Mededeling

Collapse
No announcement yet.

Widgi toolbar, melding virusinfectie af en aan

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Widgi toolbar, melding virusinfectie af en aan

    Mijn laptop is traag, AVG en Malwarebytes geeft dan wel en dan niet melding dat het systeem geinfecteerd is, firefox gebruikt teveel geheugen, widgi toolbar zou infectie zijn, heb hem uitgevinkt bij opstarten CCleaner maar kan hem kennelijk niet verwijderen.
    Heb de stappen in jullie aanwijzingen gevolgd, Kapersky meldt verschillende problemen, maar weet niet hoe ik ze allemaal kan oplossen.
    Ik plaats hier de Kapersky uitslag en de gevraagde logs.

    Detailed report
    Problems found
    Scanning date:

    Database update date:


    Product version:
    10/17/2013 09:31 PM

    10/17/2013 04:33 PM


    12.0.1.340 (b)

    Computer protection (0)
    Information about anti-virus software and firewalls installed on the computer.

    Malware (0)
    Information about malware detected on the computer.

    Vulnerabilities (1)
    Information about applications and operating system components in which vulnerabilities have been detected.
    1. C:\windows\system32\msxml4.dll

    Other issues (10)
    Information about vulnerabilities associated with the settings of installed applications and the operating system.
    1. "Process termination timeout is out of admissible values"
    2. "Service termination timeout is out of admissible values"
    3. "CD/DVD autorun is enabled"
    4. "Windows Explorer - show extensions of known file types"
    5. "Microsoft Internet Explorer - disable caching data received via protected channel"
    6. "Microsoft Internet Explorer: disable sending error reports"
    7. "Microsoft Internet Explorer: clear the list of trusted domains"
    8. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    9. "Windows Explorer: display of known file types extensions is disabled"
    10. "Microsoft Internet Explorer: start page reset"

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.10.24.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Mariposa :: PC_VAN_MARIPOSA [administrator]

