Hallo. ik post deze log omdat ik een aantal problemen heb ondervonden op mijn laptop.
Hij opent spontaan een nieuwe tabblad (voor een niet laadbare site). grootste probleem is dat mijn laptop er waarschijnlijk traag van word, zodat ik mijn HD bestanden niet kan afspelen.
Ik heb hiervoor me computer een aantal keer gescand met AVG antivirus. te vergeefs.
Handig om te weten miss ik heb 2 of 3 weken terug een aantal keer trojan allert gehad als goed is heeft AVG deze verwijderd. maar ik deze allert wel heel vaak. (inmiddels niet meer)

Ik heb volgens de handleiding gewerkt.
hier is de Hijackthis log:

EDIT PETERN: het topic ivm haperingen in HD weergave is hier (http://www.minatica.be/threads/70446-HD-Films-hapert-op-laptop-en-van-laptop-naar-tv) terug te vinden;)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:44:11, on 12-8-2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=14542
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 7583 bytes

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier (http://www.bleepingcomputer.com/forums/topic114351.html)
Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

http://www.bleepstatic.com/combofix/nl/cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:
http://www.bleepstatic.com/combofix/nl/rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

NOTE: Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de “contents of the ComboFix package has been compromised”
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.

http://www.imgdumper.nl/uploads2/4ac516149f83c/4ac516149830d-ComboFix_Virut.jpg
Blijf je die melding krijgen dan meld je dit.
Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

dit is de log (hele waslijst respect dat jullie dit snappen)

ComboFix 10-08-12.03 - Frank 14-08-2010 18:14:49.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2062 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-14 to 2010-08-14 ))))))))))))))))))))))))))))))
.

2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 10:45 . 2010-07-21 14:29 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-07-16 12:55 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-07-16 12:54 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 12:54 . 2010-07-16 12:54 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 12:54 . 2010-07-16 12:54 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 12:54 . 2010-07-16 12:54 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-14 16:18 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-14 16:18 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-14 16:04 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-14 10:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-09 09:53 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-06-11 10:48 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A75B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-14 18:22:50
ComboFix-quarantined-files.txt 2010-08-14 16:22

Pre-Run: 389.725.761.536 bytes beschikbaar
Post-Run: 389.723.942.912 bytes beschikbaar

- - End Of File - - 4E8B78DFB1524CFABFD3DF127FB44E87

1.
Download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden uit.



Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.

@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
Ga naar Bestand > Opslaan als.
Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
Bij "Bestandsnaam" zet je: start.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.





Dubbelklik op start.bat.
Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.

Heb het geprobeerd. Alleen wanneer ik dubbel klik op start.bat geeft hij een error aan.
Valid command line parameters:
-I <file_name> (path to log file)
-qpath <folder_name> (path to quarantine folder)
-qall (copy all objects to quarantine)
-qsus (copy all suspicious objects to quarantine)
-qmbr (copy all mbr to quarantine)
-qcscvc <service_name> (copy sefvice to quarantine)
-dcsvc <service_name> (delete service)

er is geen logfile aangemaakt.

Download Gmer Rootkitscanner: (http://www2.gmer.net/download.php) naar het bureaublad.

Het bestand dat je download bestaat uit een willekeurig gekozen combinatie van cijfers en letters. (vb jqb1jln3.exe of ubmp5cd5.exe steeds een combinatie van 8 cijfers en letters)



Dubbelklik op dit "bestand" om Gmer te starten.
Krijg je een melding dat er rootkits actief zijn en er wordt gevraagd om een scan uit te voeren, dan sta je dit niet toe.
Aan de rechterkant heb je een aantal opties die je kan uit- of aanvinken.
Standaard staat alles aangevinkt, dit laat je zo.
Onder Files moet enkel de systeempartitie aangevinkt zijn. ( De systeempartitie is die partitie waarop je windows geïnstalleerd is.)
Haal het vinkje weg bij "show all" ( dit mag niet aangevinkt zijn! )
Klik nu op de "Scan" knop om de rootkitscan met Gmer te starten.
Als de scan klaar is klik je op de knop "Save" en sla je het logje op op je bureaublad.
( Klik je op knop "Copy", dan wordt de volledige rapportje van de log naar het klembord gekopieerd en kan je via CTRL+V in je volgende post plakken. )
Om Gmer te sluiten, klik je op de knop "Cancel".

Als je dit gedaan hebt voer dan deze geupdate versie uit.

Downloadt TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Log van Gmer.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-15 22:03:23
Windows 6.1.7600
Running: dx3tdtrt.exe; Driver: C:\Users\Frank\AppData\Local\Temp\fwkcruoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83222634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83222898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323B1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E53599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E77F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 9FB22C9D 28 Bytes [84, 63, B4, 61, C9, 87, AB, ...]
.text peauth.sys 9FB22CC1 28 Bytes [84, 63, B4, 61, C9, 87, AB, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[432] ntdll.dll!NtProtectVirtualMemory 77765380 5 Bytes JMP 0028000A
.text C:\Windows\Explorer.EXE[432] ntdll.dll!NtWriteVirtualMemory 77765F00 5 Bytes JMP 004A000A
.text C:\Windows\Explorer.EXE[432] ntdll.dll!KiUserExceptionDispatcher 77766448 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtProtectVirtualMemory 77765380 5 Bytes JMP 0025000A
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory 77765F00 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[964] ntdll.dll!KiUserExceptionDispatcher 77766448 5 Bytes JMP 000D000A
.text C:\Windows\system32\svchost.exe[964] ole32.dll!CoCreateInstance 75BC57FC 5 Bytes JMP 005A000A
.text C:\Windows\system32\svchost.exe[964] USER32.dll!GetCursorPos 7701C198 5 Bytes JMP 00E1000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2572] USER32.dll!TrackPopupMenu 77044B3B 5 Bytes JMP 6015721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[14332] ntdll.dll!NtProtectVirtualMemory 77765380 5 Bytes JMP 0038000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[14332] ntdll.dll!NtWriteVirtualMemory 77765F00 5 Bytes JMP 0039000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[14332] ntdll.dll!KiUserExceptionDispatcher 77766448 5 Bytes JMP 000E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[14332] ntdll.dll!LdrLoadDll 7777F625 5 Bytes JMP 012913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe[3276] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[4244] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[4244] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[4244] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[4244] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[4244] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[4244] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5756] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [757C5E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework-runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework-runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001583188aca
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x6F 0xE5 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001583188aca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x6F 0xE5 0x61 ...

