Vertraagde laptop met popups.

**Juisterr** · 20 August 2010, 10:37

Wil je eerst defogger nog een keer runnen en dan tdss killer zoals in dit bericht
http://www.minatica.be/threads/70541...l=1#post528088

Opnieuw opstarten dan en dan combofix nogmaals starten en runnen.
Plaats alleen de uitslag van combofix aub.

**frankie3** · 20 August 2010, 12:08

combofix log:

ComboFix 10-08-18.05 - Frank 20-08-2010 11:56:29.8.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.3067.2041 [GMT 2:00]
Gestart vanuit: c:\users\Frank\Desktop\ComboFix.exe
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))
.

2010-08-20 10:03 . 2010-08-20 10:03 -------- d-----w- c:\users\Frank\AppData\Local\temp
2010-08-20 10:03 . 2010-08-20 10:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-20 10:03 . 2010-08-20 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 12:27 . 2010-08-17 12:27 -------- d-----w- c:\windows\Sun
2010-08-16 14:20 . 2010-08-16 14:20 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-16 14:20 . 2010-08-19 22:58 -------- d-----w- c:\program files\XBMC
2010-08-15 20:05 . 2010-08-16 14:10 -------- d-----w- c:\users\Frank\Nieuwe map
2010-08-14 19:16 . 2010-08-14 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 18:51 . 2010-08-14 18:51 273960 ----a-w- c:\windows\system32\drivers\k57nd60x.sys
2010-08-14 18:18 . 2010-08-14 18:19 -------- d-----w- c:\program files\Uniblue
2010-08-14 18:15 . 2010-08-14 18:15 -------- d-----w- c:\program files\AutoUnpack
2010-08-14 18:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-14 17:35 . 2010-08-14 17:35 -------- d-----w- c:\programdata\Uniblue
2010-08-14 17:33 . 2010-08-14 17:34 5268200 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\DriverScann er\_temp\driverscanner.exe
2010-08-14 17:33 . 2010-08-14 17:33 5276232 ----a-w- c:\users\Frank\AppData\Roaming\Uniblue\SpeedUpMyPC \_temp\sump.exe
2010-08-14 17:32 . 2010-08-14 18:19 -------- d-----w- c:\users\Frank\AppData\Roaming\Uniblue
2010-08-14 17:25 . 2008-05-29 08:03 37176 ----a-w- c:\users\Frank\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-08-13 13:27 . 2010-08-13 13:32 -------- d-----w- c:\users\Frank\AppData\Roaming\vlc
2010-08-13 13:27 . 2010-08-13 13:27 -------- d-----w- c:\program files\VideoLAN
2010-08-12 13:33 . 2010-08-12 13:33 388096 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 13:33 . 2010-08-12 13:33 -------- d-----w- c:\program files\Trend Micro
2010-08-12 11:01 . 2010-08-12 13:31 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-05 20:56 . 2010-08-05 20:56 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-08-05 11:34 . 2010-04-21 10:06 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
2010-08-05 11:34 . 2010-04-21 10:06 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
2010-08-05 11:34 . 2010-08-05 11:34 -------- d-----w- c:\program files\myBabylon_English
2010-08-04 21:02 . 2010-08-04 21:04 -------- d-----w- c:\users\Frank\AppData\Roaming\Media Player Classic
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Conduit
2010-07-31 23:41 . 2010-07-31 23:41 -------- d-----w- c:\program files\Softonic-Eng7
2010-07-31 23:41 . 2010-06-08 09:28 52224 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-07-31 23:41 . 2010-06-08 09:28 101376 ----a-w- c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-07-31 23:41 . 2010-08-01 15:13 -------- d-----w- c:\program files\The KMPlayer
2010-07-28 16:51 . 2010-07-28 16:51 -------- d-----w- c:\program files\iPod
2010-07-28 16:51 . 2010-07-28 16:52 -------- d-----w- c:\program files\iTunes
2010-07-28 16:48 . 2010-07-28 16:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 16:47 . 2010-07-28 16:47 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-25 17:01 . 2010-07-25 17:01 -------- d-----w- c:\program files\GrabIt
2010-07-25 14:05 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 12:07 . 2010-07-25 12:22 -------- d-----w- c:\users\Frank\AppData\Local\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\programdata\Hema Album Software Advanced
2010-07-22 12:07 . 2010-07-22 12:07 -------- d-----w- c:\program files\Hema Album Software Advanced

