1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Redirecting problem

Discussion in 'Malware and Virus Removal Archive' started by Joen, 2010/08/15.

Page 1 of 2
  1. 2010/08/15
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    [Resolved] Redirecting problem

    Hello forum!

    Yesterday i had a Malware virus. A fake virus-scanner started to scan my PC and shouting that every .exe file was infected. I got rid of that problem but now my browser is still redirecting to strange sites sometimes.

    I tried everything, but nothing works ;(

    Here is my HijackThis log:


    I hope you can help! :)
     
    Joen,
    #1
  2. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, don't use [Active] prefix, when creating new topic. That's reserved for malware helper people.
    Please, don't wrap any logs in "quote ".

    Please, read this post, then post the requested log(s).
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/08/15
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    Ow okay sorry ;)
    Thought it would be easyer to read Quote ;)

    Here are DDS logs:

    DDS
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Jeroen Pol at 20:57:22,21 on zo 15-08-2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3583.2845 [GMT 2:00]

    AV: McAfee Antivirus en antispyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\XT4B0QLX\dds[1].scr
    C:\Documents and Settings\Jeroen Pol\Bureaublad\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    mWinlogon: Taskman=c:\documents and settings\jeroen pol\application data\ohydy.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100719211508.dll
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [12CFG214-K641-12SF-N85P] c:\recycler\s-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
    mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe "
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-7-19 82952]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-19 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-19 271480]
    R2 McProxy;McAfee Proxy Service; "c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-19 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-19 170144]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-19 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-19 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-19 55456]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-19 152320]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-19 51688]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-19 312616]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-7-19 88480]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-7-19 1390976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-7-19 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-19 83496]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-08-15 14:41:54 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-08-15 14:41:46 0 d-----w- c:\program files\Panda Security
    2010-08-15 14:33:29 0 d-----w- c:\program files\CleanUp!
    2010-08-15 14:27:38 77824 --sh--r- c:\docume~1\jeroen~1\applic~1\ohydy.exe
    2010-08-15 12:41:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-15 12:41:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-15 12:41:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-14 21:53:34 0 d-----w- c:\docume~1\jeroen~1\applic~1\Malwarebytes
    2010-08-14 21:21:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-08-14 21:11:01 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-08-14 20:27:32 0 d-----w- c:\windows\system32\wbem\Repository
    2010-08-14 20:14:42 5 ----a-w- C:\zrpt.xml
    2010-08-14 20:14:27 0 d-----w- c:\docume~1\jeroen~1\applic~1\B596201E49D753F7640450B6418CF4B7
    2010-08-11 15:27:31 0 d-----w- c:\program files\Guitar Pro 5
    2010-08-11 15:21:59 0 d-----w- c:\docume~1\jeroen~1\applic~1\Guitar Pro 6
    2010-08-11 15:21:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Guitar Pro 6
    2010-08-11 15:05:01 0 d-----w- c:\program files\Guitar Pro 6
    2010-08-09 12:31:59 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
    2010-08-09 12:29:46 0 d--h--w- c:\windows\msdownld.tmp
    2010-08-09 11:27:16 0 d-----w- c:\program files\StarCraft II
    2010-08-09 11:27:16 0 d-----w- c:\program files\common files\Blizzard Entertainment
    2010-08-09 11:27:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
    2010-07-23 14:19:35 0 d-----w- c:\documents and settings\jeroen pol\LimeWire
    2010-07-23 14:18:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-07-23 14:18:35 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-22 10:57:56 0 d-----w- c:\program files\AviSynth 2.5
    2010-07-22 10:53:26 0 d-----w- c:\program files\XviD
    2010-07-22 10:24:11 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-07-22 10:24:11 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-07-22 10:23:44 0 d-----w- c:\program files\iPod
    2010-07-22 10:23:41 0 d-----w- c:\program files\iTunes
    2010-07-21 22:27:54 0 d-----w- c:\program files\common files\DivX Shared
    2010-07-21 22:27:34 0 d-----w- c:\program files\DivX
    2010-07-21 22:27:17 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-07-21 22:12:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-21 22:12:36 0 d-----w- c:\program files\Real Alternative
    2010-07-21 22:02:40 0 d-----w- c:\program files\WinAVI MP4 Converter
    2010-07-20 10:19:18 1089883 -c----w- c:\windows\system32\dllcache\ntprint.cat
    2010-07-20 10:09:08 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-07-20 10:09:07 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-07-20 10:09:07 17776 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-07-19 19:15:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-07-19 19:15:03 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-07-19 19:15:03 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-07-19 19:15:03 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-07-19 19:15:03 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-07-19 19:15:02 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-07-19 19:15:02 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-07-19 19:15:02 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-07-19 19:14:58 0 d-----w- c:\program files\McAfee.com
    2010-07-19 19:14:58 0 d-----w- c:\program files\common files\Mcafee
    2010-07-19 19:14:51 0 d-----w- c:\program files\McAfee
    2010-07-19 16:47:46 0 d-----w- c:\program files\Steam
    2010-07-19 15:33:31 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-19 14:26:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-07-19 14:25:35 0 d-----r- c:\program files\Skype
    2010-07-19 14:08:22 0 d-----w- c:\documents and settings\jeroen pol\Tracing
    2010-07-19 14:05:38 0 d-----w- c:\program files\Microsoft
    2010-07-19 14:05:23 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-07-19 14:02:44 0 d-----w- c:\program files\common files\Windows Live
    2010-07-19 13:26:18 0 d-----w- c:\windows\system32\XPSViewer
    2010-07-19 13:25:59 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-07-19 13:25:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-07-19 13:25:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-07-19 13:25:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-07-19 13:25:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-07-19 13:25:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-07-19 13:25:59 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-07-19 13:25:59 0 d-----w- C:\3e85f4de5fd2da23dd9ec2d8bf2056
    2010-07-19 13:23:15 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2010-07-19 13:23:15 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-07-19 13:23:15 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2010-07-19 13:23:14 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-07-19 13:23:11 0 d-----w- c:\windows\Logs
    2010-07-19 13:23:04 0 d-----w- c:\program files\Heroes of Newerth
    2010-07-19 12:44:53 0 d-----w- c:\windows\system32\appmgmt
    2010-07-19 12:26:22 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-07-19 12:26:22 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-07-19 12:26:22 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-07-19 12:26:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-07-19 12:15:40 0 d-----w- c:\program files\uTorrent
    2010-07-19 12:15:14 0 d-----w- c:\docume~1\jeroen~1\applic~1\uTorrent
    2010-07-19 12:11:59 379 ----a-w- c:\windows\ODBC.INI
    2010-07-19 12:11:56 28040 ----a-w- c:\windows\system32\mdimon.dll
    2010-07-19 12:11:40 0 d-----w- c:\program files\Microsoft ActiveSync
    2010-07-19 12:11:31 0 d-----w- c:\windows\SHELLNEW
    2010-07-19 12:06:22 0 d-----r- C:\Games
    2010-07-19 12:06:14 0 d-----r- C:\Programma's
    2010-07-19 12:02:38 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-07-19 12:02:23 0 d-----w- C:\Intel
    2010-07-19 11:56:43 101904 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
    2010-07-19 00:27:57 0 d-----w- c:\program files\VideoLAN
    2010-07-18 23:25:16 887724 ----a-w- c:\windows\system32\ativva6x.dat
    2010-07-18 23:25:16 57480 ----a-w- c:\windows\system32\atiapfxx.blb
    2010-07-18 23:25:16 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-07-18 23:25:16 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2010-07-18 23:25:16 3 ----a-w- c:\windows\system32\ativva5x.dat
    2010-07-18 23:25:16 21360 ----a-w- c:\windows\atiogl.xml
    2010-07-18 23:25:16 203336 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-07-18 23:25:01 0 d-----w- c:\program files\ATI Technologies
    2010-07-18 23:01:12 8704 ----a-r- c:\windows\system32\viahdcpl.cpl
    2010-07-18 23:01:09 1390976 ----a-r- c:\windows\system32\drivers\viahduaa.sys
    2010-07-18 23:00:55 331184 ------w- c:\windows\system32\difxapi.dll
    2010-07-18 23:00:55 0 d-----w- c:\program files\VIA
    2010-07-18 22:52:59 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
    2010-07-18 22:52:59 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
    2010-07-18 22:52:59 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
    2010-07-18 22:52:59 4096 ----a-w- c:\windows\system32\ksuser.dll
    2010-07-18 22:52:59 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2010-07-18 22:52:59 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
    2010-07-18 22:52:59 129536 -c--a-w- c:\windows\system32\dllcache\ksproxy.ax
    2010-07-18 22:52:59 129536 ----a-w- c:\windows\system32\ksproxy.ax
    2010-07-18 19:47:18 0 d-----w- C:\Music
    2010-07-18 19:27:12 0 d-----w- c:\program files\ATI
    2010-07-18 19:26:43 0 d-----w- C:\ATI
    2010-07-18 19:26:18 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-07-18 19:26:18 225232 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
    2010-07-18 19:26:18 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-07-18 19:26:13 0 d-----w- c:\program files\Realtek
    2010-07-18 19:21:55 0 d-----w- c:\program files\Driver-Soft
    2010-07-18 19:06:09 0 d-----w- c:\windows\system32\LogFiles
    2010-07-18 18:42:27 0 d-sh--w- c:\documents and settings\jeroen pol\IECompatCache
    2010-07-18 18:30:52 0 d-----w- c:\windows\system32\nl
    2010-07-18 18:30:52 0 d-----w- c:\windows\system32\bits
    2010-07-18 18:30:52 0 d-----w- c:\windows\l2schemas
    2010-07-18 18:29:08 0 d-----w- c:\windows\network diagnostic
    2010-07-18 18:28:25 0 d-----w- c:\windows\system32\ReinstallBackups
    2010-07-18 18:24:51 0 d-sh--w- c:\documents and settings\jeroen pol\PrivacIE
    2010-07-18 18:24:30 0 d-sh--w- c:\documents and settings\jeroen pol\IETldCache
    2010-07-18 18:23:37 0 d-----w- c:\windows\ie8updates
    2010-07-18 18:22:35 0 dc-h--w- c:\windows\ie8
    2010-07-18 18:22:35 0 d-----w- c:\windows\system32\nl-NL
    2010-07-18 17:01:37 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
    2010-07-18 17:01:22 21504 ----a-w- c:\windows\system32\hidserv.dll
    2010-07-18 17:01:01 58112 ----a-w- c:\windows\system32\drivers\redbook.sys
    2010-07-18 17:00:04 76288 -c--a-w- c:\windows\system32\dllcache\usbui.dll
    2010-07-18 17:00:04 76288 ----a-w- c:\windows\system32\usbui.dll
    2010-07-18 16:59:27 0 d-----w- c:\program files\common files\ODBC
    2010-07-18 16:59:25 0 d-----w- c:\program files\common files\SpeechEngines
    2010-07-18 16:58:56 0 d--h--w- c:\documents and settings\all users\Sjablonen
    2010-07-18 16:58:56 0 d-----w- c:\documents and settings\all users\Favorieten
    2010-07-18 16:58:56 0 d-----w- c:\documents and settings\all users\Bureaublad
    2010-07-18 16:58:56 0 d-----r- c:\documents and settings\all users\Menu Start
    2010-07-18 16:58:56 0 d-----r- c:\documents and settings\all users\Documenten
    2010-07-18 15:34:03 0 d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
    2010-07-18 15:24:51 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-07-18 15:24:39 0 d--h--w- c:\program files\WindowsUpdate
    2010-07-18 15:24:36 0 d-----w- c:\program files\Online Services
    2010-07-18 15:23:47 0 d-----w- c:\program files\common files\MSSoap
    2010-07-18 15:22:37 0 d-----w- c:\program files\Messenger
    2010-07-18 15:22:34 0 d-----w- c:\program files\MSN Gaming Zone
    2010-07-18 15:22:01 0 d-----w- c:\program files\Windows NT