---- EOF - GMER 1.0.15 ----

Log van TDSSKiller

2010/08/15 22:05:39.0498 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/15 22:05:39.0498 ================================================== ==============================
2010/08/15 22:05:39.0498 SystemInfo:
2010/08/15 22:05:39.0498
2010/08/15 22:05:39.0498 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/15 22:05:39.0498 Product type: Workstation
2010/08/15 22:05:39.0498 ComputerName: FRANKHOMELAPTOP
2010/08/15 22:05:39.0499 UserName: Frank
2010/08/15 22:05:39.0499 Windows directory: C:\Windows
2010/08/15 22:05:39.0499 System windows directory: C:\Windows
2010/08/15 22:05:39.0499 Processor architecture: Intel x86
2010/08/15 22:05:39.0499 Number of processors: 2
2010/08/15 22:05:39.0499 Page size: 0x1000
2010/08/15 22:05:39.0499 Boot type: Normal boot
2010/08/15 22:05:39.0499 ================================================== ==============================
2010/08/15 22:05:39.0723 Initialize success
2010/08/15 22:05:42.0425 ================================================== ==============================
2010/08/15 22:05:42.0425 Scan started
2010/08/15 22:05:42.0425 Mode: Manual;
2010/08/15 22:05:42.0425 ================================================== ==============================
2010/08/15 22:05:43.0729 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/15 22:05:43.0801 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/15 22:05:43.0837 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/15 22:05:43.0879 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/08/15 22:05:43.0938 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/15 22:05:43.0975 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/15 22:05:44.0003 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/15 22:05:44.0067 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/15 22:05:44.0145 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/15 22:05:44.0186 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/15 22:05:44.0234 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/15 22:05:44.0284 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/15 22:05:44.0317 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/15 22:05:44.0358 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/15 22:05:44.0403 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/15 22:05:44.0439 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/15 22:05:44.0478 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/15 22:05:44.0522 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/15 22:05:44.0555 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/15 22:05:44.0598 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/15 22:05:44.0681 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/15 22:05:44.0709 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/15 22:05:44.0738 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/15 22:05:44.0766 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/15 22:05:44.0841 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/08/15 22:05:44.0868 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/08/15 22:05:44.0917 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/08/15 22:05:44.0974 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/15 22:05:45.0024 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/15 22:05:45.0097 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/15 22:05:45.0144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/15 22:05:45.0227 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/15 22:05:45.0260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/15 22:05:45.0284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/15 22:05:45.0322 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/15 22:05:45.0356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/15 22:05:45.0386 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/15 22:05:45.0427 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/15 22:05:45.0474 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/15 22:05:45.0561 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/15 22:05:45.0722 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/15 22:05:45.0770 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/15 22:05:45.0818 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/08/15 22:05:45.0882 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/15 22:05:45.0988 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/15 22:05:46.0065 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/15 22:05:46.0103 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/15 22:05:46.0140 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/15 22:05:46.0170 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/15 22:05:46.0201 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/15 22:05:46.0243 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/15 22:05:46.0278 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/15 22:05:46.0321 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/15 22:05:46.0358 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/15 22:05:46.0405 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/15 22:05:46.0473 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/08/15 22:05:46.0563 CVPNDRVA (abfc32542e2f283c7a1dc7a47467f967) C:\Windows\system32\Drivers\CVPNDRVA.sys
2010/08/15 22:05:46.0629 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/15 22:05:46.0657 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/15 22:05:46.0692 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/15 22:05:46.0755 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2010/08/15 22:05:46.0837 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/15 22:05:46.0899 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/15 22:05:47.0033 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/15 22:05:47.0110 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/15 22:05:47.0153 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/15 22:05:47.0213 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/15 22:05:47.0241 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/15 22:05:47.0279 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/15 22:05:47.0327 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/15 22:05:47.0349 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/15 22:05:47.0393 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/15 22:05:47.0428 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/15 22:05:47.0462 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/15 22:05:47.0498 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/15 22:05:47.0529 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/15 22:05:47.0569 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/15 22:05:47.0660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/15 22:05:47.0690 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/15 22:05:47.0741 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/15 22:05:47.0774 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/15 22:05:47.0815 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/15 22:05:47.0856 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/15 22:05:47.0892 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/15 22:05:47.0941 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/15 22:05:48.0007 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/15 22:05:48.0063 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/15 22:05:48.0110 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/15 22:05:48.0149 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/15 22:05:48.0195 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/15 22:05:48.0229 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/15 22:05:48.0274 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/08/15 22:05:48.0392 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/15 22:05:48.0445 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/15 22:05:48.0494 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/15 22:05:48.0532 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/15 22:05:48.0572 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/15 22:05:48.0594 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/15 22:05:48.0651 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/15 22:05:48.0681 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/15 22:05:48.0709 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/15 22:05:48.0788 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/15 22:05:48.0826 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/15 22:05:48.0865 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/15 22:05:48.0903 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/15 22:05:48.0930 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/15 22:05:48.0994 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/15 22:05:49.0046 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/15 22:05:49.0073 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/15 22:05:49.0099 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/15 22:05:49.0138 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/15 22:05:49.0180 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/15 22:05:49.0207 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/15 22:05:49.0251 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/15 22:05:49.0297 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/15 22:05:49.0350 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/15 22:05:49.0386 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/15 22:05:49.0414 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/15 22:05:49.0444 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/15 22:05:49.0473 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/15 22:05:49.0505 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/15 22:05:49.0545 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/15 22:05:49.0600 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/15 22:05:49.0630 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/15 22:05:49.0667 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/15 22:05:49.0704 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/15 22:05:49.0746 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/15 22:05:49.0781 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/15 22:05:49.0797 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/15 22:05:49.0821 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/15 22:05:49.0885 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/15 22:05:49.0909 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/15 22:05:49.0927 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/15 22:05:49.0964 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/15 22:05:49.0991 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/15 22:05:50.0008 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/15 22:05:50.0044 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/15 22:05:50.0067 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/15 22:05:50.0118 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/15 22:05:50.0181 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/15 22:05:50.0208 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/15 22:05:50.0250 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/15 22:05:50.0286 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/15 22:05:50.0312 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/15 22:05:50.0336 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/15 22:05:50.0404 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/15 22:05:50.0439 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/15 22:05:50.0671 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/08/15 22:05:50.0889 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/08/15 22:05:51.0027 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/15 22:05:51.0100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/15 22:05:51.0125 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/15 22:05:51.0187 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/15 22:05:51.0221 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/15 22:05:51.0272 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2010/08/15 22:05:51.0536 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/15 22:05:51.0672 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/15 22:05:51.0706 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/15 22:05:51.0745 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/15 22:05:51.0791 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/15 22:05:51.0840 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/15 22:05:51.0887 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/15 22:05:51.0919 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/15 22:05:51.0953 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/15 22:05:51.0978 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/15 22:05:52.0028 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/15 22:05:52.0054 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/15 22:05:52.0093 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/15 22:05:52.0199 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/15 22:05:52.0226 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/15 22:05:52.0281 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/15 22:05:52.0334 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/15 22:05:52.0405 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/15 22:05:52.0440 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/15 22:05:52.0486 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/15 22:05:52.0553 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/15 22:05:52.0602 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/15 22:05:52.0674 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/15 22:05:52.0727 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/15 22:05:52.0757 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/15 22:05:52.0802 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/15 22:05:52.0856 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/15 22:05:52.0940 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/15 22:05:52.0975 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/15 22:05:53.0031 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/15 22:05:53.0105 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/15 22:05:53.0140 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/15 22:05:53.0240 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/15 22:05:53.0377 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/15 22:05:53.0420 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/15 22:05:53.0466 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/15 22:05:53.0513 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/15 22:05:53.0564 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/15 22:05:53.0615 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/15 22:05:53.0657 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/15 22:05:53.0684 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/15 22:05:53.0742 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/15 22:05:53.0780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/15 22:05:53.0824 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/15 22:05:53.0854 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/15 22:05:53.0901 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/15 22:05:53.0935 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/15 22:05:53.0965 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/15 22:05:54.0026 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/15 22:05:54.0078 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/15 22:05:54.0226 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/15 22:05:54.0294 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/15 22:05:54.0360 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/15 22:05:54.0409 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/15 22:05:54.0450 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/15 22:05:54.0503 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/15 22:05:54.0550 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/15 22:05:54.0590 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/15 22:05:54.0657 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/15 22:05:54.0746 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/15 22:05:54.0835 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/15 22:05:54.0882 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/15 22:05:54.0913 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/15 22:05:54.0939 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/15 22:05:54.0968 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/15 22:05:54.0991 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/15 22:05:55.0047 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/15 22:05:55.0090 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/15 22:05:55.0121 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/15 22:05:55.0154 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/15 22:05:55.0190 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/15 22:05:55.0226 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/15 22:05:55.0277 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/15 22:05:55.0353 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/15 22:05:55.0383 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/15 22:05:55.0413 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/15 22:05:55.0444 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/15 22:05:55.0476 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/15 22:05:55.0508 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/15 22:05:55.0552 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/15 22:05:55.0595 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/15 22:05:55.0623 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/15 22:05:55.0646 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/15 22:05:55.0700 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/15 22:05:55.0744 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/15 22:05:55.0780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/15 22:05:55.0813 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/15 22:05:55.0848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/15 22:05:55.0886 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/15 22:05:55.0915 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/15 22:05:55.0949 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/15 22:05:55.0999 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/15 22:05:56.0032 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/15 22:05:56.0110 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/15 22:05:56.0152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/15 22:05:56.0183 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/15 22:05:56.0237 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/15 22:05:56.0272 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/15 22:05:56.0312 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/15 22:05:56.0341 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/15 22:05:56.0388 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/15 22:05:56.0422 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/15 22:05:56.0435 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/15 22:05:56.0498 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/15 22:05:56.0531 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/15 22:05:56.0609 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/15 22:05:56.0641 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/15 22:05:56.0725 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/15 22:05:56.0766 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/15 22:05:56.0822 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/15 22:05:56.0876 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/15 22:05:56.0919 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/15 22:05:57.0020 ================================================== ==============================
2010/08/15 22:05:57.0020 Scan finished
2010/08/15 22:05:57.0020 ================================================== ==============================

bravo, mag ik vragen om een nieuwe scan te doen met combofix aub en daar de uitslag van neer te zetten.

Log van comboFix. Mag ik aannemen dat het is gelukt ?
Ik hoop het, dan is in ieder geval die troep er af.
moet ik alleen nog even gaan rond vragen wat het probleem met me HD films is.



ComboFix 10-08-15.04 - Frank 16-08-2010 15:51:51.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2101 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-16 to 2010-08-16 ))))))))))))))))))))))))))))))
.

2010-08-16 13:58 . 2010-08-16 13:58 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-16 13:58 . 2010-08-16 13:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-16 13:58 . 2010-08-16 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-15 20:05 . 2010-08-15 20:05 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\aira ppinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 10:45 . 2010-07-21 14:29 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-16 13:55 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-16 13:55 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-16 13:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-16 09:44 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-09 09:53 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-06-11 10:48 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-14_16.21.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-16 13:52 20510 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2009-07-14 04:55 . 2010-08-14 16:14 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2009-07-14 04:55 . 2010-08-16 13:52 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2009-07-14 04:50 . 2010-08-05 20:56 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2010-08-14 18:51 86016 c:\windows\System32\DriverStore\infpub.dat
- 2010-03-02 17:33 . 2010-08-13 06:20 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-16 09:44 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-16 13:06 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-14 15:11 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2009-07-14 04:41 . 2010-08-13 06:20 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:41 . 2010-08-16 09:44 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-03-02 19:45 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-14 16:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-16 09:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 19:45 . 2010-08-14 16:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-14 16:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2010-03-02 21:04 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-14 16:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 22:19 . 2010-08-14 16:16 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-16 13:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-16 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-14 16:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-14 16:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-16 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-16 13:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-14 16:16 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-14 16:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-16 13:52 8484 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
- 2010-08-14 16:13 . 2010-08-14 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-16 13:50 . 2010-08-16 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-16 13:50 . 2010-08-16 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2010-08-14 16:13 . 2010-08-14 16:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 09:09 . 2010-08-15 14:40 307332 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S4.bin
+ 2010-03-03 02:43 . 2010-08-15 10:03 360480 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-08-14 16:18 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-16 13:55 607190 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-14 16:18 103568 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-08-16 13:55 103568 c:\windows\System32\perfc009.dat
+ 2010-08-14 19:56 . 2010-08-14 19:56 232912 c:\windows\System32\Macromed\Flash\FlashUtil10i_Ac tiveX.exe
+ 2010-08-14 19:56 . 2010-08-14 19:56 311760 c:\windows\System32\Macromed\Flash\FlashUtil10i_Ac tiveX.dll
- 2009-07-14 04:50 . 2010-08-05 20:56 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2010-08-14 18:51 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2010-08-05 20:55 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:50 . 2010-08-14 18:51 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2010-08-14 18:51 . 2010-08-14 18:51 273960 c:\windows\System32\DriverStore\FileRepository\k57 nd60x.inf_x86_neutral_e98e3b63cc265461\k57nd60x.sy s
- 2010-03-02 18:32 . 2010-08-14 15:11 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-16 13:06 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-13 06:20 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-16 09:44 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:03 . 2010-08-15 16:44 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2010-08-13 10:42 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-07-27 22:17 . 2010-07-27 22:17 2826192 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-07-20 67448]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-16 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A7CB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-16 16:00:35
ComboFix-quarantined-files.txt 2010-08-16 14:00
ComboFix2.txt 2010-08-14 16:22

