Vertraagde laptop met popups.

[Juisterr]

Wil niet lukken.



Download Gmer Rootkitscanner: naar het bureaublad.

Het bestand dat je download bestaat uit een willekeurig gekozen combinatie van cijfers en letters. (vb jqb1jln3.exe of ubmp5cd5.exe steeds een combinatie van 8 cijfers en letters)

• Dubbelklik op dit "bestand" om Gmer te starten.
• Krijg je een melding dat er rootkits actief zijn en er wordt gevraagd om een scan uit te voeren, dan sta je dit niet toe.
• Aan de rechterkant heb je een aantal opties die je kan uit- of aanvinken.
• Standaard staat alles aangevinkt, dit laat je zo.
• Onder Files moet enkel de systeempartitie aangevinkt zijn. ( De systeempartitie is die partitie waarop je windows geïnstalleerd is.)
• Haal het vinkje weg bij "show all" ( dit mag niet aangevinkt zijn! )
• Klik nu op de "Scan" knop om de rootkitscan met Gmer te starten.
• Als de scan klaar is klik je op de knop "Save" en sla je het logje op op je bureaublad.
  ( Klik je op knop "Copy", dan wordt de volledige rapportje van de log naar het klembord gekopieerd en kan je via CTRL+V in je volgende post plakken. )
• Om Gmer te sluiten, klik je op de knop "Cancel".

Downloadt TDSSKiller en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

[frankie3]

Gmer log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-18 20:46:25
Windows 6.1.7600
Running: k0m49by1.exe; Driver: C:\Users\Frank\AppData\Local\Temp\fwkcruoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832262D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83225898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E56599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A0CCFC9D 28 Bytes [8F, 9E, F9, FB, B6, 79, 1C, ...]
.text peauth.sys A0CCFCC1 28 Bytes [8F, 9E, F9, FB, B6, 79, 1C, ...]
PAGE peauth.sys A0CD5E20 37 Bytes [64, 4C, 4E, BF, 73, 01, 86, ...]
PAGE peauth.sys A0CD5E57 46 Bytes [73, 29, B7, 43, 6D, 81, F9, ...]
PAGE peauth.sys A0CD602C 102 Bytes [C7, 49, 4E, C5, 8B, 4C, F3, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtProtectVirtualMemory 772F5380 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory 772F5F00 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!KiUserExceptionDispatcher 772F6448 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[952] ole32.dll!CoCreateInstance 770257FC 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[1032] ntdll.dll!NtProtectVirtualMemory 772F5380 5 Bytes JMP 001B000A
.text C:\Windows\Explorer.EXE[1032] ntdll.dll!NtWriteVirtualMemory 772F5F00 5 Bytes JMP 001C000A
.text C:\Windows\Explorer.EXE[1032] ntdll.dll!KiUserExceptionDispatcher 772F6448 5 Bytes JMP 0014000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001583188aca
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x6F 0xE5 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001583188aca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x6F 0xE5 0x61 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalo g:LastCatalogCrawlId 248
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalo g:LastCatalogCrawlModified 3
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@Crawl Type 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@InPro gress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@DoneA ddingCrawlSeeds 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@IsCat alogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@LogSt artAddId 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@Cra wlNumberInProgress 251

---- EOF - GMER 1.0.15 ----

[frankie3]

tdsskiller log:


