Ga naar inhoud

Ukash virus

bluewhite85
 Delen

Aanbevolen berichten

bluewhite85 Verkenner

bluewhite85

Geplaatst:
  • Auteur
Geplaatst: 
HitmanPro 3.7.6.201
[url="http://www.hitmanpro.com"]www.hitmanpro.com[/url]
  Computer name . . . . : COMPUTER
  Windows . . . . . . . : 5.1.3.2600.X86/4
  User name . . . . . . : Ecommit
  License . . . . . . . : Free
  Scan date . . . . . . : 2013-06-25 18:37:09
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 9m 33s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 30
  Traces  . . . . . . . : 3970
  Objects scanned . . . : 848.782
  Files scanned . . . . : 83.652
  Remnants scanned  . . : 147.599 files / 617.531 keys
Miniport ____________________________________________________________________
  Primary
     DriverObject . . . : 8B0E70C8
     DriverName . . . . : \Driver\atapi
     DriverPath . . . . : atapi.sys
     StartIo  . . . . . : B9E1E864 atapi.sys+30820
     IRP_MJ_SCSI  . . . : B9E20B40 atapi.sys+39744
  Solution
     DriverObject . . . : 8B0E70C8
     DriverName . . . . : \Driver\atapi
     DriverPath . . . . : atapi.sys
     StartIo  . . . . . : B9E1E864 atapi.sys+30820
     IRP_MJ_SCSI  . . . : B9E1D852 atapi.sys+26706
Malware _____________________________________________________________________
  C:\WINDOWS\system32\expand.exe
     Size . . . . . . . : 16.896 bytes
     Age  . . . . . . . : 1544.3 days (2009-04-03 11:24:44)
     Entropy  . . . . . : 5.6
     SHA-256  . . . . . : 4722709BD2B0EAAA240C6850AE6BA05EA4F52CA95AF20A7A700C94817691D90C
     Product  . . . . . : Besturingssysteem Microsoft® Windows®
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : Hulpprogramma LZ Expansion
     Version  . . . . . : 5.1.2600.0
     Copyright  . . . . : © Microsoft Corporation. Alle rechten voorbehouden.
   > Ikarus . . . . . . : Virus.Win32.Virut!IK
     Fuzzy  . . . . . . : 110.0
  C:\WINDOWS\system32\netsetup.exe
     Size . . . . . . . : 351.744 bytes
     Age  . . . . . . . : 1544.3 days (2009-04-03 11:25:08)
     Entropy  . . . . . : 7.8
     SHA-256  . . . . . : AFDA0E70A2A38A2B45CBB59F82EECF93803F7C37BECE56EBC04BFAB2D2CC8689
     Product  . . . . . : Besturingssysteem Microsoft® Windows®
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : Win32 Cabinet Self-Extractor                                           
     Version  . . . . . : 6.00.3000.0000
     Copyright  . . . . : © Microsoft Corporation. Alle rechten voorbehouden.
   > G Data . . . . . . : Gen:Malware.Heur.vm0@bCpZfSlO (Engine A)
   > Ikarus . . . . . . : Gen.Malware.Heur!IK
     Fuzzy  . . . . . . : 117.0
  C:\WINDOWS\system32\spnpinst.exe
     Size . . . . . . . : 27.136 bytes
     Age  . . . . . . . : 1544.3 days (2009-04-03 11:25:18)
     Entropy  . . . . . : 7.4
     SHA-256  . . . . . : A492B951FB08B3F712E485813340EF7AFA6FE5D58C7DB83497FF5792255ADB11
     Product  . . . . . : Microsoft® Windows® Operating System
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : Peer-to-Peer Custom Setup
     Version  . . . . . : 5.1.2600.5512
     Copyright  . . . . : © Microsoft Corporation. All rights reserved.
   > G Data . . . . . . : Gen:Malware.Heur.bm0@bun5ROgi (Engine A)
   > Ikarus . . . . . . : Gen.Malware.Heur!IK
     Fuzzy  . . . . . . : 112.0