    24-10-2013 14:44:00
    mbam-log-2013-10-24 (14-44-00).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 209850
    Verstreken tijd: 15 minuut/minuten, 29 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16514
    Run by Mariposa at 14:02:00 on 2013-10-25
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1015.305 [GMT 2:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVG\AVG2014\avgrsx.exe
    C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\windows\system32\SLsvc.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\IDT\WDM\aestsrv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2014\avgidsagent.exe
    C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Program Files\AVG\AVG2014\avgnsx.exe
    C:\Program Files\AVG\AVG2014\avgemcx.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\conime.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k rpcss
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=all&pf=cmnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=all&pf=cmnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=92&bd=all&pf=cmnb
    uSearchAssistant = hxxp://www.google.com
    dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\lightscribecontrolpanel.exe -hidden
    uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [MDS_Menu] c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0
    mRun: [HPCam_Menu] c:\program files\hewlett-packard\hp webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\hp webcam" updatewithcreateonce "software\cyberlink\hp webcam\1.0
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\syntpenh.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Windows Defender] c:\program files\windows defender\msascui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\hpwuschd2.exe
    dRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    dRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    TCP: Interfaces\{1751188C-182E-47DC-A643-C58DF43FC1A3} : DHCPNameServer = 62.140.138.237 62.140.140.250
    TCP: Interfaces\{29B4B703-14BD-44B7-8307-D3AE6550C334} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mariposa\appdata\roaming\mozilla\firefox\profiles\45r8uh08.default-1346592641303\
    FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
    FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-10-04 10:39; [email protected]; c:\programdata\avg secure search\firefoxext\17.0.1.12
    .
    ---- FIREFOX POLICIES ----
    # Mozilla User Preferences
    .
    /* Do not edit this file.
    *
    * If you make changes to this file while the application is running,
    * the changes will be overwritten when the application exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    */
    .
    FF - user.js: accessibility.typeaheadfind - true
    FF - user.js: accessibility.typeaheadfind.flashBar - 0
    FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1368265791
    FF - user.js: app.update.lastUpdateTime.background-update-timer - 1368310898
    FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1368266102
    FF - user.js: app.update.lastUpdateTime.browser-cleanup-thumbnails - 1368341196
    FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1368293962
    FF - user.js: browser.cache.disk.capacity - 358400
    FF - user.js: browser.cache.disk.smart_size.first_run - false
    FF - user.js: browser.cache.disk.smart_size.use_old_max - false
    FF - user.js: browser.cache.disk.smart_size_cached_value - 358400
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.download.lastDir - c:\\users\\mariposa\\documents\\rouwkaart mama
    FF - user.js: browser.download.panel.firstSessionCompleted - true
    FF - user.js: browser.download.panel.shown - true
    FF - user.js: browser.download.save_converter_index - 0
    FF - user.js: browser.feeds.showFirstRunUI - false
    FF - user.js: browser.keywordURLPromptDeclined - 1
    FF - user.js: browser.migration.version - 9
    FF - user.js: browser.newtabpage.storageVersion - 1
    FF - user.js: browser.pagethumbnails.storage_version - 2
    FF - user.js: browser.places.smartBookmarksVersion - 4
    FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
    FF - user.js: browser.rights.3.shown - true
    FF - user.js: browser.search.defaultenginename - Yahoo
    FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&ilc=12&type=800236
    FF - user.js: browser.search.useDBForOrder - true
    FF - user.js: browser.sessionstore.enabled - true
    FF - user.js: browser.startup.homepage - hxxps://www.facebook.com/
    FF - user.js: browser.startup.homepage_override.buildID - 20130409194949
    FF - user.js: browser.startup.homepage_override.mstone - 20.0.1
    FF - user.js: browser.syncPromoViewsLeftMap - {\bookmarks\:0,\passwords\:0}
    FF - user.js: browser.tabs.loadInBackground - false
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: datareporting.healthreport.currentDaySubmissionFailureCount - 0
    FF - user.js: datareporting.healthreport.lastDataSubmissionRequestedTime - 1368293119949
    FF - user.js: datareporting.healthreport.nextDataSubmissionTime - 1368380143009
    FF - user.js: datareporting.policy.dataSubmissionPolicyAccepted - true
    FF - user.js: datareporting.policy.dataSubmissionPolicyAcceptedVersion - 1
    FF - user.js: datareporting.policy.dataSubmissionPolicyNotifiedTime - 1365175482296
    FF - user.js: datareporting.policy.dataSubmissionPolicyResponseTime - 1365175499856
    FF - user.js: datareporting.policy.dataSubmissionPolicyResponseType - accepted-info-bar-button-pressed
    FF - user.js: datareporting.policy.firstRunTime - 1365112499631
    FF - user.js: datareporting.sessions.current.activeTicks - 5
    FF - user.js: datareporting.sessions.current.clean - true
    FF - user.js: datareporting.sessions.current.firstPaint - 5648
    FF - user.js: datareporting.sessions.current.main - 2012
    FF - user.js: datareporting.sessions.current.sessionRestored - 5741
    FF - user.js: datareporting.sessions.current.startTime - 1368345220119
    FF - user.js: datareporting.sessions.current.totalTime - 35511
    FF - user.js: datareporting.sessions.currentIndex - 154
