virus?

[louka]

Beste pc-specialisten.

Ik krijg steeds de melding dat pc geen windowsupdate meer wil doen plus:symantec antivirus:autoprotect disabled

Een systeemherstel werkt niet meer.

Als ik bvb microsoft outlook open krijg ik een windowsbeveiligingsmelding of ik dit programma wil blijven blokkeren.

Het ziet er niet goed uit denk ik.

Wil er iemand mijn logjes eens nakijken aub?

Hopelijk kunnen jullie me helpen.

Ik denk dat er een trojaans paard inzit.

Alvast hartelijk bedankt voor alle moeite

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:18:18, on 8/11/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\explorer.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gva.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/nl/index.php?rvs=google

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/nl/index.php?rvs=google

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1268344906609

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.associatie.kuleuven.be/dana-cached/sc/JuniperSetupClient.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 8201 bytes

HIeronder volgt nog mbamlogje.

Ik kreeg de boodschap dat niet alle geinfecteerde bestanden verwijderd konden worden.Dus bij een rescan zitten die bestanden er nog steeds in.

Databaseversie: 8115

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

8/11/2011 23:52:09

mbam-log-2011-11-08 (23-52-09).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 285582

Verstreken tijd: 27 minuut/minuten, 46 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent.Gen) -> Value: Shell -> Delete on reboot.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\documents and settings\administrator\local settings\application data\24c88bfc\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt

[louka]

Amaai Kape wat een snelle reactie:DWaarvoor mijn dank.

Hieronder vindt u de log van TDSSkiller.

Ik moest een reboot doen.

Bij de opstart begon norton vanzelf te scannen en vond verschillende Trojan horses.Drie ervan kon hij niet verwijderen.

Alvast al heel erg bedankt voor je hulp.

Welke stappen kan ik nog ondernemen aub?

Zijn er dingen die overbodig zijn?

18:28:18.0218 2884 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51

18:28:18.0515 2884 ============================================================

18:28:18.0515 2884 Current date / time: 2011/11/09 18:28:18.0515

18:28:18.0515 2884 SystemInfo:

18:28:18.0515 2884

18:28:18.0515 2884 OS Version: 5.1.2600 ServicePack: 3.0

18:28:18.0515 2884 Product type: Workstation

18:28:18.0515 2884 ComputerName: JDC

18:28:18.0515 2884 UserName: Administrator

18:28:18.0515 2884 Windows directory: C:\WINDOWS

18:28:18.0515 2884 System windows directory: C:\WINDOWS

18:28:18.0515 2884 Processor architecture: Intel x86

18:28:18.0515 2884 Number of processors: 2

18:28:18.0515 2884 Page size: 0x1000

18:28:18.0515 2884 Boot type: Normal boot

18:28:18.0515 2884 ============================================================

18:28:18.0750 2884 Initialize success

18:28:19.0875 3888 ============================================================

18:28:19.0875 3888 Scan started

18:28:19.0875 3888 Mode: Manual;

18:28:19.0875 3888 ============================================================

18:28:20.0437 3888 Abiosdsk - ok

18:28:20.0453 3888 abp480n5 - ok

18:28:20.0500 3888 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

18:28:20.0500 3888 ac97intc - ok

18:28:20.0546 3888 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:28:20.0546 3888 ACPI - ok

18:28:20.0578 3888 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:28:20.0578 3888 ACPIEC - ok

18:28:20.0609 3888 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:28:20.0609 3888 adpu160m - ok

18:28:20.0640 3888 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

18:28:20.0640 3888 adpu320 - ok

18:28:20.0671 3888 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:28:20.0671 3888 aec - ok

18:28:20.0718 3888 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

18:28:20.0718 3888 AFD - ok

18:28:20.0734 3888 Aha154x - ok

18:28:20.0750 3888 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:28:20.0750 3888 aic78u2 - ok

18:28:20.0765 3888 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:28:20.0765 3888 aic78xx - ok

18:28:20.0765 3888 AliIde - ok

18:28:20.0781 3888 amsint - ok

18:28:20.0812 3888 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:28:20.0812 3888 Arp1394 - ok

18:28:20.0812 3888 asc - ok

18:28:20.0828 3888 asc3350p - ok

18:28:20.0828 3888 asc3550 - ok

18:28:20.0890 3888 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:28:20.0890 3888 AsyncMac - ok

18:28:20.0921 3888 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:28:20.0921 3888 atapi - ok

18:28:20.0937 3888 Atdisk - ok

18:28:20.0968 3888 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:28:20.0984 3888 Atmarpc - ok