Potential Unwanted Programs _________________________________________________
  C:\Documents and Settings\All Users\Application Data\Babylon\ (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\BabAll.dat (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\ (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\64696AU7MP_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\6PR5580MEE_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\6RHZSDV3KE_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\7BZ95AEQPT_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\7BZ95AEQPT_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\9MNN3FNCUA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\9MNN3FNCUA_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\AVKMVPKAU6_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\AVKMVPKAU6_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\B3UREHM8F6_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\BEXGNJURCA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\CDWYSD0KQA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\CDWYSD0KQA_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\D35ZVSJUGA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\D35ZVSJUGA_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\GXD7K8XNM6_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\HCZ7J3Q8UA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\KVG0R4N8AE_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\KVG0R4N8AE_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\M534MSC3GP_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\QGDUSRR4JA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\RHFWM3WFXJ_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\UJAN48NM5P_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\UJAN48NM5P_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\UWXWZCZR2A_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\UWXWZCZR2A_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\WHBVH86TJX_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\WZQV2X3J6E_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\YC9EPB7CF2_glossary_icon.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\YC9EPB7CF2_glossary_icon2.ico (Babylon)
  C:\Documents and Settings\All Users\Application Data\Babylon\Content\icons\YPSR537K76_glossary_icon.ico (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\ (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\Content\icons\ (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\Content\icons\6RHZSDV3KE_glossary_icon.ico (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\Content\icons\HCZ7J3Q8UA_glossary_icon.ico (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\FLStat.dat (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\log_file.txt (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\MyList.dat (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\ocr_cache (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\ocr_data (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\updates\ (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\updates\convert.dat (Babylon)
  C:\Documents and Settings\Ecommit\Application Data\Babylon\updates\rates.dat (Babylon)
  C:\Documents and Settings\Ecommit\Local Settings\Application Data\Babylon\ (Babylon)
  C:\Program Files\Babylon\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\BabylonAgent.exe (Babylon)
     Size . . . . . . . : 458.056 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:21)
     Entropy  . . . . . : 7.8
     SHA-256  . . . . . : 072B7F9A020CCF1639FAF4E53A9FA842B361EA00460732B73B6D643F77B53729
     RSA Key Size . . . : 2048
     Authenticode . . . : Self-signed
     Fuzzy  . . . . . . : 9.0
  C:\Program Files\Babylon\Babylon-Pro\Agent\BDesktopAgent.dll (Babylon)
     Size . . . . . . . : 221.584 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:21)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : C7E0B23980034A28577BFC5AAFBC0463E26ABF74B198D1EB59B338E2B359675C
     Product  . . . . . : Babylon Desktop Agent
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Desktop Agent
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     RSA Key Size . . . : 2048
     Authenticode . . . : Self-signed
     Fuzzy  . . . . . . : -5.0
  C:\Program Files\Babylon\Babylon-Pro\Agent\ExcludeSelect.xml (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\notes.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\notes_off.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\purchase.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\purchase_off.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\spelling.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\spelling_off.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\translate.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\translate_off.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\units.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Agent\Graphics\units_off.png (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\BabyServices.dll (Babylon)
     Size . . . . . . . : 1.015.296 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 5.5
     SHA-256  . . . . . : A59D368D74365CBCF0A01885D7AC9861B1036009B5FFB45EE511D29004DB6B29
     Product  . . . . . : Babylon Client
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Services
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -8.0
  C:\Program Files\Babylon\Babylon-Pro\BContentServer.dll (Babylon)
     Size . . . . . . . : 2.562.048 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.0
     SHA-256  . . . . . : 9C2E5E099D139B8F0E9BE522171B1C5DE8C4D8C4DCCB90F72F7A5A722A9880D4
     Product  . . . . . : Babylon Client
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Content
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -8.0
