Solved virus?

[Resolved] virus?

Hi,
I have Norman for antivirus. Last week Norman detected a virus but wasn't able to remove it from my pc. I looked for the quarantine but nothing in it.
Is it possible that it is still on my pc?

Thank you?

 

Very possible,

Please read this as indicated at the top of this forum and post the requested logs in this thread.

 

threads

Ok, sorry but i was already running the eset scanner and it find 5 Threads. So ignore the eset-log and run the other programs? Thank you.

 

gmer log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-26 07:17:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160815A rev.3.AAD
Running: cr3127rr.exe; Driver: C:\DOCUME~1\JANRIJ~1\LOCALS~1\Temp\fxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateEvent [0xF23F999A]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateFile [0xF23F93B8]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateProcess [0xF23F883E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateProcessEx [0xF23F886E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwCreateThread [0xF23F889E]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwSetSystemInformation [0xF23F94C2]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwTerminateProcess [0xF23F90C4]
SSDT \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys (Process Security Driver/Norman ASA) ZwWriteVirtualMemory [0xF23F91B6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 120 804E278C 1 Byte [9E]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF77D9340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Talk\googletalk.exe[160] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 01BD0001
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!htons 71A32E53 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!WSAGetLastError + 2 71A33CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!connect 71A34A07 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!WSAEventSelect 71A364D9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!WSAAsyncSelect 71A40991 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!WSAAccept 71A40DC1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\Google Talk\googletalk.exe[160] WS2_32.dll!accept 71A41040 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 02CB0001
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!htons 71A32E53 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!WSAGetLastError + 2 71A33CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!connect 71A34A07 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!WSAEventSelect 71A364D9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!WSAAsyncSelect 71A40991 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!WSAAccept 71A40DC1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[188] WS2_32.dll!accept 71A41040 6 Bytes JMP 5F100F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] KERNEL32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 03AC0001
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!htons 71A32E53 6 Bytes JMP 5F040F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!WSAGetLastError + 2 71A33CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!closesocket 71A33E2B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!connect 71A34A07 6 Bytes JMP 5F130F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!WSAEventSelect 71A364D9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!WSAAsyncSelect 71A40991 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 5F190F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!WSAAccept 71A40DC1 6 Bytes JMP 5F160F5A
.text C:\Program Files\FileHippo.com\UpdateChecker.exe[196] ws2_32.dll!accept 71A41040 6 Bytes JMP 5F100F5A
.text C:\Program Files\Secunia\PSI\psi_tray.exe[284] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00CE0001
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!CreateFileA 7C7D1A28 6 Bytes JMP 5F2C0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 01270001
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!CloseHandle 7C7D9BE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!FindFirstFileW 7C7DEF81 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!CreateFileW 7C7E0800 6 Bytes JMP 5F290F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] kernel32.dll!FindFirstFileA 7C7E3879 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!htons 71A32E53 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!WSAGetLastError + 2 71A33CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!connect 71A34A07 6 Bytes JMP 5F1A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!WSAEventSelect 71A364D9 6 Bytes JMP 5F260F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!WSAAsyncSelect 71A40991 6 Bytes JMP 5F230F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 5F200F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!WSAAccept 71A40DC1 6 Bytes JMP 5F1D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[980] WS2_32.dll!accept 71A41040 6 Bytes JMP 5F170F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 003F0001
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!htons 71A32E53 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!WSAGetLastError + 2 71A33CD0 4 Bytes [1E, 00, 08, 5F] {PUSH DS; ADD [EAX], CL; POP EDI}
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!closesocket 71A33E2B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!connect 71A34A07 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!WSAEventSelect 71A364D9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!WSAAsyncSelect 71A40991 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!WSAAccept 71A40DC1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Live\Contacts\wlcomm.exe[1056] WS2_32.dll!accept 71A41040 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[1168] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\SearchIndexer.exe[1168] kernel32.dll!WriteFile 7C7E0E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 415854BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 41755117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41755049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 417550B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 41754F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41754F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 4175517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1244] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 41754FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\ctfmon.exe[1764] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00C30001
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 415854BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C4664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 41755117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41755049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 417550B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 41754F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41754F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 4175517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 41754FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 4165DBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1936] ole32.dll!OleLoadFromStream 774E981B 5 Bytes JMP 4175547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\rundll32.exe[1976] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00DD0001
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 01090001
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!htons 71A32E53 6 Bytes JMP 5F040F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!WSAGetLastError + 2 71A33CD0 4 Bytes [1E, 00, 0B, 5F] {PUSH DS; ADD [EBX], CL; POP EDI}
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!closesocket 71A33E2B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!connect 71A34A07 6 Bytes JMP 5F130F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!WSAEventSelect 71A364D9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!WSAAsyncSelect 71A40991 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!WSAConnect 71A40C81 6 Bytes JMP 5F190F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!WSAAccept 71A40DC1 6 Bytes JMP 5F160F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2032] ws2_32.dll!accept 71A41040 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2040] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 00DF0001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2648] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wuauclt.exe[3036] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Jan Rijken\Bureaublad\cr3127rr.exe[4008] kernel32.dll!LoadLibraryExW + C4 7C7D1BB9 4 Bytes CALL 003D0001
.text C:\Documents and Settings\Jan Rijken\Bureaublad\cr3127rr.exe[4008] kernel32.dll!FreeLibrary + 15 7C7DAC93 4 Bytes CALL 7170003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1936] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\0000006d bthport.sys (Stuurprogramma voor Bluetooth-bus/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006f bthport.sys (Stuurprogramma voor Bluetooth-bus/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a57aae7
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a57aae7@001d6eb6c5f9 0xFE 0x58 0x6F 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a57aae7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a57aae7@001d6eb6c5f9 0xFE 0x58 0x6F 0xCA ...

---- EOF - GMER 1.0.15 ----

 