    ==================== Find3M ====================

    2010-08-11 23:45:09 566412 ----a-w- c:\windows\system32\perfh013.dat
    2010-08-11 23:45:09 106020 ----a-w- c:\windows\system32\perfc013.dat
    2010-07-18 15:34:07 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-07-18 15:22:58 21748 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:27:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02:59 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03:48 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:43:35 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-02 02:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 02:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 02:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-27 17:12:30 45056 ----a-w- c:\windows\system32\aticalrt.dll
    2010-05-27 17:12:24 45056 ----a-w- c:\windows\system32\aticalcl.dll
    2010-05-27 17:10:48 4071424 ----a-w- c:\windows\system32\aticaldd.dll
    2010-05-27 17:05:12 15208448 ----a-w- c:\windows\system32\atioglxx.dll
    2010-05-27 16:58:50 299520 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-05-27 16:54:08 3699936 ----a-w- c:\windows\system32\ati3duag.dll
    2010-05-27 16:46:10 208896 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-05-27 16:46:00 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-05-27 16:45:54 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2010-05-27 16:45:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-05-27 16:45:40 159744 ----a-w- c:\windows\system32\ati2evxx.dll
    2010-05-27 16:44:36 602112 ----a-w- c:\windows\system32\ati2evxx.exe
    2010-05-27 16:43:30 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2010-05-27 16:42:48 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-05-27 16:41:28 2256512 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-05-27 16:39:44 573440 ----a-w- c:\windows\system32\atikvmag.dll
    2010-05-27 16:38:08 184320 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-05-27 16:37:50 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2010-05-27 16:35:56 393216 ----a-w- c:\windows\system32\atiok3x2.dll
    2010-05-27 16:33:24 692224 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-05-27 16:29:12 65536 ----a-w- c:\windows\system32\atimpc32.dll
    2010-05-27 16:29:12 65536 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-05-26 09:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 09:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 09:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 09:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-05-26 09:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

    ============= FINISH: 20:57:40,57 ===============

    Attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18-7-2010 17:26:46
    System Uptime: 15-8-2010 16:37:55 (4 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P5KPL-AM
    Processor: Intel Pentium III Xeon-processor | Socket 775 | 2666/266mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 401,804 GiB free.
    E: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek PCIe FE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_83471043&REV_02\4&38D2602C&0&00E1
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek PCIe FE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_83471043&REV_02\4&38D2602C&0&00E1
    Service: RTLE8023xp

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\ATK0110\1010110
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ATK0110\1010110
    Service:

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
    Device ID: ACPI\PNP0303\4&2C575ACB&0
    Manufacturer: (standaardtoetsenbord)
    Name: Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
    PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
    Service: i8042prt

    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: Microsoft PS/2-muis
    Device ID: ACPI\PNP0F03\4&2C575ACB&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2-muis
    PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
    Service: i8042prt

    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: Cd-rom-station
    Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7200S_________________1.06____\5&2932390F&0&0.0.0
    Manufacturer: (Standaard cd-rom-stations)
    Name: Optiarc DVD RW AD-7200S
    PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7200S_________________1.06____\5&2932390F&0&0.0.0
    Service: cdrom

    ==== System Restore Points ===================

    RP1: 14-8-2010 22:21:45 - Controlepunt van systeem
    RP2: 14-8-2010 22:27:00 - Herstelbewerking
    RP3: 15-8-2010 12:16:46 - Verwijderd: Apple Mobile Device Support
    RP4: 15-8-2010 12:17:24 - Verwijderd: Bonjour
    RP5: 15-8-2010 12:18:01 - Removed Skype Toolbars
    RP6: 15-8-2010 12:18:44 - Malware Verwijderd!

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.3 - Nederlands
    Alien Swarm
    Apple Application Support
    Apple Software Update
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    µTorrent
    AviSynth 2.5
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
    Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
    Beveiligingsupdate voor Windows Media Player (KB952069)
    Beveiligingsupdate voor Windows Media Player (KB954155)
    Beveiligingsupdate voor Windows Media Player (KB973540)
    Beveiligingsupdate voor Windows Media Player (KB978695)
    Beveiligingsupdate voor Windows Media Player (KB979402)
    Beveiligingsupdate voor Windows XP (KB2079403)
    Beveiligingsupdate voor Windows XP (KB2115168)
    Beveiligingsupdate voor Windows XP (KB2160329)
    Beveiligingsupdate voor Windows XP (KB2229593)
    Beveiligingsupdate voor Windows XP (KB2286198)
    Beveiligingsupdate voor Windows XP (KB923561)
    Beveiligingsupdate voor Windows XP (KB923789)
    Beveiligingsupdate voor Windows XP (KB946648)
    Beveiligingsupdate voor Windows XP (KB950760)
    Beveiligingsupdate voor Windows XP (KB950762)
    Beveiligingsupdate voor Windows XP (KB950974)
    Beveiligingsupdate voor Windows XP (KB951376-v2)
    Beveiligingsupdate voor Windows XP (KB951748)
    Beveiligingsupdate voor Windows XP (KB952004)
    Beveiligingsupdate voor Windows XP (KB952954)
    Beveiligingsupdate voor Windows XP (KB955069)
    Beveiligingsupdate voor Windows XP (KB956572)
    Beveiligingsupdate voor Windows XP (KB956744)
    Beveiligingsupdate voor Windows XP (KB956802)
    Beveiligingsupdate voor Windows XP (KB956803)
    Beveiligingsupdate voor Windows XP (KB956844)
    Beveiligingsupdate voor Windows XP (KB958644)
    Beveiligingsupdate voor Windows XP (KB958869)
    Beveiligingsupdate voor Windows XP (KB959426)
    Beveiligingsupdate voor Windows XP (KB960225)
    Beveiligingsupdate voor Windows XP (KB960803)
    Beveiligingsupdate voor Windows XP (KB960859)
    Beveiligingsupdate voor Windows XP (KB961501)
    Beveiligingsupdate voor Windows XP (KB969059)
    Beveiligingsupdate voor Windows XP (KB970238)
    Beveiligingsupdate voor Windows XP (KB970430)
    Beveiligingsupdate voor Windows XP (KB971468)
    Beveiligingsupdate voor Windows XP (KB971657)
    Beveiligingsupdate voor Windows XP (KB972270)
    Beveiligingsupdate voor Windows XP (KB973507)
    Beveiligingsupdate voor Windows XP (KB973869)
    Beveiligingsupdate voor Windows XP (KB973904)
    Beveiligingsupdate voor Windows XP (KB974112)
    Beveiligingsupdate voor Windows XP (KB974318)
    Beveiligingsupdate voor Windows XP (KB974392)
    Beveiligingsupdate voor Windows XP (KB974571)
    Beveiligingsupdate voor Windows XP (KB975025)
    Beveiligingsupdate voor Windows XP (KB975467)
    Beveiligingsupdate voor Windows XP (KB975560)
    Beveiligingsupdate voor Windows XP (KB975561)
    Beveiligingsupdate voor Windows XP (KB975562)
    Beveiligingsupdate voor Windows XP (KB975713)
    Beveiligingsupdate voor Windows XP (KB977816)
    Beveiligingsupdate voor Windows XP (KB977914)
    Beveiligingsupdate voor Windows XP (KB978037)
    Beveiligingsupdate voor Windows XP (KB978338)
    Beveiligingsupdate voor Windows XP (KB978542)
    Beveiligingsupdate voor Windows XP (KB978601)
    Beveiligingsupdate voor Windows XP (KB978706)
    Beveiligingsupdate voor Windows XP (KB979309)
    Beveiligingsupdate voor Windows XP (KB979482)
    Beveiligingsupdate voor Windows XP (KB979559)
    Beveiligingsupdate voor Windows XP (KB979683)
    Beveiligingsupdate voor Windows XP (KB980195)
    Beveiligingsupdate voor Windows XP (KB980218)
    Beveiligingsupdate voor Windows XP (KB980232)
    Beveiligingsupdate voor Windows XP (KB980436)
    Beveiligingsupdate voor Windows XP (KB981852)
    Beveiligingsupdate voor Windows XP (KB981997)
    Beveiligingsupdate voor Windows XP (KB982214)
    Beveiligingsupdate voor Windows XP (KB982381)
    Beveiligingsupdate voor Windows XP (KB982665)
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    ccc-core-static
    ccc-utility
    CCC Help English
    CleanUp!
    Counter-Strike
    DivX Setup
    Driver Genius Professional Edition
    Guitar Pro 5.2
    Heroes of Newerth
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix voor Windows XP (KB952287)
    Hotfix voor Windows XP (KB961118)
    Hotfix voor Windows XP (KB981793)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Linksys Wireless-G PCI Adapter
    Malwarebytes' Anti-Malware
    McAfee Total Protection
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended NLD Language Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Web Components
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    OGA Notifier 2.0.0048.0
    Panda ActiveScan 2.0
    Platform
    QuickTime
    Real Alternative 2.0.2
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Segoe UI
    Skypeâ„¢ 4.2
    StarCraft II
    Steam
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    The Lord of the Rings FREE Trial
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update voor Windows Internet Explorer 8 (KB976662)
    Update voor Windows Internet Explorer 8 (KB982632)
    Update voor Windows XP (KB951978)
    Update voor Windows XP (KB955759)
    Update voor Windows XP (KB961503)
    Update voor Windows XP (KB967715)
    Update voor Windows XP (KB968389)
    Update voor Windows XP (KB971737)
    Update voor Windows XP (KB973687)
    Update voor Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VIA Platform apparaatbeheer
    VLC media player 1.1.0
    WebFldrs XP
    WinAVI MP4 Converter
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live - Hulpprogramma voor uploaden
    Windows Live aanmeldhulp
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows XP Service Pack 3
    WinRAR
    XviD MPEG4 Video Codec (remove only)

    ==== End Of File ===========================
     
    Joen,
    #3
  5. 2010/08/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #4
    Joen likes this.
  6. 2010/08/16
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    I had major problems with GMER. Everytime it finishes (wich takes very long..) and i click on "Save" my PC just freeezes. So i got the log before the scan. Thats all i can give you i guess.. ;( The other 2 programs turned out good btw;)

    MALWARE:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4432

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    15-8-2010 23:19:18
    mbam-log-2010-08-15 (23-19-18).txt

    Scan type: Quick scan
    Objects scanned: 142325
    Time elapsed: 4 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg214-k641-12sf-n85p (Worm.Autorun.B) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Jeroen Pol\Application Data\ohydy.exe (Worm.Palevo) -> Delete on reboot.



    GMER BEFORE SCAN:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-08-16 12:06:24
    Windows 5.1.2600 Service Pack 3
    Running: u8lrxng7.exe; Driver: C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\uxliqpod.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EADDB0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EADDC4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EADDF0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EADE46]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EADD9C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EADD74]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EADD88]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EADDDA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EADE1C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EADE06]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EADE70]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EADE5C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EADE30]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----


    MBR CHECK

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000015

    Kernel Drivers (total 124):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F78000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F67000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F48000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F22000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA338000 pavboot.sys
    0xBA0C8000 VolSnap.sys
    0xB9F0A000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9EEA000 fltmgr.sys
    0xB9ED8000 sr.sys
    0xB9E7B000 mfehidk.sys
    0xB9E64000 KSecDD.sys
    0xB9DD7000 Ntfs.sys
    0xB9DAA000 NDIS.sys
    0xB9D90000 Mup.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB985B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xB9829000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB9801000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA3A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB97DD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9786000 \SystemRoot\system32\DRIVERS\RT61.sys
    0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB9772000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA558000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA796000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB975E000 \SystemRoot\system32\DRIVERS\mfendisk.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA560000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9747000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA3C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB970E000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB96EA000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xB969F000 \SystemRoot\system32\drivers\mfefirek.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB9647000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5C2000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB9624000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB95C6000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9D68000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xAC638000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0xAC614000 \SystemRoot\system32\drivers\portcls.sys
    0xBA2E8000 \SystemRoot\system32\drivers\drmk.sys
    0xAC4C0000 \SystemRoot\system32\drivers\viahduaa.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA3F0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBA5D0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6FD000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5D2000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA408000 \SystemRoot\System32\drivers\vga.sys
    0xBA5D4000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA410000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA418000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB9677000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAC48D000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAC434000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xAC3F9000 \SystemRoot\system32\drivers\mfetdi2k.sys
    0xAC3D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xAC3AB000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAC389000 \SystemRoot\System32\drivers\afd.sys
    0xB8706000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAC35E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xAC2EE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB86E6000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBA478000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xB871A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA550000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB973B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xAC2AE000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA61C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB9693000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA490000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7FD000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF060000 \SystemRoot\System32\ati2cqag.dll
    0xBF109000 \SystemRoot\System32\atikvmag.dll
    0xBF1A6000 \SystemRoot\System32\atiok3x2.dll
    0xBF20B000 \SystemRoot\System32\ati3duag.dll
    0xBF593000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xBA378000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA9789000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9460000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA943C000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBA654000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA9395000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA8F61000 \SystemRoot\system32\drivers\cfwids.sys
    0xA8E0C000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA8EA9000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA8CB8000 \SystemRoot\system32\drivers\mfeapfk.sys
    0xA9205000 \SystemRoot\system32\drivers\mfebopk.sys
    0xA8CF2000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
    0xA8586000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 41):
    0 System Idle Process
    4 System
    760 C:\WINDOWS\system32\smss.exe
    828 csrss.exe
    868 C:\WINDOWS\system32\winlogon.exe
    916 C:\WINDOWS\system32\services.exe
    928 C:\WINDOWS\system32\lsass.exe
    1100 C:\WINDOWS\system32\ati2evxx.exe
    1120 C:\WINDOWS\system32\svchost.exe
    1172 svchost.exe
    1276 C:\WINDOWS\system32\svchost.exe
    1396 svchost.exe
    1452 svchost.exe
    1732 C:\WINDOWS\system32\spoolsv.exe
    1804 C:\WINDOWS\system32\ati2evxx.exe
    1868 svchost.exe
    1964 C:\Program Files\Java\jre6\bin\jqs.exe
    2000 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    108 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
    276 C:\WINDOWS\system32\svchost.exe
    376 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    548 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    560 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    644 C:\WINDOWS\system32\wuauclt.exe
    708 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    2160 alg.exe
    3252 C:\WINDOWS\explorer.exe
    2320 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
    2756 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2776 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2972 C:\Program Files\iTunes\iTunesHelper.exe
    1760 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3144 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3276 C:\WINDOWS\system32\ctfmon.exe
    3696 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3920 C:\Program Files\iPod\bin\iPodService.exe
    4060 C:\Program Files\Internet Explorer\iexplore.exe
    1368 C:\Program Files\Internet Explorer\iexplore.exe
    2332 C:\Program Files\Internet Explorer\iexplore.exe
    2456 wmiprvse.exe
    2628 C:\Documents and Settings\Jeroen Pol\Bureaublad\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3500418AS, Rev: CC37

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: F238F1FE114296B6DC7716517DC1DADB3FF3D5C6


    Done!
     