    FF - user.js: datareporting.sessions.previous.120 - {\s\:1367620311126,\a\:33,\t\:227738,\c\:true,\m\:258,\fp\:2983,\sr\:3041}
    FF - user.js: datareporting.sessions.previous.121 - {\s\:1367620599598,\a\:110,\t\:678787,\c\:true,\m\:741,\fp\:3359,\sr\:3859}
    FF - user.js: datareporting.sessions.previous.122 - {\s\:1367625200395,\a\:148,\t\:1276866,\c\:true,\m\:671,\fp\:3152,\sr\:3371}
    FF - user.js: datareporting.sessions.previous.123 - {\s\:1367626482611,\a\:11,\t\:82523,\c\:true,\m\:1996,\fp\:4774,\sr\:4883}
    FF - user.js: datareporting.sessions.previous.124 - {\s\:1367655618315,\a\:491,\t\:4822610,\c\:true,\m\:3681,\fp\:17522,\sr\:17880}
    FF - user.js: datareporting.sessions.previous.125 - {\s\:1367660936876,\a\:55,\t\:280887,\c\:true,\m\:1139,\fp\:3979,\sr\:4088}
    FF - user.js: datareporting.sessions.previous.126 - {\s\:1367661803716,\a\:56,\t\:343084,\c\:true,\m\:858,\fp\:3542,\sr\:3635}
    FF - user.js: datareporting.sessions.previous.127 - {\s\:1367684669054,\a\:851,\t\:19186413,\c\:true,\m\:3869,\fp\:15072,\sr\:15728}
    FF - user.js: datareporting.sessions.previous.128 - {\s\:1367741788753,\a\:394,\t\:3895877,\c\:true,\m\:2059,\fp\:10080,\sr\:10454}
    FF - user.js: datareporting.sessions.previous.129 - {\s\:1367745713114,\a\:8,\t\:54464,\c\:true,\m\:2403,\fp\:6132,\sr\:6288}
    FF - user.js: datareporting.sessions.previous.130 - {\s\:1367748276552,\a\:392,\t\:4038794,\c\:true,\m\:343,\fp\:2825,\sr\:2918}
    FF - user.js: datareporting.sessions.previous.131 - {\s\:1367773913139,\a\:568,\t\:4521911,\c\:true,\m\:3089,\fp\:13261,\sr\:13417}
    FF - user.js: datareporting.sessions.previous.132 - {\s\:1367786358522,\a\:687,\t\:6392105,\c\:true,\m\:3868,\fp\:19579,\sr\:19984}
    FF - user.js: datareporting.sessions.previous.133 - {\s\:1367831923825,\a\:1293,\t\:12803929,\c\:true,\m\:1107,\fp\:11903,\sr\:11997}
    FF - user.js: datareporting.sessions.previous.134 - {\s\:1367873512405,\a\:429,\t\:9013798,\c\:true,\m\:1841,\fp\:12124,\sr\:12343}
    FF - user.js: datareporting.sessions.previous.135 - {\s\:1367916777748,\a\:1316,\t\:8187481,\c\:true,\m\:2559,\fp\:10329,\sr\:10625}
    FF - user.js: datareporting.sessions.previous.136 - {\s\:1367926875164,\a\:31,\t\:239188,\c\:true,\m\:998,\fp\:4183,\sr\:4292}
    FF - user.js: datareporting.sessions.previous.137 - {\s\:1367940075184,\a\:327,\t\:2095551,\c\:true,\m\:2558,\fp\:11436,\sr\:11638}
    FF - user.js: datareporting.sessions.previous.138 - {\s\:1367944353010,\a\:681,\t\:18428159,\c\:true,\m\:1217,\fp\:4665,\sr\:4837}
    FF - user.js: datareporting.sessions.previous.139 - {\s\:1367962799033,\a\:1121,\t\:8968183,\c\:true,\m\:2574,\fp\:7802,\sr\:8004}
    FF - user.js: datareporting.sessions.previous.140 - {\s\:1368005241264,\a\:1424,\t\:32939137,\c\:true,\m\:1545,\fp\:14213,\sr\:14774}
    FF - user.js: datareporting.sessions.previous.141 - {\s\:1368051095208,\a\:243,\t\:5752397,\c\:true,\m\:2075,\fp\:11905,\sr\:12451}
    FF - user.js: datareporting.sessions.previous.142 - {\s\:1368089208682,\a\:1307,\t\:20596752,\c\:true,\m\:2262,\fp\:19846,\sr\:20189}
    FF - user.js: datareporting.sessions.previous.143 - {\s\:1368130934000,\a\:1063,\t\:10056608,\c\:true,\m\:2886,\fp\:13293,\sr\:13558}
    FF - user.js: datareporting.sessions.previous.144 - {\s\:1368168225900,\a\:2877,\t\:26270083,\c\:true,\m\:3011,\fp\:13062,\sr\:13296}
    FF - user.js: datareporting.sessions.previous.145 - {\s\:1368223198389,\a\:527,\t\:6987341,\c\:true,\m\:3510,\fp\:14727,\sr\:15086}
    FF - user.js: datareporting.sessions.previous.146 - {\s\:1368261544105,\a\:1163,\t\:15134787,\c\:true,\m\:9142,\fp\:139749,\sr\:151932}
    FF - user.js: datareporting.sessions.previous.147 - {\s\:1368290235808,\a\:271,\t\:7674849,\c\:true,\m\:3448,\fp\:17475,\sr\:17929}
    FF - user.js: datareporting.sessions.previous.148 - {\s\:1368305768518,\a\:543,\t\:7258807,\c\:true,\m\:2871,\fp\:14387,\sr\:14823}
    FF - user.js: datareporting.sessions.previous.149 - {\s\:1368340642303,\a\:0,\t\:112433,\c\:false,\m\:29297,\fp\:-1,\sr\:-1}
    FF - user.js: datareporting.sessions.previous.150 - {\s\:1368340783578,\a\:1,\t\:270156,\c\:true,\m\:17316,\fp\:255201,\sr\:255248}
    FF - user.js: datareporting.sessions.previous.151 - {\s\:1368341013491,\a\:31,\t\:534263,\c\:true,\m\:6895,\fp\:60670,\sr\:60717}
    FF - user.js: datareporting.sessions.previous.152 - {\s\:1368342438815,\a\:9,\t\:82403,\c\:true,\m\:3915,\fp\:29618,\sr\:30320}
    FF - user.js: datareporting.sessions.previous.153 - {\s\:1368345195797,\a\:4,\t\:25397,\c\:true,\m\:1139,\fp\:7848,\sr\:8207}
    FF - user.js: datareporting.sessions.prunedIndex - 119
    FF - user.js: devtools.toolbox.selectedTool - inspector
    FF - user.js: dom.mozApps.used - true
    FF - user.js: dom.w3c_touch_events.expose - false
    FF - user.js: extensions.adblockplus.currentVersion - 2.2.4
    FF - user.js: extensions.adblockplus.lastRuleUpdate - 1368096841
    FF - user.js: extensions.blocklist.pingCountTotal - 232
    FF - user.js: extensions.blocklist.pingCountVersion - 30
    FF - user.js: extensions.bootstrappedAddons - {\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\version\:\2.2.4\,\type\:\extension\,\descriptor\:\c:\\\\users\\\\mariposa\\\\appdat a\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\}}
    FF - user.js: extensions.databaseSchema - 14
    FF - user.js: extensions.downloadyoutubevideosasmp.firstVersion - 6.5
    FF - user.js: extensions.downloadyoutubevideosasmp.firstrun - false
    FF - user.js: extensions.downloadyoutubevideosasmp.userId - 168e8c8c-62e7-4e47-a0bb-729375b5bbee
    FF - user.js: extensions.downloadyoutubevideosasmp.userIdLogged - true
    FF - user.js: extensions.downloadyoutubevideosasmp.version - 6.7
    FF - user.js: extensions.enabledAddons - info%40video2mp3.at:0.1,youtubeunblocker%40unblocker.yt:0.4.0,%7B553e8d3e-cc2c-451a-8a44-06ce63f9df23%7D:1.1,ascsurfingprotection%40iobit.com:1.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js: extensions.helperbar.Country - Netherlands
    FF - user.js: extensions.helperbar.DockingPositionDown - false
