 000,000,600 | -H-- | C] () -- C:\Users\basko\PUTTY.RND
[2009/12/10 15:26:51 | 000,001,532 | -H-- | C] () -- C:\Users\basko\.recently-used.xbel
[2009/06/30 00:18:42 | 000,000,383 | -H-- | C] () -- C:\Users\basko\AppData\Local\postgresinstall.bat
[2008/07/31 19:53:53 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/21 12:29:08 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/11/03 21:05:48 | 000,036,352 | ---- | C] () -- C:\Users\basko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/03 21:02:22 | 000,001,356 | ---- | C] () -- C:\Users\basko\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2010/05/20 14:57:47 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Acronis
[2012/05/23 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Agxaod
[2010/01/20 18:10:44 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\AnvSoft
[2011/06/09 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Apowersoft
[2012/03/02 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Artisteer
[2011/03/22 11:33:07 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\BackToTheBeach
[2012/06/06 09:17:16 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Belastingdienst
[2011/01/08 14:09:42 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\BitTorrent
[2008/01/28 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\DAEMON Tools
[2012/06/04 11:59:07 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\DriverCure
[2012/07/01 10:57:30 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Dropbox
[2010/03/18 12:23:34 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\EDrawings
[2010/11/12 12:20:51 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Fighters
[2012/03/30 13:14:05 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\FileZilla
[2012/01/26 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\foobar2000
[2011/09/20 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\GetRightToGo
[2009/12/10 15:26:51 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\gtk-2.0
[2011/07/21 19:41:27 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\HEM Data
[2011/03/22 11:43:20 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\iHostStudio
[2012/05/23 18:08:56 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Ikme
[2009/08/10 22:37:45 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\ImgBurn
[2009/10/21 10:52:10 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\InterVideo
[2010/06/04 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\IrfanView
[2009/05/04 16:55:47 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\LizaFlex
[2008/08/09 17:20:40 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Microgaming
[2011/08/05 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Mikogo
[2010/02/18 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Moyea
[2009/11/23 00:46:50 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Paltalk
[2009/07/09 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Passware
[2010/07/08 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Pokerazor
[2009/06/08 12:37:07 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\postgresql
[2012/06/23 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\RCP 5
[2009/10/05 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\SmartDraw
[2012/06/04 11:59:07 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\SpeedyPC Software
[2011/05/06 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\TeamViewer
[2010/02/18 23:26:35 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Thinstall
[2009/08/28 18:04:12 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Ubisoft
[2010/02/17 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\WinAVI
[2010/02/18 23:15:04 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\Xilisoft Corporation
[2010/05/17 11:59:04 | 000,000,000 | ---D | M] -- C:\Users\basko\AppData\Roaming\XMind
[2012/06/30 13:29:28 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/04 11:59:00 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/06/04 12:00:47 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/06/04 11:59:00 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/07/01 11:57:00 | 000,000,464 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/01/14 20:15:22 | 000,000,029 | ---- | M] () -- C:\----.htaccess_.txt
[2010/05/13 18:24:59 | 3881,435,136 | ---- | M] () -- C:\Alpendorf 2010.iso
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/12/09 19:38:02 | 000,001,928 | ---- | M] () -- C:\bar.emf
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/08/03 02:50:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/06/26 12:09:37 | 000,026,334 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/01/04 17:10:20 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/01/14 17:21:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/01/14 17:21:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/07/01 10:41:50 | 2451,247,104 | -HS- | M] () -- C:\pagefile.sys
[2005/05/26 15:16:26 | 000,036,174 | ---- | M] () -- C:\preview.bmp
[2006/04/14 23:05:02 | 000,009,952 | ---- | M] () -- C:\regxpcom.exe
[2009/01/09 21:44:16 | 000,000,236 | ---- | M] () -- C:\sqmdata00.sqm
[2009/01/09 21:44:16 | 000,000,200 | ---- | M] () -- C:\sqmnoopt00.sqm
[2011/01/14 20:17:11 | 000,000,021 | ---- | M] () -- C:\test.php
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/08/17 05:05:19 | 000,389,276 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/19 09:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2006/11/02 11:46:11 | 000,089,600 | ---- | M] (Lexmark International Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\LMPRTPRC.DLL
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 09:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\services.exe

< %systemroot%\System32\config\*.sav >
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2008/04/18 13:21:24 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2011/07/21 21:25:02 | 000,068,699 | ---- | M] () -- C:\Program Files\hminstalllog.txt

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/01 11:20:41 | 000,868,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/01 11:20:41 | 000,868,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/01 11:20:41 | 000,868,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/01 11:20:45 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/01 11:20:45 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/01 11:20:45 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/04/13 09:34:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/04/13 09:34:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/04/13 09:34:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/04/13 09:34:24 | 000,748,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/04/13 09:34:24 | 000,748,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/01 11:20:41 | 000,868,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/01 11:20:41 | 000,868,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/01 11:20:41 | 000,868,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/01 11:20:45 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/01 11:20:45 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/01 11:20:45 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\basko\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/04/13 09:34:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/04/13 09:34:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/04/13 09:34:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/04/13 09:34:24 | 000,748,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/04/13 09:34:24 | 000,748,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

< MD5 for: SERVICES.EXE >
[2008/01/19 09:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Edited by etavares, 05 July 2012 - 09:54 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 01 July 2012 - 06:07 AM

Hello, basko.