  C:\Program Files\Babylon\Babylon-Pro\BContentServerExt.dll (Babylon)
     Size . . . . . . . : 440.832 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.2
     SHA-256  . . . . . : 5E5EC7C17DB1F710AE4D8CC0ED47A158EB0C8EC78A94647DE2D689CD299E803C
     Product  . . . . . : Babylon Client
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Document Provider
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -8.0
  C:\Program Files\Babylon\Babylon-Pro\BException.dll (Babylon)
     Size . . . . . . . : 112.128 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.2
     SHA-256  . . . . . : 7FBB387FC08328859490A82E47D7D8B17B74D4CCFB2BE7ED0E96A57AA2E2CDD2
     Product  . . . . . : Babylon Client
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon EXception
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -8.0
  C:\Program Files\Babylon\Babylon-Pro\captlib.dll (Babylon)
     Size . . . . . . . : 208.896 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 20C49651CCDEF9DBBB5C8267C00E1412B4353C624243D146BE1408302E52C6C5
     Product  . . . . . : Babylon Client
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Information Tool
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -8.0
  C:\Program Files\Babylon\Babylon-Pro\Data\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\Babylon.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BaseList.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Chinese_S__English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Chinese_T__English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Dutch_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Chinese_S__sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Chinese_T__sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Dutch_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_French_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_German_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Hebrew_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Italian_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Japanese_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Korean_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Portuguese_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Russian_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Spanish_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_English_Swedish_sub.bgl (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_French_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_German_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Hebrew_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Hebrew_Thesaurus_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Italian_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Japanese_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Portuguese_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Russian_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\BGLs\Babylon_Spanish_English_sub.BGL (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\CSConfig.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\Features.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Arabic.iso8859_6.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Arabic.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Arabic.windows1256.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Bulgarian.iso8859_5.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Bulgarian.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Chinese (S).gb2312.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Chinese (T).big5.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Czech.iso8859_2.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Czech.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Danish.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Dutch.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\English.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\English.shlomi.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\French.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\German.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Greek.iso8859_7.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Greek.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Hebrew.iso8859_8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Hebrew.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Hindi.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Hindi.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Hungarian.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Italian.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Japanese.euc_jp.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Japanese.shift_jis.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Japanese.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Korean.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Korean.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Norwegian.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Polish.iso8859_2.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Polish.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Portuguese.brazil.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Portuguese.europe.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Romanian.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Russian.iso8859_5.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Russian.koi8_r.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Russian.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Russian.windows1251.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Serbian.ascii.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Serbian.cyrillic-utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Spanish.basque.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Spanish.catalan.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Spanish.