Pre-Run: 381.647.204.352 bytes beschikbaar
Post-Run: 381.683.843.072 bytes beschikbaar

- - End Of File - - F460EDF77A76087F49578DFBC58D725C

Downloadt TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Log file:


2010/08/17 04:23:51.0212 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/17 04:23:51.0212 ================================================== ==============================
2010/08/17 04:23:51.0212 SystemInfo:
2010/08/17 04:23:51.0212
2010/08/17 04:23:51.0212 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/17 04:23:51.0212 Product type: Workstation
2010/08/17 04:23:51.0212 ComputerName: FRANKHOMELAPTOP
2010/08/17 04:23:51.0212 UserName: Frank
2010/08/17 04:23:51.0212 Windows directory: C:\Windows
2010/08/17 04:23:51.0212 System windows directory: C:\Windows
2010/08/17 04:23:51.0212 Processor architecture: Intel x86
2010/08/17 04:23:51.0212 Number of processors: 2
2010/08/17 04:23:51.0212 Page size: 0x1000
2010/08/17 04:23:51.0212 Boot type: Normal boot
2010/08/17 04:23:51.0212 ================================================== ==============================
2010/08/17 04:23:51.0493 Initialize success
2010/08/17 04:23:53.0849 ================================================== ==============================
2010/08/17 04:23:53.0849 Scan started
2010/08/17 04:23:53.0849 Mode: Manual;
2010/08/17 04:23:53.0849 ================================================== ==============================
2010/08/17 04:23:55.0128 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/17 04:23:55.0237 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/17 04:23:55.0284 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/17 04:23:55.0331 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/08/17 04:23:55.0393 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/17 04:23:55.0424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/17 04:23:55.0455 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/17 04:23:55.0565 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/17 04:23:55.0643 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/17 04:23:55.0721 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/17 04:23:55.0752 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/17 04:23:55.0830 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/17 04:23:55.0861 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/17 04:23:55.0892 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/17 04:23:55.0923 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/17 04:23:55.0955 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/17 04:23:55.0986 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/17 04:23:56.0017 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/17 04:23:56.0079 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/17 04:23:56.0126 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/17 04:23:56.0204 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/17 04:23:56.0235 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/17 04:23:56.0267 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/17 04:23:56.0329 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/17 04:23:56.0423 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/08/17 04:23:56.0454 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/08/17 04:23:56.0516 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/08/17 04:23:56.0594 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/17 04:23:56.0672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/17 04:23:56.0735 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/17 04:23:56.0813 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/17 04:23:56.0891 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/17 04:23:56.0922 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/17 04:23:56.0937 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/17 04:23:56.0984 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/17 04:23:57.0015 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/17 04:23:57.0047 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/17 04:23:57.0078 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/17 04:23:57.0125 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/17 04:23:57.0187 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/17 04:23:57.0218 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/17 04:23:57.0265 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/17 04:23:57.0312 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/08/17 04:23:57.0390 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/17 04:23:57.0671 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/17 04:23:57.0733 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/17 04:23:57.0795 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/17 04:23:57.0858 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/17 04:23:57.0920 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/17 04:23:57.0951 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/17 04:23:58.0014 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/17 04:23:58.0061 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/17 04:23:58.0107 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/17 04:23:58.0154 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/17 04:23:58.0232 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/17 04:23:58.0310 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/08/17 04:23:58.0404 CVPNDRVA (abfc32542e2f283c7a1dc7a47467f967) C:\Windows\system32\Drivers\CVPNDRVA.sys
2010/08/17 04:23:58.0497 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/17 04:23:58.0560 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/17 04:23:58.0622 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/17 04:23:58.0700 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2010/08/17 04:23:58.0778 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/17 04:23:58.0825 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/17 04:23:58.0981 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/17 04:23:59.0121 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/17 04:23:59.0168 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/17 04:23:59.0277 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/17 04:23:59.0293 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/17 04:23:59.0340 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/17 04:23:59.0402 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/17 04:23:59.0433 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/17 04:23:59.0465 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/17 04:23:59.0543 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/17 04:23:59.0589 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/17 04:23:59.0621 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/17 04:23:59.0683 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/17 04:23:59.0730 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/17 04:23:59.0808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/17 04:23:59.0839 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/17 04:23:59.0886 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/17 04:23:59.0933 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/17 04:23:59.0964 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/17 04:23:59.0995 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/17 04:24:00.0042 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/17 04:24:00.0089 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/17 04:24:00.0135 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/17 04:24:00.0182 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/17 04:24:00.0229 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/17 04:24:00.0245 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/17 04:24:00.0291 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/17 04:24:00.0323 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/17 04:24:00.0385 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/08/17 04:24:00.0494 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/17 04:24:00.0572 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/17 04:24:00.0619 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/17 04:24:00.0650 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/17 04:24:00.0697 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/17 04:24:00.0713 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/17 04:24:00.0775 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/17 04:24:00.0806 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/17 04:24:00.0837 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/17 04:24:00.0915 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/17 04:24:00.0947 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/17 04:24:00.0993 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/17 04:24:01.0056 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/17 04:24:01.0118 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/17 04:24:01.0212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/17 04:24:01.0274 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/17 04:24:01.0305 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/17 04:24:01.0337 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/17 04:24:01.0368 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/17 04:24:01.0399 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/17 04:24:01.0430 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/17 04:24:01.0461 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/17 04:24:01.0508 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/17 04:24:01.0555 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/17 04:24:01.0586 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/17 04:24:01.0617 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/17 04:24:01.0664 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/17 04:24:01.0695 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/17 04:24:01.0727 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/17 04:24:01.0773 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/17 04:24:01.0820 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/17 04:24:01.0851 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/17 04:24:01.0883 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/17 04:24:01.0914 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/17 04:24:01.0945 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/17 04:24:01.0992 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/17 04:24:02.0023 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/17 04:24:02.0039 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/17 04:24:02.0101 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/17 04:24:02.0117 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/17 04:24:02.0132 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/17 04:24:02.0163 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/17 04:24:02.0210 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/17 04:24:02.0241 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/17 04:24:02.0304 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/17 04:24:02.0366 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/17 04:24:02.0413 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/17 04:24:02.0522 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/17 04:24:02.0569 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/17 04:24:02.0631 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/17 04:24:02.0663 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/17 04:24:02.0694 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/17 04:24:02.0709 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/17 04:24:02.0787 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/17 04:24:02.0850 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/17 04:24:03.0068 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/08/17 04:24:03.0302 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/08/17 04:24:03.0443 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/17 04:24:03.0521 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/17 04:24:03.0567 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/17 04:24:03.0630 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/17 04:24:03.0692 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/17 04:24:03.0755 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2010/08/17 04:24:04.0020 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/17 04:24:04.0301 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/17 04:24:04.0332 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/17 04:24:04.0363 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/17 04:24:04.0410 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/17 04:24:04.0457 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/17 04:24:04.0535 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/17 04:24:04.0566 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/17 04:24:04.0628 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/17 04:24:04.0659 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/17 04:24:04.0691 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/17 04:24:04.0722 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/17 04:24:04.0753 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/17 04:24:04.0893 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/17 04:24:04.0909 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/17 04:24:05.0003 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/17 04:24:05.0065 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/17 04:24:05.0112 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/17 04:24:05.0315 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/17 04:24:05.0330 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/17 04:24:05.0393 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/17 04:24:05.0408 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/17 04:24:05.0439 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/17 04:24:05.0471 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/17 04:24:05.0564 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/17 04:24:05.0595 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/17 04:24:05.0627 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/17 04:24:05.0673 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/17 04:24:05.0705 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/17 04:24:05.0736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/17 04:24:05.0767 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/17 04:24:05.0829 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/17 04:24:05.0892 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/17 04:24:05.0970 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/17 04:24:06.0017 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/17 04:24:06.0063 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/17 04:24:06.0110 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/17 04:24:06.0157 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/17 04:24:06.0219 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/17 04:24:06.0282 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/17 04:24:06.0329 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/17 04:24:06.0391 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/17 04:24:06.0422 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/17 04:24:06.0469 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/17 04:24:06.0500 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/17 04:24:06.0531 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/17 04:24:06.0563 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/17 04:24:06.0594 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/17 04:24:06.0656 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/17 04:24:06.0703 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/17 04:24:06.0781 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/17 04:24:06.0843 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/17 04:24:06.0890 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/17 04:24:06.0953 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/17 04:24:06.0999 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/17 04:24:07.0062 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/17 04:24:07.0093 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/17 04:24:07.0124 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/17 04:24:07.0218 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/17 04:24:07.0405 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/17 04:24:07.0577 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/17 04:24:07.0639 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/17 04:24:07.0686 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/17 04:24:07.0701 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/17 04:24:07.0764 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/17 04:24:07.0842 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/17 04:24:07.0920 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/17 04:24:07.0951 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/17 04:24:07.0982 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/17 04:24:08.0029 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/17 04:24:08.0060 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/17 04:24:08.0091 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/17 04:24:08.0123 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/17 04:24:08.0216 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/17 04:24:08.0263 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/17 04:24:08.0310 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/17 04:24:08.0341 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/17 04:24:08.0372 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/17 04:24:08.0403 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/17 04:24:08.0419 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/17 04:24:08.0481 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/17 04:24:08.0497 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/17 04:24:08.0528 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/17 04:24:08.0575 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/17 04:24:08.0637 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/17 04:24:08.0684 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/17 04:24:08.0715 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/17 04:24:08.0747 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/17 04:24:08.0793 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/17 04:24:08.0809 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/17 04:24:08.0840 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/17 04:24:08.0887 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/17 04:24:08.0918 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/17 04:24:08.0965 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/17 04:24:09.0074 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/17 04:24:09.0137 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/17 04:24:09.0199 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/17 04:24:09.0230 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/17 04:24:09.0261 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/17 04:24:09.0293 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/17 04:24:09.0339 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/17 04:24:09.0386 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/17 04:24:09.0402 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/17 04:24:09.0464 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/17 04:24:09.0542 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/17 04:24:09.0620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/17 04:24:09.0651 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/17 04:24:09.0745 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/17 04:24:09.0776 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/17 04:24:09.0839 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/17 04:24:09.0870 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/17 04:24:09.0917 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/17 04:24:10.0026 ================================================== ==============================
2010/08/17 04:24:10.0026 Scan finished
2010/08/17 04:24:10.0026 ================================================== ==============================