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-20 10:00 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-08-20 10:00 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2010-08-20 07:40 . 2010-03-03 18:17 -------- d-----w- c:\users\Frank\AppData\Roaming\LimeWire
2010-08-19 22:41 . 2010-03-09 08:35 0 ----a-w- c:\users\Frank\AppData\Local\prvlcl.dat
2010-08-18 21:39 . 2010-03-03 09:52 -------- d-----w- c:\users\Frank\AppData\Roaming\GrabIt
2010-08-16 15:40 . 2010-03-03 09:34 -------- d-----w- c:\program files\FTDv3.8
2010-08-14 15:57 . 2010-03-04 15:16 -------- d-----w- c:\program files\Ask.com
2010-08-10 10:10 . 2010-03-02 22:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-05 20:59 . 2010-03-02 22:11 -------- d-----w- c:\programdata\NVIDIA
2010-08-05 20:56 . 2010-03-02 22:09 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-05 08:55 . 2010-03-04 15:15 -------- d-----w- c:\users\Frank\AppData\Roaming\uTorrent
2010-08-01 17:11 . 2010-04-12 10:43 -------- d-----w- c:\users\Frank\AppData\Roaming\dvdcss
2010-08-01 15:22 . 2010-03-20 13:41 -------- d-----w- c:\programdata\DVD Shrink
2010-07-28 16:51 . 2010-04-11 10:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-28 16:48 . 2010-06-23 20:58 -------- d-----w- c:\program files\Safari
2010-07-27 23:01 . 2010-03-02 18:53 -------- d-----w- c:\program files\Windows Live
2010-07-25 14:05 . 2010-03-03 14:41 -------- d-----w- c:\program files\Java
2010-07-21 14:29 . 2010-07-20 10:45 -------- d-----w- c:\programdata\FLEXnet
2010-07-21 08:53 . 2010-07-21 08:53 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 08:52 . 2010-07-21 08:52 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 08:52 . 2010-07-21 08:52 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-21 08:52 . 2010-07-21 08:52 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 08:52 . 2010-07-21 08:52 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-20 10:45 . 2010-03-02 18:47 67856 ----a-w- c:\users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-20 10:36 . 2010-03-02 22:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 10:35 . 2010-07-20 10:35 -------- d-----w- c:\program files\Adobe Media Player
2010-07-20 10:34 . 2010-07-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-20 10:31 . 2010-07-20 10:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-07-16 12:55 . 2010-03-02 22:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 12:55 . 2010-07-16 12:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 12:54 . 2010-03-02 22:24 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-12 14:49 . 2010-03-20 13:47 -------- d-----w- c:\program files\DVD Shrink
2010-07-09 14:20 . 2010-07-09 14:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 14:20 . 2010-07-09 14:20 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-24 09:45 . 2010-04-11 10:39 -------- d-----w- c:\users\Frank\AppData\Roaming\Apple Computer
2010-06-23 20:59 . 2010-06-23 20:59 -------- d-----w- c:\program files\Bonjour
2010-06-23 20:58 . 2010-06-23 20:58 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-21 22:07 . 2010-08-05 20:54 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07 . 2010-03-02 22:09 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07 . 2010-08-05 20:54 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-21 22:07 . 2010-08-05 20:54 105576 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-06-03 09:03 . 2010-03-02 22:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-16 14:21 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-16 14:21 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-16 14:21 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 07:24 . 2010-06-11 10:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 10:48 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:41 . 2010-08-16 14:21 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-16 14:21 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-08-18_15.28.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-02 23:26 . 2010-08-20 09:57 24524 c:\windows\System32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-20 09:57 41748 c:\windows\System32\wdi\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-02 17:33 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:33 . 2010-08-20 07:39 49152 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-20 10:58 . 2010-08-20 09:30 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-07-20 10:58 . 2010-08-18 09:53 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-08-20 07:39 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:41 . 2010-08-17 21:25 49152 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-08-07 04:47 . 2010-08-20 08:05 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-08-07 04:47 . 2010-08-07 04:39 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-03-02 19:45 . 2010-08-20 07:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 19:45 . 2010-08-20 07:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 19:45 . 2010-08-17 21:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 19:45 . 2010-08-20 07:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2010-03-02 19:45 . 2010-08-17 21:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2010-03-02 21:04 . 2010-08-20 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 22:19 . 2010-08-20 09:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-20 09:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\History\History.IE5\index.dat
+ 2010-03-02 22:19 . 2010-08-20 09:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
- 2010-03-02 22:19 . 2010-08-18 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp\Cookies\index.dat
- 2010-03-02 21:04 . 2010-08-18 15:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 21:04 . 2010-08-20 10:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 21:04 . 2010-08-17 21:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 21:04 . 2010-08-20 10:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-02 22:13 . 2010-08-20 09:57 8744 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1647979850-1972059973-3787660427-1001_UserData.bin
+ 2010-08-20 09:55 . 2010-08-20 09:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-08-18 15:20 . 2010-08-18 15:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-08-20 09:55 . 2010-08-20 09:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2010-03-03 02:43 . 2010-08-18 16:48 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2010-03-03 02:43 . 2010-08-18 14:59 360976 c:\windows\System32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2010-08-20 10:00 607190 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-20 10:00 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-18 15:25 103568 c:\windows\System32\perfc009.dat
- 2010-03-02 18:32 . 2010-08-18 09:53 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-02 18:32 . 2010-08-20 09:30 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-03-02 17:33 . 2010-08-17 21:25 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-02 17:33 . 2010-08-20 07:39 442368 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:03 . 2010-08-17 21:38 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-08-20 07:09 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-06-03 2736736]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyN ot.exe" [2009-07-14 354304]
"SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC\launcher.exe" [2010-06-25 67960]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-12-03 494112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-03-10 200704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-10 7703072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]