mbrcheck log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fd

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806F0000 \WINDOWS\system32\hal.dll
0xF8A36000 \WINDOWS\system32\KDCOM.DLL
0xF8946000 \WINDOWS\system32\BOOTVID.dll
0xF84E6000 ACPI.sys
0xF8A38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D5000 pci.sys
0xF8536000 isapnp.sys
0xF8546000 ohci1394.sys
0xF8556000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8A3A000 intelide.sys
0xF87B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8566000 MountMgr.sys
0xF84B6000 ftdisk.sys
0xF8A3C000 dmload.sys
0xF8490000 dmio.sys
0xF87BE000 PartMgr.sys
0xF8576000 VolSnap.sys
0xF8478000 atapi.sys
0xF8586000 disk.sys
0xF8596000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8458000 fltmgr.sys
0xF8446000 sr.sys
0xF85A6000 PxHelp20.sys
0xF842F000 KSecDD.sys
0xF83A2000 Ntfs.sys
0xF8375000 NDIS.sys
0xF835B000 Mup.sys
0xF85B6000 agp440.sys
0xF77D9000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF77C5000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF886E000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF77A1000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8876000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF87A6000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7739000 \SystemRoot\system32\DRIVERS\CTXH51.sys
0xF887E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8886000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xF85E6000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF79A1000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7991000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7716000 \SystemRoot\System32\DRIVERS\ks.sys
0xF888E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8896000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7981000 \SystemRoot\System32\DRIVERS\serial.sys
0xF89FE000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7702000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7971000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF889E000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8A02000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF8C30000 \SystemRoot\system32\drivers\msmpu401.sys
0xF76DE000 \SystemRoot\system32\drivers\portcls.sys
0xF7961000 \SystemRoot\system32\drivers\drmk.sys
0xF8C31000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7951000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A06000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7941000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7931000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF88A6000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF76B6000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7921000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF75F2000 \SystemRoot\System32\drivers\dmboot.sys
0xF88AE000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF88B6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF85F6000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF759A000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8606000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF88BE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8A5E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF753C000 \SystemRoot\System32\DRIVERS\update.sys
0xF8A26000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8636000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8646000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A78000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF88CE000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF23F3000 \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys
0xF8A8E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B60000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A90000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88DE000 \SystemRoot\System32\drivers\vga.sys
0xF8A92000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A94000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF89E2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF23C0000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF2367000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF233F000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF231D000 \SystemRoot\System32\drivers\afd.sys
0xF8666000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF22F2000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF88F6000 \??\c:\program files\norman\ngs\bin\ngs.sys
0xF225A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8676000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2234000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8686000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8696000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF890E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF8A2E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF86C6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8916000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8926000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xF2129000 \SystemRoot\System32\Drivers\bthport.sys
0xF2414000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF86D6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF86E6000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xF8936000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xF2110000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xF20EC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF20D4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AB4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF22E6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF87D6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B5C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3CB000 \SystemRoot\System32\ATMFD.DLL
0xF1D63000 \??\C:\Program Files\Norman\Nse\bin\NDISKIO.SYS
0xF1C3C000 \SystemRoot\system32\DRIVERS\WudfPf.sys
0xF1D5B000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF19A7000 \SystemRoot\system32\drivers\wdmaud.sys
0xF1B2C000 \SystemRoot\system32\drivers\sysaudio.sys
0xF1774000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8A9C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF1514000 \SystemRoot\System32\DRIVERS\srv.sys
0xF166C000 \??\C:\Program Files\Norman\Ngs\Bin\nregsec.sys
0xF0EBB000 \SystemRoot\System32\Drivers\HTTP.sys
0xF0D57000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xF8C7E000 \??\C:\Program Files\Norman\Npm\Bin\NmchInjDrv.sys
0xF07EA000 \??\C:\DOCUME~1\JANRIJ~1\LOCALS~1\Temp\fxtdypog.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
492 C:\WINDOWS\system32\smss.exe
612 C:\WINDOWS\system32\csrss.exe
636 C:\WINDOWS\system32\winlogon.exe
684 C:\WINDOWS\system32\services.exe
696 C:\WINDOWS\system32\lsass.exe
848 C:\Program Files\Norman\Npm\Bin\elogsvc.exe
860 C:\Program Files\Norman\ngs\bin\nnf.exe
920 C:\Program Files\Norman\ngs\bin\nprosec.exe
952 C:\WINDOWS\system32\svchost.exe
1000 C:\WINDOWS\system32\svchost.exe
1092 C:\WINDOWS\system32\svchost.exe
1172 C:\WINDOWS\system32\svchost.exe
1224 C:\Program Files\Norman\Npm\Bin\Zanda.exe
1252 C:\Program Files\Norman\Npm\Bin\nvoy.exe
1316 C:\WINDOWS\system32\svchost.exe
1376 C:\WINDOWS\system32\svchost.exe
1484 C:\WINDOWS\system32\spoolsv.exe
1740 C:\WINDOWS\explorer.exe
1764 C:\WINDOWS\system32\ctfmon.exe
1968 C:\Program Files\Norman\Npm\Bin\Zlh.exe
1976 C:\WINDOWS\system32\rundll32.exe
2032 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2040 C:\Program Files\Common Files\Java\Java Update\jusched.exe
160 C:\Program Files\Google\Google Talk\googletalk.exe
188 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
196 C:\Program Files\FileHippo.com\UpdateChecker.exe
260 C:\WINDOWS\system32\svchost.exe
284 C:\Program Files\Secunia\PSI\psi_tray.exe
564 C:\WINDOWS\system32\svchost.exe
1052 C:\Program Files\Java\jre6\bin\jqs.exe
1220 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1384 C:\Program Files\Nero\Update\NASvc.exe
1588 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1680 C:\WINDOWS\system32\IoctlSvc.exe
1724 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
880 C:\Program Files\Secunia\PSI\psia.exe
2120 C:\WINDOWS\system32\svchost.exe
3512 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
4084 C:\Program Files\Norman\Npm\Bin\scheduler.exe
128 C:\Program Files\Norman\Npm\Bin\Njeeves.exe
2548 C:\WINDOWS\system32\alg.exe
1516 C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
3364 C:\WINDOWS\system32\wscntfy.exe
1264 C:\Program Files\Secunia\PSI\sua.exe
3508 C:\Program Files\Norman\nvc\bin\Nip.exe
1244 C:\Program Files\Internet Explorer\iexplore.exe
3036 C:\WINDOWS\system32\wuauclt.exe
980 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
1056 C:\Program Files\Windows Live\Contacts\wlcomm.exe
1168 C:\WINDOWS\system32\searchindexer.exe
1936 C:\Program Files\Internet Explorer\iexplore.exe
4008 C:\Documents and Settings\Jan Rijken\Bureaublad\cr3127rr.exe
2964 C:\WINDOWS\system32\searchprotocolhost.exe
1932 C:\WINDOWS\system32\searchfilterhost.exe
3492 C:\Documents and Settings\Jan Rijken\Bureaublad\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`2ea81e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000021`27774000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160815A, Rev: 3.AAD
PhysicalDrive1 Model Number: ST3250820A, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

dds log and attach log

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jan Rijken at 12:30:51,85 on di 26/04/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nnf.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nse\bin\NSESVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jan Rijken\Bureaublad\cr3127rr.exe
C:\Documents and Settings\Jan Rijken\Bureaublad\MBRCheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Norman\npm\bin\niu.exe
C:\Documents and Settings\Jan Rijken\Bureaublad\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R? fssfltr;fssfltr
R? fsssvc;De service Windows Live Family Safety
R? gupdate;Google Update Service (gupdate)
R? NvcMFlt;NvcMFlt
R? nvcoas;Norman Virus Control on-access component
R? NVCScheduler;Norman Virus Control Scheduler
S? ham50;Creatix V.90 HAM Data Fax Modem
S? NAUpdate;@c:\program files\nero\update\NASvc.exe,-200
S? Ndiskio;Ndiskio
S? NGS;Norman General Security Driver
S? NNFSVC;Norman Network Filtering service
S? Norman ZANDA;Norman ZANDA
S? NPROSEC;Norman Security driver
S? NPROSECSVC;Norman Security service
S? nregsec;Norman Registry Security driver
S? nsesvc;Norman Scanner Engine Service
S? NVOY;Norman Resource Provider
S? PSI;PSI
S? Scheduler;Norman Scheduler Service
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
.
=============== Created Last 30 ================
.
2011-04-25 18:07:05 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-04-25 10:46:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-23 10:58:09 -------- d-----w- c:\docume~1\janrij~1\applic~1\PriceGong
2011-04-16 10:51:23 -------- d-----w- c:\program files\WOT
2011-04-10 23:35:19 -------- d-----w- c:\program files\ESET
2011-04-10 23:01:03 -------- d-----w- C:\_OTL
2011-04-10 22:40:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 18:43:15 -------- d--h--r- c:\documents and settings\jan rijken\Onlangs geopend
2011-04-09 10:48:31 -------- d-----w- c:\docume~1\janrij~1\locals~1\applic~1\Secunia PSI
2011-04-09 10:48:14 -------- d-----w- c:\program files\Secunia
2011-04-09 08:05:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-09 08:03:13 -------- d-----w- c:\docume~1\janrij~1\applic~1\DDMSettings
2011-04-09 07:49:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2011-04-09 07:35:26 -------- d-----w- c:\program files\FileHippo.com
2011-04-02 17:47:22 -------- d-----w- c:\docume~1\janrij~1\applic~1\SUPERAntiSpyware.com
2011-04-01 18:22:19 -------- d-----w- c:\docume~1\janrij~1\locals~1\applic~1\Conduit
2011-04-01 18:22:02 -------- d-----w- c:\program files\SequoiaView
.
==================== Find3M ====================
.
2011-03-07 05:33:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:36 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:07:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:07:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:07:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43:15 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:54:07 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54:04 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54:04 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:59 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:59 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:57 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
============= FINISH: 12:33:59,01 ===============






attach log:





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/08/2007 21:48:44
System Uptime: 25/04/2011 16:33:26 (20 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6399
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1800/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 45 GiB total, 29,133 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 70,994 GiB free.
E: is FIXED (NTFS) - 16 GiB total, 14,748 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 233 GiB total, 215,248 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: CMI8738/C3DX PCI Audio Device
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_39901462&REV_10\4&172A2BDD&0&38F0
Manufacturer: C-Media
Name: CMI8738/C3DX PCI Audio Device
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_39901462&REV_10\4&172A2BDD&0&38F0
Service:
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.3 - Nederlands
Adobe Reader X (10.0.1) - Nederlands
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows Media Player 9 (KB936782)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2279986)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2296199)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2436673)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981957)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Beveiligingsupdate voor Windows XP (KB982802)
CCleaner
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.0.7.0
Essentiële update voor Windows Media Player 11 (KB959772)
FileHippo.com Update Checker
Free Picture Resize Starter 4.5
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
HiJackThis
HijackThis 2.0.2
HiYo
HiYo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2158563)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB942288-v3)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
KB943729: Update voor Windows XP
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Editie 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 8
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
Norman Security Suite
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Off-linediensten van Home'Bank 4.55
OGA Notifier 2.0.0048.0
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
PC Connectivity Solution
PCI Audio Driver
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Search 4 - KB963093
Segoe UI
SequoiaView
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Uninstall Borinato DVR Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 8 (KB973874)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows Internet Explorer 8 (KB980182)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB2467659)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
WebFldrs XP
Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
WOT for Internet Explorer
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================

 

malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/04/2011 23:05:05
mbam-log-2011-04-08 (00-57-30).txt

Scantype: Snelle scan
Objecten gescand: 177612
Verstreken tijd: 6 minuut/minuten, 1 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
c:\documents and settings\jan rijken\local settings\temporary internet files\Content.IE5\OD5CJPV1\TFC[1].exe (Trojan.Dropper.PGen) -> No action taken.

 

new mbam log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/04/2011 23:25:17
mbam-log-2011-04-26 (23-25-17).txt

Scantype: Snelle scan
Objecten gescand: 177347
Verstreken tijd: 8 minuut/minuten, 18 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

 