2010/08/18 20:47:53.0081 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/18 20:47:53.0081 ================================================== ==============================
2010/08/18 20:47:53.0081 SystemInfo:
2010/08/18 20:47:53.0081
2010/08/18 20:47:53.0081 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/18 20:47:53.0081 Product type: Workstation
2010/08/18 20:47:53.0081 ComputerName: FRANKHOMELAPTOP
2010/08/18 20:47:53.0081 UserName: Frank
2010/08/18 20:47:53.0081 Windows directory: C:\Windows
2010/08/18 20:47:53.0081 System windows directory: C:\Windows
2010/08/18 20:47:53.0081 Processor architecture: Intel x86
2010/08/18 20:47:53.0081 Number of processors: 2
2010/08/18 20:47:53.0081 Page size: 0x1000
2010/08/18 20:47:53.0081 Boot type: Normal boot
2010/08/18 20:47:53.0081 ================================================== ==============================
2010/08/18 20:47:53.0315 Initialize success
2010/08/18 20:47:57.0215 ================================================== ==============================
2010/08/18 20:47:57.0215 Scan started
2010/08/18 20:47:57.0215 Mode: Manual;
2010/08/18 20:47:57.0215 ================================================== ==============================
2010/08/18 20:47:58.0229 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/18 20:47:58.0323 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/18 20:47:58.0385 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/18 20:47:58.0416 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/08/18 20:47:58.0479 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/18 20:47:58.0510 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/18 20:47:58.0541 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/18 20:47:58.0619 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/18 20:47:58.0682 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/18 20:47:58.0713 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/18 20:47:58.0760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/18 20:47:58.0838 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/18 20:47:58.0853 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/18 20:47:58.0884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/18 20:47:58.0931 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/18 20:47:58.0962 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/18 20:47:58.0994 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/18 20:47:59.0040 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/18 20:47:59.0087 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/18 20:47:59.0134 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/18 20:47:59.0212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/18 20:47:59.0243 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/18 20:47:59.0274 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/18 20:47:59.0306 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/18 20:47:59.0462 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/08/18 20:47:59.0493 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/08/18 20:47:59.0571 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/08/18 20:47:59.0633 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/18 20:47:59.0680 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/18 20:47:59.0774 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/18 20:47:59.0820 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/18 20:47:59.0883 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/18 20:47:59.0914 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/18 20:47:59.0930 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/18 20:47:59.0976 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/18 20:48:00.0008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/18 20:48:00.0039 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/18 20:48:00.0070 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/18 20:48:00.0117 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/18 20:48:00.0164 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/18 20:48:00.0195 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/18 20:48:00.0226 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/18 20:48:00.0273 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/08/18 20:48:00.0335 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/18 20:48:00.0616 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/18 20:48:00.0678 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/18 20:48:00.0710 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/18 20:48:00.0772 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/18 20:48:00.0803 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/18 20:48:00.0834 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/18 20:48:00.0912 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/18 20:48:00.0959 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/18 20:48:01.0022 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/18 20:48:01.0053 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/18 20:48:01.0131 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/18 20:48:01.0178 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/08/18 20:48:01.0271 CVPNDRVA (abfc32542e2f283c7a1dc7a47467f967) C:\Windows\system32\Drivers\CVPNDRVA.sys
2010/08/18 20:48:01.0380 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/18 20:48:01.0427 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/18 20:48:01.0474 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/18 20:48:01.0536 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2010/08/18 20:48:01.0614 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/18 20:48:01.0661 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/18 20:48:01.0786 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/18 20:48:01.0926 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/18 20:48:01.0989 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/18 20:48:02.0067 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/18 20:48:02.0098 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/18 20:48:02.0145 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/18 20:48:02.0207 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/18 20:48:02.0223 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/18 20:48:02.0270 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/18 20:48:02.0332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/18 20:48:02.0379 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/18 20:48:02.0410 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/18 20:48:02.0472 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/18 20:48:02.0519 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/18 20:48:02.0597 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/18 20:48:02.0628 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/18 20:48:02.0675 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/18 20:48:02.0722 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/18 20:48:02.0738 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/18 20:48:02.0784 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/18 20:48:02.0816 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/18 20:48:02.0862 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/18 20:48:02.0909 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/18 20:48:02.0956 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/18 20:48:03.0003 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/18 20:48:03.0018 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/18 20:48:03.0050 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/18 20:48:03.0096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/18 20:48:03.0143 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/08/18 20:48:03.0252 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/18 20:48:03.0299 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/18 20:48:03.0330 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/18 20:48:03.0377 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/18 20:48:03.0408 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/18 20:48:03.0424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/18 20:48:03.0471 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/18 20:48:03.0502 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/18 20:48:03.0533 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/18 20:48:03.0596 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/18 20:48:03.0627 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/18 20:48:03.0674 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/18 20:48:03.0736 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/18 20:48:03.0783 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/18 20:48:03.0861 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/18 20:48:03.0908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/18 20:48:03.0939 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/18 20:48:03.0970 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/18 20:48:04.0001 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/18 20:48:04.0032 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/18 20:48:04.0064 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/18 20:48:04.0095 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/18 20:48:04.0142 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/18 20:48:04.0173 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/18 20:48:04.0220 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/18 20:48:04.0251 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/18 20:48:04.0298 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/18 20:48:04.0329 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/18 20:48:04.0376 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/18 20:48:04.0407 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/18 20:48:04.0454 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/18 20:48:04.0485 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/18 20:48:04.0500 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/18 20:48:04.0547 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/18 20:48:04.0578 