Online Poker Warning
Your logs show that you have online poker programs installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

You can remove this via Add/Remove programs.






Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/94/Ask-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.



Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Before you do anything, please copy C:\Combofix.txt to you desktop and name it OldCombofixLog.txt. Please attach that in your reply. I just noticed you had already run it and I want to get that log to see what it did. Please delete your copy of Combofix.exe on your desktop and download/rename/run it as instruced in step 2.


Step 2

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 01 July 2012 - 08:44 AM

Hi Etavares,

I've noticed traces off Cake poker in the log files. I've deleted this software a long time ago via Add/Remove programs, but obviously it got not deleted entirely. The same goes for the Ask toolbar (which seems to be embedded in FireFox?). Those programs are not shown in the Add/Remove programs list anymore. Is there a workaround?

I've removed all sites from the trusted zone in IE. Are there such setting for Chrome? (that's basically the only browser I use)

Step 1: See attached.

Step 2: See below

EDIT: Avira still detects W32/Patched.UB in services.exe.

Thanks!
basko.

ComboFix 12-07-01.03 - basko 07/01/2012 13:56:55.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.1076 [GMT 2:00]
Gestart vanuit: c:\users\basko\Desktop\etavaresCF.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: SPYWAREfighter *Disabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\9xd2ndjd.vbt
.
c:\windows\system32\Services.exe . . . is geïnfecteerd!!
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-01 to 2012-07-01 ))))))))))))))))))))))))))))))
.
.
2012-07-01 13:14 . 2012-07-01 13:32 -------- d-----w- c:\users\basko\AppData\Local\temp
2012-07-01 13:14 . 2012-07-01 13:14 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-07-01 13:14 . 2012-07-01 13:14 -------- d-----w- c:\users\postgres.baskos_pc\AppData\Local\temp
2012-07-01 13:14 . 2012-07-01 13:14 -------- d-----w- c:\users\postgres.baskos_pc.000\AppData\Local\temp
2012-07-01 13:14 . 2012-07-01 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 09:20 . 2012-07-01 09:20 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-01 09:20 . 2012-07-01 09:20 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-26 08:32 . 2012-07-01 11:52 -------- d-----w- C:\ComboFix
2012-06-25 11:16 . 2012-06-25 11:16 -------- d-----w- c:\users\basko\AppData\Roaming\Avira
2012-06-25 11:10 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-25 11:10 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-25 11:10 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\programdata\Avira
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\program files\Avira
2012-06-21 18:30 . 2012-06-21 18:30 -------- d-----w- c:\users\basko\AppData\Local\twitter
2012-06-21 08:40 . 2012-06-21 08:40 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\8472de741cd4f893f\bingbarsetup.exe
2012-06-21 08:37 . 2012-06-21 08:37 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\2075f1f41cd4f892a\MeshBetaRemover.exe
2012-06-21 08:36 . 2012-06-21 08:36 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\dsetup32.dll
2012-06-21 08:36 . 2012-06-21 08:36 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\dsetup32.dll
2012-06-21 07:16 . 2012-06-21 07:16 -------- d-----w- c:\program files\iPod
2012-06-21 07:16 . 2012-06-21 07:18 -------- d-----w- c:\program files\iTunes
2012-06-21 07:08 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:08 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:08 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:08 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:07 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:07 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:37 . 2012-07-01 10:57 -------- d-----w- c:\users\basko\AppData\Local\Windows Live
2012-06-15 12:52 . 2012-06-30 11:20 -------- d-----w- c:\users\basko\AppData\Local\Albelli Fotoboeken
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\SpeedyPC Software
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\DriverCure
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-04 06:12 . 2012-06-04 07:42 -------- d-----w- c:\program files\Win 32. Trojan . Small Removal Tool
2012-06-04 06:12 . 2011-02-17 16:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-06-04 06:12 . 2011-02-17 16:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
2012-06-01 21:32 . 2012-06-01 21:32 -------- d-----w- c:\program files\Dropbox
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 09:19 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 07:36 . 2012-05-15 06:11 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FD70566-8B74-4A3D-AB8D-6D70EDC98F13}\mpengine.dll
2012-04-13 07:34 . 2012-04-13 07:34 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-13 07:34 . 2012-04-13 07:34 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-13 07:34 . 2012-04-13 07:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-13 07:34 . 2012-04-13 07:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-13 07:34 . 2012-04-13 07:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-13 07:34 . 2012-04-13 07:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-04-13 07:34 . 2012-04-13 07:34 367104 ----a-w- c:\windows\system32\html.iec
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-04-13 07:34 . 2012-04-13 07:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-04-13 07:34 . 2012-04-13 07:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-13 07:34 . 2012-04-13 07:34 152064 ----a-w- c:\windows\system32\wextract.exe