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Swedish.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Thai.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Thai.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Turkish.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Turkish.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Ukrainian.koi8_u.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\LDTs\Ukrainian.utf8.ldt (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\Metaphone.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Data\Strings.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Gloss\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Gloss\bab_hlp_static.bdc (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Gloss\bdcmpers.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Gloss\cslock.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Updates\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Updates\Convert.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Updates\Rates.dat (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Utils\ (Babylon)
  C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon)
     Size . . . . . . . : 252.304 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 21142376F2B4D82CA2981BFE8287783B91805510AC8DF5CD525CE7DB7B3CA295
     Product  . . . . . : Babylon IE Addin
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Internet Explorer Addin
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     RSA Key Size . . . : 2048
     Authenticode . . . : Self-signed
     Fuzzy  . . . . . . : -5.0
  C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll (Babylon)
     Size . . . . . . . : 286.720 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : D5BE1BEC5C5E11DD2FF3E819E35D1EE1285A8FC5C5419293DEE6B6667AB9BE60
     Product  . . . . . : Babylon Office Addin
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Babylon Office Addin
     Version  . . . . . : 8.0.0.22
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -8.0
  C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonRPI.api (Babylon)
     Size . . . . . . . : 161.280 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:21)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : A6E7E609EE7C008427806FA97D203DB25E37DD2441D33A3936C0D4D3FC8AFC86
     Product  . . . . . : Babylon BabylonRPI
     Publisher  . . . . : Babylon
     Description  . . . : Babylon Plug in for Acrobat Reader
     Version  . . . . . : 1.0.1.0
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2009
     Fuzzy  . . . . . . : -4.0
  C:\Program Files\Babylon\Babylon-Pro\Utils\MyBabylonIE.exe (Babylon)
     Size . . . . . . . : 1.497.872 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:21)
     Entropy  . . . . . : 8.0
     SHA-256  . . . . . : 02CBA23F13BFD7B1CA740589E64FA82F34B36AD963BBA18B4E1BA4CC05E6666E
     Publisher
     Description  . . . : myBabylon_English Toolbar
     Version  . . . . . : 4.5.192.5
     Copyright  . . . . : Conduit Ltd.
     RSA Key Size . . . : 1024
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -6.0
  C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe (Babylon)
     Size . . . . . . . : 435.600 bytes
     Age  . . . . . . . : 1087.0 days (2010-07-04 18:03:20)
     Entropy  . . . . . : 6.2
     SHA-256  . . . . . : 0A30BA1D17B44F3B586E80EE9913FE060D50C2D7807A94862DAF9C8E74DA203C
     RSA Key Size . . . : 2048
     Authenticode . . . : Self-signed
     Fuzzy  . . . . . . : -3.0
  HKLM\SOFTWARE\babylon\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\babyloniepi.dll\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{b16632f1-24e0-4d99-a68d-70bfb6447c48}\ (Babylon)
  HKLM\SOFTWARE\Classes\babydict\ (Babylon)
  HKLM\SOFTWARE\Classes\babygloss\ (Babylon)
  HKLM\SOFTWARE\Classes\babyloniepi.babyloniebho.1\ (Babylon)
  HKLM\SOFTWARE\Classes\babyloniepi.babyloniebho\ (Babylon)
  HKLM\SOFTWARE\Classes\babylonofficeaddin.officeaddin.1\ (Babylon)
  HKLM\SOFTWARE\Classes\babylonofficeaddin.officeaddin\ (Babylon)
  HKLM\SOFTWARE\Classes\babyoptfile\ (Babylon)
  HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5}\ (Babylon)
  HKLM\SOFTWARE\Classes\CLSID\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{5f339f0b-716f-408f-a627-deeb5deb4020}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{b7ea2226-f876-4be4-b478-76ebae2a668a}\ (Babylon)
  HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bdc\ (Babylon)
  HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bgl\ (Babylon)
  HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bof\ (Babylon)
  HKLM\SOFTWARE\Classes\prod.cap\ (Claro)
  HKLM\SOFTWARE\Classes\s\ (Softonic)
  HKLM\SOFTWARE\Classes\TypeLib\{5c9a2304-70a5-11d5-afb0-0050dac67890}\ (Babylon)
  HKLM\SOFTWARE\Classes\TypeLib\{a1489c85-4f6f-48c4-ac9e-18b63af4703e}\ (Babylon)
  HKLM\SOFTWARE\Classes\TypeLib\{f310f027-15cb-4a7f-b10d-3a4afb5013a5}\ (Babylon)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\babylon.exe\ (Babylon)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\babylon\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\babylon\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\Microsoft\Internet Explorer\MenuExt\translate this web page with babylon\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\Microsoft\Internet Explorer\MenuExt\translate with babylon\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\Microsoft\Office\powerpoint\addins\babylonofficeaddin.officeaddin\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}\ (Babylon)
  HKU\S-1-5-21-1004336348-854245398-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{f72841f0-4ef1-4df5-bce5-b3ac8acf5478}\ (Babylon)
Cookies _____________________________________________________________________
  C:\Documents and Settings\Ecommit\Cookies\002JU9VV.txt
  C:\Documents and Settings\Ecommit\Cookies\0477FQ7K.txt
