Need Help! Crack.45155

Why · 10-18-2009, 04:15 AM

By downloading a wrong file I got this file: crack.45155.

I run it, and after that it disappeared. So I was warned, I checked the processes and nothing was strange or something. But my ie and firefox don't work anymore (I'm in safe mode now). And at a reboot suddenly half of the processes are gone! Please help!

Why · 10-18-2009, 04:54 AM

This is a scan from OTS:

(maybe the b.exe and d.exe?)

Code:

OTS logfile created on: 18-10-2009 12:37:39 - Run 3
OTS by OldTimer - Version 3.0.22.0     Folder = C:\Users\Mathijs\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
 
1,93 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 56,30% Memory free
4,00 Gb Paging File | 3,04 Gb Available in Paging File | 76,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 59,44 Gb Free Space | 53,27% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 102,34 Gb Free Space | 91,75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC_VAN_MATHIJS
Current User Name: Mathijs
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 7 Days
 
[Processes - Safe List]
agentsvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -> [2008-03-03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009-07-09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.)
backupsvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2008-04-06 23:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.)
bcmsqlstartupsvc.exe -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008-01-16 11:16:44 | 00,030,312 | ---- | M] (Microsoft Corporation)
bkuptray.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe -> [2008-04-06 23:42:36 | 00,034,040 | ---- | M] ()
cgvpncliservice.exe -> D:\Program Files\CyberGhost VPN\CGVPNCliService.exe -> [2008-11-20 15:07:54 | 01,940,992 | ---- | M] (mobile concepts GmbH)
chrome.exe -> C:\Users\Mathijs\AppData\Local\Google\Chrome\Application\chrome.exe -> [2009-10-09 20:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Users\Mathijs\AppData\Local\Google\Chrome\Application\chrome.exe -> [2009-10-09 20:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Users\Mathijs\AppData\Local\Google\Chrome\Application\chrome.exe -> [2009-10-09 20:24:55 | 00,919,024 | ---- | M] (Google Inc.)
chrome.exe -> C:\Users\Mathijs\AppData\Local\Google\Chrome\Application\chrome.exe -> [2009-10-09 20:24:55 | 00,919,024 | ---- | M] (Google Inc.)
conime.exe -> C:\Windows\System32\conime.exe -> [2009-04-11 08:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation)
conime.exe -> C:\Windows\System32\conime.exe -> [2009-04-11 08:27:28 | 00,069,120 | ---- | M] (Microsoft Corporation)
etservice.exe -> C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -> [2008-03-21 14:22:52 | 00,024,576 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009-04-11 08:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
fameh32.exe -> C:\Program Files\PC Veilig\Common\FAMEH32.EXE -> [2008-09-23 15:37:18 | 00,404,064 | ---- | M] (F-Secure Corporation)
fch32.exe -> C:\Program Files\PC Veilig\Common\FCH32.EXE -> [2008-09-23 15:37:18 | 00,125,592 | ---- | M] (F-Secure Corporation)
fsaua.exe -> C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe -> [2008-09-23 15:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation)
fsma32.exe -> C:\Program Files\PC Veilig\Common\FSMA32.EXE -> [2008-09-23 15:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation)
fsmb32.exe -> C:\Program Files\PC Veilig\Common\FSMB32.EXE -> [2008-09-23 15:37:20 | 00,232,088 | ---- | M] (F-Secure Corporation)
fsorsp.exe -> C:\Program Files\PC Veilig\ORSP Client\fsorsp.exe -> [2008-09-23 15:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation)
fspc.exe -> C:\Program Files\PC Veilig\FSPC\fspc.exe -> [2008-09-23 15:37:28 | 00,686,688 | ---- | M] (F-Secure Corporation)
fsqh.exe -> C:\Program Files\PC Veilig\Anti-Virus\fsqh.exe -> [2008-09-23 15:35:14 | 00,043,680 | ---- | M] (F-Secure Corporation)
fsus.exe -> C:\Program Files\PC Veilig\FSAUA\program\fsus.exe -> [2008-11-18 16:56:48 | 00,174,688 | ---- | M] (F-Secure Corporation)
hkcmd.exe -> C:\Windows\System32\hkcmd.exe -> [2008-07-17 01:31:14 | 00,170,520 | ---- | M] (Intel Corporation)
hsssrv.exe -> D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -> [2009-09-15 22:04:58 | 00,331,824 | ---- | M] (AnchorFree Inc.)
igfxpers.exe -> C:\Windows\System32\igfxpers.exe -> [2008-07-17 01:31:36 | 00,145,944 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\Windows\System32\igfxsrvc.exe -> [2008-07-17 01:31:38 | 00,256,536 | ---- | M] (Intel Corporation)
igfxtray.exe -> C:\Windows\System32\igfxtray.exe -> [2008-07-17 01:31:42 | 00,150,040 | ---- | M] (Intel Corporation)
iviregmgr.exe -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007-01-04 19:48:50 | 00,112,152 | ---- | M] (InterVideo)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007-01-17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -> [2003-06-20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
mobilityservice.exe -> C:\Acer\Mobility Center\MobilityService.exe -> [2007-12-06 17:15:28 | 00,110,592 | ---- | M] ()
openvpnas.exe -> D:\Program Files\Hotspot Shield\bin\openvpnas.exe -> [2009-09-15 22:28:52 | 00,204,848 | ---- | M] ()
ots (1).exe -> C:\Users\Mathijs\Downloads\OTS (1).exe -> [2009-10-18 12:36:52 | 00,519,168 | ---- | M] (OldTimer Tools)
psiservice_2.exe -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007-07-24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2008-05-21 04:06:00 | 06,144,000 | ---- | M] (Realtek Semiconductor)
rthdvcpl.exe -> C:\Windows\RtHDVCpl.exe -> [2008-05-21 04:06:00 | 06,144,000 | ---- | M] (Realtek Semiconductor)
rtkbtmnt.exe -> C:\Users\Mathijs\AppData\Local\Temp\RtkBtMnt.exe -> [2009-09-01 17:17:26 | 00,204,800 | ---- | M] (Realtek Semiconductor Corp.)
schedulersvc.exe -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2008-04-04 04:03:14 | 00,131,072 | ---- | M] ()
sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe -> [2009-04-11 08:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
sidebar.exe -> C:\Program Files\Windows Sidebar\sidebar.exe -> [2009-04-11 08:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
sqlbrowser.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008-11-24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation)
sqlwriter.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008-11-24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
wlidsvc.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009-03-30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation)
wlidsvcm.exe -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe -> [2009-03-30 16:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation)
wmpnetwk.exe -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008-01-21 04:25:56 | 00,896,512 | ---- | M] (Microsoft Corporation)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\WMPNSCFG.exe -> [2008-01-21 04:25:56 | 00,202,240 | ---- | M] (Microsoft Corporation)
wvsscheduler.exe -> D:\Program Files\Web Vulnerability Scanner 6\WVSScheduler.exe -> [2008-11-24 12:46:26 | 00,994,952 | ---- | M] (Acunetix Ltd.)
 