combofix log

ComboFix 11-04-26.01 - Jan Rijken 26/04/2011 23:41:08.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.511.241 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Jan Rijken\Bureaublad\ComboFix1.exe
AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jan Rijken\Application Data\PriceGong
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Jan Rijken\Application Data\PriceGong\Data\z.xml
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-26 to 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 19:43 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-04-26 19:42 . 2011-04-26 19:42 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-04-26 19:39 . 2011-04-26 19:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-04-25 10:47 . 2011-04-25 10:47 -------- d-----w- c:\program files\Common Files\Java
2011-04-25 10:46 . 2011-04-25 10:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-25 10:45 . 2011-04-25 10:45 -------- d-----w- c:\program files\Java
2011-04-16 10:51 . 2011-04-16 10:51 -------- d-----w- c:\program files\WOT
2011-04-10 23:35 . 2011-04-10 23:35 -------- d-----w- c:\program files\ESET
2011-04-10 23:01 . 2011-04-10 23:01 -------- d-----w- C:\_OTL
2011-04-10 22:40 . 2011-04-25 10:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 18:43 . 2011-04-26 21:05 -------- d--h--r- c:\documents and settings\Jan Rijken\Onlangs geopend
2011-04-09 10:48 . 2011-04-09 10:48 -------- d-----w- c:\documents and settings\Jan Rijken\Local Settings\Application Data\Secunia PSI
2011-04-09 10:48 . 2011-04-09 10:48 -------- d-----w- c:\program files\Secunia
2011-04-09 08:05 . 2011-04-09 08:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-09 08:03 . 2011-04-09 08:03 -------- d-----w- c:\documents and settings\Jan Rijken\Application Data\DDMSettings
2011-04-09 08:01 . 2011-04-09 08:01 -------- d-----w- c:\documents and settings\Jan Rijken\Application Data\DivX
2011-04-09 07:58 . 2011-04-17 09:47 -------- d-----w- c:\program files\Microsoft Silverlight
2011-04-09 07:49 . 2011-04-09 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-04-09 07:35 . 2011-04-09 07:35 -------- d-----w- c:\program files\FileHippo.com
2011-04-02 17:47 . 2011-04-02 17:48 -------- d-----w- c:\documents and settings\Jan Rijken\Application Data\SUPERAntiSpyware.com
2011-04-01 18:22 . 2011-04-25 12:45 -------- d-----w- c:\documents and settings\Jan Rijken\Local Settings\Application Data\Conduit
2011-04-01 18:22 . 2011-04-01 18:22 -------- d-----w- c:\program files\SequoiaView
2011-04-01 18:06 . 2011-04-01 18:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 23:45 . 2011-03-07 23:45 388096 ----a-r- c:\documents and settings\Jan Rijken\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-07 05:33 . 2007-08-28 19:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2002-09-11 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-09-11 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:07 . 2002-09-11 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:07 . 2002-09-11 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:07 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43 . 2007-08-28 20:17 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2002-09-11 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-09-11 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2002-09-11 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54 . 2002-09-11 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2002-09-11 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2002-09-11 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2002-09-11 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2007-08-28 19:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-08-28 19:39 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-20_20.26.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-26 21:15 . 2011-04-26 21:15 16384 c:\windows\temp\Perflib_Perfdata_45c.dat
- 2010-04-16 21:12 . 2010-04-16 21:12 48464 c:\windows\system32\sirenacm.dll
+ 2010-04-16 20:12 . 2010-04-16 20:12 48464 c:\windows\system32\sirenacm.dll
- 2002-09-11 12:00 . 2011-04-07 22:44 72604 c:\windows\system32\perfc009.dat
+ 2002-09-11 12:00 . 2011-04-26 21:20 72604 c:\windows\system32\perfc009.dat
+ 2011-04-26 19:43 . 2010-04-28 05:44 54760 c:\windows\system32\DRVSTORE\fssfltr_F64381C38F211E3160A660B196A6A585F80604F9\fssfltr_tdi.sys
- 2011-01-02 14:29 . 2010-04-28 06:44 54760 c:\windows\system32\DRVSTORE\fssfltr_F64381C38F211E3160A660B196A6A585F80604F9\fssfltr_tdi.sys
+ 2011-04-26 13:06 . 2011-04-26 13:06 21504 c:\windows\Installer\4d6caf3.msi
+ 2011-04-26 19:40 . 2011-04-26 19:40 22016 c:\windows\Installer\3ecd5e.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 27136 c:\windows\Installer\3ecd4d.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 83456 c:\windows\Installer\3ecd2d.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 58880 c:\windows\Installer\3ecd25.msi
+ 2011-04-26 19:40 . 2011-04-26 19:40 80395 c:\windows\Installer\{CC38A00D-7EED-46CE-9281-D1D97B81F22A}\MsblIco.Exe
+ 2011-04-26 19:39 . 2011-04-26 19:39 61272 c:\windows\Installer\{C20C2630-B3A7-44BA-BDD0-31E256AE490E}\IconWlc.exe
+ 2011-04-26 19:40 . 2011-04-26 19:40 58945 c:\windows\Installer\{2869F5EA-93C3-48E5-80DF-DB696BC84A91}\wlmail.exe
- 2011-01-02 15:35 . 2011-01-02 15:35 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\4b76ee7cffa5a925f16967eb6d44d79e\WindowsLiveWriter.ni.exe
+ 2011-04-26 20:08 . 2011-04-26 20:08 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\4b76ee7cffa5a925f16967eb6d44d79e\WindowsLiveWriter.ni.exe
- 2011-01-02 16:01 . 2011-01-02 16:01 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f3ef21a166df82d34e0147cfa308256\WindowsLive.Writer.Api.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0f3ef21a166df82d34e0147cfa308256\WindowsLive.Writer.Api.ni.dll
- 2010-04-17 01:11 . 2010-04-17 01:11 307056 c:\windows\WLXPGSS.SCR
+ 2010-04-17 00:11 . 2010-04-17 00:11 307056 c:\windows\WLXPGSS.SCR
- 2007-12-04 01:56 . 2007-12-04 01:56 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
+ 2007-12-04 00:56 . 2007-12-04 00:56 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
+ 2007-12-04 00:56 . 2007-12-04 00:56 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
- 2007-12-04 01:56 . 2007-12-04 01:56 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
+ 2007-12-03 16:58 . 2007-12-03 16:58 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
- 2007-12-03 17:58 . 2007-12-03 17:58 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
- 2002-09-11 12:00 . 2011-04-07 22:44 537320 c:\windows\system32\perfh013.dat
+ 2002-09-11 12:00 . 2011-04-26 21:20 537320 c:\windows\system32\perfh013.dat
+ 2002-09-11 12:00 . 2011-04-26 21:20 444346 c:\windows\system32\perfh009.dat
- 2002-09-11 12:00 . 2011-04-07 22:44 444346 c:\windows\system32\perfh009.dat
- 2002-09-11 12:00 . 2011-04-07 22:44 101954 c:\windows\system32\perfc013.dat
+ 2002-09-11 12:00 . 2011-04-26 21:20 101954 c:\windows\system32\perfc013.dat
+ 2011-04-25 10:46 . 2011-04-25 10:45 157472 c:\windows\system32\javaws.exe
- 2011-04-10 22:40 . 2011-04-10 22:39 157472 c:\windows\system32\javaws.exe
- 2011-04-10 22:40 . 2011-04-10 22:39 145184 c:\windows\system32\javaw.exe
+ 2011-04-25 10:46 . 2011-04-25 10:45 145184 c:\windows\system32\javaw.exe
- 2011-04-10 22:40 . 2011-04-10 22:39 145184 c:\windows\system32\java.exe
+ 2011-04-25 10:46 . 2011-04-25 10:45 145184 c:\windows\system32\java.exe
+ 2011-04-26 19:43 . 2011-04-26 19:43 969728 c:\windows\Installer\3ecda0.msi
+ 2011-04-26 19:42 . 2011-04-26 19:42 570368 c:\windows\Installer\3ecd98.msi
+ 2011-04-26 19:42 . 2011-04-26 19:42 176128 c:\windows\Installer\3ecd90.msi
+ 2011-04-26 19:42 . 2011-04-26 19:42 727040 c:\windows\Installer\3ecd88.msi
+ 2011-04-26 19:42 . 2011-04-26 19:42 483328 c:\windows\Installer\3ecd80.msi
+ 2011-04-26 19:42 . 2011-04-26 19:42 778752 c:\windows\Installer\3ecd77.msi
+ 2011-04-26 19:41 . 2011-04-26 19:41 477696 c:\windows\Installer\3ecd6f.msi
+ 2011-04-26 19:40 . 2011-04-26 19:40 861184 c:\windows\Installer\3ecd66.msi
+ 2011-04-26 19:40 . 2011-04-26 19:40 429056 c:\windows\Installer\3ecd56.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 140288 c:\windows\Installer\3ecd45.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 202752 c:\windows\Installer\3ecd3d.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 149504 c:\windows\Installer\3ecd35.msi