18:28:21.0015 3888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:28:21.0015 3888 audstub - ok

18:28:21.0078 3888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:28:21.0078 3888 Beep - ok

18:28:21.0109 3888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:28:21.0109 3888 cbidf2k - ok

18:28:21.0140 3888 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:28:21.0140 3888 CCDECODE - ok

18:28:21.0156 3888 cd20xrnt - ok

18:28:21.0203 3888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:28:21.0203 3888 Cdaudio - ok

18:28:21.0218 3888 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:28:21.0218 3888 Cdfs - ok

18:28:21.0250 3888 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:28:21.0250 3888 Cdrom - ok

18:28:21.0265 3888 Changer - ok

18:28:21.0281 3888 CmdIde - ok

18:28:21.0281 3888 Cpqarray - ok

18:28:21.0296 3888 dac2w2k - ok

18:28:21.0312 3888 dac960nt - ok

18:28:21.0328 3888 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:28:21.0328 3888 Disk - ok

18:28:21.0375 3888 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

18:28:21.0375 3888 dmboot - ok

18:28:21.0390 3888 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

18:28:21.0390 3888 dmio - ok

18:28:21.0390 3888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:28:21.0390 3888 dmload - ok

18:28:21.0421 3888 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:28:21.0421 3888 DMusic - ok

18:28:21.0421 3888 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:28:21.0437 3888 dpti2o - ok

18:28:21.0468 3888 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:28:21.0468 3888 drmkaud - ok

18:28:21.0484 3888 E100B (be27de641e52d8b295dea40b213318f7) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:28:21.0484 3888 E100B - ok

18:28:21.0531 3888 e1yexpress (6a738bee58ff3d2f237157082e799de8) C:\WINDOWS\system32\DRIVERS\e1y5132.sys

18:28:21.0531 3888 e1yexpress - ok

18:28:21.0640 3888 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:28:21.0640 3888 eeCtrl - ok

18:28:21.0703 3888 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:28:21.0703 3888 EraserUtilRebootDrv - ok

18:28:21.0750 3888 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:28:21.0750 3888 Fastfat - ok

18:28:21.0781 3888 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:28:21.0781 3888 Fdc - ok

18:28:21.0796 3888 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

18:28:21.0796 3888 Fips - ok

18:28:21.0812 3888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:28:21.0812 3888 Flpydisk - ok

18:28:21.0843 3888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

18:28:21.0843 3888 FltMgr - ok

18:28:21.0859 3888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:28:21.0859 3888 Fs_Rec - ok

18:28:21.0875 3888 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:28:21.0875 3888 Ftdisk - ok

18:28:21.0937 3888 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:28:21.0937 3888 Gpc - ok

18:28:21.0953 3888 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:28:21.0953 3888 HDAudBus - ok

18:28:22.0000 3888 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:28:22.0000 3888 HidUsb - ok

18:28:22.0000 3888 hpn - ok

18:28:22.0062 3888 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:28:22.0062 3888 HPZid412 - ok

18:28:22.0093 3888 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:28:22.0093 3888 HPZipr12 - ok

18:28:22.0140 3888 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:28:22.0140 3888 HPZius12 - ok

18:28:22.0187 3888 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:28:22.0187 3888 HTTP - ok

18:28:22.0187 3888 i2omgmt - ok

18:28:22.0203 3888 i2omp - ok

18:28:22.0203 3888 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:28:22.0203 3888 i8042prt - ok

18:28:22.0250 3888 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

18:28:22.0250 3888 i81x - ok

18:28:22.0296 3888 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

18:28:22.0296 3888 iAimFP0 - ok

18:28:22.0296 3888 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

18:28:22.0296 3888 iAimFP1 - ok

18:28:22.0312 3888 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

18:28:22.0312 3888 iAimFP2 - ok

18:28:22.0312 3888 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

18:28:22.0312 3888 iAimFP3 - ok

18:28:22.0328 3888 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

18:28:22.0328 3888 iAimFP4 - ok

18:28:22.0343 3888 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

18:28:22.0343 3888 iAimFP5 - ok

18:28:22.0343 3888 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

18:28:22.0343 3888 iAimFP6 - ok

18:28:22.0359 3888 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

18:28:22.0359 3888 iAimFP7 - ok

18:28:22.0390 3888 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

18:28:22.0390 3888 iAimTV0 - ok

18:28:22.0406 3888 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

18:28:22.0406 3888 iAimTV1 - ok

18:28:22.0421 3888 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

18:28:22.0421 3888 iAimTV3 - ok

18:28:22.0421 3888 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

18:28:22.0421 3888 iAimTV4 - ok

18:28:22.0437 3888 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

18:28:22.0437 3888 iAimTV5 - ok

18:28:22.0437 3888 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

18:28:22.0437 3888 iAimTV6 - ok

18:28:22.0562 3888 ialm (00cd8ece5983c6175a78230653ffdbf1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