    FF - user.js: extensions.helperbar.SmartbarDisabled - false
    FF - user.js: extensions.helperbar.SmartbarStateMinimaized - false
    FF - user.js: extensions.helperbar.UserID - 553e8d3e-cc2c-451a-8a44-06ce63f9df23
    FF - user.js: extensions.helperbar.Visibility - false
    FF - user.js: extensions.hotfix.lastVersion - 20121019.01
    FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\windows\\\\microsoft.net\\\\framework\\\\v3.5\\\\windows presentation foundation\\\\dotnetassistantextension\,\mtime\:1270574258421}}},{\name\:\app-global\,\addons\:{\{82af8dca-6de9-405d-bd5e-43525bdad38a}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{82af8dca-6de9-405d-bd5e-43525bdad38a}\,\mtime\:1365719171018},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1365719238626}}},{\name\:\app-profile\,\addons\:{\[email protected]\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdat a\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\[email protected]\,\mtime\:1368342462044},\[email protected] 3.at\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles \\\\45r8uh08.default-1346592641303\\\\extensions\\\\[email protected]\,\mtime\:1346672790208},\[email protected] cker.yt\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profi les\\\\45r8uh08.default-1346592641303\\\\extensions\\\\[email protected]\,\mtime\:1366271848032},\{553e8d3e-cc2c-451a-8a44-06ce63f9df23}\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\ \profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\{553e8d3e-cc2c-451a-8a44-06ce63f9df23}\,\mtime\:1366511242896},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\users\\\\mariposa\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\ \profiles\\\\45r8uh08.default-1346592641303\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1368092941341}}}]
    FF - user.js: extensions.lastAppVersion - 20.0.1
    FF - user.js: extensions.lastPlatformVersion - 20.0.1
    FF - user.js: extensions.pendingOperations - false
    FF - user.js: extensions.shownSelectionUI - true
    FF - user.js: extensions.ui.dictionary.hidden - true
    FF - user.js: extensions.ui.lastCategory - addons://discover/
    FF - user.js: extensions.ui.locale.hidden - true
    FF - user.js: extentions.undefined.lastDnsTest - 379558
    FF - user.js: font.minimum-size.x-western - 13
    FF - user.js: gecko.buildID - 20130409194949
    FF - user.js: gecko.mstone - 20.0.1
    FF - user.js: idle.lastDailyNotification - 1368224411
    FF - user.js: intl.charsetmenu.browser.cache - windows-1251, UTF-8, ISO-8859-15, windows-1250, windows-1252
    FF - user.js: layout.spellcheckDefault - 0
    FF - user.js: network.cookie.prefsMigrated - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: pdfjs.database - {\files\:[{\fingerprint\:\62c6c511a909b7079421b20f3eee5\,\exists\:true,\page\:1,\zoom\:110.00000000000001,\scr ollleft\:0,\scrolltop\:701},{\fingerprint\:\f1545e149f5e10d7bc8b53e52cd7c85d\,\exists\:true,\page\:1 ,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:849},{\fingerprint\:\f7cdca128f6e11dba0ff016cb376892\,\exi sts\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:794},{\fingerprint\:\94e8849986d5b438463 7c40b953f84f\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:689},{\fingerprint\:\d 1d5907b28b8f418895c769a920631\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:727}, {\fingerprint\:\51a59129b1f9b349a827a3b2cf50999c\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\: 0,\scrolltop\:849},{\fingerprint\:\10f92fa5cd9511dba3880a95b05ee6\,\exists\:true,\page\:1,\zoom\:\au to\,\scrollleft\:0,\scrolltop\:448},{\fingerprint\:\1e4629dd346b71f8c4d66e8ec7c31cc\,\exists\:true,\ page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:539},{\fingerprint\:\deda5e9dee8d59ad94abbf862d29b3 3e\,\exists\:true,\page\:2,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:54},{\fingerprint\:\a170734cf962 864cb6811b6f19491475\,\exists\:true,\page\:2,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:667},{\fingerp rint\:\a8f3c886989f41d4a54bd69ba4af0e4\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrollt op\:427},{\fingerprint\:\1f73e258f5ae20491d7e43e739f84b42\,\exists\:true,\page\:3,\zoom\:\auto\,\scr ollleft\:0,\scrolltop\:551},{\fingerprint\:\79d51c4452a252966566a93112c66383\,\exists\:true,\page\:2 ,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:505},{\fingerprint\:\9dab4f3efec5f4bb6e6785f87f1ee5d\,\exi sts\:true,\page\:22,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:790},{\fingerprint\:\e3561f1c319243e790 17b395abeab9b0\,\exists\:true,\page\:2,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:50},{\fingerprint\:\ 53e3bf1899a41d2b34bc1a2c954a941\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:804 },{\fingerprint\:\3f34c1e79f334f2a4416cef8e4d882\,\exists\:true,\page\:4,\zoom\:\auto\,\scrollleft\: 0,\scrolltop\:222},{\fingerprint\:\c55b4eea7d85d442a3f12337e2a4b4d5\,\exists\:true,\page\:25,\zoom\: \auto\,\scrollleft\:0,\scrolltop\:525},{\fingerprint\:\7545a35f6e97418c879fbba5d5a3568\,\exists\:tru e,\page\:8,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:192},{\fingerprint\:\ef4eaa86ef43d0ae73e2ce5ce8a 9e5f\,\exists\:true,\page\:1,\zoom\:\auto\,\scrollleft\:0,\scrolltop\:689}]}
    FF - user.js: pdfjs.migrationVersion - 1
    FF - user.js: pdfjs.previousHandler.alwaysAskBeforeHandling - true
    FF - user.js: pdfjs.previousHandler.preferredAction - 4
    FF - user.js: places.database.lastMaintenance - 1367841694
    FF - user.js: places.history.expiration.transient_current_max_pages - 26596
    FF - user.js: plugin.disable_full_page_plugin_for_types - application/pdf
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: pref.advanced.javascript.disable_button.advanced - false
    FF - user.js: pref.browser.homepage.disable_button.current_page - false
    FF - user.js: print_printer - HP PSC 1400 series
    FF - user.js: printer_HP_PSC_1400_series.print_bgcolor - false
    FF - user.js: printer_HP_PSC_1400_series.print_bgimages - false
    FF - user.js: printer_HP_PSC_1400_series.print_colorspace -
    FF - user.js: printer_HP_PSC_1400_series.print_command -