2012-04-13 07:34 . 2012-04-13 07:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-04-13 07:34 . 2012-04-13 07:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-13 07:34 . 2012-04-13 07:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-13 07:34 . 2012-04-13 07:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-13 07:34 . 2012-04-13 07:34 11776 ----a-w- c:\windows\system32\mshta.exe
2012-04-13 07:34 . 2012-04-13 07:34 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-13 07:34 . 2012-04-13 07:34 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-13 07:34 . 2012-04-13 07:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-04-13 07:34 . 2012-04-13 07:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-13 07:32 . 2012-04-13 07:32 98816 ----a-w- c:\windows\system32\mfps.dll
2012-04-13 07:32 . 2012-04-13 07:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-04-13 07:32 . 2012-04-13 07:32 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-04-13 07:32 . 2012-04-13 07:32 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-04-13 07:32 . 2012-04-13 07:32 2873344 ----a-w- c:\windows\system32\mf.dll
2012-04-13 07:32 . 2012-04-13 07:32 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-04-13 07:32 . 2012-04-13 07:32 586240 ----a-w- c:\windows\system32\stobject.dll
2012-04-13 07:32 . 2012-04-13 07:32 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-04-13 07:32 . 2012-04-13 07:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-13 07:32 . 2012-04-13 07:32 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-13 07:32 . 2012-04-13 07:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-13 07:32 . 2012-04-13 07:32 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-13 07:32 . 2012-04-13 07:32 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-13 07:32 . 2012-04-13 07:32 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-04-13 07:32 . 2012-04-13 07:32 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-04-13 07:32 . 2012-04-13 07:32 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-13 07:32 . 2012-04-13 07:32 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-04-13 07:32 . 2012-04-13 07:32 37376 ----a-w- c:\windows\system32\cdd.dll
2012-04-13 07:32 . 2012-04-13 07:32 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-04-13 07:32 . 2012-04-13 07:32 258048 ----a-w- c:\windows\system32\winspool.drv
2012-04-13 07:32 . 2012-04-13 07:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-13 07:32 . 2012-04-13 07:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-04-13 07:32 . 2012-04-13 07:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-13 07:32 . 2012-04-13 07:32 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-04-13 07:32 . 2012-04-13 07:32 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-13 07:32 . 2012-04-13 07:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-01 09:20 . 2011-05-01 09:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-01-12 249856]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 14:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\Spel\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWPROguard]
2010-10-13 14:26 979592 ----a-w- c:\program files\Fighters\SPYWAREfighter\swproTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 14:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000Core.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000UA.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-07-01 c:\windows\Tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job
- c:\windows\system32\msfeedssync.exe [2012-04-13 07:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: NameServer = 10.0.0.2
DPF: {357A4655-A056-43C6-902F-11D3B02D6826} - hxxp://www.webstudio.com/bt/5-0-21/web%20studio%205.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\users\basko\AppData\Roaming\Mozilla\Firefox\Profiles\1v4cyoqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.ask.com?o=15003&l=dis
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
.
.
.
**************************************************************************
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?ng 13, GenuineIntel?PROCESSOR_LtL??F9??0:??????_REVISION=0f0d?ProgramData=c:\programdata?programfiles=c:\Program Files?PUBLIC=c:\users\Public?QTJAVA=c:\program files\Java\jre6\lib\ext\QTJava.
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBE932E3-F00C-6760-395F-F5F506E76BF7}*]
"eaghdgpdhl"=hex:66,61,6d,67,69,6d,70,62,6d,61,66,70,00,fc
"dadhoiad"=hex:64,62,63,6a,63,6d,6e,66,6c,6a,66,6c,66,61,6f,66,63,68,6f,6c,6d,
64,66,65,65,62,65,61,6f,69,70,69,68,67,64,63,61,66,6c,6d,00,00
"iaofilimlocjofnkee"=hex:69,61,70,6b,6b,65,6e,64,6e,67,69,6d,6a,6d,61,69,70,61,
00,00
"haejobhipemgcgml"=hex:69,61,6d,6b,66,6e,66,66,68,61,6a,65,6b,6c,68,66,6a,6d,
00,00
.
[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D158708E-E2BF-5701-C32E-04FC946BD863}*]
"iahdbbbhinpggofoaa"=hex:69,61,6a,61,67,6f,65,6a,6c,70,6a,6d,67,6f,65,61,65,70,
00,00
"habehaamehlkaaai"=hex:6a,61,64,61,64,65,66,64,64,66,6f,6f,62,6a,6a,64,6f,70,
62,6f,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000007b
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(1592)
c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\atashost.exe
c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\Apntex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2012-07-01 15:39:30 - machine werd herstart
ComboFix-quarantined-files.txt 2012-07-01 13:39
ComboFix2.txt 2012-06-25 10:57
.
Pre-Run: 64,656,846,848 bytes beschikbaar
Post-Run: 65,601,273,856 bytes beschikbaar
.
- - End Of File - - 6735313163FD977143AAB93E2DBCC827