Hi,

Nieuw combofix logje maken aub en de uitslag plaatsen.

logje :



ComboFix 10-08-17.02 - Frank 17-08-2010 23:26:10.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2108 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-17 to 2010-08-17 ))))))))))))))))))))))))))))))
.

2010-08-17 21:32 . 2010-08-17 21:33 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-17 21:32 . 2010-08-17 21:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-17 21:32 . 2010-08-17 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-17 02:36 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\aira ppinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 10:45 . 2010-07-21 14:29 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-17 21:30 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-17 21:30 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-17 20:11 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-17 20:01 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-16 14:00 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 05:18 . 2010-06-11 10:48 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot_2010-08-16_13.58.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-16 14:21 . 2010-02-04 08:01 74072 c:\windows\System32\XAPOFX1_4.dll
+ 2010-08-16 14:21 . 2010-02-04 08:01 22360 c:\windows\System32\X3DAudio1_7.dll
+ 2009-07-14 04:55 . 2010-08-17 21:26 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2009-07-14 04:55 . 2010-08-16 13:52 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2010-03-02 17:33 . 2010-08-16 13:50 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 17:33 . 2010-08-16 09:44 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-17 13:28 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-16 13:06 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2009-07-14 04:41 . 2010-08-16 09:44 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:41 . 2010-08-16 13:50 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-03-02 19:45 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-16 14:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-16 14:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 19:45 . 2010-08-16 09:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 19:45 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2010-03-02 19:45 . 2010-08-16 14:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2010-03-02 21:04 . 2010-08-16 13:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-17 21:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-16 13:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-16 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-17 21:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-16 13:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-17 21:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-16 13:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 21:04 . 2010-08-17 21:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 21:04 . 2010-08-16 13:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2010-03-02 21:04 . 2010-08-16 09:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-17 21:26 8508 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
- 2010-08-16 13:50 . 2010-08-16 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-17 21:25 . 2010-08-17 21:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-17 21:25 . 2010-08-17 21:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2010-08-16 13:50 . 2010-08-16 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-16 14:21 . 2010-02-04 08:01 528216 c:\windows\System32\XAudio2_6.dll
+ 2010-08-16 14:21 . 2010-02-04 08:01 238936 c:\windows\System32\xactengine3_6.dll
+ 2010-03-03 02:43 . 2010-08-17 14:29 360752 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2010-08-17 21:30 607190 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-16 13:55 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-17 21:30 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-16 13:55 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-16 13:06 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-17 13:28 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 17:33 . 2010-08-16 13:50 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 17:33 . 2010-08-16 09:44 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:47 . 2010-08-17 21:23 353024 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 04:47 . 2010-08-05 20:58 353024 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2010-03-02 23:23 . 2010-08-17 21:23 587136 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-1647979850-1972059973-3787660427-1001-12288.dat
- 2009-07-14 02:03 . 2010-08-15 16:44 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-16 17:50 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-07-20 67448]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-17 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AAEB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-17 23:34:42
ComboFix-quarantined-files.txt 2010-08-17 21:34
ComboFix2.txt 2010-08-16 14:00
ComboFix3.txt 2010-08-14 16:22

Pre-Run: 379.170.291.712 bytes beschikbaar
Post-Run: 379.115.728.896 bytes beschikbaar

- - End Of File - - 858FB4A50088999319F4A2AC2408A5A5

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg

start opnieuw op.

Downloadt TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.





Download nu opnieuw combofix volgens de al eerder gegeven richtlijnen. Doe een scan en plaats de uitslag aub.