    FF - user.js: printer_HP_PSC_1400_series.print_downloadfonts - false
    FF - user.js: printer_HP_PSC_1400_series.print_edge_bottom - 0
    FF - user.js: printer_HP_PSC_1400_series.print_edge_left - 0
    FF - user.js: printer_HP_PSC_1400_series.print_edge_right - 0
    FF - user.js: printer_HP_PSC_1400_series.print_edge_top - 0
    FF - user.js: printer_HP_PSC_1400_series.print_evenpages - true
    FF - user.js: printer_HP_PSC_1400_series.print_footercenter -
    FF - user.js: printer_HP_PSC_1400_series.print_footerleft - &PT
    FF - user.js: printer_HP_PSC_1400_series.print_footerright - &D
    FF - user.js: printer_HP_PSC_1400_series.print_headercenter -
    FF - user.js: printer_HP_PSC_1400_series.print_headerleft - &T
    FF - user.js: printer_HP_PSC_1400_series.print_headerright - &U
    FF - user.js: printer_HP_PSC_1400_series.print_in_color - true
    FF - user.js: printer_HP_PSC_1400_series.print_margin_bottom - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_margin_left - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_margin_right - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_margin_top - 0.5
    FF - user.js: printer_HP_PSC_1400_series.print_oddpages - true
    FF - user.js: printer_HP_PSC_1400_series.print_orientation - 0
    FF - user.js: printer_HP_PSC_1400_series.print_page_delay - 50
    FF - user.js: printer_HP_PSC_1400_series.print_paper_data - 9
    FF - user.js: printer_HP_PSC_1400_series.print_paper_height - 11,00
    FF - user.js: printer_HP_PSC_1400_series.print_paper_name -
    FF - user.js: printer_HP_PSC_1400_series.print_paper_size_type - 0
    FF - user.js: printer_HP_PSC_1400_series.print_paper_size_unit - 1
    FF - user.js: printer_HP_PSC_1400_series.print_paper_width - 8,50
    FF - user.js: printer_HP_PSC_1400_series.print_plex_name -
    FF - user.js: printer_HP_PSC_1400_series.print_resolution_name -
    FF - user.js: printer_HP_PSC_1400_series.print_reversed - false
    FF - user.js: printer_HP_PSC_1400_series.print_scaling - 1,00
    FF - user.js: printer_HP_PSC_1400_series.print_shrink_to_fit - true
    FF - user.js: printer_HP_PSC_1400_series.print_to_file - false
    FF - user.js: printer_HP_PSC_1400_series.print_to_filename -
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_bottom - 0
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_left - 0
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_right - 0
    FF - user.js: printer_HP_PSC_1400_series.print_unwriteable_margin_top - 0
    FF - user.js: privacy.cpd.downloads - false
    FF - user.js: privacy.cpd.formdata - false
    FF - user.js: privacy.cpd.history - false
    FF - user.js: privacy.cpd.sessions - false
    FF - user.js: privacy.donottrackheader.enabled - true
    FF - user.js: privacy.sanitize.migrateFx3Prefs - true
    FF - user.js: privacy.sanitize.timeSpan - 0
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: services.sync.clients.lastSync - 0
    FF - user.js: services.sync.clients.lastSyncLocal - 0
    FF - user.js: services.sync.globalScore - 0
    FF - user.js: services.sync.migrated - true
    FF - user.js: services.sync.nextSync - 0
    FF - user.js: services.sync.tabs.lastSync - 0
    FF - user.js: services.sync.tabs.lastSyncLocal - 0
    FF - user.js: spellchecker.dictionary - nl
    FF - user.js: storage.vacuum.last.index - 1
    FF - user.js: storage.vacuum.last.places.sqlite - 1367841694
    FF - user.js: toolkit.startup.last_success - 1368345222
    FF - user.js: toolkit.telemetry.prompted - 2
    FF - user.js: toolkit.telemetry.rejected - true
    FF - user.js: ui.submenuDelay - 0
    FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1370545456
    FF - user.js: xpinstall.whitelist.add -
    FF - user.js: xpinstall.whitelist.add.180 -
    FF - user.js: xpinstall.whitelist.add.36 -
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dailyPing - true|||1354282527394
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_debugMode - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_gtQueryParam - UA-25323614-7
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_inactive_by_user - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_installedPing - true|||8641348079782866
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_lastUpdate - 1354196127359|||8641354196127360
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam1 - MB131
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam2 - MB132
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=http://www.thehoodedsage.com/2011/08/how-to-heal-mind/|||8641351016324901
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showDialog - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showtoaster - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status - active
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer - hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=http://www.thehoodedsage.com/2011/08/how-to-heal-mind/|#|old_value|||8641351016350552
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toasterID - 1|||8641351016350552
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toolbar_query - not set
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2 - 6PQGgoLjbq
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name - sg_6PQGgoLjbq_active_MB131_MB132_UA-25323614-7_2012-08-11-22-34-43
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_name - Web Assistant
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_version - 2.0.0.485
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name - sg_6PQGgoLjbq_active_MB131_MB132_UA-25323614-7_2012-08-11-22-34-43
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_toolbarID - 5be4104c3a73485dbbd114243b9a298a
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.extensionFirstRun - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.lastExtensionVersion - 2.0.0.485
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.setdefaultsearch_2.0.0.485 - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.413 - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.485 - false