18:28:22.0593 3888 ialm - ok

18:28:22.0656 3888 iaStor (42be6406094936a23280d68d9aec33d0) C:\WINDOWS\system32\DRIVERS\iaStor.sys

18:28:22.0656 3888 iaStor - ok

18:28:22.0656 3888 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:28:22.0656 3888 Imapi - ok

18:28:22.0671 3888 ini910u - ok

18:28:22.0781 3888 IntcAzAudAddService (3fd00a073361937b705822775255d4e0) C:\WINDOWS\system32\drivers\RtkHDAud.sys

18:28:22.0812 3888 IntcAzAudAddService - ok

18:28:22.0828 3888 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:28:22.0828 3888 IntelIde - ok

18:28:22.0843 3888 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:28:22.0843 3888 intelppm - ok

18:28:22.0859 3888 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

18:28:22.0859 3888 Ip6Fw - ok

18:28:22.0875 3888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:28:22.0875 3888 IpFilterDriver - ok

18:28:22.0875 3888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:28:22.0875 3888 IpInIp - ok

18:28:22.0890 3888 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:28:22.0890 3888 IpNat - ok

18:28:22.0906 3888 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:28:22.0906 3888 IPSec - ok

18:28:22.0921 3888 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:28:22.0921 3888 IRENUM - ok

18:28:22.0968 3888 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:28:22.0968 3888 isapnp - ok

18:28:23.0015 3888 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:28:23.0015 3888 Kbdclass - ok

18:28:23.0015 3888 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:28:23.0015 3888 kmixer - ok

18:28:23.0046 3888 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:28:23.0046 3888 KSecDD - ok

18:28:23.0062 3888 lbrtfdc - ok

18:28:23.0093 3888 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys

18:28:23.0093 3888 LVUSBSta - ok

18:28:23.0093 3888 MBAMSwissArmy - ok

18:28:23.0125 3888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:28:23.0125 3888 mnmdd - ok

18:28:23.0140 3888 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

18:28:23.0140 3888 Modem - ok

18:28:23.0156 3888 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:28:23.0156 3888 Mouclass - ok

18:28:23.0171 3888 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:28:23.0171 3888 mouhid - ok

18:28:23.0171 3888 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:28:23.0171 3888 MountMgr - ok

18:28:23.0187 3888 mraid35x - ok

18:28:23.0187 3888 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:28:23.0187 3888 MRxDAV - ok

18:28:23.0218 3888 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:28:23.0218 3888 MRxSmb - ok

18:28:23.0234 3888 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:28:23.0234 3888 Msfs - ok

18:28:23.0281 3888 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:28:23.0281 3888 MSKSSRV - ok

18:28:23.0281 3888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:28:23.0281 3888 MSPCLOCK - ok

18:28:23.0296 3888 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:28:23.0296 3888 MSPQM - ok

18:28:23.0312 3888 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:28:23.0312 3888 mssmbios - ok

18:28:23.0343 3888 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:28:23.0343 3888 MSTEE - ok

18:28:23.0390 3888 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:28:23.0390 3888 Mup - ok

18:28:23.0406 3888 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:28:23.0406 3888 NABTSFEC - ok

18:28:23.0500 3888 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111108.002\naveng.sys

18:28:23.0500 3888 NAVENG - ok

18:28:23.0531 3888 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111108.002\navex15.sys

18:28:23.0546 3888 NAVEX15 - ok

18:28:23.0656 3888 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys

18:28:23.0656 3888 NDIS - ok

18:28:23.0687 3888 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:28:23.0687 3888 NdisIP - ok

18:28:23.0734 3888 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:28:23.0734 3888 NdisTapi - ok

18:28:23.0750 3888 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:28:23.0750 3888 Ndisuio - ok

18:28:23.0796 3888 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:28:23.0796 3888 NdisWan - ok

18:28:23.0859 3888 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:28:23.0859 3888 NDProxy - ok

18:28:23.0875 3888 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:28:23.0875 3888 NetBIOS - ok

18:28:23.0906 3888 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:28:23.0906 3888 NetBT - ok

18:28:23.0921 3888 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:28:23.0921 3888 NIC1394 - ok

