Mededeling

Collapse
No announcement yet.

Widgi toolbar, melding virusinfectie af en aan

Collapse
X
Collapse
  •  
  • Page of 4
  • Tijd
  • Show
Clear All
new posts
Vorige 1 2 3 4 template Volgende
  • #1

    Widgi toolbar, melding virusinfectie af en aan

    Mijn laptop is traag, AVG en Malwarebytes geeft dan wel en dan niet melding dat het systeem geinfecteerd is, firefox gebruikt teveel geheugen, widgi toolbar zou infectie zijn, heb hem uitgevinkt bij opstarten CCleaner maar kan hem kennelijk niet verwijderen.
    Heb de stappen in jullie aanwijzingen gevolgd, Kapersky meldt verschillende problemen, maar weet niet hoe ik ze allemaal kan oplossen.
    Ik plaats hier de Kapersky uitslag en de gevraagde logs.

    Detailed report
    Problems found
    Scanning date:

    Database update date:


    Product version:
    10/17/2013 09:31 PM

    10/17/2013 04:33 PM


    12.0.1.340 (b)

    Computer protection (0)
    Information about anti-virus software and firewalls installed on the computer.

    Malware (0)
    Information about malware detected on the computer.

    Vulnerabilities (1)
    Information about applications and operating system components in which vulnerabilities have been detected.
    1. C:\windows\system32\msxml4.dll

    Other issues (10)
    Information about vulnerabilities associated with the settings of installed applications and the operating system.
    1. "Process termination timeout is out of admissible values"
    2. "Service termination timeout is out of admissible values"
    3. "CD/DVD autorun is enabled"
    4. "Windows Explorer - show extensions of known file types"
    5. "Microsoft Internet Explorer - disable caching data received via protected channel"
    6. "Microsoft Internet Explorer: disable sending error reports"
    7. "Microsoft Internet Explorer: clear the list of trusted domains"
    8. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    9. "Windows Explorer: display of known file types extensions is disabled"
    10. "Microsoft Internet Explorer: start page reset"

    Malwarebytes Anti-Malware 1.75.0.1300
    Cyber Security Software & Anti-Malware | Malwarebytes
    https://www.malwarebytes.org
    Protect your home and business PCs, Macs, iOS and Android devices from the latest cyber threats and malware, including ransomware.


    Databaseversie: v2013.10.24.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Mariposa :: PC_VAN_MARIPOSA [administrator]