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/18 20:48:04.0625 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/18 20:48:04.0656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/18 20:48:04.0672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/18 20:48:04.0719 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/18 20:48:04.0781 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/18 20:48:04.0797 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/18 20:48:04.0844 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/18 20:48:04.0890 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/18 20:48:04.0890 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/18 20:48:04.0922 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/18 20:48:04.0984 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/18 20:48:05.0031 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/18 20:48:05.0140 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/18 20:48:05.0187 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/18 20:48:05.0218 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/18 20:48:05.0265 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/18 20:48:05.0280 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/18 20:48:05.0312 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/18 20:48:05.0374 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/18 20:48:05.0436 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/18 20:48:05.0655 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/08/18 20:48:05.0795 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/08/18 20:48:05.0951 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/18 20:48:06.0014 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/18 20:48:06.0060 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/18 20:48:06.0123 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/18 20:48:06.0138 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/18 20:48:06.0185 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2010/08/18 20:48:06.0450 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/18 20:48:06.0591 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/18 20:48:06.0622 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/18 20:48:06.0653 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/18 20:48:06.0700 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/18 20:48:06.0747 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/18 20:48:06.0809 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/18 20:48:06.0825 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/18 20:48:06.0903 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/18 20:48:06.0934 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/18 20:48:06.0950 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/18 20:48:06.0996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/18 20:48:07.0028 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/18 20:48:07.0137 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/18 20:48:07.0168 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/18 20:48:07.0246 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/18 20:48:07.0324 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/18 20:48:07.0386 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/18 20:48:07.0418 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/18 20:48:07.0449 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/18 20:48:07.0511 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/18 20:48:07.0527 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/18 20:48:07.0574 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/18 20:48:07.0605 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/18 20:48:07.0683 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/18 20:48:07.0714 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/18 20:48:07.0730 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/18 20:48:07.0776 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/18 20:48:07.0823 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/18 20:48:07.0854 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/18 20:48:07.0886 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/18 20:48:07.0948 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/18 20:48:08.0010 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/18 20:48:08.0104 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/18 20:48:08.0151 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/18 20:48:08.0198 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/18 20:48:08.0229 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/18 20:48:08.0276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/18 20:48:08.0322 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/18 20:48:08.0369 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/18 20:48:08.0385 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/18 20:48:08.0447 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/18 20:48:08.0494 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/18 20:48:08.0525 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/18 20:48:08.0541 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/18 20:48:08.0572 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/18 20:48:08.0603 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/18 20:48:08.0634 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/18 20:48:08.0681 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/18 20:48:08.0744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/18 20:48:08.0822 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/18 20:48:08.0884 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/18 20:48:08.0915 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/18 20:48:08.0962 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/18 20:48:09.0009 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/18 20:48:09.0071 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/18 20:48:09.0118 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/18 20:48:09.0149 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/18 20:48:09.0212 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/18 20:48:09.0383 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/18 20:48:09.0664 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/18 20:48:09.0742 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/18 20:48:09.0773 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/18 20:48:09.0804 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/18 20:48:09.0867 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/18 20:48:09.0929 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/18 20:48:09.0992 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/18 20:48:10.0038 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/18 20:48:10.0070 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/18 20:48:10.0101 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/18 20:48:10.0132 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/18 20:48:10.0163 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/18 20:48:10.0210 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/18 20:48:10.0288 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/18 20:48:10.0319 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/18 20:48:10.0350 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/18 20:48:10.0382 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/18 20:48:10.0413 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/18 20:48:10.0444 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/18 20:48:10.0475 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/18 20:48:10.0506 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/18 20:48:10.0538 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/18 20:48:10.0569 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/18 20:48:10.0600 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/18 20:48:10.0647 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/18 20:48:10.0694 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/18 20:48:10.0725 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/18 20:48:10.0756 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/18 20:48:10.0787 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/18 20:48:10.0818 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/18 20:48:10.0850 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/18 20:48:10.0896 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/18 20:48:10.0928 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/18 20:48:10.0990 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/18 20:48:11.0068 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/18 20:48:11.0115 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/18 20:48:11.0162 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/18 20:48:11.0208 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/18 20:48:11.0255 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/18 20:48:11.0286 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/18 20:48:11.0333 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/18 20:48:11.0396 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 20:48:11.0411 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 20:48:11.0458 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/18 20:48:11.0536 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/18 20:48:11.0614 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/18 20:48:11.0645 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/18 20:48:11.0739 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/18 20:48:11.0770 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/18 20:48:11.0832 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/18 20:48:11.0879 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/18 20:48:11.0910 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/18 20:48:12.0004 ================================================== ==============================
2010/08/18 20:48:12.0004 Scan finished
2010/08/18 20:48:12.0004 ================================================== ==============================