18:28:23.0937 3888 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:28:23.0937 3888 Npfs - ok

18:28:23.0937 3888 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:28:23.0953 3888 Ntfs - ok

18:28:23.0968 3888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:28:23.0968 3888 Null - ok

18:28:23.0984 3888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:28:23.0984 3888 NwlnkFlt - ok

18:28:24.0000 3888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:28:24.0000 3888 NwlnkFwd - ok

18:28:24.0062 3888 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:28:24.0062 3888 ohci1394 - ok

18:28:24.0078 3888 P3 (c6547b4d2394c254030299761ec97259) C:\WINDOWS\system32\DRIVERS\p3.sys

18:28:24.0078 3888 P3 - ok

18:28:24.0093 3888 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

18:28:24.0093 3888 Parport - ok

18:28:24.0093 3888 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:28:24.0109 3888 PartMgr - ok

18:28:24.0125 3888 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

18:28:24.0125 3888 ParVdm - ok

18:28:24.0140 3888 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys

18:28:24.0140 3888 pavboot - ok

18:28:24.0156 3888 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

18:28:24.0156 3888 PCI - ok

18:28:24.0156 3888 PCIDump - ok

18:28:24.0187 3888 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:28:24.0187 3888 PCIIde - ok

18:28:24.0187 3888 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:28:24.0187 3888 Pcmcia - ok

18:28:24.0203 3888 PDCOMP - ok

18:28:24.0203 3888 PDFRAME - ok

18:28:24.0218 3888 PDRELI - ok

18:28:24.0218 3888 PDRFRAME - ok

18:28:24.0250 3888 pepifilter (16bc447de474a9e125db39806714f1e1) C:\WINDOWS\system32\DRIVERS\lv302af.sys

18:28:24.0250 3888 pepifilter - ok

18:28:24.0250 3888 perc2 - ok

18:28:24.0265 3888 perc2hib - ok

18:28:24.0312 3888 PID_08A0 (7a31b09c7f037a1217b658465f19bbce) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS

18:28:24.0312 3888 PID_08A0 - ok

18:28:24.0390 3888 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:28:24.0390 3888 PptpMiniport - ok

18:28:24.0421 3888 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:28:24.0421 3888 PSched - ok

18:28:24.0421 3888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:28:24.0421 3888 Ptilink - ok

18:28:24.0484 3888 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:28:24.0484 3888 PxHelp20 - ok

18:28:24.0484 3888 ql1080 - ok

18:28:24.0500 3888 Ql10wnt - ok

18:28:24.0500 3888 ql12160 - ok

18:28:24.0515 3888 ql1240 - ok

18:28:24.0515 3888 ql1280 - ok

18:28:24.0546 3888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:28:24.0546 3888 RasAcd - ok

18:28:24.0546 3888 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:28:24.0562 3888 Rasl2tp - ok

18:28:24.0562 3888 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:28:24.0562 3888 RasPppoe - ok

18:28:24.0578 3888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:28:24.0578 3888 Raspti - ok

18:28:24.0656 3888 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:28:24.0656 3888 Rdbss - ok

18:28:24.0687 3888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:28:24.0687 3888 RDPCDD - ok

18:28:24.0703 3888 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:28:24.0703 3888 rdpdr - ok

18:28:24.0750 3888 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:28:24.0750 3888 RDPWD - ok

18:28:24.0781 3888 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:28:24.0781 3888 redbook - ok

18:28:24.0859 3888 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

18:28:24.0859 3888 SASDIFSV - ok

18:28:24.0859 3888 SAS***IL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS

18:28:24.0859 3888 SAS***IL - ok

18:28:24.0906 3888 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec AntiVirus\savrt.sys

18:28:24.0906 3888 SAVRT - ok

18:28:24.0921 3888 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

18:28:24.0921 3888 SAVRTPEL - ok

18:28:25.0000 3888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:28:25.0000 3888 Secdrv - ok

18:28:25.0031 3888 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:28:25.0031 3888 serenum - ok

18:28:25.0046 3888 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

18:28:25.0046 3888 Serial - ok

18:28:25.0078 3888 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:28:25.0078 3888 Sfloppy - ok

18:28:25.0093 3888 Simbad - ok

18:28:25.0109 3888 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:28:25.0109 3888 SLIP - ok

18:28:25.0125 3888 Sparrow - ok

18:28:25.0171 3888 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

18:28:25.0171 3888 SPBBCDrv - ok

18:28:25.0187 3888 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:28:25.0187 3888 splitter - ok