    24-10-2013 14:44:00
    mbam-log-2013-10-24 (14-44-00).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 209850
    Verstreken tijd: 15 minuut/minuten, 29 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16514
    Run by Mariposa at 14:02:00 on 2013-10-25
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1015.305 [GMT 2:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVG\AVG2014\avgrsx.exe
    C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\windows\system32\SLsvc.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\IDT\WDM\aestsrv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2014\avgidsagent.exe
    C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\AVG\AVG2014\avgnsx.exe
    C:\Program Files\AVG\AVG2014\avgemcx.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\conime.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k rpcss
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=all&pf=cmnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=all&pf=cmnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=all&pf=cmnb
    uSearchAssistant = hxxp://www.google.com
    dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
    uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [MDS_Menu] c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0
    mRun: [HPCam_Menu] c:\program files\hewlett-packard\hp webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\hp webcam" updatewithcreateonce "software\cyberlink\hp webcam\1.0
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\syntpenh.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Windows Defender] c:\program files\windows defender\msascui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\hpwuschd2.exe
    dRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{1751188C-182E-47DC-A643-C58DF43FC1A3} : DHCPNameServer = 62.140.138.237 62.140.140.250
    TCP: Interfaces\{29B4B703-14BD-44B7-8307-D3AE6550C334} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mariposa\appdata\roaming\mozilla\firefox\profiles\45r8uh08.default-1346592641303\
    FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
    FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-10-04 10:39; avg@toolbar; c:\programdata\avg secure search\firefoxext\17.0.1.12
    .
    ---- FIREFOX POLICIES ----
    # Mozilla User Preferences
    .
    /* Do not edit this file.
    *
    * If you make changes to this file while the application is running,
    * the changes will be overwritten when the application exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    */
    .
    FF - user.js: accessibility.typeaheadfind - true
    FF - user.js: accessibility.typeaheadfind.flashBar - 0
    FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1368265791
    FF - user.js: app.update.lastUpdateTime.background-update-timer - 1368310898
    FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1368266102
    FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1368341196
    FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1368293962
    FF - user.js: browser.cache.disk.capacity - 358400
    FF - user.js: browser.cache.disk.smart_size.first_run - false
    FF - user.js: browser.cache.disk.smart_size.use_old_max - false
    FF - user.js: browser.cache.disk.smart_size_cached_value - 358400
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.download.lastDir - c:\\users\\mariposa\\documents\\rouwkaart mama
    FF - user.js: browser.download.panel.firstSessionCompleted - true
    FF - user.js: browser.download.panel.shown - true
    FF - user.js: browser.download.save_converter_index - 0
    FF - user.js: browser.feeds.showFirstRunUI - false
    FF - user.js: browser.keywordURLPromptDeclined - 1
    FF - user.js: browser.migration.version - 9
    FF - user.js: browser.newtabpage.storageVersion - 1
    FF - user.js: browser.pagethumbnails.storage_version - 2
    FF - user.js: browser.places.smartBookmarksVersion - 4
    FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
    FF - user.js: browser.rights.3.shown - true
    FF - user.js: browser.search.defaultenginename - Yahoo
    FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&ilc=12&type=800236
    FF - user.js: browser.search.useDBForOrder - true
    FF - user.js: browser.sessionstore.enabled - true
    FF - user.js: browser.startup.homepage - hxxps://www.facebook.com/
    FF - user.js: browser.startup.homepage_override.buildID - 20130409194949
    FF - user.js: browser.startup.homepage_override.mstone - 20.0.1
    FF - user.js: browser.syncPromoViewsLeftMap - {\bookmarks\:0,\passwords\:0}
    FF - user.js: browser.tabs.loadInBackground - false
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: datareporting.healthreport.currentDaySubmissionFailureCount - 0
    FF - user.js: datareporting.healthreport.lastDataSubmissionRequestedTime - 1368293119949
    FF - user.js: datareporting.healthreport.nextDataSubmissionTime - 1368380143009
    FF - user.js: datareporting.policy.dataSubmissionPolicyAccepted - true
    FF - user.js: datareporting.policy.dataSubmissionPolicyAcceptedVersion - 1
    FF - user.js: datareporting.policy.dataSubmissionPolicyNotifiedTime - 1365175482296
    FF - user.js: datareporting.policy.dataSubmissionPolicyResponseTime - 1365175499856
    FF - user.js: datareporting.policy.dataSubmissionPolicyResponseType - accepted-info-bar-button-pressed
    FF - user.js: datareporting.policy.firstRunTime - 1365112499631
    FF - user.js: datareporting.sessions.current.activeTicks - 5
    FF - user.js: datareporting.sessions.current.clean - true
    FF - user.js: datareporting.sessions.current.firstPaint - 5648
    FF - user.js: datareporting.sessions.current.main - 2012
    FF - user.js: datareporting.sessions.current.sessionRestored - 5741
    FF - user.js: datareporting.sessions.current.startTime - 1368345220119
    FF - user.js: datareporting.sessions.current.totalTime - 35511
    FF - user.js: datareporting.sessions.currentIndex - 154
    FF - user.js: datareporting.sessions.previous.120 - {\s\:1367620311126,\a\:33,\t\:227738,\c\:true,\m\:258,\fp\:2983,\sr\:3041}
    FF - user.js: datareporting.sessions.previous.121 - {\s\:1367620599598,\a\:110,\t\:678787,\c\:true,\m\:741,\fp\:3359,\sr\:3859}
    FF - user.js: datareporting.sessions.previous.122 - {\s\:1367625200395,\a\:148,\t\:1276866,\c\:true,\m\:671,\fp\:3152,\sr\:3371}
    FF - user.js: datareporting.sessions.previous.123 - {\s\:1367626482611,\a\:11,\t\:82523,\c\:true,\m\:1996,\fp\:4774,\sr\:4883}
    FF - user.js: datareporting.sessions.previous.124 - {\s\:1367655618315,\a\:491,\t\:4822610,\c\:true,\m\:3681,\fp\:17522,\sr\:17880}
    FF - user.js: datareporting.sessions.previous.125 - {\s\:1367660936876,\a\:55,\t\:280887,\c\:true,\m\:1139,\fp\:3979,\sr\:4088}
    FF - user.js: datareporting.sessions.previous.126 - {\s\:1367661803716,\a\:56,\t\:343084,\c\:true,\m\:858,\fp\:3542,\sr\:3635}
    FF - user.js: datareporting.sessions.previous.127 - {\s\:1367684669054,\a\:851,\t\:19186413,\c\:true,\m\:3869,\fp\:15072,\sr\:15728}
    FF - user.js: datareporting.sessions.previous.128 - {\s\:1367741788753,\a\:394,\t\:3895877,\c\:true,\m\:2059,\fp\:10080,\sr\:10454}
    FF - user.js: datareporting.sessions.previous.129 - {\s\:1367745713114,\a\:8,\t\:54464,\c\:true,\m\:2403,\fp\:6132,\sr\:6288}