    Joen,
    #5
  7. 2010/08/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2010/08/16
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    Thanks for ur help, here is the log:

    COMBO FIX LOG:

    ComboFix 10-08-16.01 - Jeroen Pol 17-08-2010 0:51.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3583.3124 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Jeroen Pol\Bureaublad\ComboFix.exe
    AV: McAfee Antivirus en antispyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Windows Server
    c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Windows Server\flags.ini
    c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Windows Server\server.dat
    c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Windows Server\uses32.dat

    Besmet exemplaar van c:\windows\system32\winlogon.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\winlogon.exe

    Besmet exemplaar van c:\windows\explorer.exe werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\explorer.exe

    c:\windows\system32\drivers\cdrom.sys was verdwenen
    Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\cdrom.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-16 to 2010-08-16 ))))))))))))))))))))))))))))))
    .

    2010-08-16 22:53 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-08-16 08:43 . 2010-08-16 08:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2010-08-15 14:41 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-08-15 14:41 . 2010-08-15 14:41 -------- d-----w- c:\program files\Panda Security
    2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\program files\CleanUp!
    2010-08-15 12:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-15 12:41 . 2010-08-15 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-15 12:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-14 21:53 . 2010-08-14 21:53 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Malwarebytes
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-sh--w- c:\documents and settings\Administrator.JEROEN-PC\PrivacIE
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-----w- c:\documents and settings\Administrator.JEROEN-PC\Application Data\Malwarebytes
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-14 21:19 . 2010-08-14 21:19 -------- d-sh--w- c:\documents and settings\Administrator.JEROEN-PC\IETldCache
    2010-08-14 21:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-08-14 20:27 . 2010-08-14 20:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-14 20:25 . 2010-08-14 20:25 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-----w- c:\documents and settings\Administrator\Sjablonen
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
    2010-08-14 20:24 . 2010-08-14 09:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-s---w- c:\documents and settings\Administrator
    2010-08-14 20:14 . 2010-08-14 22:27 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\xiwifmjbx
    2010-08-14 20:14 . 2010-08-14 22:26 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\euljflvbj
    2010-08-14 20:14 . 2010-08-15 14:20 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\B596201E49D753F7640450B6418CF4B7
    2010-08-14 09:58 . 2010-08-14 09:58 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-14 09:57 . 2010-08-14 10:08 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Adobe
    2010-08-11 15:27 . 2010-08-11 19:28 -------- d-----w- c:\program files\Guitar Pro 5
    2010-08-11 15:21 . 2010-08-11 19:28 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Guitar Pro 6
    2010-08-11 15:21 . 2010-08-11 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Guitar Pro 6
    2010-08-11 15:17 . 2010-08-11 15:18 -------- d-----w- c:\documents and settings\%Profile%
    2010-08-11 15:05 . 2010-08-11 19:28 -------- d-----w- c:\program files\Guitar Pro 6
    2010-08-09 23:02 . 2010-08-09 23:02 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Identities
    2010-08-09 12:34 . 2010-08-09 12:34 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-09 12:31 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2010-08-09 11:27 . 2010-08-09 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-08-09 11:27 . 2010-08-09 12:34 -------- d-----w- c:\program files\StarCraft II
    2010-08-09 11:27 . 2010-08-09 12:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-08 21:21 . 2010-08-08 21:21 61440 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b90013b-n\decora-sse.dll
    2010-08-08 21:21 . 2010-08-08 21:21 503808 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\msvcp71.dll
    2010-08-08 21:21 . 2010-08-08 21:21 499712 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\jmc.dll
    2010-08-08 21:21 . 2010-08-08 21:21 348160 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\msvcr71.dll
    2010-08-08 21:21 . 2010-08-08 21:21 12800 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b90013b-n\decora-d3d.dll
    2010-08-08 15:53 . 2010-08-08 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-07-23 17:26 . 2010-07-23 17:26 -------- d-----w- c:\windows\Sun
    2010-07-23 14:19 . 2010-07-23 14:21 -------- d-----w- c:\documents and settings\Jeroen Pol\LimeWire
    2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Common Files\Java
    2010-07-23 14:18 . 2010-07-23 14:18 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Java
    2010-07-22 11:13 . 2010-07-22 11:13 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Media Player Classic
    2010-07-22 10:57 . 2010-07-22 10:57 -------- d-----w- c:\program files\AviSynth 2.5
    2010-07-22 10:53 . 2010-07-22 10:53 -------- d-----w- c:\program files\XviD
    2010-07-22 10:24 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-07-22 10:24 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-07-22 10:23 . 2010-07-22 10:23 -------- d-----w- c:\program files\iPod
    2010-07-22 10:23 . 2010-07-22 10:24 -------- d-----w- c:\program files\iTunes
    2010-07-21 22:45 . 2010-08-15 10:18 -------- d-----w- c:\program files\Gabest
    2010-07-21 22:32 . 2010-07-21 22:32 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\DivX
    2010-07-21 22:29 . 2010-07-21 22:29 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-21 22:28 . 2010-07-21 22:27 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-07-21 22:28 . 2010-07-21 22:27 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-07-21 22:12 . 2010-07-21 22:12 -------- d-----w- c:\program files\Real Alternative
    2010-07-21 22:12 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-21 22:02 . 2010-07-21 22:02 -------- d-----w- c:\program files\WinAVI MP4 Converter
    2010-07-20 14:47 . 2010-07-20 14:47 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
    2010-07-20 14:47 . 2010-08-14 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-07-20 10:09 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-07-20 10:09 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-07-19 19:15 . 2010-05-31 18:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-07-19 19:15 . 2010-05-31 18:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-07-19 19:15 . 2010-05-31 18:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-07-19 19:15 . 2010-05-31 18:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-07-19 19:15 . 2010-05-31 18:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-07-19 19:14 . 2010-07-19 19:15 -------- d-----w- c:\program files\Common Files\Mcafee
    2010-07-19 19:14 . 2010-07-19 19:14 -------- d-----w- c:\program files\McAfee.com
    2010-07-19 19:14 . 2010-08-14 10:36 -------- d-----w- c:\program files\McAfee
    2010-07-19 19:08 . 2010-07-19 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-07-19 16:47 . 2010-07-21 17:16 -------- d-----w- c:\program files\Steam
    2010-07-19 15:33 . 2010-07-22 14:12 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Apple Computer
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-19 15:33 . 2010-07-22 10:27 -------- d-----w- c:\program files\QuickTime
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Apple
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\program files\Apple Software Update
    2010-07-19 15:32 . 2010-08-15 10:16 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-19 15:32 . 2010-07-21 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-07-19 14:42 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Apple Computer
    2010-07-19 14:26 . 2010-08-16 22:01 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\skypePM
    2010-07-19 14:26 . 2010-08-11 18:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-07-19 14:25 . 2010-08-16 22:43 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Skype
    2010-07-19 14:25 . 2010-07-19 14:25 -------- d-----w- c:\program files\Common Files\Skype
    2010-07-19 14:25 . 2010-08-15 10:18 -------- d-----r- c:\program files\Skype
    2010-07-19 14:25 . 2010-07-19 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-07-19 14:08 . 2010-08-15 10:18 -------- d-----w- c:\documents and settings\Jeroen Pol\Tracing
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Microsoft
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Windows Live
    2010-07-19 14:02 . 2010-07-19 14:02 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\windows\system32\XPSViewer
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\program files\MSBuild
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\program files\Reference Assemblies
    2010-07-19 13:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-07-19 13:25 . 2010-07-19 13:26 -------- d-----w- C:\3e85f4de5fd2da23dd9ec2d8bf2056
    2010-07-19 13:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-07-19 13:25 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-07-19 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-07-19 13:25 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-07-19 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-07-19 13:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-07-19 13:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-07-19 13:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-07-19 13:23 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2010-07-19 13:23 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-07-19 13:23 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2010-07-19 13:23 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-07-19 13:23 . 2010-08-09 12:29 -------- d-----w- c:\windows\Logs
    2010-07-19 13:23 . 2010-08-14 17:29 -------- d-----w- c:\program files\Heroes of Newerth
    2010-07-19 12:26 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-07-19 12:26 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-07-19 12:26 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-07-19 12:26 . 2008-04-14 17:02 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-07-19 12:15 . 2010-07-19 12:15 -------- d-----w- c:\program files\uTorrent
    2010-07-19 12:15 . 2010-08-11 18:53 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\uTorrent
    2010-07-19 12:11 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-11 23:45 . 2004-08-04 12:00 566412 ----a-w- c:\windows\system32\perfh013.dat
    2010-08-11 23:45 . 2004-08-04 12:00 106020 ----a-w- c:\windows\system32\perfc013.dat
    2010-07-21 22:28 . 2010-07-21 22:28 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\program files\DivX
    2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-07-21 22:28 . 2010-07-21 22:28 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-07-21 22:27 . 2010-07-21 22:27 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-07-21 22:27 . 2010-07-21 22:27 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-07-21 22:27 . 2010-07-21 22:27 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-07-18 23:25 . 2010-07-18 19:27 -------- d-----w- c:\program files\ATI
    2010-07-18 23:00 . 2010-07-18 15:34 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-07-18 19:27 . 2010-07-18 19:27 0 ----a-w- c:\windows\ativpsrm.bin
    2010-07-18 19:26 . 2010-07-18 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-18 18:32 . 2010-07-18 15:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-07-18 15:34 . 2010-07-18 15:34 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-07-18 15:34 . 2010-07-18 15:34 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
    2010-07-18 15:25 . 2010-07-18 15:25 -------- d-----w- c:\program files\microsoft frontpage
    2010-07-18 15:22 . 2010-07-18 15:22 21748 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-07-16 06:19 . 2010-07-16 06:19 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2010-06-30 12:33 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:27 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2010-07-18 15:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:43 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AcrobatUpdater.exe
    2010-06-02 02:55 . 2010-08-09 12:32 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 02:55 . 2010-08-09 12:32 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 02:55 . 2010-08-09 12:32 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-31 18:32 . 2010-05-31 18:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-05-31 18:32 . 2010-05-31 18:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-05-27 17:37 . 2010-07-18 16:06 4830720 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2010-05-27 17:12 . 2010-07-18 19:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
    2010-05-27 17:12 . 2010-07-18 19:27 45056 ----a-w- c:\windows\system32\aticalcl.dll
    2010-05-27 17:10 . 2010-07-18 19:27 4071424 ----a-w- c:\windows\system32\aticaldd.dll
    2010-05-27 17:05 . 2010-07-18 19:27 15208448 ----a-w- c:\windows\system32\atioglxx.dll
    2010-05-27 16:58 . 2010-07-18 16:06 299520 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-05-27 16:54 . 2010-07-18 16:06 3699936 ----a-w- c:\windows\system32\ati3duag.dll
    2010-05-27 16:46 . 2010-07-18 19:27 208896 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-05-27 16:46 . 2010-07-18 19:27 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-05-27 16:45 . 2010-07-18 19:27 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2010-05-27 16:45 . 2010-07-18 19:27 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-05-27 16:45 . 2010-07-18 19:27 159744 ----a-w- c:\windows\system32\ati2evxx.dll
    2010-05-27 16:44 . 2010-07-18 19:27 602112 ----a-w- c:\windows\system32\ati2evxx.exe
    2010-05-27 16:43 . 2010-07-18 19:27 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2010-05-27 16:42 . 2010-07-18 19:27 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-05-27 16:41 . 2010-07-18 16:06 2256512 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-05-27 16:39 . 2010-07-18 19:27 573440 ----a-w- c:\windows\system32\atikvmag.dll
    2010-05-27 16:38 . 2010-07-18 19:27 184320 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-05-27 16:37 . 2010-07-18 19:27 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2010-05-27 16:35 . 2010-07-18 19:27 393216 ----a-w- c:\windows\system32\atiok3x2.dll
    2010-05-27 16:33 . 2010-07-18 16:06 692224 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-05-27 16:29 . 2010-07-18 19:27 65536 ----a-w- c:\windows\system32\atimpc32.dll
    2010-05-27 16:29 . 2010-07-18 19:27 65536 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-05-27 16:28 . 2010-07-18 19:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-05-26 09:41 . 2010-08-09 12:32 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck "= "c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
    "ATICustomerCare "= "c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15-8-2010 16:41 28552]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [19-7-2010 21:15 82952]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19-7-2010 21:14 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19-7-2010 21:14 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [19-7-2010 21:15 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [19-7-2010 21:15 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [19-7-2010 21:15 55456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [19-7-2010 21:15 312616]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [19-7-2010 21:15 88480]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19-7-2010 1:01 1390976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [19-7-2010 21:15 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [19-7-2010 21:15 83496]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]