Attached Files


Edited by etavares, 05 July 2012 - 09:55 AM.


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 01 July 2012 - 01:44 PM

Hello, basko.
We'll remove them manually. Chrome just uses the internet settings in IE, so no need to change anything there.

Services.exe is definitely infected. We will look for a clean copy. There may not be one on your computer. Do you have your installation CD? We can get the file off of that if you have it. If not, there are workarounds we can try.

I also recommend you uninstall SpywareFIGHTER. There are better free antispyware programs out there.



Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

MIA::
c:\windows\system32\Services.exe
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Folder::
c:\program files\Ask.com
RegNull::
[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBE932E3-F00C-6760-395F-F5F506E76BF7}*]
[HKEY_USERS\S-1-5-21-960749172-2722181803-4115584216-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D158708E-E2BF-5701-C32E-04FC946BD863}*]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.



Step 2

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    services.*
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 02 July 2012 - 01:59 AM

Hello Etavares,

Unfortunatly I do not have an installation CD.

I removed SpywareFighter, even though it still shows in the CF log.

Step 1: See below.

Step 2: See below.

Thanks.



ComboFix 12-07-01.03 - basko 07/01/2012 23:32:56.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.1062 [GMT 2:00]
Gestart vanuit: c:\users\basko\Desktop\etavaresCF.exe
gebruikte Opdracht switches :: c:\users\basko\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: SPYWAREfighter *Disabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
c:\windows\system32\Services.exe . . . is geïnfecteerd!!
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-01 to 2012-07-01 ))))))))))))))))))))))))))))))
.
.
2012-07-01 22:55 . 2012-07-01 22:55 -------- d-----w- c:\users\basko\AppData\Local\temp
2012-07-01 22:55 . 2012-07-01 22:55 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-07-01 22:55 . 2012-07-01 22:55 -------- d-----w- c:\users\postgres.baskos_pc\AppData\Local\temp
2012-07-01 22:55 . 2012-07-01 22:55 -------- d-----w- c:\users\postgres.baskos_pc.000\AppData\Local\temp
2012-07-01 22:55 . 2012-07-01 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 11:52 . 2012-07-01 13:39 -------- d-----w- C:\etavaresCF
2012-07-01 09:20 . 2012-07-01 09:20 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-01 09:20 . 2012-07-01 09:20 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-26 08:32 . 2012-07-01 11:52 -------- d-----w- C:\ComboFix
2012-06-25 11:16 . 2012-06-25 11:16 -------- d-----w- c:\users\basko\AppData\Roaming\Avira
2012-06-25 11:10 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-25 11:10 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-25 11:10 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\programdata\Avira
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\program files\Avira
2012-06-21 18:30 . 2012-06-21 18:30 -------- d-----w- c:\users\basko\AppData\Local\twitter
2012-06-21 08:40 . 2012-06-21 08:40 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\8472de741cd4f893f\bingbarsetup.exe
2012-06-21 08:37 . 2012-06-21 08:37 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\2075f1f41cd4f892a\MeshBetaRemover.exe
2012-06-21 08:36 . 2012-06-21 08:36 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\dsetup32.dll
2012-06-21 08:36 . 2012-06-21 08:36 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\dsetup32.dll
2012-06-21 07:16 . 2012-06-21 07:16 -------- d-----w- c:\program files\iPod
2012-06-21 07:16 . 2012-06-21 07:18 -------- d-----w- c:\program files\iTunes
2012-06-21 07:08 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:08 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:08 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:08 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:07 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:07 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:37 . 2012-07-01 10:57 -------- d-----w- c:\users\basko\AppData\Local\Windows Live
2012-06-15 12:52 . 2012-06-30 11:20 -------- d-----w- c:\users\basko\AppData\Local\Albelli Fotoboeken
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\SpeedyPC Software
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\DriverCure
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-04 06:12 . 2012-06-04 07:42 -------- d-----w- c:\program files\Win 32. Trojan . Small Removal Tool
2012-06-04 06:12 . 2011-02-17 16:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-06-04 06:12 . 2011-02-17 16:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 09:19 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 07:36 . 2012-05-15 06:11 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FD70566-8B74-4A3D-AB8D-6D70EDC98F13}\mpengine.dll
2012-04-13 07:34 . 2012-04-13 07:34 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-13 07:34 . 2012-04-13 07:34 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-13 07:34 . 2012-04-13 07:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-13 07:34 . 2012-04-13 07:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-13 07:34 . 2012-04-13 07:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-13 07:34 . 2012-04-13 07:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-04-13 07:34 . 2012-04-13 07:34 367104 ----a-w- c:\windows\system32\html.iec