  C:\Documents and Settings\Ecommit\Cookies\08AZ6IBF.txt
  C:\Documents and Settings\Ecommit\Cookies\09OFXU9V.txt
  C:\Documents and Settings\Ecommit\Cookies\0EUFLIIW.txt
  C:\Documents and Settings\Ecommit\Cookies\0GN096SZ.txt
  C:\Documents and Settings\Ecommit\Cookies\0OHDWRU7.txt
  C:\Documents and Settings\Ecommit\Cookies\0P9UQ0CZ.txt
  C:\Documents and Settings\Ecommit\Cookies\0PF5YRH2.txt
  C:\Documents and Settings\Ecommit\Cookies\0PTCTDBE.txt
  C:\Documents and Settings\Ecommit\Cookies\0QE2OY59.txt
  C:\Documents and Settings\Ecommit\Cookies\0S58R4RS.txt
  C:\Documents and Settings\Ecommit\Cookies\0S87YJU4.txt
  C:\Documents and Settings\Ecommit\Cookies\0V1IMX0C.txt
  C:\Documents and Settings\Ecommit\Cookies\15B2VSKR.txt
  C:\Documents and Settings\Ecommit\Cookies\17YR7HLW.txt
  C:\Documents and Settings\Ecommit\Cookies\1B4H5KDP.txt
  C:\Documents and Settings\Ecommit\Cookies\1JA96FT8.txt
  C:\Documents and Settings\Ecommit\Cookies\1RFH4MWH.txt
  C:\Documents and Settings\Ecommit\Cookies\1TM28S3Z.txt
  C:\Documents and Settings\Ecommit\Cookies\28HF1QZX.txt
  C:\Documents and Settings\Ecommit\Cookies\2IN3R5TM.txt
  C:\Documents and Settings\Ecommit\Cookies\2K1AJQLX.txt
  C:\Documents and Settings\Ecommit\Cookies\2OY32CKR.txt
  C:\Documents and Settings\Ecommit\Cookies\2W7IKLW3.txt
  C:\Documents and Settings\Ecommit\Cookies\2WA7O8D3.txt
  C:\Documents and Settings\Ecommit\Cookies\336QMZGN.txt
  C:\Documents and Settings\Ecommit\Cookies\38IYLU74.txt
  C:\Documents and Settings\Ecommit\Cookies\3ESD9TU7.txt
  C:\Documents and Settings\Ecommit\Cookies\3G0TRNXY.txt
  C:\Documents and Settings\Ecommit\Cookies\3GJANP5X.txt
  C:\Documents and Settings\Ecommit\Cookies\3NL5C2HE.txt
  C:\Documents and Settings\Ecommit\Cookies\3W8LL6LB.txt
  C:\Documents and Settings\Ecommit\Cookies\3Z7F2M5U.txt
  C:\Documents and Settings\Ecommit\Cookies\42XGDSGX.txt
  C:\Documents and Settings\Ecommit\Cookies\4FCUSY49.txt
  C:\Documents and Settings\Ecommit\Cookies\4FKRJ5ZM.txt
  C:\Documents and Settings\Ecommit\Cookies\4KPHQ3E1.txt
  C:\Documents and Settings\Ecommit\Cookies\4TZTGMZA.txt
  C:\Documents and Settings\Ecommit\Cookies\4ZB536ZX.txt
  C:\Documents and Settings\Ecommit\Cookies\509XU2HX.txt
  C:\Documents and Settings\Ecommit\Cookies\5317SB2Z.txt
  C:\Documents and Settings\Ecommit\Cookies\5E8W770I.txt
  C:\Documents and Settings\Ecommit\Cookies\5JF7HTZI.txt
  C:\Documents and Settings\Ecommit\Cookies\5L2POJM3.txt
  C:\Documents and Settings\Ecommit\Cookies\5M39U1ZY.txt
  C:\Documents and Settings\Ecommit\Cookies\5PSMQL9H.txt
  C:\Documents and Settings\Ecommit\Cookies\5S8SCMD1.txt
  C:\Documents and Settings\Ecommit\Cookies\62012853.txt
  C:\Documents and Settings\Ecommit\Cookies\66N3E0WF.txt
  C:\Documents and Settings\Ecommit\Cookies\6AH1G64O.txt
  C:\Documents and Settings\Ecommit\Cookies\6S2HGJV2.txt
  C:\Documents and Settings\Ecommit\Cookies\6V292QWP.txt
  C:\Documents and Settings\Ecommit\Cookies\783LECTS.txt
  C:\Documents and Settings\Ecommit\Cookies\79YDLKXB.txt
  C:\Documents and Settings\Ecommit\Cookies\7GBK3RL0.txt
  C:\Documents and Settings\Ecommit\Cookies\7SEW28I9.txt
  C:\Documents and Settings\Ecommit\Cookies\7WCNKZX5.txt
  C:\Documents and Settings\Ecommit\Cookies\84TV586Q.txt
  C:\Documents and Settings\Ecommit\Cookies\893V58BM.txt
  C:\Documents and Settings\Ecommit\Cookies\8GTD5ME9.txt
  C:\Documents and Settings\Ecommit\Cookies\8QIKB410.txt
  C:\Documents and Settings\Ecommit\Cookies\8S03ATQ6.txt
  C:\Documents and Settings\Ecommit\Cookies\8VGJZ3MO.txt
  C:\Documents and Settings\Ecommit\Cookies\8VKVCT2P.txt
  C:\Documents and Settings\Ecommit\Cookies\91NLNTAJ.txt
  C:\Documents and Settings\Ecommit\Cookies\9FB3YZ5J.txt
  C:\Documents and Settings\Ecommit\Cookies\9I9JU60L.txt
  C:\Documents and Settings\Ecommit\Cookies\9RLBBLPO.txt
  C:\Documents and Settings\Ecommit\Cookies\A09X3EIP.txt
  C:\Documents and Settings\Ecommit\Cookies\A0D984MO.txt
  C:\Documents and Settings\Ecommit\Cookies\A3M9S45A.txt
  C:\Documents and Settings\Ecommit\Cookies\ABWTK2K9.txt
  C:\Documents and Settings\Ecommit\Cookies\APHQLC54.txt
  C:\Documents and Settings\Ecommit\Cookies\AVC320TG.txt
  C:\Documents and Settings\Ecommit\Cookies\AZPHUE0F.txt
  C:\Documents and Settings\Ecommit\Cookies\B6CNLLX3.txt
  C:\Documents and Settings\Ecommit\Cookies\B6HSZAUX.txt
  C:\Documents and Settings\Ecommit\Cookies\BBRC1N7U.txt
  C:\Documents and Settings\Ecommit\Cookies\BUPDKSSH.txt
  C:\Documents and Settings\Ecommit\Cookies\BWCNW08U.txt
  C:\Documents and Settings\Ecommit\Cookies\BZR0XQB4.txt
  C:\Documents and Settings\Ecommit\Cookies\C121OATN.txt
  C:\Documents and Settings\Ecommit\Cookies\C19PIPCD.txt
  C:\Documents and Settings\Ecommit\Cookies\C2QY7Y2Z.txt
  C:\Documents and Settings\Ecommit\Cookies\C771U97I.txt
  C:\Documents and Settings\Ecommit\Cookies\CE7PB6T5.txt
  C:\Documents and Settings\Ecommit\Cookies\CE8035KQ.txt
  C:\Documents and Settings\Ecommit\Cookies\CTCQA34Y.txt
  C:\Documents and Settings\Ecommit\Cookies\D9MZQ5V9.txt
  C:\Documents and Settings\Ecommit\Cookies\DFJOQB28.txt
  C:\Documents and Settings\Ecommit\Cookies\DZGWT07Q.txt
  C:\Documents and Settings\Ecommit\Cookies\ECSFQZF6.txt
  C:\Documents and Settings\Ecommit\Cookies\ECU533JU.txt
  C:\Documents and Settings\Ecommit\Cookies\EPBQ6S7R.txt
  C:\Documents and Settings\Ecommit\Cookies\ET7Y03OX.txt
  C:\Documents and Settings\Ecommit\Cookies\EWNG21XP.txt
  C:\Documents and Settings\Ecommit\Cookies\FIWK9F3Y.txt
  C:\Documents and Settings\Ecommit\Cookies\G6G5552S.txt
  C:\Documents and Settings\Ecommit\Cookies\G8P6BB3P.txt
  C:\Documents and Settings\Ecommit\Cookies\GCZ5GP8R.txt
  C:\Documents and Settings\Ecommit\Cookies\GDTSKTE8.txt
  C:\Documents and Settings\Ecommit\Cookies\GJZDD0QE.txt
  C:\Documents and Settings\Ecommit\Cookies\GQ60IK4N.txt
  C:\Documents and Settings\Ecommit\Cookies\GZY91V7R.txt
  C:\Documents and Settings\Ecommit\Cookies\H0CGOV0X.txt