    FF - user.js: {336D0C35-8A85-403a-B9D2-65C292C39087}.sethomepage_2.0.0.485 - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-9-2 145720]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-9-2 223032]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-8 27448]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-9-2 209208]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22840]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-9-2 176952]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-4 37664]
    R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerber us\baseline\RapportCerberus32_56758.sys [2013-8-30 330960]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-11-12 81920]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-1-25 92216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-5 227896]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-3-31 112128]
    S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-3-31 4232704]
    .
    =============== Created Last 30 ================
    .
    2013-10-10 22:57:16 798208 ----a-w- c:\windows\system32\FntCache.dll
    2013-10-10 22:57:16 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-10-10 22:57:15 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-10-10 22:57:13 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-10-10 22:57:13 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-10-10 22:57:13 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2013-10-10 22:57:13 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-10-10 22:57:12 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-10-10 22:57:12 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2013-10-10 22:57:06 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-10-10 22:57:05 37376 ----a-w- c:\windows\system32\cdd.dll
    2013-10-10 22:57:02 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-10 22:56:55 2050048 ----a-w- c:\windows\system32\win32k.sys
    2013-10-10 22:56:14 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-10-10 22:56:14 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-10-10 22:56:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-10-10 22:56:13 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-10-10 22:56:13 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-10-10 22:56:13 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-10-10 22:56:09 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2013-10-10 22:56:06 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-10-10 22:56:02 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-10-10 22:56:00 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-10-10 22:55:54 532480 ----a-w- c:\windows\system32\comctl32.dll
    2013-10-10 22:55:44 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
    2013-10-07 18:17:33 -------- d-----w- c:\program files\Kaspersky Lab
    2013-10-07 18:17:32 -------- d-----w- c:\programdata\Kaspersky Lab
    2013-10-07 16:01:40 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ae18c35b-7078-4d3b-8259-ae328fde1e1c}\mpengine.dll
    2013-10-04 08:40:38 -------- d-----w- c:\users\mariposa\appdata\roaming\AVG2014
    2013-10-04 08:39:49 -------- d-----w- c:\users\mariposa\appdata\local\AVG Secure Search
    2013-10-04 08:39:32 -------- d-----w- c:\users\mariposa\appdata\roaming\TuneUp Software
    2013-10-04 08:39:11 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-10-04 08:39:06 -------- d-----w- c:\programdata\AVG Secure Search
    2013-10-04 08:39:04 -------- d-----w- c:\program files\common files\AVG Secure Search
    2013-10-04 08:39:01 -------- d-----w- c:\program files\AVG Secure Search
    2013-10-04 08:37:01 -------- d-----w- c:\programdata\AVG2014
    2013-10-04 08:35:59 -------- d-----w- c:\program files\AVG
    2013-10-04 08:31:08 -------- d-----w- c:\users\mariposa\appdata\local\MFAData
    2013-10-04 08:31:08 -------- d-----w- c:\users\mariposa\appdata\local\Avg2014
    2013-10-04 08:14:19 -------- d-----w- c:\program files\CCleaner
    2013-09-26 11:29:54 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
    2013-09-26 11:29:53 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
    2013-09-26 11:20:06 -------- d-----w- c:\windows\system32\x64
    2013-09-26 11:16:59 130048 ----a-w- c:\windows\system32\igfxdo.dll
    2013-09-26 11:16:58 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
    2013-09-26 11:16:57 668696 ----a-w- c:\windows\system32\igfxcfg.exe
    2013-09-26 11:16:50 4569088 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
    2013-09-26 11:16:49 2576384 ----a-w- c:\windows\system32\igd10umd32.dll
    2013-09-26 11:16:42 4112384 ----a-w- c:\windows\system32\ig4icd32.dll
    2013-09-26 11:16:41 2674688 ----a-w- c:\windows\system32\ig4dev32.dll
    2013-09-25 18:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    .
    ==================== Find3M ====================
    .
    2013-10-10 08:33:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-10 08:33:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-26 11:16:59 210432 ----a-w- c:\windows\system32\igfxdev.dll
    2013-09-26 11:16:56 536576 ----a-w- c:\windows\system32\igdumdx32.dll
    2013-09-26 11:16:56 3821568 ----a-w- c:\windows\system32\igdumd32.dll
    2013-09-26 11:16:41 173592 ----a-w- c:\windows\system32\hkcmd.exe
    2013-09-26 11:16:40 94208 ----a-w- c:\windows\system32\hccutils.dll
    2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-10 21:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2013-09-10 20:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2013-09-08 20:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-09-02 08:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-09-02 08:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-09-02 08:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-09-02 08:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-08-15 15:31:14 268968 ----a-w- c:\windows\system32\sqlite3.dll
    2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-01 14:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    .
    ============= FINISH: 14:03:31,96 ===============