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-04-13 07:34 . 2012-04-13 07:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-04-13 07:34 . 2012-04-13 07:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-13 07:34 . 2012-04-13 07:34 152064 ----a-w- c:\windows\system32\wextract.exe
2012-04-13 07:34 . 2012-04-13 07:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-04-13 07:34 . 2012-04-13 07:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-13 07:34 . 2012-04-13 07:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-13 07:34 . 2012-04-13 07:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-13 07:34 . 2012-04-13 07:34 11776 ----a-w- c:\windows\system32\mshta.exe
2012-04-13 07:34 . 2012-04-13 07:34 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-13 07:34 . 2012-04-13 07:34 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-13 07:34 . 2012-04-13 07:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-04-13 07:34 . 2012-04-13 07:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-13 07:32 . 2012-04-13 07:32 98816 ----a-w- c:\windows\system32\mfps.dll
2012-04-13 07:32 . 2012-04-13 07:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-04-13 07:32 . 2012-04-13 07:32 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-04-13 07:32 . 2012-04-13 07:32 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-04-13 07:32 . 2012-04-13 07:32 2873344 ----a-w- c:\windows\system32\mf.dll
2012-04-13 07:32 . 2012-04-13 07:32 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-04-13 07:32 . 2012-04-13 07:32 586240 ----a-w- c:\windows\system32\stobject.dll
2012-04-13 07:32 . 2012-04-13 07:32 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-04-13 07:32 . 2012-04-13 07:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-13 07:32 . 2012-04-13 07:32 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-13 07:32 . 2012-04-13 07:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-13 07:32 . 2012-04-13 07:32 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-13 07:32 . 2012-04-13 07:32 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-13 07:32 . 2012-04-13 07:32 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-04-13 07:32 . 2012-04-13 07:32 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-04-13 07:32 . 2012-04-13 07:32 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-13 07:32 . 2012-04-13 07:32 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-04-13 07:32 . 2012-04-13 07:32 37376 ----a-w- c:\windows\system32\cdd.dll
2012-04-13 07:32 . 2012-04-13 07:32 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-04-13 07:32 . 2012-04-13 07:32 258048 ----a-w- c:\windows\system32\winspool.drv
2012-04-13 07:32 . 2012-04-13 07:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-13 07:32 . 2012-04-13 07:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-04-13 07:32 . 2012-04-13 07:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-13 07:32 . 2012-04-13 07:32 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-04-13 07:32 . 2012-04-13 07:32 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-13 07:32 . 2012-04-13 07:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-01 09:20 . 2011-05-01 09:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . 8737764F4FD36D6808EE80578409C843 . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[7] 2008-01-19 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[7] 2006-11-02 . 329CF3C97CE4C19375C8ABCABAE258B0 . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-01-12 249856]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 14:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\Spel\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 14:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000Core.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000UA.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-07-01 c:\windows\Tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job
- c:\windows\system32\msfeedssync.exe [2012-04-13 07:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: NameServer = 10.0.0.2
DPF: {357A4655-A056-43C6-902F-11D3B02D6826} - hxxp://www.webstudio.com/bt/5-0-21/web%20studio%205.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\users\basko\AppData\Roaming\Mozilla\Firefox\Profiles\1v4cyoqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.ask.com?o=15003&l=dis
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-SWPROguard - c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-02 00:55
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?ng 13, GenuineIntel?PROCESSOR_LtL??F9??0:??????_REVISION=0f0d?ProgramData=c:\programdata?programfiles=c:\Program Files?PUBLIC=c:\users\Public?QTJAVA=c:\program files\Java\jre6\lib\ext\QTJava.
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
Voltooingstijd: 2012-07-02 01:00:49
ComboFix-quarantined-files.txt 2012-07-01 23:00
ComboFix2.txt 2012-07-01 13:39
ComboFix3.txt 2012-06-25 10:57
.
Pre-Run: 65,596,112,896 bytes beschikbaar
Post-Run: 64,708,632,576 bytes beschikbaar
.
- - End Of File - - 9FD19107C92A9E4CD9C48C1FA8719330



SystemLook 30.07.11 by jpshortstuff
Log created at 08:53 on 02/07/2012 by basko
Administrator - Elevation successful