2010/08/18 17:09:35.0158 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/18 17:09:35.0158 ================================================== ==============================
2010/08/18 17:09:35.0158 SystemInfo:
2010/08/18 17:09:35.0158
2010/08/18 17:09:35.0158 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/18 17:09:35.0158 Product type: Workstation
2010/08/18 17:09:35.0158 ComputerName: FRANKHOMELAPTOP
2010/08/18 17:09:35.0158 UserName: Frank
2010/08/18 17:09:35.0158 Windows directory: C:\Windows
2010/08/18 17:09:35.0158 System windows directory: C:\Windows
2010/08/18 17:09:35.0158 Processor architecture: Intel x86
2010/08/18 17:09:35.0158 Number of processors: 2
2010/08/18 17:09:35.0158 Page size: 0x1000
2010/08/18 17:09:35.0158 Boot type: Normal boot
2010/08/18 17:09:35.0158 ================================================== ==============================
2010/08/18 17:09:35.0611 Initialize success
2010/08/18 17:09:39.0916 ================================================== ==============================
2010/08/18 17:09:39.0916 Scan started
2010/08/18 17:09:39.0916 Mode: Manual;
2010/08/18 17:09:39.0916 ================================================== ==============================
2010/08/18 17:09:41.0913 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/18 17:09:42.0210 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/18 17:09:42.0397 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/18 17:09:42.0506 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/08/18 17:09:42.0631 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/18 17:09:42.0678 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/18 17:09:42.0709 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/18 17:09:42.0943 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/18 17:09:43.0177 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/18 17:09:43.0255 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/18 17:09:43.0317 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/18 17:09:43.0598 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/18 17:09:43.0629 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/18 17:09:43.0660 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/18 17:09:43.0738 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/18 17:09:43.0785 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/18 17:09:43.0848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/18 17:09:43.0879 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/18 17:09:43.0957 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/18 17:09:44.0050 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/18 17:09:44.0160 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/18 17:09:44.0191 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/18 17:09:44.0238 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/18 17:09:44.0284 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/18 17:09:44.0394 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/08/18 17:09:44.0425 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/08/18 17:09:44.0503 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/08/18 17:09:44.0565 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/18 17:09:44.0643 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/18 17:09:45.0096 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/18 17:09:45.0174 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/18 17:09:45.0283 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/18 17:09:45.0314 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/18 17:09:45.0361 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/18 17:09:45.0423 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/18 17:09:45.0501 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/18 17:09:45.0532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/18 17:09:45.0564 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/18 17:09:45.0642 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/18 17:09:45.0720 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/18 17:09:45.0766 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/18 17:09:45.0798 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/18 17:09:45.0876 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/08/18 17:09:45.0969 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/18 17:09:46.0609 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/18 17:09:46.0812 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/18 17:09:47.0077 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/18 17:09:47.0155 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/18 17:09:47.0529 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/18 17:09:47.0841 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/18 17:09:48.0091 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/18 17:09:48.0247 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/18 17:09:48.0403 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/18 17:09:48.0450 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/18 17:09:48.0606 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/18 17:09:48.0871 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/08/18 17:09:49.0058 CVPNDRVA (abfc32542e2f283c7a1dc7a47467f967) C:\Windows\system32\Drivers\CVPNDRVA.sys
2010/08/18 17:09:49.0230 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/18 17:09:49.0386 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/18 17:09:49.0651 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/18 17:09:49.0869 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2010/08/18 17:09:50.0228 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/18 17:09:50.0914 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/18 17:09:51.0866 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/18 17:09:52.0428 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/18 17:09:52.0927 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/18 17:09:53.0348 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/18 17:09:53.0613 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/18 17:09:53.0832 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/18 17:09:54.0003 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/18 17:09:54.0237 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/18 17:09:54.0440 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/18 17:09:54.0596 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/18 17:09:54.0830 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/18 17:09:55.0002 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/18 17:09:55.0142 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/18 17:09:55.0329 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/18 17:09:55.0735 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/18 17:09:56.0062 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/18 17:09:56.0390 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/18 17:09:56.0764 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/18 17:09:57.0061 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/18 17:09:57.0248 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/18 17:09:57.0342 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/18 17:09:57.0388 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/18 17:09:57.0482 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/18 17:09:57.0700 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/18 17:09:57.0763 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/18 17:09:57.0794 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/18 17:09:57.0841 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/18 17:09:57.0934 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/18 17:09:57.0997 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/08/18 17:09:58.0293 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/18 17:09:58.0683 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/18 17:09:58.0777 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/18 17:09:58.0824 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/18 17:09:59.0198 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/18 17:09:59.0588 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/18 17:10:00.0337 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/18 17:10:00.0852 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/18 17:10:01.0023 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/18 17:10:01.0304 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/18 17:10:01.0600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/18 17:10:01.0834 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/18 17:10:01.0912 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/18 17:10:01.0975 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/18 17:10:02.0131 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/18 17:10:02.0490 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/18 17:10:02.0739 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/18 17:10:02.0786 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/18 17:10:02.0817 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/18 17:10:02.0880 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/18 17:10:02.0911 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/18 17:10:02.0973 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/18 17:10:03.0020 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/18 17:10:03.0488 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/18 17:10:03.0691 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/18 17:10:03.0753 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/18 17:10:03.0894 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/18 17:10:03.0940 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/18 17:10:03.0987 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/18 17:10:04.0018 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/18 17:10:04.0112 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/18 17:10:04.0159 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/18 17:10:04.0268 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/18 17:10:04.0346 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/18 17:10:04.0408 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/18 17:10:04.0611 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/18 17:10:04.0861 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/18 17:10:05.0142 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/18 17:10:05.0688 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/18 17:10:05.0844 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/18 17:10:05.0890 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/18 17:10:05.0922 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/18 17:10:06.0000 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/18 17:10:06.0046 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/18 17:10:06.0093 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/18 17:10:06.0202 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/18 17:10:06.0421 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/18 17:10:06.0639 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/18 17:10:06.0811 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/18 17:10:06.0858 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/18 17:10:06.0889 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/18 17:10:06.0936 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/18 17:10:06.0967 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/18 17:10:07.0060 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/18 17:10:07.0201 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/18 17:10:07.0575 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/08/18 17:10:07.0918 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/08/18 17:10:08.0184 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/18 17:10:08.0262 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/18 17:10:08.0418 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/18 17:10:08.0574 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/18 17:10:09.0057 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/18 17:10:09.0120 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2010/08/18 17:10:09.0432 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/18 17:10:09.0837 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/18 17:10:09.0900 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/18 17:10:09.0978 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/18 17:10:10.0040 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/18 17:10:10.0087 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/18 17:10:10.0180 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/18 17:10:10.0227 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/18 17:10:10.0321 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/18 17:10:10.0368 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/18 17:10:10.0399 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/18 17:10:10.0461 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/18 17:10:10.0508 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/18 17:10:10.0758 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/18 17:10:10.0820 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/18 17:10:10.0914 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/18 17:10:10.0976 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/18 17:10:11.0054 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/18 17:10:11.0116 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/18 17:10:11.0148 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/18 17:10:11.0194 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/18 17:10:11.0272 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/18 17:10:11.0304 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/18 17:10:11.0350 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/18 17:10:11.0428 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/18 17:10:11.0460 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/18 17:10:11.0491 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/18 17:10:11.0553 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/18 17:10:11.0616 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/18 17:10:11.0662 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/18 17:10:11.0725 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/18 17:10:11.0803 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/18 17:10:11.0896 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/18 17:10:11.0990 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/18 17:10:12.0037 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/18 17:10:12.0115 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/18 17:10:12.0162 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/18 17:10:12.0240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/18 17:10:12.0349 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/18 17:10:12.0396 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/18 17:10:12.0427 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/18 17:10:12.0489 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/18 17:10:12.0552 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/18 17:10:12.0630 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/18 17:10:12.0676 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/18 17:10:12.0739 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/18 17:10:12.0770 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/18 17:10:12.0832 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/18 17:10:12.0895 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/18 17:10:12.0957 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/18 17:10:13.0020 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/18 17:10:13.0082 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/18 17:10:13.0129 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/18 17:10:13.0222 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/18 17:10:13.0269 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/18 17:10:13.0363 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/18 17:10:13.0410 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/18 17:10:13.0441 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/18 17:10:13.0519 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/18 17:10:13.0722 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/18 17:10:13.0924 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/18 17:10:13.0987 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/18 17:10:14.0034 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/18 17:10:14.0236 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/18 17:10:14.0424 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/18 17:10:14.0502 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/18 17:10:14.0580 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/18 17:10:14.0626 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/18 17:10:14.0658 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/18 17:10:14.0689 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/18 17:10:14.0736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/18 17:10:14.0782 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/18 17:10:14.0829 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/18 17:10:14.0923 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/18 17:10:14.0970 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/18 17:10:15.0001 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/18 17:10:15.0032 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/18 17:10:15.0063 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/18 17:10:15.0094 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/18 17:10:15.0141 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/18 17:10:15.0188 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/18 17:10:15.0219 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/18 17:10:15.0250 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/18 17:10:15.0297 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/18 17:10:15.0406 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/18 17:10:15.0469 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/18 17:10:15.0516 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/18 17:10:15.0578 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/18 17:10:15.0625 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/18 17:10:15.0656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/18 17:10:15.0687 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/18 17:10:15.0765 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/18 17:10:15.0812 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/18 17:10:15.0906 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/18 17:10:15.0999 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/18 17:10:16.0093 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/18 17:10:16.0186 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/18 17:10:16.0233 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/18 17:10:16.0296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/18 17:10:16.0358 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/18 17:10:16.0420 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/18 17:10:16.0514 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 17:10:16.0545 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 17:10:16.0623 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/18 17:10:16.0701 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/18 17:10:16.0810 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/18 17:10:16.0873 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/18 17:10:16.0951 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/18 17:10:16.0998 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/18 17:10:17.0060 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/18 17:10:17.0122 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/18 17:10:17.0154 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/18 17:10:17.0263 ================================================== ==============================
2010/08/18 17:10:17.0263 Scan finished
2010/08/18 17:10:17.0263 ================================================== ==============================

combo fix log

ComboFix 10-08-17.03 - Frank 18-08-2010 17:21:35.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2108 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))
.

2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-18 07:08 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\aira ppinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 10:45 . 2010-07-21 14:29 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-18 15:25 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-18 15:25 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-17 21:56 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-17 21:34 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-17 20:01 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-21 05:18 . 2010-06-11 10:48 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-07-20 67448]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-18 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A9DB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-18 17:30:12
ComboFix-quarantined-files.txt 2010-08-18 15:30

Pre-Run: 376.243.634.176 bytes beschikbaar
Post-Run: 376.192.200.704 bytes beschikbaar

- - End Of File - - 2477356FC273D2951915CD15B3084035

Wil niet lukken.



Download Gmer Rootkitscanner: (http://www2.gmer.net/download.php) naar het bureaublad.

Het bestand dat je download bestaat uit een willekeurig gekozen combinatie van cijfers en letters. (vb jqb1jln3.exe of ubmp5cd5.exe steeds een combinatie van 8 cijfers en letters)



Dubbelklik op dit "bestand" om Gmer te starten.
Krijg je een melding dat er rootkits actief zijn en er wordt gevraagd om een scan uit te voeren, dan sta je dit niet toe.
Aan de rechterkant heb je een aantal opties die je kan uit- of aanvinken.
Standaard staat alles aangevinkt, dit laat je zo.
Onder Files moet enkel de systeempartitie aangevinkt zijn. ( De systeempartitie is die partitie waarop je windows geïnstalleerd is.)
Haal het vinkje weg bij "show all" ( dit mag niet aangevinkt zijn! )
Klik nu op de "Scan" knop om de rootkitscan met Gmer te starten.
Als de scan klaar is klik je op de knop "Save" en sla je het logje op op je bureaublad.
( Klik je op knop "Copy", dan wordt de volledige rapportje van de log naar het klembord gekopieerd en kan je via CTRL+V in je volgende post plakken. )
Om Gmer te sluiten, klik je op de knop "Cancel".





Downloadt TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Gmer log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-18 20:46:25
Windows 6.1.7600
Running: k0m49by1.exe; Driver: C:\Users\Frank\AppData\Local\Temp\fwkcruoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832262D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83225898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8323E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E56599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A0CCFC9D 28 Bytes [8F, 9E, F9, FB, B6, 79, 1C, ...]
.text peauth.sys A0CCFCC1 28 Bytes [8F, 9E, F9, FB, B6, 79, 1C, ...]
PAGE peauth.sys A0CD5E20 37 Bytes [64, 4C, 4E, BF, 73, 01, 86, ...]
PAGE peauth.sys A0CD5E57 46 Bytes [73, 29, B7, 43, 6D, 81, F9, ...]
PAGE peauth.sys A0CD602C 102 Bytes [C7, 49, 4E, C5, 8B, 4C, F3, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtProtectVirtualMemory 772F5380 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory 772F5F00 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!KiUserExceptionDispatcher 772F6448 5 Bytes JMP 0013000A
.text C:\Windows\system32\svchost.exe[952] ole32.dll!CoCreateInstance 770257FC 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[1032] ntdll.dll!NtProtectVirtualMemory 772F5380 5 Bytes JMP 001B000A
.text C:\Windows\Explorer.EXE[1032] ntdll.dll!NtWriteVirtualMemory 772F5F00 5 Bytes JMP 001C000A
.text C:\Windows\Explorer.EXE[1032] ntdll.dll!KiUserExceptionDispatcher 772F6448 5 Bytes JMP 0014000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2756] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe[5040] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75355E25] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\001583188aca
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x6F 0xE5 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\001583188aca (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0x6F 0xE5 0x61 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalo g:LastCatalogCrawlId 248
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalo g:LastCatalogCrawlModified 3
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@Crawl Type 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@InPro gress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@DoneA ddingCrawlSeeds 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@IsCat alogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\251@LogSt artAddId 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@Cra wlNumberInProgress 251