+ 2011-04-26 19:39 . 2011-04-26 19:39 107008 c:\windows\Installer\3ecd1d.msi
+ 2011-04-25 10:47 . 2011-04-25 10:47 180224 c:\windows\Installer\162cb6.msi
+ 2011-04-25 10:45 . 2011-04-25 10:45 677376 c:\windows\Installer\162ca2.msi
+ 2011-04-26 19:42 . 2011-04-26 19:42 132096 c:\windows\Installer\{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}\WLXPhotoGalleryIcon.exe
- 2011-01-02 16:01 . 2011-01-02 16:01 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\cf67b75a1da96795723d2034e48ba183\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-04-26 20:09 . 2011-04-26 20:09 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\cf67b75a1da96795723d2034e48ba183\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7eecdbf8f73f127df632e81bc835484\WindowsLive.Writer.Interop.Mshtml.ni.dll
- 2011-01-02 15:36 . 2011-01-02 15:36 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f7eecdbf8f73f127df632e81bc835484\WindowsLive.Writer.Interop.Mshtml.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd5335b13b4ce8f10990c752f3c0a6b9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd5335b13b4ce8f10990c752f3c0a6b9\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cf5151086dd038a82602c9167c9acad5\WindowsLive.Writer.Passport.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cf5151086dd038a82602c9167c9acad5\WindowsLive.Writer.Passport.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cc7d0d688ca1fb7bd0e0ba3f17e3add1\WindowsLive.Writer.HtmlParser.ni.dll
- 2011-01-02 15:36 . 2011-01-02 15:36 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cc7d0d688ca1fb7bd0e0ba3f17e3add1\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
- 2011-01-02 15:36 . 2011-01-02 15:36 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c46d84073499887c745801bda334c97f\WindowsLive.Writer.Interop.SHDocVw.ni.dll
- 2011-01-02 15:36 . 2011-01-02 15:36 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\879fd6f22250247f79ee663b80199b73\WindowsLive.Writer.Localization.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\879fd6f22250247f79ee663b80199b73\WindowsLive.Writer.Localization.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\80ce7f3c877dff36e07711517ed49b19\WindowsLive.Writer.BrowserControl.ni.dll
- 2011-01-02 15:35 . 2011-01-02 15:35 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\80ce7f3c877dff36e07711517ed49b19\WindowsLive.Writer.BrowserControl.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\796b11733fd16a0128c89ae37abce0f4\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\796b11733fd16a0128c89ae37abce0f4\WindowsLive.Writer.Instrumentation.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cc2bbf8d87c63f36d05bf7a4a01a69\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cc2bbf8d87c63f36d05bf7a4a01a69\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\69968aa6fb3a6fb47df1b2dd59f1e1a2\WindowsLive.Writer.FileDestinations.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\69968aa6fb3a6fb47df1b2dd59f1e1a2\WindowsLive.Writer.FileDestinations.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5efde99101ca1afd5ad2b21f793e2854\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5efde99101ca1afd5ad2b21f793e2854\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36888cd642eab375b37c2d8ae121d2ad\WindowsLive.Writer.Controls.ni.dll
- 2011-01-02 15:35 . 2011-01-02 15:35 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36888cd642eab375b37c2d8ae121d2ad\WindowsLive.Writer.Controls.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\323d5898b41430c73305874d4b93bf25\WindowsLive.Writer.Extensibility.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\323d5898b41430c73305874d4b93bf25\WindowsLive.Writer.Extensibility.ni.dll
- 2011-01-02 15:35 . 2011-01-02 15:35 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0e5d49b051e355c696ed7a2b5b24a623\WindowsLive.Writer.Interop.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0e5d49b051e355c696ed7a2b5b24a623\WindowsLive.Writer.Interop.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d82d08289c6b8f928d8804f69f959ec\WindowsLive.Writer.SpellChecker.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d82d08289c6b8f928d8804f69f959ec\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b34623aa698e02b699e5b4706b1cd248\WindowsLive.Client.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\b34623aa698e02b699e5b4706b1cd248\WindowsLive.Client.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec6601e9b75d691ee7339616559b5232\WindowsLive.Writer.CoreServices.ni.dll
- 2011-01-02 15:35 . 2011-01-02 15:35 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ec6601e9b75d691ee7339616559b5232\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7226cd21c68247fa3b23612fa1b848f9\WindowsLive.Writer.PostEditor.ni.dll
- 2011-01-02 15:35 . 2011-01-02 15:35 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7226cd21c68247fa3b23612fa1b848f9\WindowsLive.Writer.PostEditor.ni.dll
+ 2011-04-26 20:08 . 2011-04-26 20:08 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4f183789843f054fba4ea676b9637b04\WindowsLive.Writer.ApplicationFramework.ni.dll
- 2011-01-02 16:01 . 2011-01-02 16:01 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4f183789843f054fba4ea676b9637b04\WindowsLive.Writer.ApplicationFramework.ni.dll
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"FileHippo.com "= "c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"nwiz "= "nwiz.exe" [2003-07-28 323584]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"Norman ZANDA "= "c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-14 110592]
"NeroFilterCheck "= "c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan "= "c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 16:00 1818624 ----a-w- c:\windows\mixer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"c:\\networkdvr\\remote.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
.
R1 NGS;Norman General Security Driver;c:\program files\Norman\ngs\bin\ngs.sys [5/08/2010 12:21 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\ngs\bin\nprosec.sys [5/08/2010 12:21 74144]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [4/05/2010 12:07 503080]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [16/10/2009 21:04 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\ngs\bin\nnf.exe [5/08/2010 12:21 223000]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\ngs\bin\nprosec.exe [5/08/2010 12:21 90656]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\ngs\bin\nregsec.sys [5/08/2010 12:21 40384]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [15/06/2009 22:48 98776]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/01/2011 16:24 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/01/2011 16:24 399416]
R3 ham50;Creatix V.90 HAM Data Fax Modem;c:\windows\system32\drivers\CTXH51.sys [7/11/2001 13:47 454815]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [5/01/2011 21:11 288072]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1/09/2010 10:30 15544]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [17/06/2009 22:21 133272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2010 19:59 135664]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17/01/2010 19:59 135664]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [15/06/2009 22:47 24176]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [30/08/2010 20:32 210248]
S3 NVCScheduler;Norman Virus Control Scheduler; "c:\program files\Norman\Npm\bin\NVCSCHED.EXE" --> c:\program files\Norman\Npm\bin\NVCSCHED.EXE [?]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mchInjDrv
.
Inhoud van de 'Gedeelde Taken' map
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 17:59]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 17:59]
.
2011-04-26 c:\windows\Tasks\User_Feed_Synchronization-{DB14428F-5D41-4FB7-941C-F5A28B49E3B4}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Bijkomende Scan -------
.
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-26 23:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C "= "C?\\WINDOWS\\system32\\FM20ENU.DLL "
.
Voltooingstijd: 2011-04-26 23:55:49
ComboFix-quarantined-files.txt 2011-04-26 21:55
ComboFix2.txt 2011-04-20 20:31
ComboFix3.txt 2011-04-08 20:30
ComboFix4.txt 2011-04-05 10:49
ComboFix5.txt 2011-04-26 21:38
.
Pre-Run: 31.300.993.024 bytes beschikbaar
Post-Run: 31.421.423.616 bytes beschikbaar
.
- - End Of File - - EF06617047882905B760A1442962B2FE