[Win32 Services - Safe List]
(AcuWVSSchedulerv6) Acunetix WVS Scheduler v6 [Win32_Own | Auto | Running] -> D:\Program Files\Web Vulnerability Scanner 6\WVSScheduler.exe -> [2008-11-24 12:46:26 | 00,994,952 | ---- | M] (Acunetix Ltd.)
(Apple Mobile Device) Mobiel Apple apparaat [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009-07-09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.)
(BcmSqlStartupSvc) Opstartservice voor SQL Server voor Business Contact Manager [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -> [2008-01-16 11:16:44 | 00,030,312 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour-service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(BUNAgentSvc) NTI Backup Now 5 Agent Service [Win32_Own | Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -> [2008-03-03 14:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.)
(CGVPNCliSrvc) CyberGhost VPN Client [Win32_Own | Auto | Running] -> D:\Program Files\CyberGhost VPN\CGVPNCliService.exe -> [2008-11-20 15:07:54 | 01,940,992 | ---- | M] (mobile concepts GmbH)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009-03-30 06:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation)
(ETService) Empowering Technology Service [Win32_Own | Auto | Running] -> C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -> [2008-03-21 14:22:52 | 00,024,576 | ---- | M] ()
(Eventlog) Windows Event Log [Win32_Shared | Auto | Running] -> C:\Windows\System32\wevtsvc.dll -> [2009-04-11 08:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation)
(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Stopped] -> C:\Program Files\PC Veilig\Anti-Virus\fsgk32st.exe -> [2009-09-01 20:25:56 | 00,215,648 | ---- | M] (F-Secure Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009-10-17 22:51:43 | 00,655,624 | ---- | M] (Acresso Software Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2009-02-18 20:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation)
(FSAUA) F-Secure Automatic Update Agent [Win32_Own | On_Demand | Running] -> C:\Program Files\PC Veilig\FSAUA\program\fsaua.exe -> [2008-09-23 15:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation)
(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Stopped] -> C:\Program Files\PC Veilig\FWES\Program\fsdfwd.exe -> [2008-09-23 15:35:40 | 00,510,560 | ---- | M] ()
(FSMA) FSMA [Win32_Own | Auto | Running] -> C:\Program Files\PC Veilig\Common\FSMA32.EXE -> [2008-09-23 15:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation)
(FSORSPClient) F-Secure ORSP Client [Win32_Own | On_Demand | Running] -> C:\Program Files\PC Veilig\ORSP Client\fsorsp.exe -> [2008-09-23 15:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation)
(GoogleDesktopManager-080708-050100) Google Desktop Manager 5.7.808.7150 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2009-09-01 16:58:43 | 00,024,064 | ---- | M] (Google)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-09-01 16:58:53 | 00,138,168 | ---- | M] (Google)
(HotspotShieldService) Hotspot Shield Service [Win32_Own | Auto | Running] -> D:\Program Files\Hotspot Shield\bin\openvpnas.exe -> [2009-09-15 22:28:52 | 00,204,848 | ---- | M] ()
(HssSrv) Hotspot Shield Routing Service [Win32_Own | Auto | Running] -> D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -> [2009-09-15 22:04:58 | 00,331,824 | ---- | M] (AnchorFree Inc.)
(HssTrayService) Hotspot Shield Tray Service [Win32_Own | On_Demand | Stopped] -> D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -> [2009-09-15 22:29:04 | 00,057,640 | ---- | M] ()
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2009-02-18 20:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod-service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009-09-21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.)
(Irmon) Infrared Monitor-service [Win32_Shared | Auto | Running] -> C:\Windows\System32\irmon.dll -> [2006-11-02 11:46:05 | 00,017,920 | ---- | M] (Microsoft Corporation)
(IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -> [2007-01-04 19:48:50 | 00,112,152 | ---- | M] (InterVideo)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2007-01-17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -> [2003-06-20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MobilityService) MobilityService [Win32_Own | Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2007-12-06 17:15:28 | 00,110,592 | ---- | M] ()
(MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2009-05-27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Win32_Own | Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2008-11-24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2009-02-18 20:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation)
(NTIBackupSvc) NTI Backup Now 5 Backup Service [Win32_Own | Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2008-04-06 23:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.)
(NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Win32_Own | Auto | Running] -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2008-04-04 04:03:14 | 00,131,072 | ---- | M] ()
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(PSI_SVC_2) Protexis Licensing V2 [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2007-07-24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.)
(SQLBrowser) SQL Server-browser [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008-11-24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation)
(SQLWriter) SQL Server VSS Writer [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008-11-24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Win32_Shared | Auto | Stopped] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008-01-21 04:23:59 | 00,272,952 | ---- | M] (Microsoft Corporation)
(wlidsvc) Windows Live ID Sign-in Assistant [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -> [2009-03-30 16:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing-service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008-01-21 04:25:56 | 00,896,512 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(adfs) adfs [Kernel | Auto | Running] -> C:\Windows\System32\drivers\adfs.sys -> [2008-08-14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2008-01-21 04:23:45 | 00,422,968 | ---- | M] (Adaptec, Inc.)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2008-01-21 04:23:50 | 00,300,600 | ---- | M] (Adaptec, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2008-01-21 04:23:50 | 00,101,432 | ---- | M] (Adaptec, Inc.)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2008-01-21 04:23:51 | 00,149,560 | ---- | M] (Adaptec, Inc.)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2008-01-21 04:23:26 | 00,017,464 | ---- | M] (Acer Laboratories Inc.)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2008-01-21 04:23:48 | 00,079,416 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2008-01-21 04:23:49 | 00,079,928 | ---- | M] (Adaptec, Inc.)
(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\athr.sys -> [2009-04-09 15:59:48 | 00,958,464 | ---- | M] (Atheros Communications, Inc.)
(b57nd60x) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\b57nd60x.sys -> [2008-03-28 13:44:56 | 00,210,432 | ---- | M] (Broadcom Corporation)
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.)
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2008-01-21 04:23:26 | 00,019,000 | ---- | M] (CMD Technology, Inc.)
(DKbFltr) Dritek Keyboard Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\DKbFltr.sys -> [2006-11-03 07:29:36 | 00,021,264 | ---- | M] (Dritek System Inc.)