---- EOF - GMER 1.0.15 ----

tdsskiller log:


2010/08/18 20:47:53.0081 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/18 20:47:53.0081 ================================================== ==============================
2010/08/18 20:47:53.0081 SystemInfo:
2010/08/18 20:47:53.0081
2010/08/18 20:47:53.0081 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/18 20:47:53.0081 Product type: Workstation
2010/08/18 20:47:53.0081 ComputerName: FRANKHOMELAPTOP
2010/08/18 20:47:53.0081 UserName: Frank
2010/08/18 20:47:53.0081 Windows directory: C:\Windows
2010/08/18 20:47:53.0081 System windows directory: C:\Windows
2010/08/18 20:47:53.0081 Processor architecture: Intel x86
2010/08/18 20:47:53.0081 Number of processors: 2
2010/08/18 20:47:53.0081 Page size: 0x1000
2010/08/18 20:47:53.0081 Boot type: Normal boot
2010/08/18 20:47:53.0081 ================================================== ==============================
2010/08/18 20:47:53.0315 Initialize success
2010/08/18 20:47:57.0215 ================================================== ==============================
2010/08/18 20:47:57.0215 Scan started
2010/08/18 20:47:57.0215 Mode: Manual;
2010/08/18 20:47:57.0215 ================================================== ==============================
2010/08/18 20:47:58.0229 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/18 20:47:58.0323 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/18 20:47:58.0385 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/18 20:47:58.0416 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/08/18 20:47:58.0479 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/18 20:47:58.0510 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/18 20:47:58.0541 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/18 20:47:58.0619 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/18 20:47:58.0682 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/18 20:47:58.0713 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/18 20:47:58.0760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/18 20:47:58.0838 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/18 20:47:58.0853 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/18 20:47:58.0884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/18 20:47:58.0931 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/18 20:47:58.0962 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/18 20:47:58.0994 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/18 20:47:59.0040 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/18 20:47:59.0087 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/18 20:47:59.0134 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/18 20:47:59.0212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/18 20:47:59.0243 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/18 20:47:59.0274 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/18 20:47:59.0306 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/18 20:47:59.0462 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
2010/08/18 20:47:59.0493 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
2010/08/18 20:47:59.0571 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
2010/08/18 20:47:59.0633 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/18 20:47:59.0680 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/18 20:47:59.0774 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/18 20:47:59.0820 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/18 20:47:59.0883 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/18 20:47:59.0914 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/18 20:47:59.0930 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/18 20:47:59.0976 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/18 20:48:00.0008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/18 20:48:00.0039 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/18 20:48:00.0070 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/18 20:48:00.0117 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2010/08/18 20:48:00.0164 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/18 20:48:00.0195 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/18 20:48:00.0226 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/18 20:48:00.0273 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/08/18 20:48:00.0335 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/18 20:48:00.0616 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/18 20:48:00.0678 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/18 20:48:00.0710 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/18 20:48:00.0772 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/18 20:48:00.0803 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/18 20:48:00.0834 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/18 20:48:00.0912 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/18 20:48:00.0959 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/18 20:48:01.0022 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/18 20:48:01.0053 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/18 20:48:01.0131 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/18 20:48:01.0178 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/08/18 20:48:01.0271 CVPNDRVA (abfc32542e2f283c7a1dc7a47467f967) C:\Windows\system32\Drivers\CVPNDRVA.sys
2010/08/18 20:48:01.0380 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/18 20:48:01.0427 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/18 20:48:01.0474 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/18 20:48:01.0536 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2010/08/18 20:48:01.0614 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/18 20:48:01.0661 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/18 20:48:01.0786 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/18 20:48:01.0926 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/18 20:48:01.0989 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/18 20:48:02.0067 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/18 20:48:02.0098 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/18 20:48:02.0145 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/18 20:48:02.0207 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/18 20:48:02.0223 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/18 20:48:02.0270 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/18 20:48:02.0332 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/18 20:48:02.0379 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/18 20:48:02.0410 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/18 20:48:02.0472 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/18 20:48:02.0519 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/18 20:48:02.0597 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/18 20:48:02.0628 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/18 20:48:02.0675 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/08/18 20:48:02.0722 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/18 20:48:02.0738 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/18 20:48:02.0784 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/18 20:48:02.0816 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/18 20:48:02.0862 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/18 20:48:02.0909 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/18 20:48:02.0956 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/18 20:48:03.0003 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/18 20:48:03.0018 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/18 20:48:03.0050 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/18 20:48:03.0096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/18 20:48:03.0143 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2010/08/18 20:48:03.0252 IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/18 20:48:03.0299 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/18 20:48:03.0330 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/18 20:48:03.0377 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/18 20:48:03.0408 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/18 20:48:03.0424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/18 20:48:03.0471 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/18 20:48:03.0502 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/18 20:48:03.0533 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/18 20:48:03.0596 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
2010/08/18 20:48:03.0627 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/18 20:48:03.0674 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/18 20:48:03.0736 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/18 20:48:03.0783 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/18 20:48:03.0861 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/18 20:48:03.0908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/18 20:48:03.0939 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/18 20:48:03.0970 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/18 20:48:04.0001 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/18 20:48:04.0032 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/18 20:48:04.0064 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/18 20:48:04.0095 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/18 20:48:04.0142 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/18 20:48:04.0173 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/18 20:48:04.0220 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/18 20:48:04.0251 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/18 20:48:04.0298 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/18 20:48:04.0329 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/18 20:48:04.0376 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/18 20:48:04.0407 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/18 20:48:04.0454 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/18 20:48:04.0485 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/18 20:48:04.0500 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/18 20:48:04.0547 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/18 20:48:04.0578 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/18 20:48:04.0625 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/18 20:48:04.0656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/18 20:48:04.0672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/18 20:48:04.0719 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/18 20:48:04.0781 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/18 20:48:04.0797 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/18 20:48:04.0844 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/18 20:48:04.0890 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/18 20:48:04.0890 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/18 20:48:04.0922 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/18 20:48:04.0984 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/18 20:48:05.0031 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/18 20:48:05.0140 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/18 20:48:05.0187 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/18 20:48:05.0218 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/18 20:48:05.0265 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/18 20:48:05.0280 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/18 20:48:05.0312 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/18 20:48:05.0374 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/18 20:48:05.0436 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/18 20:48:05.0655 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
2010/08/18 20:48:05.0795 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/08/18 20:48:05.0951 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/18 20:48:06.0014 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/18 20:48:06.0060 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/18 20:48:06.0123 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/18 20:48:06.0138 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/18 20:48:06.0185 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2010/08/18 20:48:06.0450 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/18 20:48:06.0591 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/18 20:48:06.0622 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/18 20:48:06.0653 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/18 20:48:06.0700 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/18 20:48:06.0747 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/18 20:48:06.0809 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/18 20:48:06.0825 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/18 20:48:06.0903 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/18 20:48:06.0934 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/18 20:48:06.0950 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/18 20:48:06.0996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/18 20:48:07.0028 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/18 20:48:07.0137 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/18 20:48:07.0168 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/18 20:48:07.0246 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/18 20:48:07.0324 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/18 20:48:07.0386 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/18 20:48:07.0418 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/18 20:48:07.0449 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/18 20:48:07.0511 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/18 20:48:07.0527 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/18 20:48:07.0574 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/18 20:48:07.0605 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/18 20:48:07.0683 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/18 20:48:07.0714 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/18 20:48:07.0730 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/18 20:48:07.0776 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/18 20:48:07.0823 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/18 20:48:07.0854 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/18 20:48:07.0886 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/18 20:48:07.0948 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/18 20:48:08.0010 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/18 20:48:08.0104 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/18 20:48:08.0151 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/18 20:48:08.0198 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/18 20:48:08.0229 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/18 20:48:08.0276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/18 20:48:08.0322 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/18 20:48:08.0369 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/18 20:48:08.0385 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/18 20:48:08.0447 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/18 20:48:08.0494 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/18 20:48:08.0525 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/18 20:48:08.0541 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/18 20:48:08.0572 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/18 20:48:08.0603 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/18 20:48:08.0634 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/18 20:48:08.0681 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/18 20:48:08.0744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/18 20:48:08.0822 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/08/18 20:48:08.0884 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/18 20:48:08.0915 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/18 20:48:08.0962 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/18 20:48:09.0009 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/18 20:48:09.0071 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/18 20:48:09.0118 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/18 20:48:09.0149 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/18 20:48:09.0212 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/18 20:48:09.0383 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/18 20:48:09.0664 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/18 20:48:09.0742 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/18 20:48:09.0773 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/18 20:48:09.0804 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/18 20:48:09.0867 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/18 20:48:09.0929 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/18 20:48:09.0992 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/18 20:48:10.0038 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/18 20:48:10.0070 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/18 20:48:10.0101 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/18 20:48:10.0132 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/18 20:48:10.0163 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/18 20:48:10.0210 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/18 20:48:10.0288 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/18 20:48:10.0319 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/18 20:48:10.0350 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/18 20:48:10.0382 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/18 20:48:10.0413 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/18 20:48:10.0444 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/18 20:48:10.0475 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/18 20:48:10.0506 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/18 20:48:10.0538 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/18 20:48:10.0569 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/18 20:48:10.0600 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/18 20:48:10.0647 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/18 20:48:10.0694 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/18 20:48:10.0725 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/18 20:48:10.0756 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/18 20:48:10.0787 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/18 20:48:10.0818 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/18 20:48:10.0850 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/18 20:48:10.0896 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/18 20:48:10.0928 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/18 20:48:10.0990 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/18 20:48:11.0068 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/18 20:48:11.0115 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/18 20:48:11.0162 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/18 20:48:11.0208 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/18 20:48:11.0255 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/08/18 20:48:11.0286 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/08/18 20:48:11.0333 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/18 20:48:11.0396 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 20:48:11.0411 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/18 20:48:11.0458 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/18 20:48:11.0536 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/18 20:48:11.0614 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/18 20:48:11.0645 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/18 20:48:11.0739 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/18 20:48:11.0770 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/18 20:48:11.0832 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/18 20:48:11.0879 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/18 20:48:11.0910 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/18 20:48:12.0004 ================================================== ==============================
2010/08/18 20:48:12.0004 Scan finished
2010/08/18 20:48:12.0004 ================================================== ==============================

Ok wil je nu combofix nog eens laten runnen aub en de uitslag hier neerzetten.