 

otl log

OTL logfile created on: 27/04/2011 7:22:32 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jan Rijken\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

511,00 Mb Total Physical Memory | 159,00 Mb Available Physical Memory | 31,00% Memory free
994,00 Mb Paging File | 511,00 Mb Available in Paging File | 51,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44,73 Gb Total Space | 29,28 Gb Free Space | 65,46% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 70,99 Gb Free Space | 80,78% Space Free | Partition Type: NTFS
Drive E: | 16,43 Gb Total Space | 14,75 Gb Free Space | 89,75% Space Free | Partition Type: NTFS
Drive H: | 232,88 Gb Total Space | 215,25 Gb Free Space | 92,43% Space Free | Partition Type: NTFS
Drive I: | 1,86 Gb Total Space | 1,21 Gb Free Space | 64,95% Space Free | Partition Type: FAT

Computer Name: JAN | User Name: Jan Rijken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 07:19:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan Rijken\Bureaublad\OTL.exe
PRC - [2011/03/22 16:15:33 | 000,189,824 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zlh.exe
PRC - [2011/03/21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/10 16:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 16:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 16:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
PRC - [2010/12/02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe
PRC - [2010/11/10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\ngs\bin\nprosec.exe
PRC - [2010/11/10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\ngs\bin\nnf.exe
PRC - [2010/08/09 14:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/15 13:14:41 | 000,098,776 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\nvoy.exe
PRC - [2010/01/28 14:33:08 | 000,169,344 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Nip.exe
PRC - [2009/10/15 15:50:54 | 000,133,272 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe
PRC - [2009/10/11 15:07:33 | 000,152,904 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe
PRC - [2009/10/07 13:04:51 | 000,129,928 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe
PRC - [2008/06/24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/21 04:15:08 | 003,293,184 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 07:19:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan Rijken\Bureaublad\OTL.exe
MOD - [2010/08/23 18:13:25 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/11 15:11:19 | 000,267,656 | ---- | M] (Norman ASA) -- C:\Program Files\Norman\nvc\bin\Niphk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NVCScheduler)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/17 16:22:48 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Nse\bin\NSESVC.EXE -- (nsesvc)
SRV - [2010/12/02 11:13:55 | 000,308,408 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010/11/10 14:59:37 | 000,090,656 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010/11/10 14:48:32 | 000,223,000 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010/08/12 13:44:29 | 000,210,248 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nvc\bin\nvcoas.exe -- (nvcoas)
SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/15 13:14:41 | 000,098,776 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2009/10/15 15:50:54 | 000,133,272 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2009/10/11 15:07:33 | 000,152,904 | ---- | M] (Norman ASA) [Auto | Running] -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6)
SRV - [2009/10/07 13:04:51 | 000,129,928 | ---- | M] (Norman ASA) [On_Demand | Running] -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE -- (Norman NJeeves)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/11/11 14:01:54 | 000,024,176 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2010/11/10 15:48:11 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\ngs\bin\nregsec.sys -- (nregsec)
DRV - [2010/11/10 15:48:00 | 000,074,144 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Program Files\Norman\ngs\bin\nprosec.sys -- (NPROSEC)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/01/04 14:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\Program Files\Norman\ngs\bin\ngs.sys -- (NGS)
DRV - [2009/10/09 13:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Running] -- C:\Program Files\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-stuurprogramma voor Realtek RTL8139(A/B/C)
DRV - [2001/08/18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/04 08:50:08 | 000,454,815 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTXH51.sys -- (ham50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be
IE - HKU\S-1-5-21-746137067-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 9B 84 18 45 04 CC 01 [binary data]
IE - HKU\S-1-5-21-746137067-1500820517-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/09 10:01:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/09 10:01:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/04/26 23:51:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-746137067-1500820517-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1500820517-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-746137067-1500820517-839522115-1003..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-746137067-1500820517-839522115-1003..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-746137067-1500820517-839522115-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-746137067-1500820517-839522115-1003..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1500820517-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/28 21:45:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/27 07:19:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan Rijken\Bureaublad\OTL.exe
[2011/04/26 21:42:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/04/26 21:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/04/26 21:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live
[2011/04/26 20:38:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/04/26 12:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Bureaublad\attach log
[2011/04/26 12:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Bureaublad\ddslog
[2011/04/26 07:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Bureaublad\gmerlog
[2011/04/26 00:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Bureaublad\eset log
[2011/04/25 12:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/25 12:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/20 22:31:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/16 12:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/04/11 08:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Bureaublad\otlrunfix1104
[2011/04/11 07:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Mijn documenten\esetlog1
[2011/04/11 01:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/11 01:01:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 00:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/11 00:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Application Data\Sun
[2011/04/09 20:43:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jan Rijken\Onlangs geopend
[2011/04/09 12:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\Secunia PSI
[2011/04/09 12:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/04/09 10:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Nero
[2011/04/09 10:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Application Data\DDMSettings
[2011/04/09 10:01:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jan Rijken\Mijn documenten\Mijn video's
[2011/04/09 10:01:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Application Data\DivX
[2011/04/09 10:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Mijn documenten\DivX Movies
[2011/04/09 10:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\DivX Plus
[2011/04/09 09:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Silverlight
[2011/04/09 09:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/09 09:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/04/09 09:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth
[2011/04/09 09:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Menu Start\Programma's\ImgBurn
[2011/04/09 09:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Menu Start\Programma's\WinRAR
[2011/04/09 09:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\WinRAR
[2011/04/09 09:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/04/08 00:35:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan Rijken\Bureaublad\TFC.exe
[2011/04/02 19:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Application Data\SUPERAntiSpyware.com
[2011/04/02 18:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Mijn documenten\Nieuwe map
[2011/04/02 14:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Mijn documenten\software
[2011/04/01 20:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Menu Start\Programma's\SequoiaView
[2011/04/01 20:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\Conduit
[2011/04/01 20:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SequoiaView
[2011/04/01 20:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2009/06/18 16:24:59 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jan Rijken\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/04/27 07:26:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB14428F-5D41-4FB7-941C-F5A28B49E3B4}.job
[2011/04/27 07:19:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan Rijken\Bureaublad\OTL.exe
[2011/04/27 07:11:00 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 00:33:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/26 23:51:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/26 23:34:23 | 004,330,632 | R--- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\ComboFix1.exe
[2011/04/26 23:20:15 | 000,537,320 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2011/04/26 23:20:15 | 000,444,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/26 23:20:15 | 000,101,954 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2011/04/26 23:20:15 | 000,072,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/26 23:15:01 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/26 23:14:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/26 20:30:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/26 07:25:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/26 07:18:19 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\dds.scr
[2011/04/26 07:17:59 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\MBRCheck.exe
[2011/04/26 00:46:54 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\cr3127rr.exe
[2011/04/25 16:30:37 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan Rijken\Bureaublad\TFC.exe
[2011/04/25 12:13:30 | 000,000,412 | ---- | M] () -- C:\WINDOWS\mapping.ini
[2011/04/25 12:13:30 | 000,000,030 | ---- | M] () -- C:\WINDOWS\capture.ini
[2011/04/25 12:12:26 | 000,001,145 | ---- | M] () -- C:\WINDOWS\addrbook.ini
[2011/04/16 19:40:12 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/16 19:40:11 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Chrome.lnk
[2011/04/16 09:59:42 | 000,248,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 23:40:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 01:14:19 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\SecurityCheck.exe
[2011/04/11 00:46:19 | 000,159,877 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\JavaRa.zip
[2011/04/09 12:48:24 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk
[2011/04/09 10:25:13 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Nero BurnLite 10.lnk
[2011/04/09 10:02:00 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\DivX Plus Converter.lnk
[2011/04/09 10:02:00 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\DivX Movies.lnk
[2011/04/09 10:00:59 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\DivX Plus Player.lnk
[2011/04/09 09:47:20 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2011/04/09 09:43:01 | 000,001,556 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/04/09 09:43:01 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\ImgBurn.lnk
[2011/04/09 09:40:30 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk
[2011/04/09 09:39:34 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\WinRAR.lnk
[2011/04/09 09:35:27 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\Update Checker.lnk
[2011/04/09 09:28:52 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader X .lnk
[2011/04/08 21:56:31 | 004,316,701 | R--- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\ComboFix.exe
[2011/04/08 00:31:19 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[2011/04/02 22:40:23 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger (2).lnk
[2011/04/02 15:49:01 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\HiJackThis.lnk
[2011/04/02 13:28:54 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\default.pls
[2011/04/02 10:51:06 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 20:22:24 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\SequoiaView.lnk
[2011/04/01 20:21:45 | 000,567,047 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\Sequoia1_3Install.exe

========== Files Created - No Company Name ==========

[2011/04/26 23:34:23 | 004,330,632 | R--- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\ComboFix1.exe
[2011/04/26 07:18:18 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\dds.scr
[2011/04/26 07:17:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\MBRCheck.exe
[2011/04/26 00:46:53 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\cr3127rr.exe
[2011/04/15 23:29:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 01:14:14 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\SecurityCheck.exe
[2011/04/11 00:44:31 | 000,159,877 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\JavaRa.zip
[2011/04/09 12:48:24 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Secunia PSI Tray.lnk
[2011/04/09 12:48:23 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Secunia PSI.lnk
[2011/04/09 10:25:13 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Nero BurnLite 10.lnk
[2011/04/09 10:00:59 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\DivX Plus Player.lnk
[2011/04/09 10:00:31 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\DivX Plus Converter.lnk
[2011/04/09 09:39:34 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\WinRAR.lnk
[2011/04/09 09:35:27 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Menu Start\Programma's\Update Checker.lnk
[2011/04/09 09:35:27 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\Update Checker.lnk
[2011/04/08 21:56:22 | 004,316,701 | R--- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\ComboFix.exe
[2011/04/06 02:20:05 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Adobe Reader X .lnk
[2011/04/06 02:20:05 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Adobe Reader X .lnk
[2011/04/02 22:40:23 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger (2).lnk
[2011/04/01 20:22:23 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\SequoiaView.lnk
[2011/04/01 20:21:44 | 000,567,047 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Bureaublad\Sequoia1_3Install.exe
[2010/12/18 12:55:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/18 12:55:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/18 12:55:40 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/18 12:55:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/18 12:55:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/17 19:58:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/21 22:06:41 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/09/02 22:01:42 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Dtctrace.dll
[2009/09/01 22:05:26 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/19 10:01:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\capture.ini
[2009/06/19 10:00:23 | 000,000,412 | ---- | C] () -- C:\WINDOWS\mapping.ini
[2009/06/19 09:59:56 | 000,001,145 | ---- | C] () -- C:\WINDOWS\addrbook.ini
[2009/06/19 09:59:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\uninst.exe
[2009/06/19 09:59:27 | 000,000,102 | ---- | C] () -- C:\WINDOWS\dvr2.ini
[2009/06/18 17:28:01 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/06/18 17:07:45 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Application Data\default.pls
[2009/06/18 17:06:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/18 16:24:59 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Application Data\ezpinst.exe
[2009/06/18 16:24:59 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Application Data\pcouffin.cat
[2009/06/18 16:24:59 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Application Data\pcouffin.inf
[2009/06/16 00:25:19 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Jan Rijken\Local Settings\Application Data\fusioncache.dat
[2009/06/15 21:57:38 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/26 22:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 22:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 22:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/08/29 09:02:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/08/28 23:23:46 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/28 23:22:33 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/28 22:43:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007/08/28 22:37:59 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/08/28 21:48:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/28 21:41:16 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/04/07 13:10:22 | 000,005,443 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/19 15:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 15:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[2002/09/11 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/11 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/11 14:00:00 | 000,537,320 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2002/09/11 14:00:00 | 000,444,346 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/11 14:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2002/09/11 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/11 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/11 14:00:00 | 000,101,954 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2002/09/11 14:00:00 | 000,072,604 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/11 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/11 14:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2002/09/11 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/11 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/11 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/09/11 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/01/21 21:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiYo
[2011/04/25 15:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/09/13 13:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/03/07 23:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/03/07 23:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/18 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\Bidgood Svcs
[2011/04/09 10:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\DDMSettings
[2009/08/16 16:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\HiYo
[2009/06/18 17:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\ImgBurn
[2010/09/13 13:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\Nokia
[2010/09/13 13:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\PC Suite
[2009/06/19 14:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\TeamViewer
[2009/06/18 16:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\Vso
[2009/06/16 00:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\Windows Desktop Search
[2009/06/18 23:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan Rijken\Application Data\Windows Search
[2011/04/27 07:26:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB14428F-5D41-4FB7-941C-F5A28B49E3B4}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/08/28 21:45:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/08/28 22:18:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/18 12:58:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2002/09/11 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/04 00:00:14 | 000,261,936 | RHS- | M] () -- C:\cmldr
[2011/04/26 23:55:51 | 000,028,903 | ---- | M] () -- C:\ComboFix.txt
[2007/08/28 21:45:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/28 21:45:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/11 00:49:14 | 000,019,719 | ---- | M] () -- C:\JavaRa.log
[2007/08/28 21:45:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/08/28 22:11:18 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/15 22:31:12 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011/04/26 23:14:37 | 536,870,912 | -HS- | M] () -- C:\pagefile.sys
[2009/06/17 22:17:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/17 22:17:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/08/28 21:44:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/08/28 23:21:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/08/28 23:21:18 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/08/28 23:21:18 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/08/28 21:59:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
[2007/08/28 22:29:18 | 000,000,189 | -HS- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/06/07 21:58:42 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Application Data\Microsoft\Internet Explorer\Quick Launch\Hifiketens vergelijken en vind de goedkoopste hifi keten op VERGELIJK.BE.url