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\E1G60I32.sys -> [2008-01-21 04:23:49 | 00,118,784 | ---- | M] (Intel Corporation)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2008-01-21 04:23:46 | 00,342,584 | ---- | M] (Emulex)
(F-Secure Filter) F-Secure File System Filter [Kernel | Disabled | Stopped] -> C:\Program Files\PC Veilig\Anti-Virus\Win2K\FSfilter.sys -> [2008-09-23 15:35:18 | 00,039,776 | ---- | M] ()
(F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | On_Demand | Running] -> C:\Program Files\PC Veilig\Anti-Virus\minifilter\fsgk.sys -> [2009-10-15 17:12:00 | 00,101,496 | ---- | M] ()
(F-Secure HIPS) F-Secure HIPS Driver [Kernel | System | Running] -> C:\Program Files\PC Veilig\HIPS\drivers\fshs.sys -> [2008-09-23 15:37:06 | 00,066,720 | ---- | M] (F-Secure Corporation)
(F-Secure Recognizer) F-Secure File System Recognizer [Kernel | Disabled | Stopped] -> C:\Program Files\PC Veilig\Anti-Virus\Win2K\FSrec.sys -> [2008-09-23 15:35:18 | 00,025,184 | ---- | M] ()
(fsbts) fsbts [Kernel | Boot | Running] -> C:\Windows\system32\Drivers\fsbts.sys -> [2009-09-01 20:29:21 | 00,033,920 | ---- | M] ()
(FSES) F-Secure Email Scanning Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\fses.sys -> [2008-09-23 15:35:30 | 00,035,552 | ---- | M] (F-Secure Corporation)
(FSFW) F-Secure Firewall Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\fsdfw.sys -> [2008-09-23 15:35:38 | 00,070,944 | ---- | M] (F-Secure Corporation)
(fsvista) F-Secure Vista Support Driver [Kernel | System | Running] -> C:\Program Files\PC Veilig\Anti-Virus\minifilter\fsvista.sys -> [2008-09-23 15:35:16 | 00,012,384 | ---- | M] ()
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -> [2009-05-18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2008-01-21 04:23:51 | 00,040,504 | ---- | M] (Hewlett-Packard Company)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\VSTAZL3.SYS -> [2008-01-21 04:23:47 | 00,200,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\VSTDPV3.SYS -> [2008-01-21 04:23:47 | 00,987,648 | ---- | M] (Conexant Systems, Inc.)
(HssDrv) Hotspot Shield Helper Miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\HssDrv.sys -> [2009-09-15 22:04:58 | 00,037,376 | ---- | M] (AnchorFree Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2008-01-21 04:23:47 | 00,235,064 | ---- | M] (Intel Corporation)
(igfx) igfx [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\igdkmd32.sys -> [2008-07-11 20:20:10 | 02,381,312 | ---- | M] (Intel Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(int15) int15 [Kernel | Auto | Running] -> C:\Windows\System32\drivers\int15.sys -> [2008-03-21 11:48:24 | 00,015,392 | ---- | M] (Acer, Inc.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2008-05-21 04:01:00 | 02,143,136 | ---- | M] (Realtek Semiconductor Corp.)
(IntcHdmiAddService) Intel(R) High Definition Audio HDMI [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\IntcHdmi.sys -> [2008-06-30 15:52:26 | 00,112,128 | ---- | M] (Intel(R) Corporation)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2008-01-21 04:23:48 | 00,096,312 | ---- | M] (LSI Logic)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2008-01-21 04:23:50 | 00,089,656 | ---- | M] (LSI Logic)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2008-01-21 04:23:47 | 00,096,312 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2008-01-21 04:23:51 | 00,031,288 | ---- | M] (LSI Corporation)
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasr.sys -> [2008-01-21 04:23:51 | 00,386,616 | ---- | M] (LSI Corporation, Inc.)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation)
(npf) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\npf.sys -> [2009-07-06 08:47:46 | 00,034,064 | ---- | M] (CACE Technologies)
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\nscirda.sys -> [2008-01-21 04:23:47 | 00,030,720 | ---- | M] (National Semiconductor Corporation)
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\NTIDrvr.sys -> [2008-01-31 03:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies)
(nvraid) NVIDIA nForce RAID Driver    [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2008-01-21 04:23:45 | 00,102,968 | ---- | M] (NVIDIA Corporation)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2008-01-21 04:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2008-01-21 04:23:49 | 01,122,360 | ---- | M] (QLogic Corporation)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation)
(regi) regi [Kernel | Auto | Running] -> C:\Windows\System32\drivers\regi.sys -> [2007-04-17 20:09:28 | 00,011,032 | ---- | M] (InterVideo)
(SCDEmu) SCDEmu [Kernel | System | Running] -> C:\Windows\System32\drivers\scdemu.sys -> [2007-08-07 02:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.)
(secdrv) Security Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\secdrv.sys -> [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2008-01-21 04:23:51 | 00,074,808 | ---- | M] (Silicon Integrated Systems)
(ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ssm_bus.sys -> [2005-08-30 02:47:38 | 00,058,320 | ---- | M] (MCCI)
(ssm_mdfl) SAMSUNG Mobile USB Modem II 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ssm_mdfl.sys -> [2007-05-02 11:12:36 | 00,015,112 | ---- | M] (MCCI Corporation)
(ssm_mdm) SAMSUNG Mobile USB Modem II 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\ssm_mdm.sys -> [2007-05-02 11:12:36 | 00,109,704 | ---- | M] (MCCI Corporation)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\SynTP.sys -> [2008-02-22 21:50:48 | 00,198,064 | ---- | M] (Synaptics, Inc.)
(tap0901) TAP-Win32 Adapter V9 [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\tap0901.sys -> [2008-08-01 00:42:02 | 00,025,216 | ---- | M] (The OpenVPN Project)
(taphss) Anchorfree HSS Adapter [Kernel | On_Demand | Running] -> C:\Windows\System32\DRIVERS\taphss.sys -> [2009-09-15 22:04:58 | 00,032,768 | ---- | M] (AnchorFree Inc)
(TIEHDUSB) TIEHDUSB [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tiehdusb.sys -> [2004-02-04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated)
(TpChoice) Touch Pad Detection Filter driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\TpChoice.sys -> [2007-12-26 08:23:10 | 00,017,968 | ---- | M] (Alps Electric Co., Ltd.)
(UBHelper) UBHelper [Kernel | Boot | Running] -> C:\Windows\System32\drivers\UBHelper.sys -> [2008-01-31 03:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2008-01-21 04:23:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2008-01-21 04:23:47 | 00,115,816 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\Drivers\usbaapl.sys -> [2009-08-28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2008-01-21 04:23:26 | 00,020,024 | ---- | M] (VIA Technologies, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2008-01-21 04:23:48 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> C:\Windows\System32\DRIVERS\VSTCNXT3.SYS -> [2008-01-21 04:23:47 | 00,654,336 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vz32&d=0909&m=extensa_5630 -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\] > -> -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vz32&d=0909&m=extensa_5630 -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: Main\\"Local Page" -> C:\Windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: Main\\"Start Page" -> http://www.google.nl -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Mathijs\AppData\Roaming\Mozilla\FireFox\Profiles\svzwrooe.default\prefs.js -> 
browser.startup.homepage -> "http://www.dalton-dordrecht.nl/Basis/BasisFrameset.html" ->