  C:\Documents and Settings\Ecommit\Cookies\HAHWQ52B.txt
  C:\Documents and Settings\Ecommit\Cookies\HQPX5SYW.txt
  C:\Documents and Settings\Ecommit\Cookies\HUL3BIS3.txt
  C:\Documents and Settings\Ecommit\Cookies\HZZ6L25V.txt
  C:\Documents and Settings\Ecommit\Cookies\I3NHWZU0.txt
  C:\Documents and Settings\Ecommit\Cookies\IBX5XJFT.txt
  C:\Documents and Settings\Ecommit\Cookies\ITD2QWSF.txt
  C:\Documents and Settings\Ecommit\Cookies\IY9UW02N.txt
  C:\Documents and Settings\Ecommit\Cookies\IZDI3DYB.txt
  C:\Documents and Settings\Ecommit\Cookies\J1VYECY8.txt
  C:\Documents and Settings\Ecommit\Cookies\J2TAWW5V.txt
  C:\Documents and Settings\Ecommit\Cookies\J37BCEFC.txt
  C:\Documents and Settings\Ecommit\Cookies\J6KG7FAP.txt
  C:\Documents and Settings\Ecommit\Cookies\JIFKNED9.txt
  C:\Documents and Settings\Ecommit\Cookies\KC4P4QU1.txt
  C:\Documents and Settings\Ecommit\Cookies\KRUL87G6.txt
  C:\Documents and Settings\Ecommit\Cookies\L183S0EX.txt
  C:\Documents and Settings\Ecommit\Cookies\L9IPSK36.txt
  C:\Documents and Settings\Ecommit\Cookies\LA3XAYLH.txt
  C:\Documents and Settings\Ecommit\Cookies\LAMJVNWN.txt
  C:\Documents and Settings\Ecommit\Cookies\LLETRKQC.txt
  C:\Documents and Settings\Ecommit\Cookies\LS4UJU0D.txt
  C:\Documents and Settings\Ecommit\Cookies\LU3VA3K8.txt
  C:\Documents and Settings\Ecommit\Cookies\M0KVWA26.txt
  C:\Documents and Settings\Ecommit\Cookies\MHR9468R.txt
  C:\Documents and Settings\Ecommit\Cookies\MZSTQHIC.txt
  C:\Documents and Settings\Ecommit\Cookies\NFB90QL3.txt
  C:\Documents and Settings\Ecommit\Cookies\NNM8FDUL.txt
  C:\Documents and Settings\Ecommit\Cookies\NUTP0317.txt
  C:\Documents and Settings\Ecommit\Cookies\O2M6DDUQ.txt
  C:\Documents and Settings\Ecommit\Cookies\OL51655P.txt
  C:\Documents and Settings\Ecommit\Cookies\OSNQ3JJF.txt
  C:\Documents and Settings\Ecommit\Cookies\P1S6CZ5F.txt
  C:\Documents and Settings\Ecommit\Cookies\PIX7G96A.txt
  C:\Documents and Settings\Ecommit\Cookies\PU94NYHM.txt
  C:\Documents and Settings\Ecommit\Cookies\Q22XFPBC.txt
  C:\Documents and Settings\Ecommit\Cookies\Q3TR9CWQ.txt
  C:\Documents and Settings\Ecommit\Cookies\Q6QDBDJ2.txt
  C:\Documents and Settings\Ecommit\Cookies\Q7YADDJ1.txt
  C:\Documents and Settings\Ecommit\Cookies\QAMJPY54.txt
  C:\Documents and Settings\Ecommit\Cookies\QETS0WHP.txt
  C:\Documents and Settings\Ecommit\Cookies\QG9U1Z6L.txt
  C:\Documents and Settings\Ecommit\Cookies\QLXKVPU4.txt
  C:\Documents and Settings\Ecommit\Cookies\QTJTREHK.txt
  C:\Documents and Settings\Ecommit\Cookies\QUA1UJXM.txt
  C:\Documents and Settings\Ecommit\Cookies\R09EZ5VR.txt
  C:\Documents and Settings\Ecommit\Cookies\R6GJH4LT.txt
  C:\Documents and Settings\Ecommit\Cookies\RHEX3Y2C.txt
  C:\Documents and Settings\Ecommit\Cookies\RTAX2O9S.txt
  C:\Documents and Settings\Ecommit\Cookies\RXXYFRTW.txt
  C:\Documents and Settings\Ecommit\Cookies\S0EGNGPZ.txt
  C:\Documents and Settings\Ecommit\Cookies\SFOBBW5T.txt
  C:\Documents and Settings\Ecommit\Cookies\STXJENBQ.txt
  C:\Documents and Settings\Ecommit\Cookies\SV1HREUX.txt
  C:\Documents and Settings\Ecommit\Cookies\SZ0JTZAE.txt
  C:\Documents and Settings\Ecommit\Cookies\TGY1ICBK.txt
  C:\Documents and Settings\Ecommit\Cookies\TLXDY1AD.txt
  C:\Documents and Settings\Ecommit\Cookies\TPF7AHKE.txt
  C:\Documents and Settings\Ecommit\Cookies\TV2IEDJ8.txt
  C:\Documents and Settings\Ecommit\Cookies\TVM4C56N.txt
  C:\Documents and Settings\Ecommit\Cookies\TXB51ANS.txt
  C:\Documents and Settings\Ecommit\Cookies\TXHWAWPP.txt
  C:\Documents and Settings\Ecommit\Cookies\U1WG5DI8.txt
  C:\Documents and Settings\Ecommit\Cookies\U964CT90.txt
  C:\Documents and Settings\Ecommit\Cookies\UQ2QXVC3.txt
  C:\Documents and Settings\Ecommit\Cookies\UZ3580EG.txt
  C:\Documents and Settings\Ecommit\Cookies\V4WX3K5U.txt
  C:\Documents and Settings\Ecommit\Cookies\V9U2PNZQ.txt
  C:\Documents and Settings\Ecommit\Cookies\VEXTBEFJ.txt
  C:\Documents and Settings\Ecommit\Cookies\VKI705VY.txt
  C:\Documents and Settings\Ecommit\Cookies\VULYSH21.txt
  C:\Documents and Settings\Ecommit\Cookies\VW5PTFBX.txt
  C:\Documents and Settings\Ecommit\Cookies\VW8PG39W.txt
  C:\Documents and Settings\Ecommit\Cookies\VYLTNSY2.txt
  C:\Documents and Settings\Ecommit\Cookies\WCX3A49K.txt
  C:\Documents and Settings\Ecommit\Cookies\WH2CFGGV.txt
  C:\Documents and Settings\Ecommit\Cookies\WKRG8SF3.txt
  C:\Documents and Settings\Ecommit\Cookies\WMQOQY4X.txt
  C:\Documents and Settings\Ecommit\Cookies\WTIQ3RJL.txt
  C:\Documents and Settings\Ecommit\Cookies\WWP8Y2XX.txt
  C:\Documents and Settings\Ecommit\Cookies\X0R86EYO.txt
  C:\Documents and Settings\Ecommit\Cookies\XB62JEHE.txt
  C:\Documents and Settings\Ecommit\Cookies\XKFXER17.txt
  C:\Documents and Settings\Ecommit\Cookies\XMMAKY2M.txt
  C:\Documents and Settings\Ecommit\Cookies\XN999PG4.txt
  C:\Documents and Settings\Ecommit\Cookies\XOYEL0IZ.txt
  C:\Documents and Settings\Ecommit\Cookies\XTJDFZJF.txt
  C:\Documents and Settings\Ecommit\Cookies\Y3GFV4IA.txt
  C:\Documents and Settings\Ecommit\Cookies\Y3JWZ8MR.txt
  C:\Documents and Settings\Ecommit\Cookies\YA501FHH.txt
  C:\Documents and Settings\Ecommit\Cookies\YE68N7YX.txt
  C:\Documents and Settings\Ecommit\Cookies\YOP5XWCC.txt
  C:\Documents and Settings\Ecommit\Cookies\YRAZZRBU.txt
  C:\Documents and Settings\Ecommit\Cookies\YSIE1ULF.txt
  C:\Documents and Settings\Ecommit\Cookies\YTS5OTNC.txt
  C:\Documents and Settings\Ecommit\Cookies\Z1TIXTK6.txt
  C:\Documents and Settings\Ecommit\Cookies\Z5PH119P.txt
  C:\Documents and Settings\Ecommit\Cookies\ZBKFE9VJ.txt
  C:\Documents and Settings\Ecommit\Cookies\ZLN5N525.txt
  C:\Documents and Settings\Ecommit\Cookies\ZOE6LZ1K.txt
  C:\Documents and Settings\Ecommit\Cookies\ZW1SYDGJ.txt
  C:\Documents and Settings\Ecommit\Cookies\ZYTNX9XM.txt
  C:\Documents and Settings\Ecommit\Cookies\ZZPULLY9.txt