    Alvast bedankt
    SMILING IS CONTAGIOUS

  • #2
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 31-3-2010 16:09:34
    System Uptime: 25-10-2013 10:30:24 (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 308A
    Processor: Intel(R) Celeron(R) CPU 570 @ 2.26GHz | U10 | 2261/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 139 GiB total, 41,285 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 2,026 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\PRINTER\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP896: 17-10-2013 5:34:44 - Gepland herstelpunt
    RP897: 18-10-2013 14:13:05 - Gepland herstelpunt
    RP899: 20-10-2013 12:45:10 - Gepland herstelpunt
    RP900: 21-10-2013 15:33:20 - Gepland herstelpunt
    RP901: 23-10-2013 14:36:50 - Gepland herstelpunt
    RP902: 24-10-2013 10:46:47 - Gepland herstelpunt
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    32 Bit HP CIO Components Installer
    7-Zip 4.64
    Aangifte inkomstenbelasting 2010
    Aangifte inkomstenbelasting 2011
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2014
    AVG Security Toolbar
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    CCleaner
    CPQ Wallpaper
    ESU for Microsoft Vista SP1
    Google Earth
    Google Update Helper
    GoToMeeting 4.8.0.723
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Common Access Service Library
    HP Customer Experience Enhancements
    HP Quick Launch Buttons
    HP Software Setup
    HP Support Assistant
    HP Update
    HP User Guides 0140
    HP Web Camera
    HP Webcam
    HP Webcam Driver
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPDiagnosticAlert
    HPSSupply
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Kaspersky Security Scan
    LightScribe System Software
    Malwarebytes Anti-Malware versie 1.75.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Access MUI (German) 2007
    Microsoft Office Access MUI (Italian) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office Excel MUI (German) 2007
    Microsoft Office Excel MUI (Italian) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office Outlook MUI (German) 2007
    Microsoft Office Outlook MUI (Italian) 2007
    Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office PowerPoint MUI (German) 2007
    Microsoft Office PowerPoint MUI (Italian) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Italian) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Proofing (German) 2007
    Microsoft Office Proofing (Italian) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Publisher MUI (German) 2007
    Microsoft Office Publisher MUI (Italian) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Shared MUI (German) 2007
    Microsoft Office Shared MUI (Italian) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Office Word MUI (German) 2007
    Microsoft Office Word MUI (Italian) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
    Mise à jour Microsoft Office Word 2007 Help (KB963665)
    Mozilla Firefox 24.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    neroxml
    OGA Notifier 2.0.0048.0
    OLYMPUS ib
    OpenOffice.org 3.4.1
    PDF Complete
    QLBCASL
    QuickShare
    QuickTime
    Rapport
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Business
    Roxio Creator Business v10
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
    Skype Click to Call
    Skype™ 6.6
    Sonic CinePlayer Decoder Pack
    swMSM
    Synaptics Pointing Device Driver
    Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    Trusteer Eindpuntbeveiliging
    Update für Microsoft Office Excel 2007 Help (KB963678)
    Update für Microsoft Office Outlook 2007 Help (KB963677)
    Update für Microsoft Office Powerpoint 2007 Help (KB963669)
    Update für Microsoft Office Word 2007 Help (KB963665)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    Verzoek of wijziging voorlopige aanslag 2011
    Vista Default Settings
    Visual Studio 2012 x86 Redistributables
    VLC media player 2.1.0
    Vodafone Mobile Connect Lite
    Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    Windows Live Messenger
    Xvid Video Codec
    .
    ==== End Of File ===========================

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-10-25 16:05:04
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.12.0 149,05GB
    Running: bqb95tqh.exe; Driver: C:\Users\Mariposa\AppData\Local\Temp\kfwcyuog.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x966DCA00]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys ZwClose [0x9596AF70]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x966DAD00]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x966DB7A0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x966DE4D0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x966DE570]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x966DE940]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x969D2690]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x969D27B0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x966DB5B0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x969D2010]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0x969D2490]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x966DD260]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x966DE7F0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x966DE630]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x966DE6D0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x966DE760]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x966DC910]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x966DB940]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x966DE390]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x969D22D0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x969D23B0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x969D2110]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x969D21F0]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x969D2590]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys ZwCreateThreadEx [0x9596BA50]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!KeSetEvent + 191 828B27DC 4 Bytes [00, CA, 6D, 96] {ADD DL, CL; INS DWORD [ES:EDI], DX; XCHG ESI, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 1A9 828B27F4 4 Bytes [70, AF, 96, 95] {JO 0xffffffb1; XCHG ESI, EAX; XCHG EBP, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 1D9 828B2824 4 Bytes [00, AD, 6D, 96]
    .text ntkrnlpa.exe!KeSetEvent + 2D1 828B291C 8 Bytes [A0, B7, 6D, 96, D0, E4, 6D, ...] {MOV AL, [0xd0966db7]; IN AL, 0x6d; XCHG ESI, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 2E1 828B292C 4 Bytes [70, E5, 6D, 96] {JO 0xffffffe7; INS DWORD [ES:EDI], DX; XCHG ESI, EAX}
    .text ...
    ? C:\Users\Mariposa\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

    ---- User code sections - GMER 2.1 ----

    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] C:\windows\system32\ntdll.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] ntdll.dll!NtProtectVirtualMemory 77854BC4 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] C:\windows\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1196] user32.dll!SetScrollInfo + 7A8 754E7980 4 Bytes [F0, 28, 8F, 69]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] ntdll.dll!KiUserApcDispatcher 77855BB8 5 Bytes JMP 011FAB00 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] kernel32.dll!LoadLibraryExW + 173 754193DF 4 Bytes JMP 71AB000A
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] WS2_32.dll!getaddrinfo 7598418A 5 Bytes JMP 71A50022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1308] WS2_32.dll!gethostbyname 759962D4 5 Bytes JMP 71AE0022
    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] C:\windows\system32\ntdll.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] ntdll.dll!NtProtectVirtualMemory 77854BC4 5 Bytes JMP 698F1986 C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
    ? C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] C:\windows\system32\kernel32.dll time/date stamp mismatch;
    .text C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[1956] user32.dll!SetScrollInfo + 7A8 754E7980 4 Bytes [F0, 28, 8F, 69]
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] ntdll.dll!KiUserApcDispatcher 77855BB8 5 Bytes JMP 00A3BAD0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] kernel32.dll!LoadLibraryExW + 173 754193DF 4 Bytes JMP 71AC000A
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] USER32.dll!InSendMessageEx + 3B1 754DE6B0 6 Bytes JMP 71AE001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] WS2_32.dll!getaddrinfo 7598418A 5 Bytes JMP 71A20022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[4060] WS2_32.dll!gethostbyname 759962D4 5 Bytes JMP 71A60022

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

    ---- EOF - GMER 2.1 ----
    SMILING IS CONTAGIOUS

    Comment


    • #3
      Download Zoek.zip naar het bureaublad.
      1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
      2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

      • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
      • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
        Code:
        emptyclsid;
        emptyfolderscheck;delete
        firefoxlook; 
        Chromelook; 
        CHRdefaults;
        autoclean; 
        iedefaults; 
        filesrcm;
      • Klik nu op de knop "Run script".
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Hallo Juisterr,
        Bedankt voor de hulp.
        Ik had geen realtime bij Malwarebytes, AVG 15 min uitgeschakeld, maar zoek duurde langer dan 15 min, melding van AVG bdreiging gevonden en toen op toestaan geklikt, is uitzondering gemaakt.
        Was dat ok?
        zoek-results.txt
        Last edited by mona; 26-10-13, 12:52.
        SMILING IS CONTAGIOUS

        Comment


        • #5
          Goed gedaan, er is flink verwijderd. Hoe staat het met de problemen?