18:28:25.0234 3888 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

18:28:25.0234 3888 sr - ok

18:28:25.0281 3888 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:28:25.0281 3888 Srv - ok

18:28:25.0312 3888 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:28:25.0312 3888 streamip - ok

18:28:25.0312 3888 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:28:25.0312 3888 swenum - ok

18:28:25.0328 3888 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:28:25.0328 3888 swmidi - ok

18:28:25.0375 3888 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:28:25.0375 3888 symc810 - ok

18:28:25.0390 3888 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:28:25.0390 3888 symc8xx - ok

18:28:25.0421 3888 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

18:28:25.0421 3888 SymEvent - ok

18:28:25.0468 3888 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

18:28:25.0468 3888 Symmpi - ok

18:28:25.0500 3888 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

18:28:25.0500 3888 SYMREDRV - ok

18:28:25.0515 3888 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

18:28:25.0515 3888 SYMTDI - ok

18:28:25.0515 3888 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:28:25.0515 3888 sym_hi - ok

18:28:25.0531 3888 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:28:25.0531 3888 sym_u3 - ok

18:28:25.0546 3888 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:28:25.0546 3888 sysaudio - ok

18:28:25.0593 3888 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:28:25.0593 3888 Tcpip - ok

18:28:25.0609 3888 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:28:25.0609 3888 TDPIPE - ok

18:28:25.0625 3888 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:28:25.0625 3888 TDTCP - ok

18:28:25.0640 3888 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:28:25.0640 3888 TermDD - ok

18:28:25.0656 3888 TosIde - ok

18:28:25.0687 3888 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:28:25.0687 3888 Udfs - ok

18:28:25.0718 3888 ultra - ok

18:28:25.0750 3888 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

18:28:25.0750 3888 usbaudio - ok

18:28:25.0796 3888 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:28:25.0796 3888 usbccgp - ok

18:28:25.0859 3888 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:28:25.0859 3888 usbehci - ok

18:28:25.0890 3888 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:28:25.0890 3888 usbhub - ok

18:28:25.0906 3888 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:28:25.0906 3888 usbprint - ok

18:28:25.0953 3888 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:28:25.0953 3888 usbscan - ok

18:28:25.0984 3888 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:28:25.0984 3888 USBSTOR - ok

18:28:26.0000 3888 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:28:26.0000 3888 usbuhci - ok

18:28:26.0000 3888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:28:26.0000 3888 VgaSave - ok

18:28:26.0031 3888 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:28:26.0031 3888 ViaIde - ok

18:28:26.0109 3888 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

18:28:26.0109 3888 VolSnap - ok

18:28:26.0125 3888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:28:26.0125 3888 Wanarp - ok

18:28:26.0125 3888 WDICA - ok

18:28:26.0156 3888 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:28:26.0156 3888 wdmaud - ok

18:28:26.0218 3888 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:28:26.0218 3888 WSTCODEC - ok

18:28:26.0265 3888 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:28:26.0265 3888 WudfPf - ok

18:28:26.0281 3888 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:28:26.0281 3888 WudfRd - ok

18:28:26.0312 3888 MBR (0x1B8) (4975bdbeda8a3afb2aeadefc06ce9e12) \Device\Harddisk0\DR0

18:28:26.0328 3888 \Device\Harddisk0\DR0 - ok

18:28:26.0328 3888 Boot (0x1200) (f49342e98f8bd07d2d75c03971f059d5) \Device\Harddisk0\DR0\Partition0

18:28:26.0328 3888 \Device\Harddisk0\DR0\Partition0 - ok

18:28:26.0328 3888 ============================================================

18:28:26.0328 3888 Scan finished

18:28:26.0328 3888 ============================================================

18:28:26.0343 3896 Detected object count: 0

18:28:26.0343 3896 Actual detected object count: 0

[louka]

Goeiemorgen,

Ik heb nog eens een mbamscan gedaan.

Ik denk dat pc nog steeds geinfecteerd is.

Er wordt ook aangegeven dat het niet gelukt is alles te verwijderen.

Een hijack log lukt me niet.Ik krijg de melding"Kan geen toegang krijgen

tot de windows installer-service.

Neem contact op met het ondersteunend personeel"

Hopelijk weet je er iets meer mee?

Nogmaals bedankt voor de hulp.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Databaseversie: 8123

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/11/2011 8:12:55

mbam-log-2011-11-10 (08-12-55).txt

Scantype: Volledige scan (C:\|)

Objecten gescand: 282025

Verstreken tijd: 1 uur/uren, 21 minuut/minuten, 26 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 1

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

c:\documents and settings\administrator\local settings\application data\24c88bfc\U\800000cb.@ (Backdoor.0Access) -> Quarantined and deleted successfully.