Link naar reactie
Delen op andere sites
Maxstar Mentor

Maxstar

Geplaatst:
Geplaatst:

Hoi,

Ik zie vermelding van Win32.Virut en gezien dit een "file-infector" betreft zou een herinstallatie van Windows de beste oplossing zijn aangezien deze malware eigenlijk niet te verwijderen is.

Er zijn ook aanwijzingen voor een rootkit, voor daarvoor het onderstaande eens uit.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit naar het bureaublad.

Klik hier voor de complete handleiding.

  • Pak het ZIP bestand uit en dubbelklik hierna op "mbar.exe" om de tool te starten.
  • Let op! Malwarebytes Anti-Rootkit dient onder een account met administrator rechten te worden uitgevoerd.
  • Klik in het introductiescherm op "next" om door te gaan.
  • Klik in het volgende scherm op Update om Malwarebytes Anti-Rootkit van de laatste definities te voorzien.
  • Klik als de update gereed is op "Next" en klik hierna op "Scan".
  • Als de scan gereed is en er geen malware is gedetecteerd klik dan op "Exit"
  • Indien er malware wordt gedetecteerd zorg dat de items zijn aangevinkt en klik op "Cleanup" en herstart de computer.
  • Open na de herstart de map van MBAR en plaats de twee onderstaande log bestanden als bijlage in het volgende bericht
  • "mbar-log-{datum} (xx-xx-xx).txt" & "system-log.txt"

Link naar reactie
Delen op andere sites
bluewhite85 Verkenner

bluewhite85

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

Ik heb het 2 keer gescand aangezien ik de eerste keer dacht dat het niet volledig gedaan was (het stopte gewoon zonder vermelding).

mbar-log

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

Database version: v2013.06.27.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Ecommit :: COMPUTER [administrator]

27/06/2013 18:14:22

-log-2013-06-27 (18-14-22).txt

Scan type: Quick scan

Scan options enabled: PUM | P2P

Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP

Objects scanned: 0

Time elapsed:

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

system-log.txt

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.327000 GHz

Memory total: 3217293312, free: 2433933312

Downloaded database version: v2013.06.26.04

Initializing...

------------ Kernel report ------------

06/26/2013 19:25:41

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

spim.sys

\WINDOWS\System32\Drivers\WMILIB.SYS

\WINDOWS\System32\Drivers\SCSIPORT.SYS

ACPI.sys

pci.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

sr.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

avgrkx86.sys

avglogx.sys

avgmfx86.sys

avgidshx.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\e1y5132.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\Afc.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\Drivers\aneh3xjz.SYS

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\avgfwdx.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\libusb0.sys

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\kmixer.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

\Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8b0f2ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-9\

Lower Device Object: 0xffffffff8b0c9d98

Lower Device Driver Name: \Driver\atapi\

IRP handler 0 of \Driver\atapi is hooked

IRP handler 2 of \Driver\atapi is hooked

IRP handler 14 of \Driver\atapi is hooked

IRP handler 15 of \Driver\atapi is hooked

IRP handler 22 of \Driver\atapi is hooked

IRP handler 23 of \Driver\atapi is hooked

IRP handler 27 of \Driver\atapi is hooked

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8b0f2ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-9\

Lower Device Object: 0xffffffff8b0c9d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8b0f2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8b187288, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8b0f2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8b0c9d98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-9\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe3f34bc8, 0xffffffff8b0f2ab8, 0xffffffff89f56718

Lower DeviceData: 0xffffffffe431c9d0, 0xffffffff8b0c9d98, 0xffffffff89e8ea68

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EE47EE47

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 521823267

Partition file system is NTFS

Partition is bootable

Partition 1 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 521823330 Numsec = 1431680670

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Read File: File "c:\documents and settings\all users\application data\avg2013\chjw\1220e8b020e89bcb.dat:52e53017-1c9e-485a-849b-3d7d6d69b460" is sparse (flags = 32768)

Read File: File "c:\documents and settings\all users\application data\avg2013\chjw\1220e8b020e89bcb.dat:70c7593a-b49c-4807-95fa-3e54fe9a5006" is sparse (flags = 32768)

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.327000 GHz

Memory total: 3217293312, free: 2652008448

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.327000 GHz

Memory total: 3217293312, free: 2488426496

Downloaded database version: v2013.06.26.05

Downloaded database version: v2013.06.26.06

Downloaded database version: v2013.06.26.07

Downloaded database version: v2013.06.27.01

Downloaded database version: v2013.06.27.02

Downloaded database version: v2013.06.27.03

Downloaded database version: v2013.06.27.04

Downloaded database version: v2013.06.27.05

Downloaded database version: v2013.06.27.06

Downloaded database version: v2013.06.27.07

Initializing...