    FF - user.js: datareporting.sessions.previous.130 - {\s\:1367748276552,\a\:392,\t\:4038794,\c\:true,\m\:343,\fp\:2825,\sr\:2918}
    FF - user.js: datareporting.sessions.previous.131 - {\s\:1367773913139,\a\:568,\t\:4521911,\c\:true,\m\:3089,\fp\:13261,\sr\:13417}
    FF - user.js: datareporting.sessions.previous.132 - {\s\:1367786358522,\a\:687,\t\:6392105,\c\:true,\m\:3868,\fp\:19579,\sr\:19984}
    FF - user.js: datareporting.sessions.previous.133 - {\s\:1367831923825,\a\:1293,\t\:12803929,\c\:true,\m\:1107,\fp\:11903,\sr\:11997}
    FF - user.js: datareporting.sessions.previous.134 - {\s\:1367873512405,\a\:429,\t\:9013798,\c\:true,\m\:1841,\fp\:12124,\sr\:12343}
    FF - user.js: datareporting.sessions.previous.135 - {\s\:1367916777748,\a\:1316,\t\:8187481,\c\:true,\m\:2559,\fp\:10329,\sr\:10625}
    FF - user.js: datareporting.sessions.previous.136 - {\s\:1367926875164,\a\:31,\t\:239188,\c\:true,\m\:998,\fp\:4183,\sr\:4292}
    FF - user.js: datareporting.sessions.previous.137 - {\s\:1367940075184,\a\:327,\t\:2095551,\c\:true,\m\:2558,\fp\:11436,\sr\:11638}
    FF - user.js: datareporting.sessions.previous.138 - {\s\:1367944353010,\a\:681,\t\:18428159,\c\:true,\m\:1217,\fp\:4665,\sr\:4837}
    FF - user.js: datareporting.sessions.previous.139 - {\s\:1367962799033,\a\:1121,\t\:8968183,\c\:true,\m\:2574,\fp\:7802,\sr\:8004}
    FF - user.js: datareporting.sessions.previous.140 - {\s\:1368005241264,\a\:1424,\t\:32939137,\c\:true,\m\:1545,\fp\:14213,\sr\:14774}
    FF - user.js: datareporting.sessions.previous.141 - {\s\:1368051095208,\a\:243,\t\:5752397,\c\:true,\m\:2075,\fp\:11905,\sr\:12451}
    FF - user.js: datareporting.sessions.previous.142 - {\s\:1368089208682,\a\:1307,\t\:20596752,\c\:true,\m\:2262,\fp\:19846,\sr\:20189}
    FF - user.js: datareporting.sessions.previous.143 - {\s\:1368130934000,\a\:1063,\t\:10056608,\c\:true,\m\:2886,\fp\:13293,\sr\:13558}
    FF - user.js: datareporting.sessions.previous.144 - {\s\:1368168225900,\a\:2877,\t\:26270083,\c\:true,\m\:3011,\fp\:13062,\sr\:13296}
    FF - user.js: datareporting.sessions.previous.145 - {\s\:1368223198389,\a\:527,\t\:6987341,\c\:true,\m\:3510,\fp\:14727,\sr\:15086}
    FF - user.js: datareporting.sessions.previous.146 - {\s\:1368261544105,\a\:1163,\t\:15134787,\c\:true,\m\:9142,\fp\:139749,\sr\:151932}
    FF - user.js: datareporting.sessions.previous.147 - {\s\:1368290235808,\a\:271,\t\:7674849,\c\:true,\m\:3448,\fp\:17475,\sr\:17929}
    FF - user.js: datareporting.sessions.previous.148 - {\s\:1368305768518,\a\:543,\t\:7258807,\c\:true,\m\:2871,\fp\:14387,\sr\:14823}
    FF - user.js: datareporting.sessions.previous.149 - {\s\:1368340642303,\a\:0,\t\:112433,\c\:false,\m\:29297,\fp\:-1,\sr\:-1}
    FF - user.js: datareporting.sessions.previous.150 - {\s\:1368340783578,\a\:1,\t\:270156,\c\:true,\m\:17316,\fp\:255201,\sr\:255248}
    FF - user.js: datareporting.sessions.previous.151 - {\s\:1368341013491,\a\:31,\t\:534263,\c\:true,\m\:6895,\fp\:60670,\sr\:60717}
    FF - user.js: datareporting.sessions.previous.152 - {\s\:1368342438815,\a\:9,\t\:82403,\c\:true,\m\:3915,\fp\:29618,\sr\:30320}
    FF - user.js: datareporting.sessions.previous.153 - {\s\:1368345195797,\a\:4,\t\:25397,\c\:true,\m\:1139,\fp\:7848,\sr\:8207}
    FF - user.js: datareporting.sessions.prunedIndex - 119
    FF - user.js: devtools.toolbox.selectedTool - inspector
    FF - user.js: dom.mozApps.used - true
    FF - user.js: dom.w3c_touch_events.expose - false
    FF - user.js: extensions.adblockplus.currentVersion - 2.2.4
    FF - user.js: extensions.adblockplus.lastRuleUpdate - 1368096841
    FF - user.js: extensions.blocklist.pingCountTotal - 232
    FF - user.js: extensions.blocklist.pingCountVersion - 30
    FF - user.js: extensions.bootstrappedAddons - {\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\version\:\2.2.4\,\type\:\extension\,\descriptor\:\c:\\\\users\\\\mariposa\\\\appdat a\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\}}
    FF - user.js: extensions.databaseSchema - 14
    FF - user.js: extensions.downloadyoutubevideosasmp.firstVersion - 6.5
    FF - user.js: extensions.downloadyoutubevideosasmp.firstrun - false
    FF - user.js: extensions.downloadyoutubevideosasmp.userId - 168e8c8c-62e7-4e47-a0bb-729375b5bbee
    FF - user.js: extensions.downloadyoutubevideosasmp.userIdLogged - true
    FF - user.js: extensions.downloadyoutubevideosasmp.version - 6.7
    FF - user.js: extensions.enabledAddons - info%40video2mp3.at:0.1,youtubeunblocker%40unblocker.yt:0.4.0,%7B553e8d3e-cc2c-451a-8a44-06ce63f9df23%7D:1.1,ascsurfingprotection%40iobit.com:1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js: extensions.helperbar.Country - Netherlands
    FF - user.js: extensions.helperbar.DockingPositionDown - false
    FF - user.js: extensions.helperbar.SmartbarDisabled - false
    FF - user.js: extensions.helperbar.SmartbarStateMinimaized - false
    FF - user.js: extensions.helperbar.UserID - 553e8d3e-cc2c-451a-8a44-06ce63f9df23
    FF - user.js: extensions.helperbar.Visibility - false
    FF - user.js: extensions.hotfix.lastVersion - 20121019.01
    FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1270574258421}}},{\name\:\app-global\,\addons\:{\{82af8dca-6de9-405d-bd5e-43525bdad38a}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{82af8dca-6de9-405d-bd5e-43525bdad38a}\,\mtime\:1365719171018},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1365719238626}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdat a\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\[email protected]\,\mtime\:1368342462044},\info@video2mp 3.at\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles \\\\45r8uh08.default-1346592641303\\\\extensions\\\\[email protected]\,\mtime\:1346672790208},\youtubeunblocker@unblo cker.yt\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profi les\\\\45r8uh08.default-1346592641303\\\\extensions\\\\[email protected]\,\mtime\:1366271848032},\{553e8d3e-cc2c-451a-8a44-06ce63f9df23}\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\ \profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\{553e8d3e-cc2c-451a-8a44-06ce63f9df23}\,\mtime\:1366511242896},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\ \profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1368092941341}}}]
    FF - user.js: extensions.lastAppVersion - 20.0.1
    FF - user.js: extensions.lastPlatformVersion - 20.0.1
    FF - user.js: extensions.pendingOperations - false
    FF - user.js: extensions.shownSelectionUI - true
    FF - user.js: extensions.ui.dictionary.hidden - true
    FF - user.js: extensions.ui.lastCategory - addons://discover/
    FF - user.js: extensions.ui.locale.hidden - true
    FF - user.js: extentions.undefined.lastDnsTest - 379558
    FF - user.js: font.minimum-size.x-western - 13
    FF - user.js: gecko.buildID - 20130409194949
    FF - user.js: gecko.mstone - 20.0.1
    FF - user.js: idle.lastDailyNotification - 1368224411
    FF - user.js: intl.charsetmenu.browser.cache - windows-1251, UTF-8, ISO-8859-15, windows-1250, windows-1252
    FF - user.js: layout.spellcheckDefault - 0