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/27 07:20:17 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Jan Rijken\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 15:57:10 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 19:02:23 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/09/11 14:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/04/11 12:00:02 | 000,000,898 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 16:05:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 19:03:07 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/09/11 14:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/09/11 14:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/09/11 14:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:35:48 | 000,118,265 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28/08/2007 21:48:44
System Uptime: 25/04/2011 16:33:26 (20 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6399
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1800/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 45 GiB total, 29,133 GiB free.
D: is FIXED (NTFS) - 88 GiB total, 70,994 GiB free.
E: is FIXED (NTFS) - 16 GiB total, 14,748 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 233 GiB total, 215,248 GiB free.
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: CMI8738/C3DX PCI Audio Device
Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_39901462&REV_10\4&172A2BDD&0&38F0
Manufacturer: C-Media
Name: CMI8738/C3DX PCI Audio Device
PNP Device ID: PCI\VEN_13F6&DEV_0111&SUBSYS_39901462&REV_10\4&172A2BDD&0&38F0
Service:
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.3 - Nederlands
Adobe Reader X (10.0.1) - Nederlands
Beveiligingsupdate for Windows XP (KB923689)
Beveiligingsupdate for Windows XP (KB941569)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127-v2)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB2378111)
Beveiligingsupdate voor Windows Media Player (KB911564)
Beveiligingsupdate voor Windows Media Player (KB952069)
Beveiligingsupdate voor Windows Media Player (KB954155)
Beveiligingsupdate voor Windows Media Player (KB968816)
Beveiligingsupdate voor Windows Media Player (KB973540)
Beveiligingsupdate voor Windows Media Player (KB975558)
Beveiligingsupdate voor Windows Media Player (KB978695)
Beveiligingsupdate voor Windows Media Player 11 (KB936782)
Beveiligingsupdate voor Windows Media Player 11 (KB954154)
Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
Beveiligingsupdate voor Windows Media Player 9 (KB936782)
Beveiligingsupdate voor Windows XP (KB2079403)
Beveiligingsupdate voor Windows XP (KB2115168)
Beveiligingsupdate voor Windows XP (KB2121546)
Beveiligingsupdate voor Windows XP (KB2160329)
Beveiligingsupdate voor Windows XP (KB2229593)
Beveiligingsupdate voor Windows XP (KB2259922)
Beveiligingsupdate voor Windows XP (KB2279986)
Beveiligingsupdate voor Windows XP (KB2286198)
Beveiligingsupdate voor Windows XP (KB2296011)
Beveiligingsupdate voor Windows XP (KB2296199)
Beveiligingsupdate voor Windows XP (KB2347290)
Beveiligingsupdate voor Windows XP (KB2360937)
Beveiligingsupdate voor Windows XP (KB2387149)
Beveiligingsupdate voor Windows XP (KB2393802)
Beveiligingsupdate voor Windows XP (KB2412687)
Beveiligingsupdate voor Windows XP (KB2419632)
Beveiligingsupdate voor Windows XP (KB2423089)
Beveiligingsupdate voor Windows XP (KB2436673)
Beveiligingsupdate voor Windows XP (KB2440591)
Beveiligingsupdate voor Windows XP (KB2443105)
Beveiligingsupdate voor Windows XP (KB2476687)
Beveiligingsupdate voor Windows XP (KB2478960)
Beveiligingsupdate voor Windows XP (KB2478971)
Beveiligingsupdate voor Windows XP (KB2479628)
Beveiligingsupdate voor Windows XP (KB2479943)
Beveiligingsupdate voor Windows XP (KB2481109)
Beveiligingsupdate voor Windows XP (KB2483185)
Beveiligingsupdate voor Windows XP (KB2485376)
Beveiligingsupdate voor Windows XP (KB2485663)
Beveiligingsupdate voor Windows XP (KB2503658)
Beveiligingsupdate voor Windows XP (KB2506212)
Beveiligingsupdate voor Windows XP (KB2506223)
Beveiligingsupdate voor Windows XP (KB2507618)
Beveiligingsupdate voor Windows XP (KB2508272)
Beveiligingsupdate voor Windows XP (KB2508429)
Beveiligingsupdate voor Windows XP (KB2509553)
Beveiligingsupdate voor Windows XP (KB2511455)
Beveiligingsupdate voor Windows XP (KB2524375)
Beveiligingsupdate voor Windows XP (KB923561)
Beveiligingsupdate voor Windows XP (KB923789)
Beveiligingsupdate voor Windows XP (KB938464-v2)
Beveiligingsupdate voor Windows XP (KB946648)
Beveiligingsupdate voor Windows XP (KB950760)
Beveiligingsupdate voor Windows XP (KB950762)
Beveiligingsupdate voor Windows XP (KB950974)
Beveiligingsupdate voor Windows XP (KB951066)
Beveiligingsupdate voor Windows XP (KB951376-v2)
Beveiligingsupdate voor Windows XP (KB951748)
Beveiligingsupdate voor Windows XP (KB952004)
Beveiligingsupdate voor Windows XP (KB952954)
Beveiligingsupdate voor Windows XP (KB954459)
Beveiligingsupdate voor Windows XP (KB954600)
Beveiligingsupdate voor Windows XP (KB955069)
Beveiligingsupdate voor Windows XP (KB956572)
Beveiligingsupdate voor Windows XP (KB956744)
Beveiligingsupdate voor Windows XP (KB956802)
Beveiligingsupdate voor Windows XP (KB956803)
Beveiligingsupdate voor Windows XP (KB956844)
Beveiligingsupdate voor Windows XP (KB957097)
Beveiligingsupdate voor Windows XP (KB958644)
Beveiligingsupdate voor Windows XP (KB958687)
Beveiligingsupdate voor Windows XP (KB958869)
Beveiligingsupdate voor Windows XP (KB959426)
Beveiligingsupdate voor Windows XP (KB960225)
Beveiligingsupdate voor Windows XP (KB960803)
Beveiligingsupdate voor Windows XP (KB960859)
Beveiligingsupdate voor Windows XP (KB961371)
Beveiligingsupdate voor Windows XP (KB961373)
Beveiligingsupdate voor Windows XP (KB961501)
Beveiligingsupdate voor Windows XP (KB968537)
Beveiligingsupdate voor Windows XP (KB969059)
Beveiligingsupdate voor Windows XP (KB969898)
Beveiligingsupdate voor Windows XP (KB969947)
Beveiligingsupdate voor Windows XP (KB970238)
Beveiligingsupdate voor Windows XP (KB970430)
Beveiligingsupdate voor Windows XP (KB971468)
Beveiligingsupdate voor Windows XP (KB971486)
Beveiligingsupdate voor Windows XP (KB971557)
Beveiligingsupdate voor Windows XP (KB971633)
Beveiligingsupdate voor Windows XP (KB971657)
Beveiligingsupdate voor Windows XP (KB972270)
Beveiligingsupdate voor Windows XP (KB973346)
Beveiligingsupdate voor Windows XP (KB973354)
Beveiligingsupdate voor Windows XP (KB973507)
Beveiligingsupdate voor Windows XP (KB973525)
Beveiligingsupdate voor Windows XP (KB973869)
Beveiligingsupdate voor Windows XP (KB973904)
Beveiligingsupdate voor Windows XP (KB974112)
Beveiligingsupdate voor Windows XP (KB974318)
Beveiligingsupdate voor Windows XP (KB974392)
Beveiligingsupdate voor Windows XP (KB974571)
Beveiligingsupdate voor Windows XP (KB975025)
Beveiligingsupdate voor Windows XP (KB975467)
Beveiligingsupdate voor Windows XP (KB975560)
Beveiligingsupdate voor Windows XP (KB975561)
Beveiligingsupdate voor Windows XP (KB975562)
Beveiligingsupdate voor Windows XP (KB975713)
Beveiligingsupdate voor Windows XP (KB977165)
Beveiligingsupdate voor Windows XP (KB977816)
Beveiligingsupdate voor Windows XP (KB977914)
Beveiligingsupdate voor Windows XP (KB978037)
Beveiligingsupdate voor Windows XP (KB978251)
Beveiligingsupdate voor Windows XP (KB978262)
Beveiligingsupdate voor Windows XP (KB978338)
Beveiligingsupdate voor Windows XP (KB978542)
Beveiligingsupdate voor Windows XP (KB978601)
Beveiligingsupdate voor Windows XP (KB978706)
Beveiligingsupdate voor Windows XP (KB979309)
Beveiligingsupdate voor Windows XP (KB979482)
Beveiligingsupdate voor Windows XP (KB979559)
Beveiligingsupdate voor Windows XP (KB979683)
Beveiligingsupdate voor Windows XP (KB979687)
Beveiligingsupdate voor Windows XP (KB980195)
Beveiligingsupdate voor Windows XP (KB980218)
Beveiligingsupdate voor Windows XP (KB980232)
Beveiligingsupdate voor Windows XP (KB980436)
Beveiligingsupdate voor Windows XP (KB981322)
Beveiligingsupdate voor Windows XP (KB981852)
Beveiligingsupdate voor Windows XP (KB981957)
Beveiligingsupdate voor Windows XP (KB981997)
Beveiligingsupdate voor Windows XP (KB982132)
Beveiligingsupdate voor Windows XP (KB982214)
Beveiligingsupdate voor Windows XP (KB982665)
Beveiligingsupdate voor Windows XP (KB982802)
CCleaner
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.0.7.0
Essentiële update voor Windows Media Player 11 (KB959772)
FileHippo.com Update Checker
Free Picture Resize Starter 4.5
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
HiJackThis
HijackThis 2.0.2
HiYo
HiYo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hotfix voor Windows Media Player 11 (KB939683)
Hotfix voor Windows XP (KB2158563)
Hotfix voor Windows XP (KB2443685)
Hotfix voor Windows XP (KB942288-v3)
Hotfix voor Windows XP (KB952287)
Hotfix voor Windows XP (KB961118)
Hotfix voor Windows XP (KB970653-v3)
Hotfix voor Windows XP (KB976098-v2)
Hotfix voor Windows XP (KB979306)
Hotfix voor Windows XP (KB981793)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
KB943729: Update voor Windows XP
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.0 Dutch Language Pack
Microsoft .NET Framework 3.0 Nederlands taalpakket
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Editie 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 8
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
Norman Security Suite
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
Off-linediensten van Home'Bank 4.55
OGA Notifier 2.0.0048.0
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
PC Connectivity Solution
PCI Audio Driver
Secunia PSI (2.0.0.3001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Search 4 - KB963093
Segoe UI
SequoiaView
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Uninstall Borinato DVR Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update voor Windows Internet Explorer 8 (KB973874)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows Internet Explorer 8 (KB980182)
Update voor Windows XP (KB2141007)
Update voor Windows XP (KB2345886)
Update voor Windows XP (KB2467659)
Update voor Windows XP (KB951978)
Update voor Windows XP (KB955759)
Update voor Windows XP (KB955839)
Update voor Windows XP (KB961503)
Update voor Windows XP (KB967715)
Update voor Windows XP (KB968389)
Update voor Windows XP (KB971029)
Update voor Windows XP (KB971737)
Update voor Windows XP (KB973687)
Update voor Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
WebFldrs XP
Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (NLD)
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
WOT for Internet Explorer
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================