extensions.enabledItems -> dvscontextmenuy@dvdvideosoft.com:1.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.3 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 ->
< FireFox Settings [User.js] > -> C:\Users\Mathijs\AppData\Roaming\Mozilla\FireFox\Profiles\svzwrooe.default\user.js -> 
network.proxy.type -> 0 ->
network.proxy.http -> "" ->
network.proxy.http_port ->  ->
network.proxy.no_proxies_on -> "" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009-09-04 18:25:39 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009-09-11 08:19:28 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009-10-16 20:43:17 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Users\Mathijs\AppData\Roaming\mozilla\Extensions -> [2009-09-01 20:42:39 | 00,000,000 | ---D | M]
 -> C:\Users\Mathijs\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009-09-01 20:42:39 | 00,000,000 | ---D | M]
 -> C:\Users\Mathijs\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009-09-01 20:42:39 | 00,000,000 | ---D | M]
 -> C:\Users\Mathijs\AppData\Roaming\mozilla\Firefox\Profiles\svzwrooe.default\extensions -> [2009-10-18 11:40:57 | 00,102,088 | ---- | M] ()
 -> C:\Users\Mathijs\AppData\Roaming\mozilla\Firefox\Profiles\svzwrooe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009-10-18 11:40:57 | 00,102,088 | ---- | M] ()
 -> C:\Users\Mathijs\AppData\Roaming\mozilla\Firefox\Profiles\svzwrooe.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c} -> [2009-10-18 11:40:57 | 00,102,088 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009-09-11 08:19:28 | 10,776,568 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009-09-11 08:19:28 | 10,776,568 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009-09-11 08:19:28 | 10,776,568 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009-09-11 08:19:28 | 10,776,568 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009-09-11 08:19:28 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009-09-11 08:19:05 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009-09-11 08:19:06 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009-10-16 20:43:17 | 00,000,000 | ---D | M]
libdivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009-05-13 23:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
np-mswmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009-05-13 23:54:50 | 01,650,992 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009-05-13 23:54:50 | 00,001,691 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009-05-27 04:18:22 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009-09-11 08:19:18 | 00,065,016 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009-09-10 18:12:34 | 00,159,744 | ---- | M] (Apple Inc.)
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009-05-13 23:55:00 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009-09-10 18:12:34 | 00,004,208 | ---- | M] ()
ssldivx.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009-05-13 23:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007-03-30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007-03-30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009-09-01 20:40:54 | 00,000,000 | ---D | M]
bolcom-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\bolcom-nl.xml -> [2009-07-31 00:28:32 | 00,001,892 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009-07-31 01:44:43 | 00,002,371 | ---- | M] ()
marktplaats-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\marktplaats-nl.xml -> [2009-07-31 00:28:32 | 00,004,558 | ---- | M] ()
vandale-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\vandale-nl.xml -> [2009-07-31 00:28:32 | 00,001,111 | ---- | M] ()
wikipedia-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia-nl.xml -> [2009-07-31 00:28:32 | 00,001,049 | ---- | M] ()
yahoo-nl.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-nl.xml -> [2009-07-31 00:28:32 | 00,000,802 | ---- | M] ()
< HOSTS File > (831 bytes and 22 lines) -> C:\Windows\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1       localhost
::1             localhost
192.168.2.3 lemonparty.org 
192.168.2.3 http://www.lemonparty.org  
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009-02-27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Aanmeldhulp voor Windows Live ID] -> [2009-03-30 16:31:54 | 00,403,824 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\program files\google\googletoolbar1.dll [Google Toolbar Helper] -> [2009-09-01 16:58:53 | 02,571,064 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll [Google Toolbar Notifier BHO] -> [2009-09-01 16:58:56 | 00,736,240 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009-07-25 05:23:03 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} [HKLM] -> D:\Program Files\Hotspot Shield\hssie\HssIE.dll [Hotspot Shield Class] -> [2009-10-06 21:38:26 | 00,218,160 | ---- | M] (AnchorFree Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2009-09-01 16:58:53 | 02,571,064 | R--- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\] > -> HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\program files\google\googletoolbar1.dll [&Google] -> [2009-09-01 16:58:53 | 02,571,064 | R--- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"]     -> [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS4ServiceManager" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008-08-14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009-08-13 15:51:42 | 00,177,440 | ---- | M] (Apple Inc.)
"BkupTray" -> C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ["C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"]     -> [2008-04-06 23:42:36 | 00,034,040 | ---- | M] ()
"ePower_DMC" -> C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe] -> [2008-08-01 09:51:42 | 00,405,504 | ---- | M] (Acer Inc.)
"eRecoveryService" ->  [] -> File not found
"F-Secure Manager" -> C:\Program Files\PC Veilig\Common\FSM32.EXE ["C:\Program Files\PC Veilig\Common\FSM32.EXE" /splash] -> [2008-09-23 15:37:18 | 00,182,936 | ---- | M] (F-Secure Corporation)
"F-Secure TNB" -> C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe ["C:\Program Files\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW] -> [2008-09-23 15:37:00 | 00,957,024 | ---- | M] (F-Secure Corporation)
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2009-09-01 16:58:43 | 00,024,064 | ---- | M] (Google)
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2008-07-17 01:31:14 | 00,170,520 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2008-07-17 01:31:42 | 00,150,040 | ---- | M] (Intel Corporation)
"iTunesHelper" -> D:\Program Files\iTunes\iTunesHelper.exe ["D:\Program Files\iTunes\iTunesHelper.exe"]     -> [2009-09-21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
"LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2008-07-25 05:48:08 | 00,875,016 | ---- | M] (Dritek System Inc.)
"openvpn-gui" -> D:\Program Files\UltraVPN\bin\openvpn-gui.exe [D:\Program Files\UltraVPN\bin\openvpn-gui.exe] -> [2009-05-27 01:37:50 | 00,413,635 | ---- | M] ()
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2008-07-17 01:31:36 | 00,145,944 | ---- | M] (Intel Corporation)