    FF - user.js: network.cookie.prefsMigrated - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: pdfjs.database - {\files\:[{\fingerprint\:\62c6c511a909b7079421b20f3eee5\,\exists\:true,\page\:1,\zoom\:110.00000000000001,\scr ollleft\:0,\scrolltop\:701},{\fingerprint\:\f1545e149f5e10d7bc8b53e52cd7c85d\,\exists\:true,\page\:1 ,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:849},{\fingerprint\:\f7cdca128f6e11dba0ff016cb376892\,\exi sts\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:794},{\fingerprint\:\94e8849986d5b438463 7c40b953f84f\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:689},{\fingerprint\:\d 1d5907b28b8f418895c769a920631\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:727}, {\fingerprint\:\51a59129b1f9b349a827a3b2cf50999c\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\: 0,\scrolltop\:849},{\fingerprint\:\10f92fa5cd9511dba3880a95b05ee6\,\exists\:true,\page\:1,\zoom\:\au to\,\scrollleft\:0,\scrolltop\:448},{\fingerprint\:\1e4629dd346b71f8c4d66e8ec7c31cc\,\exists\:true,\ page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:539},{\fingerprint\:\deda5e9dee8d59ad94abbf862d29b3 3e\,\exists\:true,\page\:2,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:54},{\fingerprint\:\a170734cf962 864cb6811b6f19491475\,\exists\:true,\page\:2,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:667},{\fingerp rint\:\a8f3c886989f41d4a54bd69ba4af0e4\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrollt op\:427},{\fingerprint\:\1f73e258f5ae20491d7e43e739f84b42\,\exists\:true,\page\:3,\zoom\:\auto\,\scr ollleft\:0,\scrolltop\:551},{\fingerprint\:\79d51c4452a252966566a93112c66383\,\exists\:true,\page\:2 ,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:505},{\fingerprint\:\9dab4f3efec5f4bb6e6785f87f1ee5d\,\exi sts\:true,\page\:22,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:790},{\fingerprint\:\e3561f1c319243e790 17b395abeab9b0\,\exists\:true,\page\:2,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:50},{\fingerprint\:\ 53e3bf1899a41d2b34bc1a2c954a941\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:804 },{\fingerprint\:\3f34c1e79f334f2a4416cef8e4d882\,\exists\:true,\page\:4,\zoom\:\auto\,\scrollleft\: 0,\scrolltop\:222},{\fingerprint\:\c55b4eea7d85d442a3f12337e2a4b4d5\,\exists\:true,\page\:25,\zoom\: \auto\,\scrollleft\:0,\scrolltop\:525},{\fingerprint\:\7545a35f6e97418c879fbba5d5a3568\,\exists\:tru e,\page\:8,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:192},{\fingerprint\:\ef4eaa86ef43d0ae73e2ce5ce8a 9e5f\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:689}]}
    FF - user.js: pdfjs.migrationVersion - 1
    FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
    FF - user.js: pdfjs.previousHandler.preferredAction - 4
    FF - user.js: places.database.lastMaintenance - 1367841694
    FF - user.js: places.history.expiration.transient_current_max_pages - 26596
    FF - user.js: plugin.disable_full_page_plugin_for_types - application/pdf
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: pref.advanced.javascript.disable_button.advanced - false
    FF - user.js: pref.browser.homepage.disable_button.current_page - false
    FF - user.js: print_printer - HP PSC 1400 series
    FF - user.js: printer_HP_PSC_1400_series.print_bgcolor - false
    FF - user.js: printer_HP_PSC_1400_series.print_bgimages - false
    FF - user.js: printer_HP_PSC_1400_series.print_colorspace -
    FF - user.js: printer_HP_PSC_1400_series.print_command -
    FF - user.js: printer_HP_PSC_1400_series.print_downloadfonts - false
    FF - user.js: printer_HP_PSC_1400_series.print_edge_bottom - 0
    FF - user.js: printer_HP_PSC_1400_series.print_edge_left - 0
    FF - user.js: printer_HP_PSC_1400_series.print_edge_right - 0
    FF - user.js: printer_HP_PSC_1400_series.print_edge_top - 0
    FF - user.js: printer_HP_PSC_1400_series.print_evenpages - true
    FF - user.js: printer_HP_PSC_1400_series.print_footercenter -
    FF - user.js: printer_HP_PSC_1400_series.print_footerleft - &PT
    FF - user.js: printer_HP_PSC_1400_series.print_footerright - &D
    FF - user.js: printer_HP_PSC_1400_series.print_headercenter -
    FF - user.js: printer_HP_PSC_1400_series.print_headerleft - &T
    FF - user.js: printer_HP_PSC_1400_series.print_headerright - &U
    FF - user.js: printer_HP_PSC_1400_series.print_in_color - true
    FF - user.js: printer_HP_PSC_1400_series.print_margin_bottom - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_margin_left - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_margin_right - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_margin_top - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_oddpages - true
    FF - user.js: printer_HP_PSC_1400_series.print_orientation - 0
    FF - user.js: printer_HP_PSC_1400_series.print_page_delay - 50
    FF - user.js: printer_HP_PSC_1400_series.print_paper_data - 9
    FF - user.js: printer_HP_PSC_1400_series.print_paper_height - 11,00
    FF - user.js: printer_HP_PSC_1400_series.print_paper_name -
    FF - user.js: printer_HP_PSC_1400_series.print_paper_size_type - 0
    FF - user.js: printer_HP_PSC_1400_series.print_paper_size_unit - 1
    FF - user.js: printer_HP_PSC_1400_series.print_paper_width - 8,50
    FF - user.js: printer_HP_PSC_1400_series.print_plex_name -
    FF - user.js: printer_HP_PSC_1400_series.print_resolution_name -
    FF - user.js: printer_HP_PSC_1400_series.print_reversed - false
    FF - user.js: printer_HP_PSC_1400_series.print_scaling - 1,00
    FF - user.js: printer_HP_PSC_1400_series.print_shrink_to_fit - true
    FF - user.js: printer_HP_PSC_1400_series.print_to_file - false
    FF - user.js: printer_HP_PSC_1400_series.print_to_filename -
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_bottom - 0
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_left - 0
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_right - 0
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_top - 0
    FF - user.js: privacy.cpd.downloads - false
    FF - user.js: privacy.cpd.formdata - false
    FF - user.js: privacy.cpd.history - false
    FF - user.js: privacy.cpd.sessions - false
    FF - user.js: privacy.donottrackheader.enabled - true
    FF - user.js: privacy.sanitize.migrateFx3Prefs - true
    FF - user.js: privacy.sanitize.timeSpan - 0
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: services.sync.clients.lastSync - 0
    FF - user.js: services.sync.clients.lastSyncLocal - 0
    FF - user.js: services.sync.globalScore - 0
    FF - user.js: services.sync.migrated - true
    FF - user.js: services.sync.nextSync - 0
    FF - user.js: services.sync.tabs.lastSync - 0
    FF - user.js: services.sync.tabs.lastSyncLocal - 0
    FF - user.js: spellchecker.dictionary - nl
    FF - user.js: storage.vacuum.last.index - 1
    FF - user.js: storage.vacuum.last.places.sqlite - 1367841694
    FF - user.js: toolkit.startup.last_success - 1368345222
    FF - user.js: toolkit.telemetry.prompted - 2
    FF - user.js: toolkit.telemetry.rejected - true
    FF - user.js: ui.submenuDelay - 0
    FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1370545456
    FF - user.js: xpinstall.whitelist.add -
    FF - user.js: xpinstall.whitelist.add.180 -
    FF - user.js: xpinstall.whitelist.add.36 -
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dailyPing - true|||1354282527394