[Juisterr]

Ok wil je nu combofix nog eens laten runnen aub en de uitslag hier neerzetten.

[frankie3]

ComboFix 10-08-18.02 - Frank 19-08-2010 14:08:52.5.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2055 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-19 to 2010-08-19 ))))))))))))))))))))))))))))))
.

2010-08-19 12:16 . 2010-08-19 12:16 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-19 12:16 . 2010-08-19 12:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-19 12:16 . 2010-08-19 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-18 17:02 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-19 12:13 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-19 12:13 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-19 11:11 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-18 21:39 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-18 19:11 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-21 14:29 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-18_15.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-19 12:09 22436 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-19 12:09 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2009-07-14 04:55 . 2010-08-18 15:22 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-02 17:33 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-19 07:20 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-19 11:06 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-08-19 07:20 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:41 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-18 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-18 18:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-18 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-18 18:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 12:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-19 12:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 12:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-19 12:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-18 18:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-19 12:09 8672 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-19 12:07 . 2010-08-19 12:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-19 12:07 . 2010-08-19 12:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 02:43 . 2010-08-18 16:48 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2010-03-03 02:43 . 2010-08-18 14:59 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-08-18 15:25 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-19 12:13 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-19 12:13 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-18 09:53 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-19 11:06 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-17 21:25 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-19 07:20 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-08-17 21:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-18 20:21 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyN ot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-07-20 67448]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86ADCB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-19 14:18:03
ComboFix-quarantined-files.txt 2010-08-19 12:18
ComboFix2.txt 2010-08-18 15:30

Pre-Run: 374.611.660.800 bytes beschikbaar
Post-Run: 374.327.930.880 bytes beschikbaar

- - End Of File - - 494DD91D87AAAF16FE2CABE625226BF0

[Juisterr]

1. Sommige cd-emulators kunnen het interpreteren van de logs bemoeilijken.
We zullen deze daarom tijdelijk uitschakelen.

• Download Defogger en plaats het op je bureaublad.
• Dubbelklik op Defogger.exe om de tool te starten.
• In het scherm dat verschijnt klik je op de knop "Disable".
• In het volgende scherm klik je op Ja (Yes) om verder te gaan.
• Wacht tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok".
• Indien DeFogger vraagt om de computer te herstarten doe je dit.

NOTA: Krijg je een foutmelding wanneer je Defogger gebruikt, dan zoek je op het bureaublad naar het bestand defogger_disable en post je de inhoud van dit bestand.

CD-emulator software kan je weer inschakelen met behulp van Defogger door de tool te starten en op de knop "Re-enable" te klikken.
Dit doe je pas wanneer we volledig klaar zijn met de analyse van de computer.


Als dit niet heeft geholpen doe dan onderstaande even aub.


Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

• 
  Driver::
  sptd
  
  

Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

[frankie3]

okee dus eerst die defogger gebruiken om cd-emulators uit te schakelen.
en dan scannen met combofix?
en dan weer inschakelen met defogger?

[Juisterr]

defogger eerst dan combofix.

[frankie3]

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:51 on 19/08/2010 (Frank)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

[frankie3]

ComboFix 10-08-18.04 - Frank 20-08-2010 8:57.7.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2027 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))
.

2010-08-20 07:03 . 2010-08-20 07:03 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-20 07:03 . 2010-08-20 07:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-20 07:03 . 2010-08-20 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-19 22:58 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-20 07:01 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-20 07:01 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-20 06:46 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-19 22:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-18 21:39 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-21 14:29 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-18_15.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-20 06:57 23948 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-20 06:57 41748 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-02 17:33 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-20 06:56 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-19 11:06 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-08-20 06:56 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:41 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-20 06:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-20 06:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-20 06:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-20 07:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 22:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-19 22:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 22:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-20 07:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-20 07:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-20 06:57 8696 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-20 06:56 . 2010-08-20 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-20 06:56 . 2010-08-20 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 02:43 . 2010-08-18 16:48 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2010-03-03 02:43 . 2010-08-18 14:59 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-08-18 15:25 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-20 07:01 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-20 07:01 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-18 09:53 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-19 23:23 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-17 21:25 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-20 06:56 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-08-17 21:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-19 23:57 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyN ot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-20 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AC4B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-20 09:05:36
ComboFix-quarantined-files.txt 2010-08-20 07:05
ComboFix2.txt 2010-08-19 12:18
ComboFix3.txt 2010-08-18 15:30

Pre-Run: 385.508.253.696 bytes beschikbaar
Post-Run: 385.452.122.112 bytes beschikbaar

- - End Of File - - 7F2A37D761915B1C69225FCF1EFB55E1