    --- Andere Services/Drivers In Geheugen ---

    *Deregistered* - mfeavfk01
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-17 00:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(876)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll

    - - - - - - - > 'explorer.exe'(3892)
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-08-17 00:59:12 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-08-16 22:59

    Pre-Run: 431.259.906.048 bytes beschikbaar
    Post-Run: 431.380.049.920 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 6FAE3A9C9E9890C9BCEE63C792833911
     
    Joen,
    #7
  9. 2010/08/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Delete your Combofix file, download fresh one and post new log.
     
    broni,
    #8
  10. 2010/08/16
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    New log:

    ComboFix 10-08-16.03 - Jeroen Pol 17-08-2010 2:27.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3583.3009 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Jeroen Pol\Bureaublad\ComboFix.exe
    AV: McAfee Antivirus en antispyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-17 to 2010-08-17 ))))))))))))))))))))))))))))))
    .

    2010-08-16 22:53 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-08-16 08:43 . 2010-08-16 08:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2010-08-15 14:41 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-08-15 14:41 . 2010-08-15 14:41 -------- d-----w- c:\program files\Panda Security
    2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\program files\CleanUp!
    2010-08-15 12:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-15 12:41 . 2010-08-15 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-15 12:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-14 21:53 . 2010-08-14 21:53 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Malwarebytes
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-sh--w- c:\documents and settings\Administrator.JEROEN-PC\PrivacIE
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-----w- c:\documents and settings\Administrator.JEROEN-PC\Application Data\Malwarebytes
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-14 21:19 . 2010-08-14 21:19 -------- d-sh--w- c:\documents and settings\Administrator.JEROEN-PC\IETldCache
    2010-08-14 21:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-08-14 20:27 . 2010-08-14 20:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-14 20:25 . 2010-08-14 20:25 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-----w- c:\documents and settings\Administrator\Sjablonen
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
    2010-08-14 20:24 . 2010-08-14 09:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-s---w- c:\documents and settings\Administrator
    2010-08-14 20:14 . 2010-08-14 22:27 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\xiwifmjbx
    2010-08-14 20:14 . 2010-08-14 22:26 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\euljflvbj
    2010-08-14 20:14 . 2010-08-15 14:20 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\B596201E49D753F7640450B6418CF4B7
    2010-08-14 09:58 . 2010-08-14 09:58 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-14 09:57 . 2010-08-14 10:08 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Adobe
    2010-08-11 15:27 . 2010-08-11 19:28 -------- d-----w- c:\program files\Guitar Pro 5
    2010-08-11 15:21 . 2010-08-11 19:28 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Guitar Pro 6
    2010-08-11 15:21 . 2010-08-11 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Guitar Pro 6
    2010-08-11 15:17 . 2010-08-11 15:18 -------- d-----w- c:\documents and settings\%Profile%
    2010-08-11 15:05 . 2010-08-11 19:28 -------- d-----w- c:\program files\Guitar Pro 6
    2010-08-09 23:02 . 2010-08-09 23:02 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Identities
    2010-08-09 12:34 . 2010-08-09 12:34 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-09 12:31 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2010-08-09 11:27 . 2010-08-09 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-08-09 11:27 . 2010-08-09 12:34 -------- d-----w- c:\program files\StarCraft II
    2010-08-09 11:27 . 2010-08-09 12:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-08 21:21 . 2010-08-08 21:21 61440 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b90013b-n\decora-sse.dll
    2010-08-08 21:21 . 2010-08-08 21:21 503808 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\msvcp71.dll
    2010-08-08 21:21 . 2010-08-08 21:21 499712 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\jmc.dll
    2010-08-08 21:21 . 2010-08-08 21:21 348160 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\msvcr71.dll
    2010-08-08 21:21 . 2010-08-08 21:21 12800 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b90013b-n\decora-d3d.dll
    2010-08-08 15:53 . 2010-08-08 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-07-23 17:26 . 2010-07-23 17:26 -------- d-----w- c:\windows\Sun
    2010-07-23 14:19 . 2010-07-23 14:21 -------- d-----w- c:\documents and settings\Jeroen Pol\LimeWire
    2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Common Files\Java
    2010-07-23 14:18 . 2010-07-23 14:18 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Java
    2010-07-22 11:13 . 2010-07-22 11:13 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Media Player Classic
    2010-07-22 10:57 . 2010-07-22 10:57 -------- d-----w- c:\program files\AviSynth 2.5
    2010-07-22 10:53 . 2010-07-22 10:53 -------- d-----w- c:\program files\XviD
    2010-07-22 10:24 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-07-22 10:24 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-07-22 10:23 . 2010-07-22 10:23 -------- d-----w- c:\program files\iPod
    2010-07-22 10:23 . 2010-07-22 10:24 -------- d-----w- c:\program files\iTunes
    2010-07-21 22:45 . 2010-08-15 10:18 -------- d-----w- c:\program files\Gabest
    2010-07-21 22:32 . 2010-07-21 22:32 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\DivX
    2010-07-21 22:29 . 2010-07-21 22:29 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-21 22:28 . 2010-07-21 22:27 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-07-21 22:28 . 2010-07-21 22:27 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-07-21 22:12 . 2010-07-21 22:12 -------- d-----w- c:\program files\Real Alternative
    2010-07-21 22:12 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-21 22:02 . 2010-07-21 22:02 -------- d-----w- c:\program files\WinAVI MP4 Converter
    2010-07-20 14:47 . 2010-07-20 14:47 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
    2010-07-20 14:47 . 2010-08-14 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-07-20 10:09 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-07-20 10:09 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-07-19 19:15 . 2010-05-31 18:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-07-19 19:15 . 2010-05-31 18:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-07-19 19:15 . 2010-05-31 18:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-07-19 19:15 . 2010-05-31 18:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-07-19 19:15 . 2010-05-31 18:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-07-19 19:14 . 2010-07-19 19:15 -------- d-----w- c:\program files\Common Files\Mcafee
    2010-07-19 19:14 . 2010-07-19 19:14 -------- d-----w- c:\program files\McAfee.com
    2010-07-19 19:14 . 2010-08-14 10:36 -------- d-----w- c:\program files\McAfee
    2010-07-19 19:08 . 2010-07-19 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-07-19 16:47 . 2010-07-21 17:16 -------- d-----w- c:\program files\Steam
    2010-07-19 15:33 . 2010-07-22 14:12 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Apple Computer
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-19 15:33 . 2010-07-22 10:27 -------- d-----w- c:\program files\QuickTime
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Apple
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\program files\Apple Software Update
    2010-07-19 15:32 . 2010-08-15 10:16 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-19 15:32 . 2010-07-21 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-07-19 14:42 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Apple Computer
    2010-07-19 14:26 . 2010-08-16 22:01 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\skypePM
    2010-07-19 14:26 . 2010-08-11 18:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-07-19 14:25 . 2010-08-16 22:43 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Skype
    2010-07-19 14:25 . 2010-07-19 14:25 -------- d-----w- c:\program files\Common Files\Skype
    2010-07-19 14:25 . 2010-08-15 10:18 -------- d-----r- c:\program files\Skype
    2010-07-19 14:25 . 2010-07-19 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-07-19 14:08 . 2010-08-15 10:18 -------- d-----w- c:\documents and settings\Jeroen Pol\Tracing
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Microsoft
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Windows Live
    2010-07-19 14:02 . 2010-07-19 14:02 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\windows\system32\XPSViewer
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\program files\MSBuild
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\program files\Reference Assemblies
    2010-07-19 13:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-07-19 13:25 . 2010-07-19 13:26 -------- d-----w- C:\3e85f4de5fd2da23dd9ec2d8bf2056
    2010-07-19 13:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-07-19 13:25 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-07-19 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-07-19 13:25 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-07-19 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-07-19 13:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-07-19 13:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-07-19 13:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-07-19 13:23 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2010-07-19 13:23 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-07-19 13:23 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2010-07-19 13:23 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-07-19 13:23 . 2010-08-09 12:29 -------- d-----w- c:\windows\Logs
    2010-07-19 13:23 . 2010-08-14 17:29 -------- d-----w- c:\program files\Heroes of Newerth
    2010-07-19 12:26 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-07-19 12:26 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-07-19 12:26 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-07-19 12:26 . 2008-04-14 17:02 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-07-19 12:15 . 2010-07-19 12:15 -------- d-----w- c:\program files\uTorrent
    2010-07-19 12:15 . 2010-08-11 18:53 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\uTorrent
    2010-07-19 12:11 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-11 23:45 . 2004-08-04 12:00 566412 ----a-w- c:\windows\system32\perfh013.dat
    2010-08-11 23:45 . 2004-08-04 12:00 106020 ----a-w- c:\windows\system32\perfc013.dat
    2010-07-21 22:28 . 2010-07-21 22:28 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\program files\DivX
    2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-07-21 22:28 . 2010-07-21 22:28 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-07-21 22:27 . 2010-07-21 22:27 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-07-21 22:27 . 2010-07-21 22:27 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-07-21 22:27 . 2010-07-21 22:27 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-07-18 23:25 . 2010-07-18 19:27 -------- d-----w- c:\program files\ATI
    2010-07-18 23:00 . 2010-07-18 15:34 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-07-18 19:27 . 2010-07-18 19:27 0 ----a-w- c:\windows\ativpsrm.bin
    2010-07-18 19:26 . 2010-07-18 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-18 18:32 . 2010-07-18 15:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-07-18 15:34 . 2010-07-18 15:34 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-07-18 15:34 . 2010-07-18 15:34 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
    2010-07-18 15:25 . 2010-07-18 15:25 -------- d-----w- c:\program files\microsoft frontpage
    2010-07-18 15:22 . 2010-07-18 15:22 21748 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-07-16 06:19 . 2010-07-16 06:19 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2010-06-30 12:33 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:27 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2010-07-18 15:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:43 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AcrobatUpdater.exe
    2010-06-02 02:55 . 2010-08-09 12:32 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 02:55 . 2010-08-09 12:32 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 02:55 . 2010-08-09 12:32 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-31 18:32 . 2010-05-31 18:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-05-31 18:32 . 2010-05-31 18:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-05-27 17:37 . 2010-07-18 16:06 4830720 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2010-05-27 17:12 . 2010-07-18 19:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
    2010-05-27 17:12 . 2010-07-18 19:27 45056 ----a-w- c:\windows\system32\aticalcl.dll
    2010-05-27 17:10 . 2010-07-18 19:27 4071424 ----a-w- c:\windows\system32\aticaldd.dll
    2010-05-27 17:05 . 2010-07-18 19:27 15208448 ----a-w- c:\windows\system32\atioglxx.dll
    2010-05-27 16:58 . 2010-07-18 16:06 299520 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-05-27 16:54 . 2010-07-18 16:06 3699936 ----a-w- c:\windows\system32\ati3duag.dll
    2010-05-27 16:46 . 2010-07-18 19:27 208896 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-05-27 16:46 . 2010-07-18 19:27 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-05-27 16:45 . 2010-07-18 19:27 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2010-05-27 16:45 . 2010-07-18 19:27 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-05-27 16:45 . 2010-07-18 19:27 159744 ----a-w- c:\windows\system32\ati2evxx.dll
    2010-05-27 16:44 . 2010-07-18 19:27 602112 ----a-w- c:\windows\system32\ati2evxx.exe
    2010-05-27 16:43 . 2010-07-18 19:27 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2010-05-27 16:42 . 2010-07-18 19:27 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-05-27 16:41 . 2010-07-18 16:06 2256512 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-05-27 16:39 . 2010-07-18 19:27 573440 ----a-w- c:\windows\system32\atikvmag.dll
    2010-05-27 16:38 . 2010-07-18 19:27 184320 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-05-27 16:37 . 2010-07-18 19:27 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2010-05-27 16:35 . 2010-07-18 19:27 393216 ----a-w- c:\windows\system32\atiok3x2.dll
    2010-05-27 16:33 . 2010-07-18 16:06 692224 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-05-27 16:29 . 2010-07-18 19:27 65536 ----a-w- c:\windows\system32\atimpc32.dll
    2010-05-27 16:29 . 2010-07-18 19:27 65536 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-05-27 16:28 . 2010-07-18 19:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-05-26 09:41 . 2010-08-09 12:32 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck "= "c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
    "ATICustomerCare "= "c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15-8-2010 16:41 28552]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [19-7-2010 21:15 82952]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19-7-2010 21:14 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19-7-2010 21:14 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [19-7-2010 21:15 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [19-7-2010 21:15 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [19-7-2010 21:15 55456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [19-7-2010 21:15 312616]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [19-7-2010 21:15 88480]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19-7-2010 1:01 1390976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [19-7-2010 21:15 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [19-7-2010 21:15 83496]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]