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[louka]

Ziehier de log na combifix

Nogmaals hartelijk dank!

ComboFix 11-11-10.01 - Administrator 10/11/2011 13:51:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3549.2912 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

ADS - system32: deleted 4602 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\mdbu.bin

c:\documents and settings\Administrator\Local Settings\Application Data\24c88bfc\U

c:\documents and settings\Administrator\Local Settings\Application Data\24c88bfc\U\800000cf.@

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk

c:\windows\$NtUninstallKB20683$

c:\windows\$NtUninstallKB20683$\1617221710

c:\windows\$NtUninstallKB20683$\617122812\@

c:\windows\$NtUninstallKB20683$\617122812\L\rexeoctm

c:\windows\$NtUninstallKB20683$\617122812\loader.tlb

c:\windows\$NtUninstallKB20683$\617122812\U\@00000001

c:\windows\$NtUninstallKB20683$\617122812\U\@000000c0

c:\windows\$NtUninstallKB20683$\617122812\U\@000000cb

c:\windows\$NtUninstallKB20683$\617122812\U\@000000cf

c:\windows\$NtUninstallKB20683$\617122812\U\@80000000

c:\windows\$NtUninstallKB20683$\617122812\U\@800000c0

c:\windows\$NtUninstallKB20683$\617122812\U\@800000cb

c:\windows\$NtUninstallKB20683$\617122812\U\@800000cf

c:\windows\bwUnin-6.1.4.68-8876480L.exe

c:\windows\g32.txt

c:\windows\XSxS

c:\windows\system32\ . . . . konden niet verwijderd worden

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-10 to 2011-11-10 ))))))))))))))))))))))))))))))

.

.

2011-11-10 09:42 . 2011-11-10 09:42 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2011-11-08 15:17 . 2011-11-08 15:17 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-07 08:42 . 2011-11-10 12:56 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Application Data\24c88bfc

2011-10-30 08:00 . 2011-10-30 08:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2011-10-17 08:40 . 2011-10-17 08:40 -------- d-----w- c:\program files\Teach2000

2011-10-16 12:03 . 2011-10-23 19:18 -------- d-----w- C:\output

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 15:37 . 2010-03-11 17:08 58112 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-09 09:12 . 2008-04-15 05:32 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00 . 2010-06-01 09:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 09:51 . 2011-08-28 09:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-26 18:42 . 2011-06-26 18:42 48606840 ----a-w- c:\program files\Colruyt_bnl_Setup.exe

2010-06-04 06:56 . 2010-06-04 06:56 49152 ----a-w- c:\program files\Install EclipseCrossword.exe

2010-06-02 09:02 . 2010-06-02 08:57 3387040 ----a-w- c:\program files\ccsetup232.exe

2010-06-01 09:33 . 2010-06-01 09:33 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe

2010-05-31 19:54 . 2010-05-31 19:51 401720 ----a-w- c:\program files\HiJackThis.exe

2010-05-31 19:50 . 2010-05-31 19:49 1402880 ----a-w- c:\program files\HiJackThis.msi

2010-05-31 18:13 . 2010-05-31 18:13 45568 ----a-w- c:\program files\ATF-Cleaner.exe

2010-04-19 17:57 . 2010-04-19 17:57 123295249 ----a-w- c:\program files\spectorbestel.exe

2010-03-11 19:41 . 2010-03-11 19:41 1160528 ----a-w- c:\program files\wlsetup-custom.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ExtraFilmManager"="c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" [2010-06-15 159744]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MBCameraMonitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\MBCameraMonitor.lnk

backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Guard

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]

2007-10-09 14:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-01-18 16:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-01-18 16:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-01-18 16:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2008-04-07 06:10 318488 ----a-w- c:\program files\PDF Complete\pdfsty.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-10-06 13:15 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_2.EXE"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/08/2010 10:15 28552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10/05/2010 19:41 67656]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/03/2010 19:27 576024]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [12/03/2010 3:05 243856]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/11/2011 4:37 106104]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 21:09 267568]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [30/09/2008 17:41 116664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371083212-2573323469-3921880004-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 08:01]

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371083212-2573323469-3921880004-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 08:01]

.