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_debugMode - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_gtQueryParam - UA-25323614-7
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_installedPing - true|||8641348079782866
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_lastUpdate - 1354196127359|||8641354196127360
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam1 - MB131
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam2 - MB132
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=http://www.thehoodedsage.com/2011/08/how-to-heal-mind/|||8641351016324901
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showDialog - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showtoaster - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status - active
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=http://www.thehoodedsage.com/2011/08/how-to-heal-mind/|#|old_value|||8641351016350552
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toasterID - 1|||8641351016350552
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toolbar_query - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2 - 6PQGgoLjbq
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name - sg_6PQGgoLjbq_active_MB131_MB132_UA-25323614-7_2012-08-11-22-34-43
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_name - Web Assistant
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_version - 2.0.0.485
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name - sg_6PQGgoLjbq_active_MB131_MB132_UA-25323614-7_2012-08-11-22-34-43
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_toolbarID - 5be4104c3a73485dbbd114243b9a298a
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.extensionFirstRun - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.lastExtensionVersion - 2.0.0.485
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.setdefaultsearch_2.0.0.485 - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.413 - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.485 - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.sethomepage_2.0.0.485 - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-4 37664]
    R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerber us\baseline\RapportCerberus32_56758.sys [2013-8-30 330960]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-11-12 81920]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-5 227896]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-3-31 112128]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-31 4232704]
    .
    =============== Created Last 30 ================
    .
    2013-10-10 22:57:16 798208 ----a-w- c:\windows\system32\FntCache.dll
    2013-10-10 22:57:16 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-10-10 22:57:15 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-10-10 22:57:13 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-10-10 22:57:13 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-10-10 22:57:13 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2013-10-10 22:57:13 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-10-10 22:57:12 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-10-10 22:57:12 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2013-10-10 22:57:06 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-10-10 22:57:05 37376 ----a-w- c:\windows\system32\cdd.dll
    2013-10-10 22:57:02 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-10 22:56:55 2050048 ----a-w- c:\windows\system32\win32k.sys
    2013-10-10 22:56:14 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-10-10 22:56:14 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-10-10 22:56:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-10-10 22:56:13 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-10-10 22:56:13 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-10-10 22:56:13 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-10-10 22:56:09 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2013-10-10 22:56:06 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-10-10 22:56:02 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-10-10 22:56:00 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-10-10 22:55:54 532480 ----a-w- c:\windows\system32\comctl32.dll
    2013-10-10 22:55:44 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
    2013-10-07 18:17:33 -------- d-----w- c:\program files\Kaspersky Lab
    2013-10-07 18:17:32 -------- d-----w- c:\programdata\Kaspersky Lab
    2013-10-07 16:01:40 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ae18c35b-7078-4d3b-8259-ae328fde1e1c}\mpengine.dll
    2013-10-04 08:40:38 -------- d-----w- c:\users\mariposa\appdata\roaming\AVG2014
    2013-10-04 08:39:49 -------- d-----w- c:\users\mariposa\appdata\local\AVG Secure Search
    2013-10-04 08:39:32 -------- d-----w- c:\users\mariposa\appdata\roaming\TuneUp Software
    2013-10-04 08:39:11 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-10-04 08:39:06 -------- d-----w- c:\programdata\AVG Secure Search
    2013-10-04 08:39:04 -------- d-----w- c:\program files\common files\AVG Secure Search
    2013-10-04 08:39:01 -------- d-----w- c:\program files\AVG Secure Search
    2013-10-04 08:37:01 -------- d-----w- c:\programdata\AVG2014
    2013-10-04 08:35:59 -------- d-----w- c:\program files\AVG
    2013-10-04 08:31:08 -------- d-----w- c:\users\mariposa\appdata\local\MFAData
    2013-10-04 08:31:08 -------- d-----w- c:\users\mariposa\appdata\local\Avg2014
    2013-10-04 08:14:19 -------- d-----w- c:\program files\CCleaner
    2013-09-26 11:29:54 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
    2013-09-26 11:29:53 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
    2013-09-26 11:20:06 -------- d-----w- c:\windows\system32\x64
    2013-09-26 11:16:59 130048 ----a-w- c:\windows\system32\igfxdo.dll
    2013-09-26 11:16:58 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
    2013-09-26 11:16:57 668696 ----a-w- c:\windows\system32\igfxcfg.exe
    2013-09-26 11:16:50 4569088 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
    2013-09-26 11:16:49 2576384 ----a-w- c:\windows\system32\igd10umd32.dll
    2013-09-26 11:16:42 4112384 ----a-w- c:\windows\system32\ig4icd32.dll
    2013-09-26 11:16:41 2674688 ----a-w- c:\windows\system32\ig4dev32.dll
    2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    .
    ==================== Find3M ====================
    .
    2013-10-10 08:33:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-10 08:33:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-26 11:16:59 210432 ----a-w- c:\windows\system32\igfxdev.dll
    2013-09-26 11:16:56 536576 ----a-w- c:\windows\system32\igdumdx32.dll
    2013-09-26 11:16:56 3821568 ----a-w- c:\windows\system32\igdumd32.dll
    2013-09-26 11:16:41 173592 ----a-w- c:\windows\system32\hkcmd.exe
    2013-09-26 11:16:40 94208 ----a-w- c:\windows\system32\hccutils.dll
    2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-10 21:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-08-15 15:31:14 268968 ----a-w- c:\windows\system32\sqlite3.dll
    2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-01 14:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    .
    ============= FINISH: 14:03:31,96 ===============