    --- Andere Services/Drivers In Geheugen ---

    *Deregistered* - mfeavfk01
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-17 02:32
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(876)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll

    - - - - - - - > 'explorer.exe'(3132)
    c:\windows\system32\webcheck.dll
    .
    Voltooingstijd: 2010-08-17 02:33:13
    ComboFix-quarantined-files.txt 2010-08-17 00:33
    ComboFix2.txt 2010-08-16 22:59

    Pre-Run: 431.361.421.312 bytes beschikbaar
    Post-Run: 431.359.332.352 bytes beschikbaar

    - - End Of File - - 730EF13A7146832AEF8D29E59A181EDA
     
    Joen,
    #9
  11. 2010/08/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks much better :)

    How is redirection?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
c:\documents and settings\Jeroen Pol\Local Settings\Application Data\xiwifmjbx
c:\documents and settings\Jeroen Pol\Local Settings\Application Data\euljflvbj
c:\documents and settings\Jeroen Pol\Application Data\B596201E49D753F7640450B6418CF4B7


DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
 "DisableMonitoring "=-

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
    broni,
    #10
  12. 2010/08/17
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    Wow! I think it's over! Many thanks man, couldn't do it without you!:D

    Here is the log:

    ComboFix 10-08-16.04 - Jeroen Pol 17-08-2010 12:12:39.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3583.3157 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Jeroen Pol\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Jeroen Pol\Bureaublad\CFScript.txt
    AV: McAfee Antivirus en antispyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Jeroen Pol\Application Data\B596201E49D753F7640450B6418CF4B7
    c:\documents and settings\Jeroen Pol\Local Settings\Application Data\euljflvbj
    c:\documents and settings\Jeroen Pol\Local Settings\Application Data\xiwifmjbx

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-07-17 to 2010-08-17 ))))))))))))))))))))))))))))))
    .

    2010-08-16 22:53 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2010-08-16 08:43 . 2010-08-16 08:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2010-08-15 14:41 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-08-15 14:41 . 2010-08-15 14:41 -------- d-----w- c:\program files\Panda Security
    2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\program files\CleanUp!
    2010-08-15 12:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-15 12:41 . 2010-08-15 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-15 12:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-14 21:53 . 2010-08-14 21:53 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Malwarebytes
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-sh--w- c:\documents and settings\Administrator.JEROEN-PC\PrivacIE
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-----w- c:\documents and settings\Administrator.JEROEN-PC\Application Data\Malwarebytes
    2010-08-14 21:21 . 2010-08-14 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-14 21:19 . 2010-08-14 21:19 -------- d-sh--w- c:\documents and settings\Administrator.JEROEN-PC\IETldCache
    2010-08-14 21:11 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-08-14 20:27 . 2010-08-14 20:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-14 20:25 . 2010-08-14 20:25 -------- d-----w- c:\documents and settings\Administrator\IETldCache
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-----w- c:\documents and settings\Administrator\Sjablonen
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
    2010-08-14 20:24 . 2010-08-14 09:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2010-08-14 20:24 . 2010-08-14 20:27 -------- d-s---w- c:\documents and settings\Administrator
    2010-08-14 09:58 . 2010-08-14 09:58 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-14 09:57 . 2010-08-14 10:08 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Adobe
    2010-08-11 15:27 . 2010-08-11 19:28 -------- d-----w- c:\program files\Guitar Pro 5
    2010-08-11 15:21 . 2010-08-11 19:28 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Guitar Pro 6
    2010-08-11 15:21 . 2010-08-11 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Guitar Pro 6
    2010-08-11 15:17 . 2010-08-11 15:18 -------- d-----w- c:\documents and settings\%Profile%
    2010-08-11 15:05 . 2010-08-11 19:28 -------- d-----w- c:\program files\Guitar Pro 6
    2010-08-09 23:02 . 2010-08-09 23:02 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Identities
    2010-08-09 12:34 . 2010-08-09 12:34 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-09 12:31 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2010-08-09 11:27 . 2010-08-09 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-08-09 11:27 . 2010-08-09 12:34 -------- d-----w- c:\program files\StarCraft II
    2010-08-09 11:27 . 2010-08-09 12:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-08 21:21 . 2010-08-08 21:21 61440 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b90013b-n\decora-sse.dll
    2010-08-08 21:21 . 2010-08-08 21:21 503808 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\msvcp71.dll
    2010-08-08 21:21 . 2010-08-08 21:21 499712 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\jmc.dll
    2010-08-08 21:21 . 2010-08-08 21:21 348160 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-151a31d5-n\msvcr71.dll
    2010-08-08 21:21 . 2010-08-08 21:21 12800 ----a-w- c:\documents and settings\Jeroen Pol\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6b90013b-n\decora-d3d.dll
    2010-08-08 15:53 . 2010-08-08 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2010-07-23 17:26 . 2010-07-23 17:26 -------- d-----w- c:\windows\Sun
    2010-07-23 14:19 . 2010-07-23 14:21 -------- d-----w- c:\documents and settings\Jeroen Pol\LimeWire
    2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Common Files\Java
    2010-07-23 14:18 . 2010-07-23 14:18 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-07-23 14:18 . 2010-07-23 14:18 -------- d-----w- c:\program files\Java
    2010-07-22 11:13 . 2010-07-22 11:13 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Media Player Classic
    2010-07-22 10:57 . 2010-07-22 10:57 -------- d-----w- c:\program files\AviSynth 2.5
    2010-07-22 10:53 . 2010-07-22 10:53 -------- d-----w- c:\program files\XviD
    2010-07-22 10:24 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-07-22 10:24 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-07-22 10:23 . 2010-07-22 10:23 -------- d-----w- c:\program files\iPod
    2010-07-22 10:23 . 2010-07-22 10:24 -------- d-----w- c:\program files\iTunes
    2010-07-21 22:45 . 2010-08-15 10:18 -------- d-----w- c:\program files\Gabest
    2010-07-21 22:32 . 2010-07-21 22:32 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\DivX
    2010-07-21 22:29 . 2010-07-21 22:29 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-21 22:28 . 2010-07-21 22:27 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-07-21 22:28 . 2010-07-21 22:27 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-07-21 22:12 . 2010-07-21 22:12 -------- d-----w- c:\program files\Real Alternative
    2010-07-21 22:12 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-21 22:02 . 2010-07-21 22:02 -------- d-----w- c:\program files\WinAVI MP4 Converter
    2010-07-20 14:47 . 2010-07-20 14:47 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
    2010-07-20 14:47 . 2010-08-14 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-07-20 10:09 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-07-20 10:09 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-07-19 19:15 . 2010-05-31 18:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-07-19 19:15 . 2010-05-31 18:32 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-07-19 19:15 . 2010-05-31 18:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-07-19 19:15 . 2010-05-31 18:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-07-19 19:15 . 2010-05-31 18:32 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-07-19 19:15 . 2010-05-31 18:32 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-07-19 19:14 . 2010-07-19 19:15 -------- d-----w- c:\program files\Common Files\Mcafee
    2010-07-19 19:14 . 2010-07-19 19:14 -------- d-----w- c:\program files\McAfee.com
    2010-07-19 19:14 . 2010-08-14 10:36 -------- d-----w- c:\program files\McAfee
    2010-07-19 19:08 . 2010-07-19 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-07-19 16:47 . 2010-07-21 17:16 -------- d-----w- c:\program files\Steam
    2010-07-19 15:33 . 2010-07-22 14:12 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Apple Computer
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-07-19 15:33 . 2010-07-22 10:27 -------- d-----w- c:\program files\QuickTime
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Apple
    2010-07-19 15:33 . 2010-07-19 15:33 -------- d-----w- c:\program files\Apple Software Update
    2010-07-19 15:32 . 2010-08-15 10:16 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-19 15:32 . 2010-07-21 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-07-19 14:42 . 2010-07-19 15:33 -------- d-----w- c:\documents and settings\Jeroen Pol\Local Settings\Application Data\Apple Computer
    2010-07-19 14:26 . 2010-08-16 22:01 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\skypePM
    2010-07-19 14:26 . 2010-08-11 18:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-07-19 14:25 . 2010-08-16 22:43 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\Skype
    2010-07-19 14:25 . 2010-07-19 14:25 -------- d-----w- c:\program files\Common Files\Skype
    2010-07-19 14:25 . 2010-08-15 10:18 -------- d-----r- c:\program files\Skype
    2010-07-19 14:25 . 2010-07-19 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-07-19 14:08 . 2010-08-15 10:18 -------- d-----w- c:\documents and settings\Jeroen Pol\Tracing
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Microsoft
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-07-19 14:05 . 2010-07-19 14:05 -------- d-----w- c:\program files\Windows Live
    2010-07-19 14:02 . 2010-07-19 14:02 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\windows\system32\XPSViewer
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\program files\MSBuild
    2010-07-19 13:26 . 2010-07-19 13:26 -------- d-----w- c:\program files\Reference Assemblies
    2010-07-19 13:26 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2010-07-19 13:25 . 2010-07-19 13:26 -------- d-----w- C:\3e85f4de5fd2da23dd9ec2d8bf2056
    2010-07-19 13:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2010-07-19 13:25 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2010-07-19 13:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2010-07-19 13:25 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2010-07-19 13:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2010-07-19 13:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
    2010-07-19 13:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2010-07-19 13:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2010-07-19 13:23 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
    2010-07-19 13:23 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
    2010-07-19 13:23 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
    2010-07-19 13:23 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2010-07-19 13:23 . 2010-08-09 12:29 -------- d-----w- c:\windows\Logs
    2010-07-19 13:23 . 2010-08-14 17:29 -------- d-----w- c:\program files\Heroes of Newerth
    2010-07-19 12:26 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-07-19 12:26 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-07-19 12:26 . 2001-09-06 19:27 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-07-19 12:26 . 2008-04-14 17:02 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-07-19 12:15 . 2010-07-19 12:15 -------- d-----w- c:\program files\uTorrent
    2010-07-19 12:15 . 2010-08-11 18:53 -------- d-----w- c:\documents and settings\Jeroen Pol\Application Data\uTorrent
    2010-07-19 12:11 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
    2010-07-19 12:11 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
    2010-07-19 12:11 . 2010-07-19 12:11 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-07-19 12:11 . 2010-07-19 12:11 -------- d-----w- c:\windows\SHELLNEW