2011-11-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 21:44]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.gva.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-88884985.sys

SafeBoot-klmdb.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-10 13:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2371083212-2573323469-3921880004-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,60,07,e4,58,0b,e2,4e,98,b2,6e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,83,64,38,7c,b4,56,4e,80,26,75,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(844)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(2916)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2011-11-10 14:01:54 - machine werd herstart

ComboFix-quarantined-files.txt 2011-11-10 13:01

.

Pre-Run: 395.060.498.432 bytes beschikbaar

Post-Run: 395.227.529.216 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 3666D2BEDE20348A74226334867763CE

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Ask.com

File::

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Firefox::

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[louka]

Zoals gevraagd...

Een Hijackthislog lukt niet,ook niet in veilige modus.

Ik krijg de boodschap:Kan geen toegang krijgen tot de windows installer-service.Dit kan optreden als de windows installer onjuist is geinstalleerd.Neem contact op met het ondersteunend personeel voor hulp"

ComboFix 11-11-11.02 - Administrator 11/11/2011 10:05:34.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3549.2655 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

FILE ::

"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\.svn\prop-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\.svn\text-base\chrome.manifest.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\.svn\text-base\install.rdf.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\.svn\text-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\prop-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\babylon.css.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\babylon.xul.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\bbylnDef.js.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\btnInf.js.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\mtrprt.js.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\PPCB.js.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\rd.htm.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\tmplt.js.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\babylon.css

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\babylon.xul

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\bbylnDef.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\btnInf.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\09.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\arwDwn.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\bbyln.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\buy.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\games.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\greenCard.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\help_16.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\home.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\icons.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\languages.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\logo.PNG.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\lottery.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\mj.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\privecy_16_hot.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\radio.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\search.PNG.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\stat.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\tellafriend.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\translate.PNG.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\09.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\arwDwn.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\bbyln.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\buy.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\games.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\greenCard.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\help_16.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\home.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\icons.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\languages.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\logo.PNG.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\lottery.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\mj.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\privecy_16_hot.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\radio.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\search.PNG.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\stat.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\tellafriend.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\translate.PNG.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\ae.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\bg.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\cn.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\cz.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\de.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\eg.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\en.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\es.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\fr.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\gr.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\he.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\il.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\it.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\ja.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\jp.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\nl.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\no.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\pl.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\pt.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\ro.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\ru.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\sa.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\se.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\sv.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\Thumbs.db.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\tr.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\ua.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base\us.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\ae.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\bg.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\cn.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\cz.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\de.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\eg.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\en.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\es.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\fr.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\gr.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\he.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\il.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\it.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\ja.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\jp.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\nl.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\no.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\pl.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\pt.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\ro.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\ru.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\sa.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\se.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\sv.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\Thumbs.db.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\tr.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\ua.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base\us.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\bg.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\chooseStation.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\lines.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\pauseBtn.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\playBtn.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\rd_strp.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base\Thumbs.db.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\bg.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\chooseStation.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\lines.gif.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\pauseBtn.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\playBtn.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\rd_strp.png.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base\Thumbs.db.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\instlgc.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\mtrprt.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\PPCB.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\rd.htm

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\tmplt.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\content\vssver.scc

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\all-wcprops

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\entries

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\prop-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\text-base\instlPref.js.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\text-base\vssver.scc.svn-base

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\defaults\preferences\vssver.scc

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\ffxtlbr@babylon.com\vssver.scc

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\about.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\about.xul

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\cache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\constants.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\core.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\events.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\feeds.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\json.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\listeners.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\locale.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\logger.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\network.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\observer.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\options.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\options.xul

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\preferences.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\prefetch.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\suggestions.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\update.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\utilities.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\content\widgets.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\abc.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\as.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\bg.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\bild.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\blogs.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\business.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\chevron.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\close.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\expansion.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\feed.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\folha.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\frostwires.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\ft.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\ftd.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\g1.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\gripper.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\hola.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_film1_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_history_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_news_ru_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_nu_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_radiodigital_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_sports_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_sportsru_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icon_vk_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\icons_business_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\images.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\kicker.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\laposte.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\maps.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\marmiton.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\mtv.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\news.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\or***.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\preferences.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_de.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_es.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_it.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\searchbox.xml

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\shopping.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\sports.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\stocks.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\terra.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\tv.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\uol.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\weather.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\web.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\web_de.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-11-Nov-2010-17-31-17-GMT\ff-config.zip

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-16-Dec-2010-17-10-41-GMT\ff-config.zip

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-31-Aug-2011-07-29-51-GMT\ff-config.zip

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\datastore\cache.sqlite

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\defaults.js.bak

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1289496667408.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1289496673217.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1289496673493.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1289496688912.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1289573412679.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1292519440342.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1293657030304.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1295283030313.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1298285022185.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1314775790677.html

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\extensions\toolbar@ask.com\logs\asktb-log-1320329933242.html

c:\program files\Ask.com

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\fv_17e.ico

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\Thumbs.db

c:\program files\Ask.com\UpdateTask.exe

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))

.