    Alvast bedankt
    SMILING IS CONTAGIOUS
    Labels: Geen
      • Citaat
    • #2
      .
      UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2012-11-20.01)
      .
      Microsoft® Windows Vista™ Home Basic
      Boot Device: \Device\HarddiskVolume1
      Install Date: 31-3-2010 16:09:34
      System Uptime: 25-10-2013 10:30:24 (4 hours ago)
      .
      Motherboard: Hewlett-Packard | | 308A
      Processor: Intel(R) Celeron(R) CPU 570 @ 2.26GHz | U10 | 2261/133mhz
      .
      ==== Disk Partitions =========================
      .
      C: is FIXED (NTFS) - 139 GiB total, 41,285 GiB free.
      D: is FIXED (NTFS) - 10 GiB total, 2,026 GiB free.
      E: is CDROM ()
      .
      ==== Disabled Device Manager Items =============
      .
      Class GUID:
      Description:
      Device ID: ROOT\PRINTER\0000
      Manufacturer:
      Name:
      PNP Device ID: ROOT\PRINTER\0000
      Service:
      .
      ==== System Restore Points ===================
      .
      RP896: 17-10-2013 5:34:44 - Gepland herstelpunt
      RP897: 18-10-2013 14:13:05 - Gepland herstelpunt
      RP899: 20-10-2013 12:45:10 - Gepland herstelpunt
      RP900: 21-10-2013 15:33:20 - Gepland herstelpunt
      RP901: 23-10-2013 14:36:50 - Gepland herstelpunt
      RP902: 24-10-2013 10:46:47 - Gepland herstelpunt
      .
      ==== Installed Programs ======================
      .
      Update for Microsoft Office 2007 (KB2508958)
      2007 Microsoft Office system
      32 Bit HP CIO Components Installer
      7-Zip 4.64
      Aangifte inkomstenbelasting 2010
      Aangifte inkomstenbelasting 2011
      ActiveCheck component for HP Active Support Library
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 11 Plugin
      Adobe Shockwave Player 12.0
      Apple Application Support
      Apple Mobile Device Support
      Apple Software Update
      AVG 2014
      AVG Security Toolbar
      Bonjour
      Broadcom 802.11 Wireless LAN Adapter
      CCleaner
      CPQ Wallpaper
      ESU for Microsoft Vista SP1
      Google Earth
      Google Update Helper
      GoToMeeting 4.8.0.723
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      HP Common Access Service Library
      HP Customer Experience Enhancements
      HP Quick Launch Buttons
      HP Software Setup
      HP Support Assistant
      HP Update
      HP User Guides 0140
      HP Web Camera
      HP Webcam
      HP Webcam Driver
      HP Wireless Assistant
      HPAsset component for HP Active Support Library
      HPDiagnosticAlert
      HPSSupply
      IDT Audio
      Intel(R) Graphics Media Accelerator Driver
      Intel(R) TV Wizard
      Intel® Matrix Storage Manager
      iTunes
      Kaspersky Security Scan
      LightScribe System Software
      Malwarebytes Anti-Malware versie 1.75.0.1300
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 Security Update (KB2698023)
      Microsoft .NET Framework 1.1 Security Update (KB2833941)
      Microsoft .NET Framework 1.1 Security Update (KB979906)
      Microsoft .NET Framework 3.5 Language Pack SP1 - nld
      Microsoft .NET Framework 3.5 SP1
      Microsoft .NET Framework 4 Client Profile
      Microsoft .NET Framework 4 Client Profile NLD Language Pack
      Microsoft Office 2007 Service Pack 3 (SP3)
      Microsoft Office Access MUI (Dutch) 2007
      Microsoft Office Access MUI (English) 2007
      Microsoft Office Access MUI (French) 2007
      Microsoft Office Access MUI (German) 2007
      Microsoft Office Access MUI (Italian) 2007
      Microsoft Office Access Setup Metadata MUI (English) 2007
      Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
      Microsoft Office Excel MUI (Dutch) 2007
      Microsoft Office Excel MUI (English) 2007
      Microsoft Office Excel MUI (French) 2007
      Microsoft Office Excel MUI (German) 2007
      Microsoft Office Excel MUI (Italian) 2007
      Microsoft Office File Validation Add-In
      Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
      Microsoft Office Outlook MUI (Dutch) 2007
      Microsoft Office Outlook MUI (English) 2007
      Microsoft Office Outlook MUI (French) 2007
      Microsoft Office Outlook MUI (German) 2007
      Microsoft Office Outlook MUI (Italian) 2007
      Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
      Microsoft Office PowerPoint MUI (Dutch) 2007
      Microsoft Office PowerPoint MUI (English) 2007
      Microsoft Office PowerPoint MUI (French) 2007
      Microsoft Office PowerPoint MUI (German) 2007
      Microsoft Office PowerPoint MUI (Italian) 2007
      Microsoft Office Professional Hybrid 2007
      Microsoft Office Proof (Arabic) 2007
      Microsoft Office Proof (Dutch) 2007
      Microsoft Office Proof (English) 2007
      Microsoft Office Proof (French) 2007
      Microsoft Office Proof (German) 2007
      Microsoft Office Proof (Italian) 2007
      Microsoft Office Proof (Spanish) 2007
      Microsoft Office Proofing (Dutch) 2007
      Microsoft Office Proofing (English) 2007
      Microsoft Office Proofing (French) 2007
      Microsoft Office Proofing (German) 2007
      Microsoft Office Proofing (Italian) 2007
      Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
      Microsoft Office Publisher MUI (Dutch) 2007
      Microsoft Office Publisher MUI (English) 2007
      Microsoft Office Publisher MUI (French) 2007
      Microsoft Office Publisher MUI (German) 2007
      Microsoft Office Publisher MUI (Italian) 2007
      Microsoft Office Shared MUI (Dutch) 2007
      Microsoft Office Shared MUI (English) 2007
      Microsoft Office Shared MUI (French) 2007
      Microsoft Office Shared MUI (German) 2007
      Microsoft Office Shared MUI (Italian) 2007
      Microsoft Office Shared Setup Metadata MUI (English) 2007
      Microsoft Office Suite Activation Assistant
      Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
      Microsoft Office Word MUI (Dutch) 2007
      Microsoft Office Word MUI (English) 2007
      Microsoft Office Word MUI (French) 2007
      Microsoft Office Word MUI (German) 2007
      Microsoft Office Word MUI (Italian) 2007
      Microsoft Silverlight
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Mise à jour Microsoft Office Excel 2007 Help (KB963678)
      Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
      Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
      Mise à jour Microsoft Office Word 2007 Help (KB963665)
      Mozilla Firefox 24.0 (x86 en-US)
      Mozilla Maintenance Service
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      neroxml
      OGA Notifier 2.0.0048.0
      OLYMPUS ib
      OpenOffice.org 3.4.1
      PDF Complete
      QLBCASL
      QuickShare
      QuickTime
      Rapport
      Roxio Activation Module
      Roxio Creator Audio
      Roxio Creator Business
      Roxio Creator Business v10
      Roxio Creator Copy
      Roxio Creator Data
      Roxio Creator Tools
      Roxio Express Labeler 3
      Roxio MyDVD
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
      Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
      Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
      Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
      Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
      Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
      Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
      Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
      Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
      Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
      Skype Click to Call
      Skype™ 6.6
      Sonic CinePlayer Decoder Pack
      swMSM
      Synaptics Pointing Device Driver
      Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
      Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
      Trusteer Eindpuntbeveiliging
      Update für Microsoft Office Excel 2007 Help (KB963678)
      Update für Microsoft Office Outlook 2007 Help (KB963677)
      Update für Microsoft Office Powerpoint 2007 Help (KB963669)
      Update für Microsoft Office Word 2007 Help (KB963665)
      Update for 2007 Microsoft Office System (KB967642)
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
      Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
      Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
      Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
      Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
      Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
      Update for Microsoft Office 2007 Help for Common Features (KB963673)
      Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
      Update for Microsoft Office Access 2007 Help (KB963663)
      Update for Microsoft Office Excel 2007 Help (KB963678)
      Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
      Update for Microsoft Office Outlook 2007 Help (KB963677)
      Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
      Update for Microsoft Office Powerpoint 2007 Help (KB963669)
      Update for Microsoft Office Publisher 2007 Help (KB963667)
      Update for Microsoft Office Script Editor Help (KB963671)
      Update for Microsoft Office Word 2007 Help (KB963665)
      Update voor Microsoft Office Excel 2007 Help (KB963678)
      Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
      Update voor Microsoft Office Word 2007 Help (KB963665)
      Verzoek of wijziging voorlopige aanslag 2011
      Vista Default Settings
      Visual Studio 2012 x86 Redistributables
      VLC media player 2.1.0
      Vodafone Mobile Connect Lite
      Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
      Windows Live Messenger
      Xvid Video Codec
      .
      ==== End Of File ===========================