"PWRISOVM.EXE" -> D:\Program Files\PowerISO\PWRISOVM.EXE [D:\Program Files\PowerISO\PWRISOVM.EXE] -> [2007-08-07 02:05:46 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009-09-05 01:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2008-05-21 04:06:00 | 06,144,000 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007-11-21 04:15:00 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"]     -> [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2008-02-22 21:50:44 | 01,037,608 | ---- | M] (Synaptics, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008-01-21 04:23:59 | 01,008,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009-04-11 08:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009-04-11 08:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Sidebar" -> C:\Program Files\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem] -> [2009-04-11 08:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009-04-11 08:28:23 | 02,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\] > -> HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Google Update" -> C:\Users\Mathijs\AppData\Local\Google\Update\GoogleUpdate.exe ["C:\Users\Mathijs\AppData\Local\Google\Update\GoogleUpdate.exe" /c] -> [2009-10-03 11:35:55 | 00,133,104 | ---- | M] (Google Inc.)
"NordBull" -> C:\Users\Mathijs\AppData\Local\Temp\d.exe [C:\Users\Mathijs\AppData\Local\Temp\d.exe] -> [2009-10-17 22:31:11 | 00,153,088 | ---- | M] ()
"PopRock" -> C:\Users\Mathijs\AppData\Local\Temp\b.exe [C:\Users\Mathijs\AppData\Local\Temp\b.exe] -> [2009-10-17 22:29:36 | 00,147,968 | ---- | M] ()
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009-04-11 08:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" -> C:\Program Files\Windows Media Player\WMPNSCFG.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2008-01-21 04:25:56 | 00,202,240 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"AllowLegacyWebView" ->  [1] -> File not found
\\"AllowUnhashedWebView" ->  [1] -> File not found
\\"BindDirectlyToPropertySetStorage" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [1] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xporteren naar Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000] -> [2009-05-05 13:53:16 | 09,361,232 | R--- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xporteren naar Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000] -> [2009-05-05 13:53:16 | 09,361,232 | R--- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\] > -> HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xporteren naar Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000] -> [2009-05-05 13:53:16 | 09,361,232 | R--- | M] (Microsoft Corporation)
Save YouTube Video as MP3 -> C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll [res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm] -> [2009-02-10 17:09:00 | 00,148,480 | ---- | M] (DVSTeam)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{200DB664-75B5-47c0-8B45-A44ACCF73C00}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKLM] -> C:\Program Files\PC Veilig\FSPC\fspcmsie.dll [Button: Ouderlijk...] -> [2008-09-23 15:37:28 | 00,150,112 | ---- | M] (F-Secure Corporation)
{200DB664-75B5-47c0-8B45-A44ACCF73F01}:{D68926FD-18FD-4B0E-A1C7-917D13FAB760} [HKLM] -> C:\Program Files\PC Veilig\FSPC\fspcmsie.dll [Menu: Ouderlijk...] -> [2008-09-23 15:37:28 | 00,150,112 | ---- | M] (F-Secure Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: In weblog opnemen] -> [2009-07-26 20:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &In weblog opnemen met Windows Live Writer] -> [2009-07-26 20:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009-03-06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\] > -> HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\] > -> HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1912360652-4099588754-465945826-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> 
GD [:Range = 127.0.0.1] -> http = Local intranet |  -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9AB63D13-8517-43FC-A65C-D57614EB624F}\\DhcpNameServer -> 192.168.2.1   (Atheros AR5B91 Wireless Network Adapter) -> 
{F557653C-5781-4494-A2F3-16F2726DDB07}\\DhcpNameServer -> 10.3.80.1   () -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2009-09-01 16:58:43 | 00,113,664 | ---- | M] (Google)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009-04-11 08:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2008-07-11 19:50:26 | 00,208,896 | ---- | M] (Intel Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> Cd-rom-stuurprogramma -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006-09-18 23:43:36 | 00,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{3ca0e943-9ac3-11de-bf95-001d72f7ad67}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca0e943-9ac3-11de-bf95-001d72f7ad67}\shell
\{3ca0e943-9ac3-11de-bf95-001d72f7ad67}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca0e943-9ac3-11de-bf95-001d72f7ad67}\shell\AutoRun\command
\{3ca0e943-9ac3-11de-bf95-001d72f7ad67}\shell\AutoRun\command\\"" -> G:\LaunchU3.exe [G:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
[Registry - Additional Scans - Safe List]
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 6-10-2009 12:51:54 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 7  2009-10-06  18:51:54+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:51:56 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 8  2009-10-06  18:51:56+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:51:57 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 9  2009-10-06  18:51:57+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:51:58 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 10  2009-10-06  18:51:58+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:52:05 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 11  2009-10-06  18:52:05+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:52:06 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 12  2009-10-06  18:52:06+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:52:08 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 13  2009-10-06  18:52:08+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:52:09 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 14  2009-10-06  18:52:09+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:52:10 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 15  2009-10-06  18:52:10+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
Application [ Error ] 6-10-2009 12:52:11 Computer Name = PC_van_Mathijs | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103 -> Description = 16  2009-10-06  18:52:11+02:00  pc_van_mathijs  PC_van_Mathijs\Mathijs  F-Secure Anti-Virus   Malicious code found in file D:\downloader.vbs.    Infection: Trojan-Downloader.JS.gen     
System [ Error ] 18-10-2009 5:38:38 Computer Name = PC_van_Mathijs | Source = EventLog | ID = 6008 -> Description = De vorige afsluiting van het systeem om 11:36:54 op 18-10-2009 is onverwacht gebeurd.
System [ Error ] 18-10-2009 5:39:07 Computer Name = PC_van_Mathijs | Source = DCOM | ID = 10005 -> Description = 
System [ Error ] 18-10-2009 5:39:18 Computer Name = PC_van_Mathijs | Source = DCOM | ID = 10005 -> Description = 
System [ Error ] 18-10-2009 5:39:30 Computer Name = PC_van_Mathijs | Source = DCOM | ID = 10005 -> Description = 
System [ Error ] 18-10-2009 5:39:31 Computer Name = PC_van_Mathijs | Source = DCOM | ID = 10005 -> Description = 
System [ Error ] 18-10-2009 5:39:58 Computer Name = PC_van_Mathijs | Source = Service Control Manager | ID = 7001 -> Description = 
System [ Error ] 18-10-2009 5:39:58 Computer Name = PC_van_Mathijs | Source = Service Control Manager | ID = 7026 -> Description = 
System [ Error ] 18-10-2009 6:22:36 Computer Name = PC_van_Mathijs | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 18-10-2009 6:24:38 Computer Name = PC_van_Mathijs | Source = DCOM | ID = 10016 -> Description = 
System [ Error ] 18-10-2009 6:24:40 Computer Name = PC_van_Mathijs | Source = DCOM | ID = 10016 -> Description = 
 