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Stukken beter, nog niet heel veel op de comp gedaan, start nog wel iets langzaam op.
            Laat je morgen meer weten.
            Dankjewel!
            SMILING IS CONTAGIOUS

            Comment


            • #7
              Opstarten duurt ipv ruim 10 minuten nu ca 5 minuten.
              Na ca 2,5 uur internetten melding dat firefox teveel geheugen gebruikt en CCleaner geeft een hoop registerfouten (zie bijlage).
              Internet is veel sneller, maar sommige pagina's laden heel langzaam, en na ca een half uur gaat ie weer een stuk langzamer.
              Maar over het geheel al een flinke vooruitgang.
              registry CCleaner.txt
              Heb deze registerfouten niet laten herstellen, wacht even je reactie af.
              Bedankt!
              SMILING IS CONTAGIOUS

              Comment


              • #8
                Die fouten kan je herstellen hoor.

                Start zoek.exe nog eens met onderstaande code aub.

                Code:
                startupall;
                silentrunners;

                Windows 10 opstarten in Veilige Modus

                Comment


                • #9
                  Bedankt
                  zoek-results 2.txt
                  SMILING IS CONTAGIOUS

                  Comment


                  • #10
                    Zijn er dingen die mee opstarten die je eigenlijk niet mee wil laten opstarten?

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      Ik heb hier de opstarters van CCleaner, had daar al wat in gedaan.
                      Zie er trouwens nog steeds Widgi toolbar instaan, die ik wel uitgeschakeld had/heb.
                      Verder kan ik daar wel advies in gebruiken, weet het niet zo goed.
                      startup Windows.txt
                      startup FF.txt
                      startup IE.txt
                      Bedankt.
                      SMILING IS CONTAGIOUS

                      Comment


                      • #12
                        Alleen in FF zo te zien, vreemd dat die niet weg is.

                        Download Shortcut Cleaner (mirror)
                        • Dubbelklik op sc-cleaner.exe om de tool te starten.
                        • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                        • Wanneer de tool gereed is krijgt u de melding "A log file called sc-cleaner.txt has been created on your desktop and will be shown automatically. This file contains those shortcuts hijacked by this malware." te zien.
                        • Klik op Ok en plaats de inhoud van sc-cleaner.txt in het volgende bericht

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Bedankt weer
                          Heb net gekeken en zie dat er een nieuwe versie van CCleaner is, heb hem gedownload maar nog niet geïnstalleerd, weet niet of de instellingen worden overgenomen bij installatie.
                          Misschien dat dat zou helpen? Dat CCleaner oude info vast zou houden?

                          Shortcut Cleaner 1.2.5 by Lawrence Abrams (Grinler)
                          http://www.bleepingcomputer.com/
                          Copyright 2008-2013 BleepingComputer.com
                          More Information about Shortcut Cleaner can be found at this link:
                          http://www.bleepingcomputer.com/down...rtcut-cleaner/

                          Windows Version: Windows Vista (TM) Home Basic Service Pack 2
                          Program started at: 10/28/2013 11:29:13 AM.

                          Scanning for registry hijacks:

                          * No issues found in the Registry.

                          Searching for Hijacked Shortcuts:

                          Searching C:\Users\Mariposa\AppData\Roaming\Microsoft\Windows\Start Menu\

                          Searching C:\ProgramData\Microsoft\Windows\Start Menu\

                          Searching C:\Users\Mariposa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

                          Searching C:\Users\Public\Desktop\

                          Searching C:\Users\Mariposa\Desktop


                          0 bad shortcuts found.

                          Program finished at: 10/28/2013 11:29:18 AM
                          Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
                          Last edited by mona; 28-10-13, 11:43.
                          SMILING IS CONTAGIOUS

                          Comment


                          • #14
                            Wil je eens kijken of je deze handmatig kan verwijderen?

                            Extension Widgi Toolbar Platform 6.6 Spigot, Inc. default-1346156484756 Firefox 24.0 C:\Program Files\Common Files\Spigot\wtxpcom\

                            Extension Widgi Toolbar Platform 6.6 Spigot, Inc. default Firefox 24.0 C:\Program Files\Common Files\Spigot\wtxpcom\

                            Probeer anders zoek.exe nog een met deze code.

                            Code:
                            widgi;U
                            Widgi Toolbar Platform;U

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Via program files enz is Spigot/Widgi niet te vinden.
                              In het opstartschema van CCleaner staat ook nog Iobit Apps Toolbar, die vlngs mij gelinkt is aan de Widgi Toolbar.
                              Ik hab alles van Iobit verwijderd maar die blijft ook maar staan.
                              Enfin het logje van zoek.exe in de blijlage.
                              Bedankt.
                              zoek-results 3.txt
                              SMILING IS CONTAGIOUS

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X