      GMER 2.1.19163 - http://www.gmer.net
      Rootkit scan 2013-10-25 16:05:04
      Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.12.0 149,05GB
      Running: bqb95tqh.exe; Driver: C:\Users\Mariposa\AppData\Local\Temp\kfwcyuog.sys


      ---- System - GMER 2.1 ----

      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x966DCA00]
      SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys ZwClose [0x9596AF70]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x966DAD00]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x966DB7A0]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x966DE4D0]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x966DE570]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x966DE940]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x969D2690]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x969D27B0]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x966DB5B0]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x969D2010]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x969D2490]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x966DD260]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x966DE7F0]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x966DE630]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x966DE6D0]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x966DE760]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x966DC910]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x966DB940]
      SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x966DE390]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x969D22D0]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x969D23B0]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x969D2110]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x969D21F0]
      SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x969D2590]
      SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys ZwCreateThreadEx [0x9596BA50]

      ---- Kernel code sections - GMER 2.1 ----

      .text ntkrnlpa.exe!KeSetEvent + 191 828B27DC 4 Bytes [00, CA, 6D, 96] {ADD DL, CL; INS DWORD [ES:EDI], DX; XCHG ESI, EAX}
      .text ntkrnlpa.exe!KeSetEvent + 1A9 828B27F4 4 Bytes [70, AF, 96, 95] {JO 0xffffffb1; XCHG ESI, EAX; XCHG EBP, EAX}
      .text ntkrnlpa.exe!KeSetEvent + 1D9 828B2824 4 Bytes [00, AD, 6D, 96]
      .text ntkrnlpa.exe!KeSetEvent + 2D1 828B291C 8 Bytes [A0, B7, 6D, 96, D0, E4, 6D, ...] {MOV AL, [0xd0966db7]; IN AL, 0x6d; XCHG ESI, EAX}
      .text ntkrnlpa.exe!KeSetEvent + 2E1 828B292C 4 Bytes [70, E5, 6D, 96] {JO 0xffffffe7; INS DWORD [ES:EDI], DX; XCHG ESI, EAX}
      .text ...
      ? C:\Users\Mariposa\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

      ---- User code sections - GMER 2.1 ----

      ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] C:\windows\system32\ntdll.dll time/date stamp mismatch;
      .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] ntdll.dll!NtProtectVirtualMemory 77854BC4 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
      ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] C:\windows\system32\kernel32.dll time/date stamp mismatch;
      .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] user32.dll!SetScrollInfo + 7A8 754E7980 4 Bytes [F0, 28, 8F, 69]
      .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] ntdll.dll!KiUserApcDispatcher 77855BB8 5 Bytes JMP 011FAB00 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
      .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] kernel32.dll!LoadLibraryExW + 173 754193DF 4 Bytes JMP 71AB000A
      .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] WS2_32.dll!getaddrinfo 7598418A 5 Bytes JMP 71A50022
      .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] WS2_32.dll!gethostbyname 759962D4 5 Bytes JMP 71AE0022
      ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] C:\windows\system32\ntdll.dll time/date stamp mismatch;
      .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] ntdll.dll!NtProtectVirtualMemory 77854BC4 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
      ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] C:\windows\system32\kernel32.dll time/date stamp mismatch;
      .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] user32.dll!SetScrollInfo + 7A8 754E7980 4 Bytes [F0, 28, 8F, 69]
      .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] ntdll.dll!KiUserApcDispatcher 77855BB8 5 Bytes JMP 00A3BAD0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
      .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] kernel32.dll!LoadLibraryExW + 173 754193DF 4 Bytes JMP 71AC000A
      .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] USER32.dll!InSendMessageEx + 3B1 754DE6B0 6 Bytes JMP 71AE001E
      .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] WS2_32.dll!getaddrinfo 7598418A 5 Bytes JMP 71A20022
      .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] WS2_32.dll!gethostbyname 759962D4 5 Bytes JMP 71A60022

      ---- Devices - GMER 2.1 ----

      AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
      AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
      AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
      AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

      ---- EOF - GMER 2.1 ----
      SMILING IS CONTAGIOUS
        • Citaat

        Comment

        • #3
          Download Zoek.zip naar het bureaublad.
          1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
          2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

          • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
          • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Kopieer nu onderstaande code en plak die in het grote invulvenster:
          • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
            Code:
            emptyclsid;
emptyfolderscheck;delete
firefoxlook; 
Chromelook; 
CHRdefaults;
autoclean; 
iedefaults; 
filesrcm;
          • Klik nu op de knop "Run script".
          • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
          • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
          • Post het geopende logje in het volgende bericht als bijlage.

          Windows 10 opstarten in Veilige Modus
            • Citaat

            Comment

            • #4
              Hallo Juisterr,
              Bedankt voor de hulp.
              Ik had geen realtime bij Malwarebytes, AVG 15 min uitgeschakeld, maar zoek duurde langer dan 15 min, melding van AVG bdreiging gevonden en toen op toestaan geklikt, is uitzondering gemaakt.
              Was dat ok?
              zoek-results.txt
              Last edited by mona; 26-10-13, 12:52.
              SMILING IS CONTAGIOUS
                • Citaat

                Comment

                • #5
                  Goed gedaan, er is flink verwijderd. Hoe staat het met de problemen?