ComboFix 10-08-18.02 - Frank 19-08-2010 14:08:52.5.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2055 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-19 to 2010-08-19 ))))))))))))))))))))))))))))))
.

2010-08-19 12:16 . 2010-08-19 12:16 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-19 12:16 . 2010-08-19 12:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-19 12:16 . 2010-08-19 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-18 17:02 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\aira ppinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-19 12:13 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-19 12:13 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-19 11:11 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-18 21:39 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-18 19:11 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-21 14:29 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-18_15.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-19 12:09 22436 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-19 12:09 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2009-07-14 04:55 . 2010-08-18 15:22 40664 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-02 17:33 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-19 07:20 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-19 11:06 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-08-19 07:20 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:41 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-18 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-18 18:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-18 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-18 18:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 12:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-19 12:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 12:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-19 12:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-18 18:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-19 12:09 8672 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-19 12:07 . 2010-08-19 12:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-19 12:07 . 2010-08-19 12:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 02:43 . 2010-08-18 16:48 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2010-03-03 02:43 . 2010-08-18 14:59 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-08-18 15:25 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-19 12:13 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-19 12:13 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-18 09:53 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-19 11:06 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-17 21:25 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-19 07:20 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-08-17 21:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-18 20:21 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-07-20 67448]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-19 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86ADCB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-19 14:18:03
ComboFix-quarantined-files.txt 2010-08-19 12:18
ComboFix2.txt 2010-08-18 15:30

Pre-Run: 374.611.660.800 bytes beschikbaar
Post-Run: 374.327.930.880 bytes beschikbaar

- - End Of File - - 494DD91D87AAAF16FE2CABE625226BF0

1. Sommige cd-emulators kunnen het interpreteren van de logs bemoeilijken.
We zullen deze daarom tijdelijk uitschakelen.
Download Defogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) en plaats het op je bureaublad. Dubbelklik op Defogger.exe om de tool te starten. In het scherm dat verschijnt klik je op de knop "Disable". In het volgende scherm klik je op Ja (Yes) om verder te gaan. Wacht tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok". Indien DeFogger vraagt om de computer te herstarten doe je dit.
NOTA: Krijg je een foutmelding wanneer je Defogger gebruikt, dan zoek je op het bureaublad naar het bestand defogger_disable en post je de inhoud van dit bestand.

CD-emulator software kan je weer inschakelen met behulp van Defogger door de tool te starten en op de knop "Re-enable" te klikken.
Dit doe je pas wanneer we volledig klaar zijn met de analyse van de computer.


Als dit niet heeft geholpen doe dan onderstaande even aub.


Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Driver::
sptd

Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://home.hetnet.nl/~stefsmeenk/CFScript.gif

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

okee dus eerst die defogger gebruiken om cd-emulators uit te schakelen.
en dan scannen met combofix?
en dan weer inschakelen met defogger?

defogger eerst dan combofix.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:51 on 19/08/2010 (Frank)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

ComboFix 10-08-18.04 - Frank 20-08-2010 8:57.7.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2027 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))
.

2010-08-20 07:03 . 2010-08-20 07:03 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-20 07:03 . 2010-08-20 07:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-20 07:03 . 2010-08-20 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-19 22:58 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\aira ppinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-20 07:01 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-20 07:01 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-20 06:46 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-19 22:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-18 21:39 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-21 14:29 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-18_15.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-20 06:57 23948 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-20 06:57 41748 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-02 17:33 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-20 06:56 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-19 11:06 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-08-20 06:56 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:41 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-20 06:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-20 06:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-20 06:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-20 07:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 22:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-19 22:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-19 22:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
+ 2010-03-02 21:04 . 2010-08-20 07:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-20 07:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-20 06:57 8696 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-08-20 06:56 . 2010-08-20 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-20 06:56 . 2010-08-20 06:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 02:43 . 2010-08-18 16:48 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2010-03-03 02:43 . 2010-08-18 14:59 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-08-18 15:25 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-20 07:01 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-20 07:01 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-18 09:53 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-19 23:23 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-17 21:25 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-20 06:56 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-08-17 21:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-19 23:57 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-20 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AC4B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-20 09:05:36
ComboFix-quarantined-files.txt 2010-08-20 07:05
ComboFix2.txt 2010-08-19 12:18
ComboFix3.txt 2010-08-18 15:30

Pre-Run: 385.508.253.696 bytes beschikbaar
Post-Run: 385.452.122.112 bytes beschikbaar

- - End Of File - - 7F2A37D761915B1C69225FCF1EFB55E1

Wil je eerst defogger nog een keer runnen en dan tdss killer zoals in dit bericht
http://www.minatica.be/threads/70541-Vertraagde-laptop-met-popups.?p=528088&viewfull=1#post528088

Opnieuw opstarten dan en dan combofix nogmaals starten en runnen.
Plaats alleen de uitslag van combofix aub.

combofix log:

ComboFix 10-08-18.05 - Frank 20-08-2010 11:56:29.8.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2041 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))
.

2010-08-20 10:03 . 2010-08-20 10:03 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-20 10:03 . 2010-08-20 10:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-20 10:03 . 2010-08-20 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-19 22:58 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\aira ppinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-20 10:00 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-20 10:00 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-20 07:40 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-19 22:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-18 21:39 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-21 14:29 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-18_15.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-20 09:57 24524 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-20 09:57 41748 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-02 17:33 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-20 07:39 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-20 09:30 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-08-20 07:39 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:41 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-08-07 04:47 . 2010-08-20 08:05 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-08-07 04:47 . 2010-08-07 04:39 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-03-02 19:45 . 2010-08-20 07:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-20 07:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-20 07:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2010-03-02 21:04 . 2010-08-20 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-20 09:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-20 09:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-20 09:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 21:04 . 2010-08-20 10:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-20 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-20 09:57 8744 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
+ 2010-08-20 09:55 . 2010-08-20 09:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-20 09:55 . 2010-08-20 09:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 02:43 . 2010-08-18 16:48 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2010-03-03 02:43 . 2010-08-18 14:59 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2010-08-20 10:00 607190 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-20 10:00 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-18 09:53 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-20 09:30 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-17 21:25 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-20 07:39 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-08-17 21:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-20 07:09 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-20 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CCFB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-20 12:04:53
ComboFix-quarantined-files.txt 2010-08-20 10:04
ComboFix2.txt 2010-08-20 07:05
ComboFix3.txt 2010-08-19 12:18
ComboFix4.txt 2010-08-18 15:30

Pre-Run: 385.733.844.992 bytes beschikbaar
Post-Run: 385.672.429.568 bytes beschikbaar

- - End Of File - - 2180E115F0BB232D017791DD26724B4E

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

http://home.kpn.nl/stefsmeenk/CFUninstall.PNG

Uitvoeren kan ook gestart worden door de toetsencombinatie http://home.kpn.nl/stefsmeenk/W+R.jpg


Vertel even hoe het nu gaat aub.

Oke gedaan.
Ik heb nu nog geen problemen ondervonden qua pop ups enzo.
Maar op een of andere manier kan Windows updater geen verbinding meer maken met het internet.:S

van die pop ups neem ik terug.
net opende er spontaan een nieuw tabblad in firefox

1. Download ATF cleaner (http://www.atribune.org/ccount/click.php?id=1) (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

2. Download Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) en sla het op je bureaublad op.


Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:


Adware: Verplaats
Dialers: Verplaats
Jokes: Rapportage
Riskware: Rapportage
Hacktools: Verplaats
Haal dan het vinkje weg bij 'Prompt bij actie'.


Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
Eenmaal als de korte scan is beeindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Ik heb alles gedaan zoals jij zij nou is het volgende gebeurd. het progammatje was een paar keer vastgelopen:S toen op stop gedrukt en ik moest me laptop herstarten. deed ik dus. toen startte hij niet helemaal op ik krijg uiteindelijk een zwart scherm met alleen mijn muis aanwijzer. ik kan wel met ctr. alt del. naar taak beheer en dan zo een nieuwe taak starten zoals ik nu met firefox heb gedaan. maar ik heb verder geen bureaublad en of taak balk. wat is er zo juist gebeurd???????????!!

De nog steeds aanwezige infectie.
Kan je opstarten in een ouder herstel punt toevallig ?

als ik weet hoe dat moet miss wel ja:S
ik zal even via taakbeheer kijken of ik systeem herstel kan openen

ik kan het niet echt vinden :S

Wat kan je nog wel doen?


Probeer dit eens.