========== filefind ==========

Searching for "services.*"
C:\Android\android-sdk\docs\guide\topics\fundamentals\services.html --a---- 104517 bytes [16:39 01/09/2011] [16:39 01/09/2011] FC466D04DA844EB3992EF01AA1D17106
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk --a---- 1688 bytes [12:53 02/11/2006] [11:20 18/04/2008] 9766DAB6AE843F4193691E78B6A21472
C:\Users\basko\Desktop\Zakelijk\GimmiMedia\Software\Schone installatie\OS\I386\SERVICES.EX_ --a---- 49959 bytes [09:28 16/06/2011] [06:00 14/04/2008] EE4885163C0C0729A3C5F1416A6E5F48
C:\Users\basko\Desktop\Zakelijk\GimmiMedia\Software\Schone installatie\OS\I386\SERVICES.MS_ --a---- 3649 bytes [09:28 16/06/2011] [06:00 14/04/2008] 64E9F61D2ED093C361862DE36433B5E1
C:\Users\basko\Desktop\Zakelijk\GimmiMedia\Software\Schone installatie\OS\I386\SERVICES._ --a---- 1989 bytes [09:28 16/06/2011] [06:00 14/04/2008] 29BB3BBBE3D49156A42BFB3DD000F554
C:\Users\basko\Documents\My Webs\_vti_pvt\services.cnf --a---- 3 bytes [10:17 21/12/2007] [10:58 24/01/2006] 864E46AD77EBE7A312EB11241A5114B6
C:\Windows\System32\services.exe ------- 279552 bytes [17:21 21/10/2009] [06:27 11/04/2009] (Unable to calculate MD5)
C:\Windows\System32\services.msc --a---- 92745 bytes [07:13 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\System32\drivers\etc\services --a---- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006] 9F534244B7F8F55D5C0BB498D8D481E7
C:\Windows\System32\nl-NL\services.exe.mui --a---- 19968 bytes [16:04 02/11/2006] [16:04 02/11/2006] 428F511BDE3B3C034FCA7830C1BD0676
C:\Windows\System32\nl-NL\services.msc --a---- 92747 bytes [16:04 02/11/2006] [16:04 02/11/2006] E4FE4D28A62170560B388B241E5F2D6B
C:\Windows\System32\wbem\services.mof --a---- 2866 bytes [08:35 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_5b144665887bb2e7\services.msc --a---- 92747 bytes [16:04 02/11/2006] [16:04 02/11/2006] E4FE4D28A62170560B388B241E5F2D6B
C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_20d27679b21218f4\services.exe.mui --a---- 19968 bytes [16:04 02/11/2006] [16:04 02/11/2006] 428F511BDE3B3C034FCA7830C1BD0676
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof --a---- 2866 bytes [08:35 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [17:22 17/04/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof --a---- 2866 bytes [08:35 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [17:21 21/10/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof --a---- 2866 bytes [08:35 02/11/2006] [21:46 18/09/2006] 26A11C895A7F0B6D32105EBE127D8500
C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc --a---- 92745 bytes [07:13 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc --a---- 92745 bytes [07:13 02/11/2006] [21:29 18/09/2006] 7A1D35F59468B8118AF5B8E21DF78AE2
C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services --a---- 17244 bytes [06:38 02/11/2006] [21:41 18/09/2006] 9F534244B7F8F55D5C0BB498D8D481E7

-= EOF =-

Edited by etavares, 05 July 2012 - 09:55 AM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 02 July 2012 - 07:34 PM

Hello, basko.


Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

SecCenter::
SP: SPYWAREfighter *Disabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
FCopy::
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe | C:\windows\system32\services.exe

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 03 July 2012 - 08:49 AM

Hello Etavares,

Herewith the ComboFix log:

ComboFix 12-07-01.03 - basko 07/03/2012 13:09:17.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2038.1092 [GMT 2:00]
Gestart vanuit: c:\users\basko\Desktop\etavaresCF.exe
gebruikte Opdracht switches :: c:\users\basko\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --> c:\windows\system32\services.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-03 to 2012-07-03 ))))))))))))))))))))))))))))))
.
.
2012-07-03 11:20 . 2012-07-03 11:20 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-07-03 11:20 . 2012-07-03 11:20 -------- d-----w- c:\users\postgres.baskos_pc\AppData\Local\temp
2012-07-03 11:20 . 2012-07-03 11:20 -------- d-----w- c:\users\postgres.baskos_pc.000\AppData\Local\temp
2012-07-03 11:20 . 2012-07-03 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 23:00 . 2012-07-03 11:20 -------- d-----w- c:\users\basko\AppData\Local\temp
2012-07-01 11:52 . 2012-07-01 13:39 -------- d-----w- C:\etavaresCF
2012-07-01 09:20 . 2012-07-01 09:20 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-01 09:20 . 2012-07-01 09:20 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-26 08:32 . 2012-07-01 11:52 -------- d-----w- C:\ComboFix
2012-06-25 11:16 . 2012-06-25 11:16 -------- d-----w- c:\users\basko\AppData\Roaming\Avira
2012-06-25 11:10 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-25 11:10 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-25 11:10 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\programdata\Avira
2012-06-25 11:09 . 2012-06-25 11:09 -------- d-----w- c:\program files\Avira
2012-06-21 18:30 . 2012-06-21 18:30 -------- d-----w- c:\users\basko\AppData\Local\twitter
2012-06-21 08:40 . 2012-06-21 08:40 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\8472de741cd4f893f\bingbarsetup.exe
2012-06-21 08:37 . 2012-06-21 08:37 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\2075f1f41cd4f892a\MeshBetaRemover.exe
2012-06-21 08:36 . 2012-06-21 08:36 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\dsetup32.dll
2012-06-21 08:36 . 2012-06-21 08:36 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e5c030c41cd4f8817\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DSETUP.dll
2012-06-21 08:36 . 2012-06-21 08:36 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\DXSETUP.exe
2012-06-21 08:36 . 2012-06-21 08:36 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3d550b41cd4f8816\dsetup32.dll
2012-06-21 07:16 . 2012-06-21 07:16 -------- d-----w- c:\program files\iPod
2012-06-21 07:16 . 2012-06-21 07:18 -------- d-----w- c:\program files\iTunes
2012-06-21 07:08 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:08 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:08 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:08 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:08 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:08 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:08 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:07 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:07 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:37 . 2012-07-03 07:41 -------- d-----w- c:\users\basko\AppData\Local\Windows Live
2012-06-15 12:52 . 2012-06-30 11:20 -------- d-----w- c:\users\basko\AppData\Local\Albelli Fotoboeken
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\SpeedyPC Software
2012-06-04 09:59 . 2012-06-04 09:59 -------- d-----w- c:\users\basko\AppData\Roaming\DriverCure
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-04 09:58 . 2012-06-04 09:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-06-04 06:12 . 2012-06-04 07:42 -------- d-----w- c:\program files\Win 32. Trojan . Small Removal Tool
2012-06-04 06:12 . 2011-02-17 16:26 81920 ----a-w- c:\windows\eSellerateControl350.dll
2012-06-04 06:12 . 2011-02-17 16:26 356352 ----a-w- c:\windows\eSellerateEngine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 09:19 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-13 07:36 . 2012-05-15 06:11 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FD70566-8B74-4A3D-AB8D-6D70EDC98F13}\mpengine.dll
2012-04-13 07:34 . 2012-04-13 07:34 161792 ----a-w- c:\windows\system32\msls31.dll
2012-04-13 07:34 . 2012-04-13 07:34 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-13 07:34 . 2012-04-13 07:34 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-13 07:34 . 2012-04-13 07:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-13 07:34 . 2012-04-13 07:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-13 07:34 . 2012-04-13 07:34 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-04-13 07:34 . 2012-04-13 07:34 367104 ----a-w- c:\windows\system32\html.iec
2012-04-13 07:34 . 2012-04-13 07:34 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-04-13 07:34 . 2012-04-13 07:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-04-13 07:34 . 2012-04-13 07:34 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-13 07:34 . 2012-04-13 07:34 152064 ----a-w- c:\windows\system32\wextract.exe
2012-04-13 07:34 . 2012-04-13 07:34 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-04-13 07:34 . 2012-04-13 07:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-13 07:34 . 2012-04-13 07:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-13 07:34 . 2012-04-13 07:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-13 07:34 . 2012-04-13 07:34 11776 ----a-w- c:\windows\system32\mshta.exe
2012-04-13 07:34 . 2012-04-13 07:34 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-13 07:34 . 2012-04-13 07:34 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-13 07:34 . 2012-04-13 07:34 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-04-13 07:34 . 2012-04-13 07:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-13 07:32 . 2012-04-13 07:32 98816 ----a-w- c:\windows\system32\mfps.dll
2012-04-13 07:32 . 2012-04-13 07:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-04-13 07:32 . 2012-04-13 07:32 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-04-13 07:32 . 2012-04-13 07:32 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-04-13 07:32 . 2012-04-13 07:32 2873344 ----a-w- c:\windows\system32\mf.dll
2012-04-13 07:32 . 2012-04-13 07:32 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-04-13 07:32 . 2012-04-13 07:32 586240 ----a-w- c:\windows\system32\stobject.dll
2012-04-13 07:32 . 2012-04-13 07:32 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-04-13 07:32 . 2012-04-13 07:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-04-13 07:32 . 2012-04-13 07:32 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-04-13 07:32 . 2012-04-13 07:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-13 07:32 . 2012-04-13 07:32 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-13 07:32 . 2012-04-13 07:32 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-04-13 07:32 . 2012-04-13 07:32 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-13 07:32 . 2012-04-13 07:32 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-04-13 07:32 . 2012-04-13 07:32 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-04-13 07:32 . 2012-04-13 07:32 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-13 07:32 . 2012-04-13 07:32 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-04-13 07:32 . 2012-04-13 07:32 37376 ----a-w- c:\windows\system32\cdd.dll
2012-04-13 07:32 . 2012-04-13 07:32 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-04-13 07:32 . 2012-04-13 07:32 258048 ----a-w- c:\windows\system32\winspool.drv
2012-04-13 07:32 . 2012-04-13 07:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-04-13 07:32 . 2012-04-13 07:32 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-04-13 07:32 . 2012-04-13 07:32 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-13 07:32 . 2012-04-13 07:32 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-04-13 07:32 . 2012-04-13 07:32 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-04-13 07:32 . 2012-04-13 07:32 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-01 09:20 . 2011-05-01 09:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-30 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-30 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-30 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 4489216]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-01-12 249856]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\basko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\basko\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 17:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 14:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\Spel\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 14:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000Core.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-960749172-2722181803-4115584216-1000UA.job
- c:\users\basko\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-15 20:39]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
2012-07-03 c:\windows\Tasks\User_Feed_Synchronization-{5D992458-2ACC-4F71-9A7A-D794A6D69781}.job
- c:\windows\system32\msfeedssync.exe [2012-04-13 07:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nu.nl/
uInternet Settings,ProxyOverride = local;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9C3FFE11-0B6C-4978-958F-7BEEEBF316DB}: NameServer = 10.0.0.2
DPF: {357A4655-A056-43C6-902F-11D3B02D6826} - hxxp://www.webstudio.com/bt/5-0-21/web%20studio%205.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
FF - ProfilePath - c:\users\basko\AppData\Roaming\Mozilla\Firefox\Profiles\1v4cyoqm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://nl.ask.com?o=15003&l=dis
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-03 13:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe?ng 13, GenuineIntel?PROCESSOR_LtL??F9??0:??????_REVISION=0f0d?ProgramData=c:\programdata?programfiles=c:\Program Files?PUBLIC=c:\users\Public?QTJAVA=c:\program files\Java\jre6\lib\ext\QTJava.
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(1932)
c:\users\basko\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Voltooingstijd: 2012-07-03 13:23:44
ComboFix-quarantined-files.txt 2012-07-03 11:23
ComboFix2.txt 2012-07-01 13:39
ComboFix3.txt 2012-06-25 10:57
.
Pre-Run: 64,403,197,952 bytes beschikbaar
Post-Run: 64,357,990,400 bytes beschikbaar
.
- - End Of File - - 9C81655C78D7F954E2A80BC3059736FC