------------ Kernel report ------------

06/27/2013 18:14:16

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

spsf.sys

\WINDOWS\System32\Drivers\WMILIB.SYS

\WINDOWS\System32\Drivers\SCSIPORT.SYS

ACPI.sys

pci.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

sr.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

Mup.sys

avgrkx86.sys

avglogx.sys

avgmfx86.sys

avgidshx.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\e1y5132.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\drivers\Afc.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\Drivers\awntsk3q.SYS

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\avgfwdx.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\libusb0.sys

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\npf.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\kmixer.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

\Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR3

Upper Device Object: 0xffffffff8a081030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000083\

Lower Device Object: 0xffffffff89ecd698

Lower Device Driver Name: \Driver\USBSTOR\

IRP handler 0 of \Driver\USBSTOR points to an unknown module

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR3

Upper Device Object: 0xffffffff8a081030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000083\

Lower Device Object: 0xffffffff89ecd698

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8b0c6ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-9\

Lower Device Object: 0xffffffff8b0ded98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8b0c6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8b0f6c60, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8b0c6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8b0ded98, DeviceName: \Device\Ide\IdeDeviceP3T1L0-9\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe3da98a8, 0xffffffff8b0c6ab8, 0xffffffff89f2fab8

Lower DeviceData: 0xffffffffe11bfc30, 0xffffffff8b0ded98, 0xffffffff89ffe040

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EE47EE47

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 521823267

Partition file system is NTFS

Partition is bootable

Partition 1 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 521823330 Numsec = 1431680670

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8a081030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a20ec50, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a081030, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89ecd698, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

Upper DeviceData: 0xffffffffe4046848, 0xffffffff8a081030, 0xffffffff89eed280

Lower DeviceData: 0xffffffffe3b475d0, 0xffffffff89ecd698, 0xffffffff89ef6c38

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 0

Partition information:

Partition 0 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 52 Numsec = 31283858

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 16026435072 bytes

Sector size: 512 bytes

Done!

Read File: File "c:\documents and settings\all users\application data\avg2013\chjw\1220e8b020e89bcb.dat:514e7d66-98fb-4903-b2d5-9c31fac8a957" is sparse (flags = 32768)

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_21

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.327000 GHz

Memory total: 3217293312, free: 2655621120

=======================================

Link naar reactie
Delen op andere sites
bluewhite85 Verkenner

bluewhite85

Geplaatst:
  • Auteur
Geplaatst:

Hallo,

Nee, buiten het feit dat de computer al een tijdje traag is, is er geen enkel probleem maar dit probleem zal opgelost zijn eenmaal ik de computer eens formatteer.

Ik vermoed dat ik nu gewoon op de knop "markeer als OPGELOST" moet drukken?

Alleszinds heel erg bedankt voor uw hulp!!!

Link naar reactie
Delen op andere sites
Maxstar Mentor

Maxstar

Geplaatst:
Geplaatst:

Hoi,

Graag gedaan en mooi dat het is opgelost... :top:

Voer nu als laatste nog even het programma "Delfix" uit, deze zal alle gebruikte tools en bijbehorende logbestanden van uw computer verwijderen.

  • Download "Delfix by Xplode" naar het bureaublad.
    • Dubbeklik op "Delfix.exe" om de tool te starten, wanneer u een melding van het gebruikersaccountbeheer krijgt staat u dit toe.
    • Vink nu de volgende items aan:
      • Remove disinfection tools
      • Purge System Restore
      • Reset system settings

      [*] Klik nu op "Run" en wacht geduldig tot de tool gereed is.

delfix.gif

Tot slot hieronder nog een overzicht met advies over de onderstaande onderwerpen:

  • Windows Updates
  • Software Updates
  • Wachtwoorden wijzigen
  • Beveiligingssoftware
  • Veilig gebruik van het internet

Windows Updates

Beveiligingsupdates voor Windows bieden bescherming bieden tegen nieuwe en doorlopende bedreigingen van uw privacy en uw computer. De beste manier om beveiligingsupdates te krijgen is het inschakelen van automatische updates van Windows en op de hoogte te blijven van actuele zaken op het gebied van beveiliging. Op de onderstaande link leest u hoe u de automatische updates kunt instellen en hoe u kunt controleren of er updates voor Windows beschikbaar zijn.

Software Updates

Naast het installeren van de beschikbare updates voor Windows is het ook heel belangrijk om uw overige software up-to-date te houden, verouderde software kunnen namelijk kwetsbaarheden bevatten die misbruikt kunnen worden door kwaadaardige programma's zoals virussen en malware. Op de onderstaande links kunt u nalezen hoe u uw software up-to-date kunt houden.

Beveiligingssoftware

Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Malwarebytes Antimalware of Emsisoft Anti-Malware.

Beide beveiligingspakketten zijn gratis als on-demand malwarescanner te gebruiken als aanvulling op uw geïnstalleerde virusscanner of ander beveiligingspakket, de gratis versie bieden echter geen real-time bescherming.

De betaalde versies bieden beide echter wel real-time bescherming, waarbij Malwarebytes Anti-Malware puur ontwikkeld is om te gebruiken als aanvullende malwarescanner en Emsisoft Anti-Malware ook geschikt om als primair beveiligingspakket te gebruiken.

Daarbij is de licentie van "Malwarebytes Anti-Malware" life time en dat houdt in dat dit geen jaar-licentie of dergelijke is die aan een bepaalde tijd is gebonden maar een éénmalige uitgave is.

Wachtwoorden wijzigen

De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.

Veilig gebruik van het internet

Wees altijd alert op het internet, zowel bij het bezoeken van websites als het downloaden van software. Hieronder een aantal informatieve artikelen.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.