[Files/Folders - Created Within 7 Days]
ProgramData -> C:\ProgramData -> [2009-10-18 12:15:46 | 00,000,000 | -H-D | M]
Adobe -> C:\ProgramData\Adobe -> [2009-10-17 23:02:43 | 00,000,000 | ---D | M]
FLEXnet -> C:\ProgramData\FLEXnet -> [2009-10-17 23:05:47 | 00,000,000 | ---D | M]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009-10-18 12:15:46 | 00,000,000 | ---D | M]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009-10-16 08:02:25 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Mathijs\AppData\Roaming -> [2009-10-18 12:15:50 | 00,000,000 | ---D | M]
Adobe -> C:\Users\Mathijs\AppData\Roaming\Adobe -> [2009-10-17 23:06:07 | 00,000,000 | ---D | M]
Download Manager -> C:\Users\Mathijs\AppData\Roaming\Download Manager -> [2009-10-17 22:04:51 | 00,000,000 | ---D | M]
LimeWire -> C:\Users\Mathijs\AppData\Roaming\LimeWire -> [2009-10-11 15:41:30 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\Mathijs\AppData\Roaming\Malwarebytes -> [2009-10-18 12:15:50 | 00,000,000 | ---D | M]
Adobe -> C:\Users\Mathijs\AppData\Local\Adobe -> [2009-10-17 23:06:04 | 00,000,000 | ---D | M]
Apple Computer -> C:\Users\Mathijs\AppData\Local\Apple Computer -> [2009-10-12 07:37:01 | 00,000,000 | ---D | M]
Temp -> C:\Users\Mathijs\AppData\Local\Temp -> [2009-10-18 12:37:17 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009-10-17 22:57:37 | 00,000,000 | ---D | M]
Adobe -> C:\Program Files\Common Files\Adobe -> [2009-10-17 23:01:55 | 00,000,000 | ---D | M]
Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2009-10-17 22:57:37 | 00,000,000 | ---D | M]
Apple -> C:\Program Files\Common Files\Apple -> [2009-10-11 16:03:46 | 00,000,000 | ---D | M]
Macrovision Shared -> C:\Program Files\Common Files\Macrovision Shared -> [2009-10-17 22:51:43 | 00,000,000 | ---D | M]
Program Files -> C:\Program Files -> [2009-10-18 12:15:45 | 00,000,000 | R--D | M]
AC3Filter -> C:\Program Files\AC3Filter -> [2009-10-13 16:33:50 | 00,000,000 | ---D | M]
Adobe -> C:\Program Files\Adobe -> [2009-10-17 23:02:52 | 00,000,000 | ---D | M]
Adobe Media Player -> C:\Program Files\Adobe Media Player -> [2009-10-17 23:00:49 | 00,000,000 | ---D | M]
Common Files -> C:\Program Files\Common Files -> [2009-10-17 22:57:37 | 00,000,000 | ---D | M]
Internet Explorer -> C:\Program Files\Internet Explorer -> [2009-10-16 08:30:33 | 00,000,000 | ---D | M]
iPod -> C:\Program Files\iPod -> [2009-10-11 16:03:51 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009-10-18 12:15:50 | 00,000,000 | ---D | M]
Microsoft SQL Server -> C:\Program Files\Microsoft SQL Server -> [2009-10-16 07:58:18 | 00,000,000 | ---D | M]
Mozilla Firefox -> C:\Program Files\Mozilla Firefox -> [2009-10-18 12:18:42 | 00,000,000 | ---D | M]
PC Veilig -> C:\Program Files\PC Veilig -> [2009-10-17 20:27:22 | 00,000,000 | ---D | M]
Windows Mail -> C:\Program Files\Windows Mail -> [2009-10-16 08:30:37 | 00,000,000 | ---D | M]
mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2009-10-18 12:15:47 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2009-10-18 12:15:46 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009-10-18 12:15:46 | 00,000,000 | ---D | C]
firefox1 -> C:\Users\Mathijs\Desktop\firefox1 -> [2009-10-17 23:30:15 | 00,000,000 | ---D | C]
FLEXnet -> C:\ProgramData\FLEXnet -> [2009-10-17 23:05:46 | 00,000,000 | ---D | C]
SQL9_KB970892_ENU -> C:\Windows\SQL9_KB970892_ENU -> [2009-10-16 07:57:57 | 00,000,000 | ---D | C]
project -> C:\Users\Mathijs\Desktop\project -> [2009-10-15 21:38:56 | 00,000,000 | ---D | C]
msv1_0.dll -> C:\Windows\System32\msv1_0.dll -> [2009-10-15 17:54:15 | 00,218,624 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2009-10-15 17:54:02 | 03,600,456 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2009-10-15 17:54:02 | 03,548,216 | ---- | C] (Microsoft Corporation)
WMSPDMOD.DLL -> C:\Windows\System32\WMSPDMOD.DLL -> [2009-10-15 17:53:56 | 00,604,672 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\System32\mshtml.dll -> [2009-10-15 17:53:09 | 05,940,224 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\System32\ieframe.dll -> [2009-10-15 17:53:05 | 11,069,440 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\System32\iertutil.dll -> [2009-10-15 17:53:04 | 01,985,536 | ---- | C] (Microsoft Corporation)
urlmon.dll -> C:\Windows\System32\urlmon.dll -> [2009-10-15 17:53:04 | 01,208,832 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\System32\wininet.dll -> [2009-10-15 17:53:02 | 00,916,480 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2009-10-15 17:53:02 | 00,594,432 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2009-10-15 17:53:02 | 00,387,584 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\System32\occache.dll -> [2009-10-15 17:53:02 | 00,206,848 | ---- | C] (Microsoft Corporation)
inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2009-10-15 17:53:01 | 01,469,440 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\System32\ieui.dll -> [2009-10-15 17:53:01 | 00,164,352 | ---- | C] (Microsoft Corporation)
iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2009-10-15 17:53:00 | 00,184,320 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2009-10-15 17:53:00 | 00,173,056 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2009-10-15 17:53:00 | 00,133,632 | ---- | C] (Microsoft Corporation)
iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2009-10-15 17:53:00 | 00,109,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2009-10-15 17:53:00 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2009-10-15 17:53:00 | 00,055,808 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2009-10-15 17:53:00 | 00,055,296 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2009-10-15 17:53:00 | 00,025,600 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2009-10-15 17:53:00 | 00,013,312 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2009-10-15 17:52:59 | 01,638,912 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\System32\msasn1.dll -> [2009-10-15 17:51:54 | 00,060,928 | ---- | C] (Microsoft Corporation)
srv2.sys -> C:\Windows\System32\drivers\srv2.sys -> [2009-10-15 17:51:51 | 00,144,896 | ---- | C] (Microsoft Corporation)
Interop.IWshRuntimeLibrary.dll -> C:\Windows\Interop.IWshRuntimeLibrary.dll -> [2009-09-02 08:52:52 | 00,049,152 | ---- | C] ( )
 