                  Windows 10 opstarten in Veilige Modus
                    • Citaat

                    Comment

                    • #6
                      Stukken beter, nog niet heel veel op de comp gedaan, start nog wel iets langzaam op.
                      Laat je morgen meer weten.
                      Dankjewel!
                      SMILING IS CONTAGIOUS
                        • Citaat

                        Comment

                        • #7
                          Opstarten duurt ipv ruim 10 minuten nu ca 5 minuten.
                          Na ca 2,5 uur internetten melding dat firefox teveel geheugen gebruikt en CCleaner geeft een hoop registerfouten (zie bijlage).
                          Internet is veel sneller, maar sommige pagina's laden heel langzaam, en na ca een half uur gaat ie weer een stuk langzamer.
                          Maar over het geheel al een flinke vooruitgang.
                          registry CCleaner.txt
                          Heb deze registerfouten niet laten herstellen, wacht even je reactie af.
                          Bedankt!
                          SMILING IS CONTAGIOUS
                            • Citaat

                            Comment

                            • #8
                              Die fouten kan je herstellen hoor.

                              Start zoek.exe nog eens met onderstaande code aub.

                              Code:
                              startupall;
silentrunners;

                              Windows 10 opstarten in Veilige Modus
                                • Citaat

                                Comment

                                • #9
                                  Bedankt
                                  zoek-results 2.txt
                                  SMILING IS CONTAGIOUS
                                    • Citaat

                                    Comment

                                    • #10
                                      Zijn er dingen die mee opstarten die je eigenlijk niet mee wil laten opstarten?

                                      Windows 10 opstarten in Veilige Modus
                                        • Citaat

                                        Comment

                                        • #11
                                          Ik heb hier de opstarters van CCleaner, had daar al wat in gedaan.
                                          Zie er trouwens nog steeds Widgi toolbar instaan, die ik wel uitgeschakeld had/heb.
                                          Verder kan ik daar wel advies in gebruiken, weet het niet zo goed.
                                          startup Windows.txt
                                          startup FF.txt
                                          startup IE.txt
                                          Bedankt.
                                          SMILING IS CONTAGIOUS
                                            • Citaat

                                            Comment

                                            • #12
                                              Alleen in FF zo te zien, vreemd dat die niet weg is.

                                              Download Shortcut Cleaner (mirror)
                                              • Dubbelklik op sc-cleaner.exe om de tool te starten.
                                              • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                                              • Wanneer de tool gereed is krijgt u de melding "A log file called sc-cleaner.txt has been created on your desktop and will be shown automatically. This file contains those shortcuts hijacked by this malware." te zien.
                                              • Klik op Ok en plaats de inhoud van sc-cleaner.txt in het volgende bericht

                                              Windows 10 opstarten in Veilige Modus
                                                • Citaat

                                                Comment

                                                • #13
                                                  Bedankt weer
                                                  Heb net gekeken en zie dat er een nieuwe versie van CCleaner is, heb hem gedownload maar nog niet geïnstalleerd, weet niet of de instellingen worden overgenomen bij installatie.
                                                  Misschien dat dat zou helpen? Dat CCleaner oude info vast zou houden?

                                                  Shortcut Cleaner 1.2.5 by Lawrence Abrams (Grinler)
                                                  BleepingComputer
                                                  http://www.bleepingcomputer.com/
                                                  BleepingComputer.com is a premier destination for computer users of all skill levels to learn how to use and receive support for their computer.

                                                  Copyright 2008-2013 BleepingComputer.com
                                                  More Information about Shortcut Cleaner can be found at this link:
                                                  Download Shortcut Cleaner
                                                  http://www.bleepingcomputer.com/download/shortcut-cleaner/
                                                  Shortcut Cleaner is a utility that will scan your computer for Windows shortcuts that have been hijacked by unwanted or malicious software.  When Shortcut Cleaner finds bad shortcuts, it will automatically clean them so that they do not open unwanted programs.  


                                                  Windows Version: Windows Vista (TM) Home Basic Service Pack 2
                                                  Program started at: 10/28/2013 11:29:13 AM.

                                                  Scanning for registry hijacks:

                                                  * No issues found in the Registry.

                                                  Searching for Hijacked Shortcuts:

                                                  Searching C:\Users\Mariposa\AppData\Roaming\Microsoft\Windows\Start Menu\

                                                  Searching C:\ProgramData\Microsoft\Windows\Start Menu\

                                                  Searching C:\Users\Mariposa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

                                                  Searching C:\Users\Public\Desktop\

                                                  Searching C:\Users\Mariposa\Desktop


                                                  0 bad shortcuts found.

                                                  Program finished at: 10/28/2013 11:29:18 AM
                                                  Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
                                                  Last edited by mona; 28-10-13, 11:43.
                                                  SMILING IS CONTAGIOUS
                                                    • Citaat

                                                    Comment

                                                    • #14
                                                      Wil je eens kijken of je deze handmatig kan verwijderen?

                                                      Extension Widgi Toolbar Platform 6.6 Spigot, Inc. default-1346156484756 Firefox 24.0 C:\Program Files\Common Files\Spigot\wtxpcom\

                                                      Extension Widgi Toolbar Platform 6.6 Spigot, Inc. default Firefox 24.0 C:\Program Files\Common Files\Spigot\wtxpcom\

                                                      Probeer anders zoek.exe nog een met deze code.

                                                      Code:
                                                      widgi;U
Widgi Toolbar Platform;U

                                                      Windows 10 opstarten in Veilige Modus
                                                        • Citaat

                                                        Comment

                                                        • #15
                                                          Via program files enz is Spigot/Widgi niet te vinden.
                                                          In het opstartschema van CCleaner staat ook nog Iobit Apps Toolbar, die vlngs mij gelinkt is aan de Widgi Toolbar.
                                                          Ik hab alles van Iobit verwijderd maar die blijft ook maar staan.
                                                          Enfin het logje van zoek.exe in de blijlage.
                                                          Bedankt.
                                                          zoek-results 3.txt
                                                          SMILING IS CONTAGIOUS
                                                            • Citaat

                                                            Comment

                                                            Vorige 1 2 3 4 template Volgende
                                                            Sorry, you are not authorized to view this page
                                                            Working...
                                                            X
                                                            😀
                                                            🥰
                                                            🤢
                                                            😎
                                                            😡
                                                            👍
                                                            👎