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-11 23:45 . 2004-08-04 12:00 566412 ----a-w- c:\windows\system32\perfh013.dat
    2010-08-11 23:45 . 2004-08-04 12:00 106020 ----a-w- c:\windows\system32\perfc013.dat
    2010-07-21 22:28 . 2010-07-21 22:28 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\program files\DivX
    2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-07-21 22:28 . 2010-07-21 22:28 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-07-21 22:28 . 2010-07-21 22:28 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-07-21 22:27 . 2010-07-21 22:27 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-07-21 22:27 . 2010-07-21 22:27 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-07-21 22:27 . 2010-07-21 22:27 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-07-18 23:25 . 2010-07-18 19:27 -------- d-----w- c:\program files\ATI
    2010-07-18 23:00 . 2010-07-18 15:34 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-07-18 19:27 . 2010-07-18 19:27 0 ----a-w- c:\windows\ativpsrm.bin
    2010-07-18 19:26 . 2010-07-18 15:34 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-18 18:32 . 2010-07-18 15:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-07-18 15:34 . 2010-07-18 15:34 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-07-18 15:34 . 2010-07-18 15:34 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
    2010-07-18 15:25 . 2010-07-18 15:25 -------- d-----w- c:\program files\microsoft frontpage
    2010-07-18 15:22 . 2010-07-18 15:22 21748 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-07-16 06:19 . 2010-07-16 06:19 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
    2010-06-30 12:33 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:27 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02 . 2004-08-04 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2010-07-18 15:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:43 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\2708\AcrobatUpdater.exe
    2010-06-02 02:55 . 2010-08-09 12:32 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-06-02 02:55 . 2010-08-09 12:32 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-06-02 02:55 . 2010-08-09 12:32 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-05-31 18:32 . 2010-05-31 18:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-05-31 18:32 . 2010-05-31 18:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-05-27 17:37 . 2010-07-18 16:06 4830720 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2010-05-27 17:12 . 2010-07-18 19:27 45056 ----a-w- c:\windows\system32\aticalrt.dll
    2010-05-27 17:12 . 2010-07-18 19:27 45056 ----a-w- c:\windows\system32\aticalcl.dll
    2010-05-27 17:10 . 2010-07-18 19:27 4071424 ----a-w- c:\windows\system32\aticaldd.dll
    2010-05-27 17:05 . 2010-07-18 19:27 15208448 ----a-w- c:\windows\system32\atioglxx.dll
    2010-05-27 16:58 . 2010-07-18 16:06 299520 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-05-27 16:54 . 2010-07-18 16:06 3699936 ----a-w- c:\windows\system32\ati3duag.dll
    2010-05-27 16:46 . 2010-07-18 19:27 208896 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-05-27 16:46 . 2010-07-18 19:27 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-05-27 16:45 . 2010-07-18 19:27 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2010-05-27 16:45 . 2010-07-18 19:27 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-05-27 16:45 . 2010-07-18 19:27 159744 ----a-w- c:\windows\system32\ati2evxx.dll
    2010-05-27 16:44 . 2010-07-18 19:27 602112 ----a-w- c:\windows\system32\ati2evxx.exe
    2010-05-27 16:43 . 2010-07-18 19:27 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2010-05-27 16:42 . 2010-07-18 19:27 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-05-27 16:41 . 2010-07-18 16:06 2256512 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-05-27 16:39 . 2010-07-18 19:27 573440 ----a-w- c:\windows\system32\atikvmag.dll
    2010-05-27 16:38 . 2010-07-18 19:27 184320 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-05-27 16:37 . 2010-07-18 19:27 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2010-05-27 16:35 . 2010-07-18 19:27 393216 ----a-w- c:\windows\system32\atiok3x2.dll
    2010-05-27 16:33 . 2010-07-18 16:06 692224 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-05-27 16:29 . 2010-07-18 19:27 65536 ----a-w- c:\windows\system32\atimpc32.dll
    2010-05-27 16:29 . 2010-07-18 19:27 65536 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-05-27 16:28 . 2010-07-18 19:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-05-26 09:41 . 2010-08-09 12:32 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-05-26 09:41 . 2010-08-09 12:32 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-08-16_22.55.53 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-17 09:10 . 2010-08-17 09:10 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
    + 2010-07-18 15:29 . 2010-08-17 09:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    - 2010-07-18 15:29 . 2010-08-16 22:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2010-08-17 09:35 . 2010-08-17 09:35 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2010-07-18 15:29 . 2010-08-16 22:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck "= "c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
    "ATICustomerCare "= "c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
    "DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [15-8-2010 16:41 28552]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [19-7-2010 21:15 82952]
    R2 McMPFSvc;McAfee Personal Firewall Service; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19-7-2010 21:14 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer; "c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [19-7-2010 21:14 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [19-7-2010 21:15 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [19-7-2010 21:15 141792]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [19-7-2010 21:15 55456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [19-7-2010 21:15 312616]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [19-7-2010 21:15 88480]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19-7-2010 1:01 1390976]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [19-7-2010 21:15 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [19-7-2010 21:15 83496]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]

    --- Andere Services/Drivers In Geheugen ---

    *NewlyCreated* - GTNDIS5
    *Deregistered* - mfeavfk01
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.nl/
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-17 12:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    - - - - - - - > 'winlogon.exe'(860)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll

    - - - - - - - > 'explorer.exe'(2816)
    c:\windows\system32\webcheck.dll
    .
    Voltooingstijd: 2010-08-17 12:18:30
    ComboFix-quarantined-files.txt 2010-08-17 10:18
    ComboFix2.txt 2010-08-17 00:33
    ComboFix3.txt 2010-08-16 22:59

    Pre-Run: 435.304.435.712 bytes beschikbaar
    Post-Run: 435.304.525.824 bytes beschikbaar

    - - End Of File - - C4F328AD00FB1603FF2AB3070C250413
     
    Joen,
    #11
  13. 2010/08/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I assume, no more redirections? :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12
  14. 2010/08/18
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    OTL

    OTL logfile created on: 18-8-2010 16:06:44 - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Jeroen Pol\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
    5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 405,66 Gb Free Space | 87,10% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JEROEN-PC
    Current User Name: Jeroen Pol
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010-08-18 16:06:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeroen Pol\Bureaublad\OTL.exe
    PRC - [2010-06-24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2010-06-03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010-05-31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    PRC - [2010-05-31 20:32:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    PRC - [2010-05-31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
    PRC - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006-01-18 05:13:58 | 005,210,624 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    PRC - [2005-07-04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe


    ========== Modules (SafeList) ==========

    MOD - [2010-08-18 16:06:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeroen Pol\Bureaublad\OTL.exe
    MOD - [2008-04-14 19:01:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
    SRV - [2010-05-31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010-05-31 20:32:58 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010-05-31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2010-04-15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010-03-10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JEROEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010-05-31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010-05-31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010-05-31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010-05-31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010-05-31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010-05-31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010-05-31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010-05-31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010-05-31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010-05-31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010-05-27 19:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2010-05-17 14:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2010-05-03 14:49:18 | 000,225,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009-08-17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
    DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2005-10-27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
    DRV - [2003-09-25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 B0 2C 33 78 3C CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    [2010-07-23 16:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeroen Pol\Application Data\Mozilla\Extensions
    [2010-07-23 16:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeroen Pol\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2010-08-17 00:55:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100719211508.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.80.1.236
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010-07-18 17:25:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (56590081070202880)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010-08-18 16:06:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeroen Pol\Bureaublad\OTL.exe
    [2010-08-17 15:45:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010-08-17 00:46:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010-08-17 00:46:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010-08-17 00:45:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010-08-16 10:44:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010-08-16 10:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2010-08-15 16:41:54 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
    [2010-08-15 16:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010-08-15 16:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
    [2010-08-15 14:41:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-08-15 14:41:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-08-15 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-08-15 12:17:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010-08-14 23:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Malwarebytes
    [2010-08-14 23:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010-08-14 23:18:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2010-08-14 11:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010-08-14 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010-08-14 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010-08-14 11:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Adobe
    [2010-08-14 00:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\Mijn ontvangen bestanden
    [2010-08-11 17:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5
    [2010-08-11 17:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Guitar Pro 6
    [2010-08-11 17:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
    [2010-08-11 17:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 6
    [2010-08-10 01:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Identities
    [2010-08-09 14:29:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
    [2010-08-09 13:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
    [2010-08-09 13:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\StarCraft II
    [2010-08-09 13:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
    [2010-08-09 13:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
    [2010-08-08 17:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    [2010-07-23 19:26:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2010-07-23 16:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\LimeWire
    [2010-07-23 16:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Mozilla
    [2010-07-23 16:18:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010-07-23 16:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010-07-23 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2010-07-23 16:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Sun
    [2010-07-22 13:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Media Player Classic
    [2010-07-22 12:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
    [2010-07-22 12:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
    [2010-07-22 12:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010-07-22 12:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010-07-22 00:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
    [2010-07-22 00:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\DivX
    [2010-07-22 00:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
    [2010-07-22 00:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
    [2010-07-22 00:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
    [2010-07-22 00:12:36 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010-07-22 00:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Real Alternative
    [2010-07-22 00:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinAVI MP4 Converter
    [2010-07-20 16:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
    [2010-07-20 13:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
    [2010-07-19 21:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010-07-19 21:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010-07-19 21:15:06 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2010-07-19 21:15:03 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010-07-19 21:15:03 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010-07-19 21:15:03 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010-07-19 21:15:03 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010-07-19 21:15:02 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010-07-19 21:15:02 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010-07-19 21:15:02 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010-07-19 21:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2010-07-19 21:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
    [2010-07-19 21:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2010-07-19 21:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2010-07-19 18:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
    [2010-07-19 17:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Apple Computer
    [2010-07-19 17:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-07-19 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010-07-19 17:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010-07-19 17:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Apple
    [2010-07-19 17:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010-07-19 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010-07-19 17:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2010-07-19 16:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Apple Computer
    [2010-07-19 16:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\skypePM
    [2010-07-19 16:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Skype
    [2010-07-19 16:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010-07-19 16:25:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010-07-19 16:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [2010-07-19 16:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Tracing
    [2010-07-19 16:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2010-07-19 16:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\microsoft
    [2010-07-19 16:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2010-07-19 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2010-07-19 16:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2010-07-19 15:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2010-07-19 15:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010-07-19 15:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2010-07-19 15:25:59 | 000,000,000 | ---D | C] -- C:\3e85f4de5fd2da23dd9ec2d8bf2056
    [2010-07-19 15:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\Heroes of Newerth
    [2010-07-19 15:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
    [2010-07-19 15:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
    [2010-07-19 14:44:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2010-07-19 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2010-07-19 14:15:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\uTorrent
    [2010-07-19 14:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\Downloads
    [2010-07-19 14:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
    [2010-07-19 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010-07-19 14:11:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2010-07-19 14:08:33 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2010-07-19 14:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010-07-19 14:06:22 | 000,000,000 | R--D | C] -- C:\Games
    [2010-07-19 14:06:14 | 000,000,000 | R--D | C] -- C:\Programma's
    [2010-07-19 14:02:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
    [2010-07-19 14:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
    [2010-07-19 14:02:23 | 000,000,000 | ---D | C] -- C:\Intel
    [2010-07-19 13:56:43 | 000,101,904 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
    [2010-07-19 02:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\vlc
    [2010-07-19 02:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2010-07-19 02:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\WinRAR
    [2010-07-19 02:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010-07-19 01:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
    [2010-07-19 01:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2010-07-19 01:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\ATI
    [2010-07-19 01:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\ATI
    [2010-07-19 01:01:12 | 000,008,704 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\viahdcpl.cpl
    [2010-07-19 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
    [2010-07-19 00:56:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
    [2010-07-19 00:56:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
    [2010-07-19 00:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010-07-19 00:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2010-07-19 00:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Adobe
    [2010-07-19 00:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Macromedia
    [2010-07-18 21:47:18 | 000,000,000 | ---D | C] -- C:\Music
    [2010-07-18 21:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Bureaublad\Tabs
    [2010-07-18 21:27:34 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
    [2010-07-18 21:27:34 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
    [2010-07-18 21:27:34 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
    [2010-07-18 21:27:34 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
    [2010-07-18 21:27:34 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
    [2010-07-18 21:27:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
    [2010-07-18 21:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2010-07-18 21:26:43 | 000,000,000 | ---D | C] -- C:\ATI
    [2010-07-18 21:26:18 | 000,225,232 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
    [2010-07-18 21:26:18 | 000,100,896 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll
    [2010-07-18 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010-07-18 21:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\DriverGenius
    [2010-07-18 21:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2010-07-18 21:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2010-07-18 20:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Bureaublad\BOEH op pol-laptop
    [2010-07-18 20:42:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeroen Pol\IECompatCache
    [2010-07-18 20:37:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010-07-18 20:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl
    [2010-07-18 20:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2010-07-18 20:30:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2010-07-18 20:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2010-07-18 20:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2010-07-18 20:27:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2010-07-18 20:24:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeroen Pol\PrivacIE
    [2010-07-18 20:24:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeroen Pol\IETldCache
    [2010-07-18 20:23:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010-07-18 20:23:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010-07-18 20:22:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010-07-18 20:22:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
    [2010-07-18 18:59:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2010-07-18 18:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
    [2010-07-18 18:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
    [2010-07-18 18:59:24 | 000,000,000 | R--D | C] -- C:\Program Files
    [2010-07-18 18:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
    [2010-07-18 18:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
    [2010-07-18 18:58:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start
    [2010-07-18 18:58:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten
    [2010-07-18 18:58:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Sjablonen
    [2010-07-18 18:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorieten
    [2010-07-18 18:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureaublad
    [2010-07-18 18:57:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010-07-18 18:57:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
    [2010-07-18 18:57:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2010-07-18 18:57:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
    [2010-07-18 18:56:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010-07-18 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings
    [2010-07-18 18:50:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
    [2010-07-18 18:50:24 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2010-07-18 18:50:24 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
    [2010-07-18 18:50:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1043
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
    [2010-07-18 18:50:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
    [2010-07-18 17:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010-07-18 17:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010-07-18 17:39:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2010-07-18 17:39:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2010-07-18 17:39:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
    [2010-07-18 17:38:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeroen Pol\UserData
    [2010-07-18 17:36:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010-07-18 17:34:07 | 000,356,096 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt61.sys
    [2010-07-18 17:34:07 | 000,356,096 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt61.sys
    [2010-07-18 17:34:07 | 000,243,328 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt2500.sys
    [2010-07-18 17:34:07 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
    [2010-07-18 17:34:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
    [2010-07-18 17:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
    [2010-07-18 17:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010-07-18 17:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Identities
    [2010-07-18 17:30:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010-07-18 17:30:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\Mijn muziek
    [2010-07-18 17:30:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten\Mijn afbeeldingen
    [2010-07-18 17:30:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft
    [2010-07-18 17:30:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeroen Pol\SendTo
    [2010-07-18 17:30:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeroen Pol\Onlangs geopend
    [2010-07-18 17:30:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jeroen Pol\Application Data
    [2010-07-18 17:30:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeroen Pol\Mijn documenten
    [2010-07-18 17:30:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeroen Pol\Menu Start
    [2010-07-18 17:30:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jeroen Pol\Favorieten
    [2010-07-18 17:30:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Jeroen Pol\Cookies
    [2010-07-18 17:30:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeroen Pol\Sjablonen
    [2010-07-18 17:30:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeroen Pol\Netwerkprinteromgeving
    [2010-07-18 17:30:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeroen Pol\NetHood
    [2010-07-18 17:30:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings
    [2010-07-18 17:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\Microsoft
    [2010-07-18 17:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeroen Pol\Bureaublad
    [2010-07-18 17:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2010-07-18 17:29:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [2010-07-18 17:29:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2010-07-18 17:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2010-07-18 17:28:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2010-07-18 17:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2010-07-18 17:26:34 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010-07-18 17:26:34 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010-07-18 17:26:00 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010-07-18 17:25:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010-07-18 17:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010-07-18 17:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010-07-18 17:24:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
    [2010-07-18 17:24:45 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
    [2010-07-18 17:24:45 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
    [2010-07-18 17:24:39 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
    [2010-07-18 17:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
    [2010-07-18 17:24:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
    [2010-07-18 17:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2010-07-18 17:23:48 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
    [2010-07-18 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2010-07-18 17:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
    [2010-07-18 17:23:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
    [2010-07-18 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
    [2010-07-18 17:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
    [2010-07-18 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
    [2010-07-18 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
    [2010-07-18 17:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
    [2010-07-18 17:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
    [2010-07-18 17:23:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen
    [2010-07-18 17:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
    [2010-07-18 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
    [2010-07-18 17:22:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten\Mijn muziek
    [2010-07-18 17:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
    [2010-07-18 17:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
    [2010-07-18 17:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
    [2010-07-18 17:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
    [2010-07-18 17:21:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
    [2010-07-18 17:21:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
    [2010-07-18 17:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documenten\Mijn video's
    [2010-05-31 20:32:58 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2010-05-31 20:32:58 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010-08-18 16:06:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeroen Pol\Bureaublad\OTL.exe
    [2010-08-18 16:04:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-08-18 15:59:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-08-18 15:59:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-08-18 15:59:09 | 001,974,272 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\ntuser.dat
    [2010-08-18 15:59:09 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Jeroen Pol\ntuser.ini
    [2010-08-18 15:59:05 | 006,926,186 | -H-- | M] () -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\IconCache.db
    [2010-08-17 12:17:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010-08-17 00:55:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-08-17 00:47:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010-08-16 10:44:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010-08-14 22:15:05 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
    [2010-08-12 11:27:58 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-08-12 01:46:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010-08-12 01:45:09 | 001,220,812 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-08-12 01:45:09 | 000,566,412 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2010-08-12 01:45:09 | 000,492,750 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-08-12 01:45:09 | 000,106,020 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2010-08-12 01:45:09 | 000,083,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-08-11 20:54:08 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010-08-11 17:37:42 | 000,019,224 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010-08-11 17:27:38 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Bureaublad\Guitar Pro 5.lnk
    [2010-08-11 13:34:56 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-08-09 14:34:12 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II.lnk
    [2010-07-22 14:30:09 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\AutoGK.ini
    [2010-07-19 15:23:24 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
    [2010-07-19 14:15:41 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010-07-19 14:11:59 | 000,000,379 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2010-07-19 14:06:56 | 000,000,382 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Snelkoppeling naar Games.lnk
    [2010-07-19 14:06:53 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Snelkoppeling naar Programma's.lnk
    [2010-07-18 21:27:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
    [2010-07-18 20:37:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010-07-18 20:29:01 | 000,251,712 | RHS- | M] () -- C:\ntldr
    [2010-07-18 20:24:32 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
    [2010-07-18 17:37:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2010-07-18 17:33:59 | 000,000,920 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI

    IT WAS TO LONG, SEE NEXT POST FOR MORE
     
    Joen,
    #13
  15. 2010/08/18
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    Part 2 of OTL

    [2010-07-18 17:30:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
    [2010-07-18 17:28:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010-07-18 17:26:48 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010-07-18 17:25:25 | 000,002,845 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010-07-18 17:25:25 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010-07-18 17:25:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010-07-18 17:25:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010-07-18 17:25:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
    [2010-07-18 17:25:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010-07-18 17:25:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-07-18 17:25:23 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010-07-18 17:25:23 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010-07-18 17:25:16 | 000,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2010-07-18 17:24:45 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2010-07-18 17:24:45 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2010-07-18 17:22:58 | 000,021,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010-07-18 17:22:50 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
    [2010-07-18 17:22:50 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
    [2010-07-18 17:21:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010-05-31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2010-05-31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010-05-31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010-05-31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2010-05-31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010-05-31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010-05-31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010-05-31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010-05-31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010-05-31 20:32:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2010-05-27 18:46:10 | 000,208,896 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
    [2010-05-27 18:46:00 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
    [2010-05-27 18:45:54 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
    [2010-05-27 18:45:48 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
    [2010-05-27 18:42:58 | 000,057,480 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
    [2010-05-27 18:41:06 | 000,481,456 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
    [2010-05-27 18:41:00 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
    [2010-05-27 18:41:00 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010-08-17 00:47:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010-08-17 00:46:58 | 000,261,936 | ---- | C] () -- C:\cmldr
    [2010-08-14 22:21:40 | 001,974,272 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\ntuser.dat
    [2010-08-14 22:14:42 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
    [2010-08-11 17:27:38 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Bureaublad\Guitar Pro 5.lnk
    [2010-08-09 14:34:12 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\StarCraft II.lnk
    [2010-07-22 12:53:40 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\AutoGK.ini
    [2010-07-20 13:14:17 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-07-19 17:33:04 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010-07-19 16:26:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010-07-19 15:23:24 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Heroes of Newerth.lnk
    [2010-07-19 14:15:41 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010-07-19 14:11:59 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010-07-19 14:06:56 | 000,000,382 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Snelkoppeling naar Games.lnk
    [2010-07-19 14:06:53 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Snelkoppeling naar Programma's.lnk
    [2010-07-19 01:25:16 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2010-07-19 01:25:16 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2010-07-19 01:25:16 | 000,057,480 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
    [2010-07-19 01:25:16 | 000,021,360 | ---- | C] () -- C:\WINDOWS\atiogl.xml
    [2010-07-19 01:25:16 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2010-07-18 21:27:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2010-07-18 21:27:34 | 000,481,456 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
    [2010-07-18 21:27:34 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
    [2010-07-18 21:27:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
    [2010-07-18 21:26:18 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2010-07-18 18:59:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010-07-18 18:59:26 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
    [2010-07-18 18:59:26 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
    [2010-07-18 18:59:25 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
    [2010-07-18 18:59:25 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
    [2010-07-18 18:59:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
    [2010-07-18 18:59:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
    [2010-07-18 18:59:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
    [2010-07-18 18:59:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
    [2010-07-18 18:59:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
    [2010-07-18 18:59:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
    [2010-07-18 18:59:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
    [2010-07-18 18:59:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
    [2010-07-18 18:59:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
    [2010-07-18 18:59:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
    [2010-07-18 18:59:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
    [2010-07-18 18:59:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
    [2010-07-18 18:59:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
    [2010-07-18 18:59:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
    [2010-07-18 18:59:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
    [2010-07-18 18:59:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
    [2010-07-18 18:59:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
    [2010-07-18 18:59:15 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
    [2010-07-18 18:59:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
    [2010-07-18 18:59:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
    [2010-07-18 18:59:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
    [2010-07-18 18:59:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
    [2010-07-18 18:59:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
    [2010-07-18 18:59:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
    [2010-07-18 18:59:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
    [2010-07-18 18:59:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
    [2010-07-18 18:59:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
    [2010-07-18 18:59:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
    [2010-07-18 18:59:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
    [2010-07-18 18:59:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
    [2010-07-18 18:59:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
    [2010-07-18 18:59:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
    [2010-07-18 18:59:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
    [2010-07-18 18:59:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
    [2010-07-18 18:59:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
    [2010-07-18 18:59:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
    [2010-07-18 18:59:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
    [2010-07-18 18:59:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
    [2010-07-18 18:59:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
    [2010-07-18 18:59:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
    [2010-07-18 18:59:06 | 000,001,802 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2010-07-18 18:57:17 | 001,014,139 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
    [2010-07-18 18:57:17 | 000,808,234 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2010-07-18 18:57:17 | 000,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2010-07-18 18:57:17 | 000,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2010-07-18 18:57:17 | 000,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2010-07-18 18:57:17 | 000,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2010-07-18 18:57:17 | 000,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2010-07-18 18:57:17 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2010-07-18 18:56:45 | 000,119,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-07-18 18:55:03 | 000,000,281 | RHS- | C] () -- C:\boot.ini
    [2010-07-18 18:55:01 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010-07-18 18:06:18 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
    [2010-07-18 18:06:18 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
    [2010-07-18 18:06:17 | 000,652,190 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
    [2010-07-18 18:06:17 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
    [2010-07-18 18:06:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
    [2010-07-18 18:06:17 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
    [2010-07-18 18:06:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
    [2010-07-18 18:06:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
    [2010-07-18 18:06:17 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
    [2010-07-18 18:06:17 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
    [2010-07-18 18:06:17 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
    [2010-07-18 18:06:17 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
    [2010-07-18 18:06:17 | 000,074,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
    [2010-07-18 18:06:17 | 000,058,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
    [2010-07-18 18:06:17 | 000,034,558 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
    [2010-07-18 18:06:17 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
    [2010-07-18 18:06:17 | 000,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
    [2010-07-18 18:06:17 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
    [2010-07-18 18:06:17 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
    [2010-07-18 18:06:17 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
    [2010-07-18 18:06:17 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
    [2010-07-18 18:06:17 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
    [2010-07-18 18:06:17 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
    [2010-07-18 18:06:17 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
    [2010-07-18 18:06:17 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
    [2010-07-18 18:06:17 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
    [2010-07-18 18:06:17 | 000,001,774 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
    [2010-07-18 18:06:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
    [2010-07-18 18:06:16 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
    [2010-07-18 18:06:16 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
    [2010-07-18 18:06:16 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
    [2010-07-18 18:06:15 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
    [2010-07-18 18:06:15 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
    [2010-07-18 18:06:15 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
    [2010-07-18 18:06:15 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
    [2010-07-18 18:06:15 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
    [2010-07-18 18:06:15 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
    [2010-07-18 18:06:15 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
    [2010-07-18 18:06:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
    [2010-07-18 18:06:15 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
    [2010-07-18 18:06:15 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
    [2010-07-18 18:06:14 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
    [2010-07-18 18:06:14 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
    [2010-07-18 18:06:13 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
    [2010-07-18 18:06:13 | 000,066,137 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
    [2010-07-18 18:06:12 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
    [2010-07-18 18:06:12 | 000,082,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
    [2010-07-18 18:06:12 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
    [2010-07-18 18:06:12 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
    [2010-07-18 18:06:12 | 000,001,471 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
    [2010-07-18 18:06:12 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
    [2010-07-18 18:06:12 | 000,001,453 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
    [2010-07-18 18:06:12 | 000,001,251 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
    [2010-07-18 18:06:12 | 000,001,051 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
    [2010-07-18 18:06:12 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
    [2010-07-18 18:06:12 | 000,001,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
    [2010-07-18 18:06:12 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
    [2010-07-18 18:06:12 | 000,000,801 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
    [2010-07-18 18:06:12 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
    [2010-07-18 18:06:12 | 000,000,786 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
    [2010-07-18 18:06:12 | 000,000,782 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
    [2010-07-18 18:06:12 | 000,000,726 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
    [2010-07-18 18:06:11 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2010-07-18 18:06:11 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
    [2010-07-18 18:06:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
    [2010-07-18 18:06:10 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
    [2010-07-18 18:06:10 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
    [2010-07-18 18:06:10 | 000,036,620 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
    [2010-07-18 18:06:10 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
    [2010-07-18 18:06:10 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
    [2010-07-18 18:06:10 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
    [2010-07-18 18:06:07 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
    [2010-07-18 18:06:06 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
    [2010-07-18 18:06:05 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
    [2010-07-18 18:06:04 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
    [2010-07-18 18:06:04 | 000,184,094 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
    [2010-07-18 18:06:04 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
    [2010-07-18 18:06:04 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
    [2010-07-18 18:06:04 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
    [2010-07-18 18:06:04 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
    [2010-07-18 18:06:04 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
    [2010-07-18 18:06:04 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
    [2010-07-18 18:06:04 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
    [2010-07-18 18:06:04 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
    [2010-07-18 18:06:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2010-07-18 18:06:03 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
    [2010-07-18 17:37:46 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
    [2010-07-18 17:34:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2010-07-18 17:34:07 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
    [2010-07-18 17:34:07 | 000,007,878 | ---- | C] () -- C:\WINDOWS\System32\RT2500.CAT
    [2010-07-18 17:34:07 | 000,007,870 | ---- | C] () -- C:\WINDOWS\System32\rt61.cat
    [2010-07-18 17:33:59 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
    [2010-07-18 17:30:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureaublad weergeven.scf
    [2010-07-18 17:30:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jeroen Pol\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
    [2010-07-18 17:30:06 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Jeroen Pol\ntuser.dat.LOG
    [2010-07-18 17:30:06 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Jeroen Pol\ntuser.ini
    [2010-07-18 17:28:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2010-07-18 17:26:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010-07-18 17:26:46 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
    [2010-07-18 17:26:32 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
    [2010-07-18 17:26:32 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
    [2010-07-18 17:26:31 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2010-07-18 17:26:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2010-07-18 17:26:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
    [2010-07-18 17:26:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2010-07-18 17:26:18 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2010-07-18 17:26:17 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2010-07-18 17:26:12 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2010-07-18 17:26:09 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2010-07-18 17:26:01 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2010-07-18 17:25:59 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
    [2010-07-18 17:25:59 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
    [2010-07-18 17:25:59 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
    [2010-07-18 17:25:59 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
    [2010-07-18 17:25:59 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
    [2010-07-18 17:25:59 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
    [2010-07-18 17:25:59 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
    [2010-07-18 17:25:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
    [2010-07-18 17:25:58 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
    [2010-07-18 17:25:58 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
    [2010-07-18 17:25:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
    [2010-07-18 17:25:57 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
    [2010-07-18 17:25:57 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
    [2010-07-18 17:25:57 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
    [2010-07-18 17:25:57 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
    [2010-07-18 17:25:57 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
    [2010-07-18 17:25:57 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
    [2010-07-18 17:25:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
    [2010-07-18 17:25:56 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
    [2010-07-18 17:25:56 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
    [2010-07-18 17:25:56 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
    [2010-07-18 17:25:56 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
    [2010-07-18 17:25:56 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
    [2010-07-18 17:25:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
    [2010-07-18 17:25:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
    [2010-07-18 17:25:25 | 000,002,845 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010-07-18 17:25:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010-07-18 17:25:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010-07-18 17:25:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
    [2010-07-18 17:25:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
    [2010-07-18 17:25:23 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010-07-18 17:25:23 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010-07-18 17:25:22 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
    [2010-07-18 17:24:45 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2010-07-18 17:24:45 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2010-07-18 17:24:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2010-07-18 17:24:31 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
    [2010-07-18 17:24:00 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
    [2010-07-18 17:24:00 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
    [2010-07-18 17:23:53 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
    [2010-07-18 17:22:58 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010-07-18 17:22:16 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie.bmp
    [2010-07-18 17:22:16 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2010-07-18 17:22:16 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Rivier Sumida.bmp
    [2010-07-18 17:22:16 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Groensteen.bmp
    [2010-07-18 17:22:16 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2010-07-18 17:22:16 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Stekkie.bmp
    [2010-07-18 17:22:16 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2010-07-18 17:22:15 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
    [2010-07-18 17:22:15 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Zeepbellen.bmp
    [2010-07-18 17:22:15 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kopje koffie.bmp
    [2010-07-18 17:22:15 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
    [2010-07-18 17:22:15 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Patroon.bmp
    [2010-07-18 17:22:15 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blauw 16.bmp
    [2010-07-18 17:22:14 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
    [2010-07-18 17:22:14 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
    [2010-07-18 17:22:14 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
    [2010-07-18 17:22:14 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
    [2010-07-18 17:22:14 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
    [2010-07-18 17:22:14 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
    [2010-07-18 17:22:12 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
    [2010-07-18 17:22:12 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
    [2010-07-18 17:22:11 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
    [2010-07-18 17:22:03 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009-01-25 23:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-01-09 01:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2004-08-04 14:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2004-08-04 14:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2004-08-04 14:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2004-08-04 14:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2004-08-04 14:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