 

otl log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jan Rijken
->Temp folder emptied: 100881 bytes
->Temporary Internet Files folder emptied: 22972570 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1173 bytes

User: LocalService
->Temp folder emptied: 291764257 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: software

User: vreemde
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9583 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 37266 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 300,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Jan Rijken
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: software

User: vreemde

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_205610

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jan Rijken\Local Settings\Temp\~DFDA9E.tmp not found!
File\Folder C:\Documents and Settings\Jan Rijken\Local Settings\Temp\~DFDAEA.tmp not found!
File\Folder C:\Documents and Settings\Jan Rijken\Local Settings\Temp\~DFDBB5.tmp not found!
File\Folder C:\Documents and Settings\Jan Rijken\Local Settings\Temp\~DFDC97.tmp not found!
File\Folder C:\Documents and Settings\Jan Rijken\Local Settings\Temp\~DFDE7E.tmp not found!
File\Folder C:\Documents and Settings\Jan Rijken\Local Settings\Temp\~DFDE92.tmp not found!
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\GWO4QUIQ\Messenger[1].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\G9PBG3EX\adloader[1].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\G9PBG3EX\default[1].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\G9PBG3EX\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\G9PBG3EX\messengerscripttracking[1].aspx moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\A2UATOX1\01[1].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\A2UATOX1\98777-active-virus-2[1].html moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\A2UATOX1\ADSAdClient31[5].txt moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\A2UATOX1\LocalStorage[1].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\A2UATOX1\xmlProxy[3].htm moved successfully.
C:\Documents and Settings\Jan Rijken\Local Settings\Temporary Internet Files\Content.IE5\A2UATOX1\xmlProxy[4].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temp\nvcbin.def.23ee1753.tmp not found!

Registry entries deleted on Reboot...

 

eset is running!
Thanks!