[Files/Folders - Modified Within 7 Days]
NTUSER.DAT -> C:\Users\Mathijs\NTUSER.DAT -> [2009-10-18 12:36:56 | 01,835,008 | -HS- | M] ()
FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009-10-18 12:22:35 | 02,310,088 | ---- | M] ()
LogConfigTemp.xml -> C:\Windows\System32\LogConfigTemp.xml -> [2009-10-18 12:21:59 | 00,000,000 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009-10-18 12:21:21 | 00,003,216 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009-10-18 12:21:20 | 00,003,216 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009-10-18 12:21:09 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009-10-18 12:21:00 | 00,067,584 | --S- | M] ()
win32k.sys -> C:\Windows\win32k.sys -> [2009-10-18 12:20:59 | 00,000,000 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009-10-18 12:20:48 | 20,728,95488 | -HS- | M] ()
NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Mathijs\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms -> [2009-10-18 12:20:14 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf -> C:\Users\Mathijs\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf -> [2009-10-18 12:20:14 | 00,065,536 | -HS- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009-10-18 12:15:49 | 00,000,822 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Mathijs\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009-10-17 23:05:48 | 00,104,616 | ---- | M] ()
{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> [2009-10-17 23:00:06 | 00,000,242 | -H-- | M] ()
GoogleUpdateTaskUserS-1-5-21-1912360652-4099588754-465945826-1003UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1912360652-4099588754-465945826-1003UA.job -> [2009-10-17 22:41:00 | 00,001,072 | ---- | M] ()
msa.exe -> C:\Windows\msa.exe -> [2009-10-17 22:29:41 | 00,153,088 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2009-10-16 07:59:12 | 01,523,966 | ---- | M] ()
perfh013.dat -> C:\Windows\System32\perfh013.dat -> [2009-10-16 07:59:12 | 00,730,510 | ---- | M] ()
perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009-10-16 07:59:12 | 00,641,014 | ---- | M] ()
perfc013.dat -> C:\Windows\System32\perfc013.dat -> [2009-10-16 07:59:12 | 00,154,366 | ---- | M] ()
perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009-10-16 07:59:12 | 00,122,016 | ---- | M] ()
win.ini -> C:\Windows\win.ini -> [2009-10-16 07:56:23 | 00,000,240 | ---- | M] ()
opdracht 1D.doc -> C:\Users\Mathijs\Desktop\opdracht 1D.doc -> [2009-10-12 19:45:43 | 00,022,016 | ---- | M] ()
opdracht 1D bronnen.doc -> C:\Users\Mathijs\Desktop\opdracht 1D bronnen.doc -> [2009-10-12 09:37:50 | 00,024,064 | ---- | M] ()
 