Edited by etavares, 05 July 2012 - 09:56 AM.


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 03 July 2012 - 07:29 PM

Hello, basko.

That looks like it worked. Have the warnings stopped about services.exe?





Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (ctredr15.sys) -- C:\Windows\system32\drivers\ctredr15.sys File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
    O16 - DPF: {357A4655-A056-43C6-902F-11D3B02D6826} http://www.webstudio.com/bt/5-0-21/web%20studio%205.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 04 July 2012 - 07:42 AM

Hi etavares,

Avira now detects the infected services.exe file in the Qoobox/Quarantine/../.. folder.

Edited by basko, 05 July 2012 - 07:08 AM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 04 July 2012 - 12:07 PM

Hello, basko.

I didn't copy the first line of the code, so we'll need to rerun the OTL fix. ESET deleted the virus we quarantined, so the virus warnings should have stopped. Almost done!

Step 1


We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (ctredr15.sys) -- C:\Windows\system32\drivers\ctredr15.sys File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    IE - HKU\S-1-5-21-960749172-2722181803-4115584216-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
    O16 - DPF: {357A4655-A056-43C6-902F-11D3B02D6826} http://www.webstudio.com/bt/5-0-21/web%20studio%205.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID
    @Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker 2.0:MID
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 04 July 2012 - 01:16 PM

Hello etavares,

I ran the fix, but the system does not automatically reboot. You'll find the fix log below.

How to proceed?

Thanks,
basko.

Edited by etavares, 05 July 2012 - 09:57 AM.


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:53 PM

Posted 04 July 2012 - 01:25 PM

I intentionally didn't reboot, but I see I didn't change my usual speech. Sorry for the confusion.

WIth that, please post an OTL quick scan log. HOw is it running?

THanks,
etavares

Edited by etavares, 04 July 2012 - 01:25 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 basko

basko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 04 July 2012 - 01:42 PM

Hi etavares,

Avira isn't ginving the warning anymore. Saw one earlier (the warning about the Quarantine folder), but am not able to reproduce it. Besides the laptop seems to run well.

Thanks!

Edited by basko, 05 July 2012 - 07:07 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users