.

2011-11-11 08:56 . 2011-11-11 09:03 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend

2011-11-08 15:17 . 2011-11-08 15:17 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-07 08:42 . 2011-11-10 12:56 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Application Data\24c88bfc

2011-10-30 08:00 . 2011-10-30 08:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2011-10-17 08:40 . 2011-10-17 08:40 -------- d-----w- c:\program files\Teach2000

2011-10-16 12:03 . 2011-10-23 19:18 -------- d-----w- C:\output

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-09 15:37 . 2010-03-11 17:08 58112 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-09-09 09:12 . 2008-04-15 05:32 602624 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00 . 2010-06-01 09:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 09:51 . 2011-08-28 09:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-26 18:42 . 2011-06-26 18:42 48606840 ----a-w- c:\program files\Colruyt_bnl_Setup.exe

2010-06-04 06:56 . 2010-06-04 06:56 49152 ----a-w- c:\program files\Install EclipseCrossword.exe

2010-06-02 09:02 . 2010-06-02 08:57 3387040 ----a-w- c:\program files\ccsetup232.exe

2010-06-01 09:33 . 2010-06-01 09:33 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe

2010-05-31 19:54 . 2010-05-31 19:51 401720 ----a-w- c:\program files\HiJackThis.exe

2010-05-31 19:50 . 2010-05-31 19:49 1402880 ----a-w- c:\program files\HiJackThis.msi

2010-05-31 18:13 . 2010-05-31 18:13 45568 ----a-w- c:\program files\ATF-Cleaner.exe

2010-04-19 17:57 . 2010-04-19 17:57 123295249 ----a-w- c:\program files\spectorbestel.exe

2010-03-11 19:41 . 2010-03-11 19:41 1160528 ----a-w- c:\program files\wlsetup-custom.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-10_12.59.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-11 08:49 . 2011-11-11 08:49 16384 c:\windows\Temp\Perflib_Perfdata_2ac.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-01 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ExtraFilmManager"="c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" [2010-06-15 159744]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^MBCameraMonitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\MBCameraMonitor.lnk

backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]

2007-10-09 14:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

2005-01-18 16:07 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

2005-01-18 16:47 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

2005-01-18 16:37 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2008-04-07 06:10 318488 ----a-w- c:\program files\PDF Complete\pdfsty.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2011-10-06 13:15 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_2.EXE"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=

"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [4/08/2010 10:15 28552]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]

R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [10/05/2010 19:41 67656]

R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/03/2010 19:27 576024]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [12/03/2010 3:05 243856]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/11/2011 4:37 106104]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 21:09 267568]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [30/09/2008 17:41 116664]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371083212-2573323469-3921880004-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 08:01]

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371083212-2573323469-3921880004-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-30 08:01]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.gva.be/

mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jtsv1642.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/nl/index.php?rvs=google

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-11 10:09

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2371083212-2573323469-3921880004-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,60,07,e4,58,0b,e2,4e,98,b2,6e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,80,83,64,38,7c,b4,56,4e,80,26,75,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(840)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Voltooingstijd: 2011-11-11 10:09:53

ComboFix-quarantined-files.txt 2011-11-11 09:09

ComboFix2.txt 2011-11-10 13:01

.

Pre-Run: 395.251.703.808 bytes beschikbaar

Post-Run: 395.238.260.736 bytes beschikbaar

.

- - End Of File - - 80D5BD10630BC0EFFDC974F554C5F0B8

[kape]

Deze vetgedrukte map mag je manueel verwijderen : c:\documents and settings\Administrator\Local Settings\Application Data\24c88bfc

Verwijder dan HijackThis (indien nog aanwezig) en download dan een nieuwe versie van HijackThis. Maar wijzig bij het downloaden de naam van het bestand hijackthis.exe in 12345.exe ... en probeer dan eens of scannen dan wél lukt ?

[louka]

Ik kan hijackthis niet verwijderen.

Ik krijg de melding:Kan geen toegang krijgen tot de windows-installer service.De oorzaak kan zijn dat u windows in veilige modus hebt gestart(wat ik niet gedaan heb!!) of dat windows installer onjuist geïnstalleerd is.

Is er nog iets anders dat ik kan doen?

Alvast bedankt.