    ========== LOP Check ==========

    [2010-08-11 17:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
    [2010-07-19 17:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010-08-11 21:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeroen Pol\Application Data\Guitar Pro 6
    [2010-08-11 20:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeroen Pol\Application Data\uTorrent

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010-07-18 17:25:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010-07-18 17:21:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010-08-17 00:47:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
    [2004-08-03 23:00:14 | 000,261,936 | ---- | M] () -- C:\cmldr
    [2010-08-17 12:18:31 | 000,028,786 | ---- | M] () -- C:\ComboFix.txt
    [2010-07-18 17:25:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010-07-18 17:25:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010-07-22 18:12:44 | 000,014,052 | ---- | M] () -- C:\MP4debug.log
    [2010-07-18 17:25:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010-07-18 20:29:01 | 000,251,712 | RHS- | M] () -- C:\ntldr
    [2010-08-18 15:59:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010-08-14 22:15:05 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007-04-09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [2009-03-08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
    [2009-03-08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2010-07-18 18:55:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010-07-18 18:55:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010-07-18 18:55:03 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008-04-14 19:02:44 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=4CF588D2F2363B73EB4AF57967D46DFF -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008-04-14 19:02:45 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=520391367546218929749612ABFE840C -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008-04-14 19:02:45 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=7ED22EA6D840CD388BD68B68580468E1 -- C:\WINDOWS\system32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
    Joen,
    #14
  16. 2010/08/18
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    EXTRA'S

    OTL Extras logfile created on: 18-8-2010 16:06:44 - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Jeroen Pol\Bureaublad
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
    5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 405,66 Gb Free Space | 87,10% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JEROEN-PC
    Current User Name: Jeroen Pol
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
    "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{1774C3D2-30FF-70EE-A1AF-1B771E2D2D33}" = ccc-utility
    "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{21A8BF7D-C50D-E655-1E25-99C7924A69F6}" = ATI Catalyst Install Manager
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{31DDEBE2-0F7D-A4AA-B8A9-9E1FD795FC2A}" = CCC Help English
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
    "{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1043-7B44-A93000000001}" = Adobe Reader 9.3.3 - Nederlands
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{BEAED2F4-04C7-95C4-7D8F-500EFE6CD1F9}" = ccc-core-static
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
    "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE567716-7997-E0AE-DD81-1A5D49A5FB25}" = Catalyst Control Center Graphics Previews Common
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AviSynth" = AviSynth 2.5
    "CleanUp!" = CleanUp!
    "DivX Setup.divx.com" = DivX Setup
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "Guitar Pro 5_is1" = Guitar Pro 5.2
    "hon" = Heroes of Newerth
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform apparaatbeheer
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    "MSC" = McAfee Total Protection
    "RealAlt_is1" = Real Alternative 2.0.2
    "StarCraft II" = StarCraft II
    "Steam App 10" = Counter-Strike
    "Steam App 630" = Alien Swarm
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.0
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21-7-2010 18:14:48 | Computer Name = JEROEN-PC | Source = MsiInstaller | ID = 10005
    Description = Product: QuickTime -- Er is al een nieuwere versie van QuickTime geïnstalleerd.
    Deze installatie kan niet worden voortgezet als er een nieuwere versie van QuickTime
    is geïnstalleerd.

    Error - 21-7-2010 19:05:35 | Computer Name = JEROEN-PC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: explorer.exe, versie: 6.0.2900.5512, vastgelopen
    module: unknown, versie: 0.0.0.0, vastgelopen op: 0x05d89290.

    [ System Events ]
    Error - 16-8-2010 16:24:15 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: i8042prt

    Error - 16-8-2010 16:26:46 | Computer Name = JEROEN-PC | Source = DCOM | ID = 10010
    Description = De server {209500FC-6B45-4693-8871-6296C4843751} heeft zich binnen
    de vereiste termijn niet bij DCOM geregistreerd.

    Error - 16-8-2010 18:55:13 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7023
    Description = De HID Input Service-service is gestopt met de volgende foutcode:
    %%126.

    Error - 16-8-2010 18:55:14 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: i8042prt

    Error - 16-8-2010 18:57:48 | Computer Name = JEROEN-PC | Source = DCOM | ID = 10010
    Description = De server {209500FC-6B45-4693-8871-6296C4843751} heeft zich binnen
    de vereiste termijn niet bij DCOM geregistreerd.

    Error - 17-8-2010 5:10:11 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7023
    Description = De HID Input Service-service is gestopt met de volgende foutcode:
    %%126.

    Error - 17-8-2010 5:10:12 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: i8042prt

    Error - 17-8-2010 14:50:31 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7023
    Description = De HID Input Service-service is gestopt met de volgende foutcode:
    %%126.

    Error - 17-8-2010 14:50:32 | Computer Name = JEROEN-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: i8042prt

    Error - 17-8-2010 14:53:03 | Computer Name = JEROEN-PC | Source = DCOM | ID = 10010
    Description = De server {209500FC-6B45-4693-8871-6296C4843751} heeft zich binnen
    de vereiste termijn niet bij DCOM geregistreerd.


    < End of report >
     
    Joen,
    #15
  17. 2010/08/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===============================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 "DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #16
  18. 2010/08/21
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    OTL:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: %Profile%

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.JEROEN-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: Jeroen Pol
    ->Temp folder emptied: 52264422 bytes
    ->Temporary Internet Files folder emptied: 37140729 bytes
    ->Java cache emptied: 6265329 bytes
    ->Flash cache emptied: 2651117 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65854 bytes
    ->Flash cache emptied: 618 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 72152 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1330679 bytes

    Total Files Cleaned = 95,00 mb


    [EMPTYFLASH]

    User: %Profile%

    User: Administrator

    User: Administrator.JEROEN-PC

    User: All Users

    User: Default User

    User: Jeroen Pol
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.10.0 log created on 08212010_132609

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\YK6U5RET\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[2].htm moved successfully.
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\YK6U5RET\ads[1].htm moved successfully.
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\YK6U5RET\afr[1].htm moved successfully.
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\K0LBZFAA\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\DYV1K0UL\94628-active-redirecting-problem-2[1].html moved successfully.
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\DYV1K0UL\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Documents and Settings\Jeroen Pol\Local Settings\Temporary Internet Files\Content.IE5\DYV1K0UL\TF-bbs-160-600[1].html moved successfully.

    Registry entries deleted on Reboot...


    Security Check:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    McAfee Total Protection
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 21
    Adobe Flash Player
    Adobe Reader 9.3.3 - Nederlands
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    ````````````````````````````````
    DNS Vulnerability Check:
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````




    Kaspersky:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, August 21, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, August 20, 2010 22:22:39
    Records in database: 4130136
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\

    Scan statistics:
    Objects scanned: 63561
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 02:36:48

    No threats found. Scanned area is clean.

    Selected area has been scanned.
     
    Joen,
    #17
  19. 2010/08/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Excellent :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ================================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
    broni,
    #18
  20. 2010/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    The issue seems to be resolved.
     
    broni,
    #19
  21. 2010/08/27
    Joen

    Joen Inactive Thread Starter

    Joined:
    2010/08/15
    Messages:
    11
    Likes Received:
    0
    Yes thank you! Sorry for no reply, school has begun -.-

    I really want to thank you broni.
    Your awesome!!


    Joen
     
    Joen,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...