Download HitmanPro (http://dplus.softonic.nl/cdn-am-download/AxkkQTVQ%2FlJqjruCtQUwNjZslgQmiLcbbyTnahFjY6BsUlKh q8vXGjDlqOCy%2BUUNm2e%2FJ1TX52kHSbuObwJVNlElbM46Cz r%2B%2FTicIGGHSzDirur8mumjUXyO1nJdbQWURTbQz4ryoLUK %2BqSLigaPiru7PRPT4e1%2Btx2DF3zlY4mrQ2WH5WVEsAgIPM BQV7FF8nMkpgluTh6zbGR%2BxnuKWR15XdSbwoh2YBdIuAOMKV rWz2FIFeTSwmwEmNTYirAd5gSP9Q51utrjRboNkIsr0lhjj4mF w5lYKtL37SNZKYzx%2FF8XDhqHj%2BdLz7LDb4qo2hWTMBY4ZG sRBTY%2FKq6%2FCk41M6ONIUsAmlB2TwUdYnVWa7BXxN%2F274 6u2Fli0I59)

Ik heb hem zojuist terug kunnen zetten naar een eerder herstel punt toen ik me laptop opnieuw opstartte.
enige problemen die ik nu nog heb is:
Miss nog wat virussen of andere troep die op me laptop staan
en me Windows auto updater doet het niet (kan geen verbinding maken)

groeten

Lees mijn vorige bericht even aub.

gedownload en is nu aan voor 2e keer aan het scannen
ik kan hem 30 dagen gratis geregistreerd gebruiken.

als goed is is dit de log

- (http://www.minatica.be/) <Log computer="FRANKHOMELAPTOP" scan="Normal" version="3.5.6.111" date="2010-08-29T16:44:14" timeSpentInSecs="133" filesProcessed="25386">
- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="None">
<File path="$tdl3.sticky" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@atdmt[1].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@atdmt[2].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@serving-sys[1].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@serving-sys[2].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Suspicious" score="32.0" status="Deleted">
<File path="C:\Windows\system32\config\systemprofile\userinit. exe" hash="1ADF3F1DA48A4DEE7FE74FB9EF2D899C8754C51CA53506CC63 E7221747D4FD7A" />

</Item>


</Log>

Log 2

<Log computer="FRANKHOMELAPTOP" scan="Normal" version="3.5.6.111" date="2010-08-29T16:51:29" timeSpentInSecs="145" filesProcessed="26458">
- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="None">
<File path="$tdl3.sticky" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@atdmt[1].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@atdmt[2].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@atdmt[6].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@serving-sys[1].txt" />

</Item>


- (http://www.minatica.be/) <Item type="Repair" score="0.0" status="DeleteFailed">
<File path="C:\Users\Frank\AppData\Roaming\Microsoft\Windows\C ookies\frank@serving-sys[2].txt" />

</Item>


</Log>

Enige verbetering ?

Nou ik heb tot nu toe maar 1 pop up gehad van een of andere casino en ik heb nog steeds problemen met auto update van windows

Laat combofix nogmaals runnen aub en plaats de uitslag aub.

ComboFix 10-09-01.04 - Frank 02-09-2010 23:21:08.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2026 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-08-02 to 2010-09-02 ))))))))))))))))))))))))))))))
.

2010-09-02 21:29 . 2010-09-02 21:30 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-09-02 21:29 . 2010-09-02 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 15:54 . 2010-08-30 15:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-30 05:37 . 2010-08-30 05:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-08-29 20:36 . 2010-08-29 20:36 -------- d-----w- c:\users\Frank\AppData\Local\Apple Computer
2010-08-29 14:43 . 2010-08-29 14:47 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-29 14:31 . 2010-08-29 21:06 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-29 14:31 . 2010-08-29 14:43 -------- d-----w- c:\programdata\Hitman Pro
2010-08-29 14:31 . 2010-08-29 14:31 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-29 14:27 . 2010-09-01 18:43 -------- d-----w- c:\users\Frank\AppData\Roaming\Spotify
2010-08-29 14:27 . 2010-09-01 18:43 -------- d-----w- c:\users\Frank\AppData\Local\Spotify
2010-08-29 14:27 . 2010-08-29 14:27 655360 ----a-w- c:\users\Frank\AppData\Roaming\Spotify\Gracenote\g nsdk_sdkmanager.dll
2010-08-29 14:27 . 2010-08-29 14:27 282624 ----a-w- c:\users\Frank\AppData\Roaming\Spotify\Gracenote\g nsdk_musicid_file.dll
2010-08-29 14:27 . 2010-08-29 14:27 208896 ----a-w- c:\users\Frank\AppData\Roaming\Spotify\Gracenote\g nsdk_dsp.dll
2010-08-29 14:27 . 2010-08-29 14:27 -------- d-----w- c:\program files\Spotify
2010-08-29 14:26 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-29 14:26 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-29 14:26 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-29 14:26 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-29 14:26 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-16 14:20 . 2010-08-29 14:25 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-29 14:25 -------- d-----w- c:\program files\XBMC
2010-08-14 19:16 . 2010-08-29 12:51 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-29 18:01 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-11 21:24 . 2010-08-29 12:51 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-29 12:51 -------- d-----w- c:\program files\myBabylon_English
2010-08-05 11:34 . 2010-08-29 12:51 -------- d-----w- c:\program files\VLC Player
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-02 21:25 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-09-02 21:25 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-09-02 08:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-31 21:22 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-31 19:30 . 2010-08-29 14:25 -------- d-----w- c:\users\Frank\AppData\Roaming\XBMC
2010-08-30 21:21 . 2010-04-12 10:42 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-30 15:54 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-08-30 05:39 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-30 05:38 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-08-29 14:02 . 2010-08-29 14:02 -------- d-----w- c:\program files\QuickTime
2010-08-29 12:51 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-29 12:51 . 2010-03-02 23:35 -------- d-----w- c:\users\Frank\AppData\Roaming\Winamp
2010-08-29 12:51 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-08-29 12:50 . 2010-03-02 22:23 -------- d-----w- c:\programdata\avg9
2010-08-29 12:50 . 2010-04-12 10:40 -------- d-----w- c:\program files\VideoLAN
2010-08-29 12:50 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-08-01 15:13 . 2010-07-31 23:41 -------- d-----w- c:\program files\The KMPlayer
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-28 16:52 . 2010-07-28 16:51 -------- d-----w- c:\program files\iTunes
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-17 03:00 . 2010-07-25 14:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-08 09:28 . 2010-07-31 23:41 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-06-08 09:28 . 2010-07-31 23:41 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-12-08 11:33 . 2010-03-04 15:19 37 --sha-w- c:\windows\System32\config\systemprofile\pizda_bku rl.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe" [2010-01-27 256280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{C91DE044-D900-4F15-BBD1-44FD9D59B277}\Icon3E5562ED7.ico [2010-3-5 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AB1B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-09-02 23:32:01
ComboFix-quarantined-files.txt 2010-09-02 21:32
ComboFix2.txt 2010-08-20 10:04

Pre-Run: 364.791.107.584 bytes beschikbaar
Post-Run: 364.740.546.560 bytes beschikbaar

- - End Of File - - D75AAADA9DBA980C8BDA6895EB69CF52

Hallo, het wil precies niet lukken.

Wil je TDSS killer helemaal verwijderen en dan opnieuw downloaden.

Uitvoeren dit maal als administrator aub.


Downloadt TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) en plaats het op je bureaublad.
Pak de bestanden in tdsskiller.zip uit.
Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.
Klik op de knop "Start Scan" en volg de instructies.
Wanneer de scan klaar is klik je op de knop "Report".
Er opent een kladblokbestand. Post de inhoud van dit bestand.

Hallo beetje laat bericht je maar kon door de volgende omstandigheden even deze forum niet meer vinden.

Er is iets gebeurd met me laptop maar ik weet niet wat.
hij wil windows niet meer opstarten (helemaal niet meer) bij het opstarten geeft hij een fout aan (gaat te snel om het te kunnen lezen) en dan geeft hij direct de opties: windows automatisch herstel of opnieuw opstarten.

opnieuw opstarten: werkt niet dan krijg ik gewoon weer het zelfde
windows automatisch herstel: hij gaat scannen en dan geeft hij aan dat het een onbekende fout is. en is niet hersteld

ik heb ook geprobeerd met een oude acer restore dvd de laptop op te starten.
dan geeft hij aan of ik de laptop helmaal opnieuw wil instellen (al me bestanden kwijt)
Of de keuze dat ik wel me bestanden behoud.

Ik heb natuurlijk de optie gekozen om me bestanden te behouden.
maar dan geeft hij aan plaats de volgende cd, dat doe ik want ik heb er 2 zag ik.
daarna zecht hij weer plaats de volgende cd. dan deed ik cd 1 er maar weer in toen gaf hij aan plaats de juiste Image disc.


Allemaal heel verwarrend want hij starte opeens niet op. ik heb niks raars gedaan ofzo.
Is er een manier om me computer toch weer aan de praat te krijgen (misschien ergens anders een acer recovery cd te halen?)
of is er een manier om me bestanden van me (interne) hardeschijf nog te redden?


Iniedergeval
hardstikke bedankt tot nu toe.
Ik hoop dat je me hier nog bij kan helpen (of iemand anders)

Pffft lastig, vraag het even bij de windows afdeling.

http://www.minatica.be/forums/189-Windows

Had ik gister zojuist gedaan :D
ben er ook achter wat voor error hij aan geeft dus ik zal daar even gaan posten

Is goed.

Alles is goed verlopen
al mijn bestand ook weer terug (via UBcd)
Windows hersteld via alt+F10
windows 7 er op gezet
probleem met dvd brander verholpen
geen virussen in bewaarde bestanden
geen virussen in laptop zelf
nieuwe restore dvd gemaakt

Bedankt voor de hulp allemaal


Einde topic.........

Bedankt voor je antwoord.