[Files - No Company Name]
hiberfil.sys -> C:\hiberfil.sys -> [2009-10-18 12:20:48 | 20,728,95488 | -HS- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009-10-18 12:15:49 | 00,000,822 | ---- | C] ()
msa.exe -> C:\Windows\msa.exe -> [2009-10-17 22:29:48 | 00,153,088 | ---- | C] ()
{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job -> [2009-10-17 22:29:38 | 00,000,242 | -H-- | C] ()
win32k.sys -> C:\Windows\win32k.sys -> [2009-10-17 22:29:35 | 00,000,000 | ---- | C] ()
ac3filter.acm -> C:\Windows\System32\ac3filter.acm -> [2009-10-13 16:33:49 | 00,538,624 | ---- | C] ()
opdracht 1D bronnen.doc -> C:\Users\Mathijs\Desktop\opdracht 1D bronnen.doc -> [2009-10-12 18:38:21 | 00,024,064 | ---- | C] ()
opdracht 1D.doc -> C:\Users\Mathijs\Desktop\opdracht 1D.doc -> [2009-10-12 18:38:21 | 00,022,016 | ---- | C] ()
videotoaudio.ini -> C:\Windows\videotoaudio.ini -> [2009-09-09 21:04:12 | 00,000,055 | ---- | C] ()
w_madriver.dll -> C:\Windows\System32\w_madriver.dll -> [2009-09-08 21:41:06 | 00,000,022 | ---- | C] ()
EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009-09-07 19:27:49 | 00,117,248 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2009-09-06 12:44:38 | 00,000,392 | ---- | C] ()
WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2009-09-02 08:51:05 | 01,060,424 | ---- | C] ()
HdmiCoin.dll -> C:\Windows\System32\HdmiCoin.dll -> [2009-09-02 08:50:20 | 00,004,608 | ---- | C] ()
igfxCoIn_v1527.dll -> C:\Windows\System32\igfxCoIn_v1527.dll -> [2009-09-02 08:50:19 | 00,147,456 | ---- | C] ()
fsbts.sys -> C:\Windows\System32\drivers\fsbts.sys -> [2009-09-01 20:29:21 | 00,033,920 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Mathijs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009-09-01 17:37:13 | 00,010,240 | ---- | C] ()
RtDefLvl.ini -> C:\Windows\RtDefLvl.ini -> [2009-09-01 17:01:40 | 00,001,694 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Mathijs\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009-09-01 16:59:43 | 00,104,616 | ---- | C] ()
OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009-08-03 15:07:42 | 00,403,816 | ---- | C] ()
pthreadVC.dll -> C:\Windows\System32\pthreadVC.dll -> [2009-07-06 08:47:48 | 00,053,299 | ---- | C] ()
INT15.dll -> C:\Windows\System32\INT15.dll -> [2009-02-05 00:38:09 | 00,487,424 | ---- | C] ()
NTIOFM4.dll -> C:\Windows\System32\NTIOFM4.dll -> [2009-02-05 00:34:26 | 00,001,024 | RH-- | C] ()
NTIBUN5.dll -> C:\Windows\System32\NTIBUN5.dll -> [2009-02-05 00:34:26 | 00,001,024 | RH-- | C] ()
iconv.dll -> C:\Windows\iconv.dll -> [2008-05-13 08:32:45 | 00,872,448 | ---- | C] ()
libxml2.dll -> C:\Windows\libxml2.dll -> [2008-05-13 08:32:45 | 00,743,424 | ---- | C] ()
Prelaunch.ini -> C:\Windows\Prelaunch.ini -> [2008-05-13 08:32:44 | 00,000,040 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006-11-02 14:50:56 | 00,000,174 | -HS- | C] ()
win.ini -> C:\Windows\win.ini -> [2006-11-02 12:23:31 | 00,000,240 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006-11-02 12:23:31 | 00,000,219 | ---- | C] ()
logevent.dll -> C:\Windows\System32\logevent.dll -> [2006-11-02 10:43:04 | 00,061,952 | ---- | C] ()
cngaudit.dll -> C:\Windows\System32\cngaudit.dll -> [2006-11-02 10:43:04 | 00,061,952 | ---- | C] ()
pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006-11-02 09:40:29 | 00,013,750 | ---- | C] ()
multiplex_vcd.dll -> C:\Windows\System32\multiplex_vcd.dll -> [2001-12-26 17:12:30 | 00,065,536 | ---- | C] ()
Hmpg12.dll -> C:\Windows\System32\Hmpg12.dll -> [2001-09-04 00:46:38 | 00,110,592 | ---- | C] ()
HMPV2_ENC.dll -> C:\Windows\System32\HMPV2_ENC.dll -> [2001-07-30 17:33:56 | 00,118,784 | ---- | C] ()
HMPV2_ENC_MMX.dll -> C:\Windows\System32\HMPV2_ENC_MMX.dll -> [2001-07-23 23:04:36 | 00,118,784 | ---- | C] ()
 
[File - Lop Check]
 
[File - Purity Scan]
 
< End of report >

Why · 10-18-2009, 04:55 AM

oh
my anti-vir suddenly stops working too! (it's called pc veilig and has f-secure in it)

**chemist** · 10-18-2009, 05:46 AM

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a

Quote:

Having problems with spyware and pop-ups? First Steps

link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

10-18-2009, 04:15 AM	#1 (permalink)
Why Registered User Join Date: Oct 2009 Posts: 5 OS: windows vista service pack 2	Need Help! Crack.45155 By downloading a wrong file I got this file: crack.45155. I run it, and after that it disappeared. So I was warned, I checked the processes and nothing was strange or something. But my ie and firefox don't work anymore (I'm in safe mode now). And at a reboot suddenly half of the processes are gone! Please help!

10-18-2009, 04:55 AM	#3 (permalink)
Why Registered User Join Date: Oct 2009 Posts: 5 OS: windows vista service pack 2	Re: Need Help! Crack.45155 oh my anti-vir suddenly stops working too! (it's called pc veilig and has f-secure in it)