c:\users\Frank\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Frank^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Frank\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-20 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-12-03 690720]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-08-14 273960]
S3 NETw5s32;Intel(R) Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.
Inhoud van de 'Gedeelde Taken' map

2010-08-20 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-14 14:23]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=14542
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Pro files\tp0er5ib.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86CCFB4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x857c1ad8
QueryNameProcedure -> 0x857c1c68
user & kernel MBR OK

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-08-20 12:04:53
ComboFix-quarantined-files.txt 2010-08-20 10:04
ComboFix2.txt 2010-08-20 07:05
ComboFix3.txt 2010-08-19 12:18
ComboFix4.txt 2010-08-18 15:30

Pre-Run: 385.733.844.992 bytes beschikbaar
Post-Run: 385.672.429.568 bytes beschikbaar

- - End Of File - - 2180E115F0BB232D017791DD26724B4E

**Juisterr** · 20 August 2010, 21:55

Ga naar Start - Uitvoeren
en Geef hier het volgende in: Combofix /Uninstall
Druk daarna op OK.
Als het goed is krijg je dan een melding dat Combofix verwijderd werd.

Voorbeeld:

Uitvoeren kan ook gestart worden door de toetsencombinatie

Vertel even hoe het nu gaat aub.

**frankie3** · 21 August 2010, 12:03

Oke gedaan.
Ik heb nu nog geen problemen ondervonden qua pop ups enzo.
Maar op een of andere manier kan Windows updater geen verbinding meer maken met het internet.:S

**frankie3** · 21 August 2010, 12:11

van die pop ups neem ik terug.
net opende er spontaan een nieuw tabblad in firefox

**Juisterr** · 26 August 2010, 21:54

1. Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

2. Download Dr.Web CureIt en sla het op je bureaublad op.

Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
- Adware: Verplaats
- Dialers: Verplaats
- Jokes: Rapportage
- Riskware: Rapportage
- Hacktools: Verplaats
- Haal dan het vinkje weg bij 'Prompt bij actie'.
Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.
Druk vervolgens op Toepassen gevolgd door OK.
Eenmaal als de korte scan is beeindigd vink je aan: Volledige scan.
Druk daarna op het groene pijltje (start knop) om de scan te starten.
Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.
Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.
Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.
Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.
Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

**frankie3** · 28 August 2010, 23:41

Ik heb alles gedaan zoals jij zij nou is het volgende gebeurd. het progammatje was een paar keer vastgelopen:S toen op stop gedrukt en ik moest me laptop herstarten. deed ik dus. toen startte hij niet helemaal op ik krijg uiteindelijk een zwart scherm met alleen mijn muis aanwijzer. ik kan wel met ctr. alt del. naar taak beheer en dan zo een nieuwe taak starten zoals ik nu met firefox heb gedaan. maar ik heb verder geen bureaublad en of taak balk. wat is er zo juist gebeurd???????????!!

**Juisterr** · 29 August 2010, 13:50

De nog steeds aanwezige infectie.
Kan je opstarten in een ouder herstel punt toevallig ?

**frankie3** · 29 August 2010, 14:00

als ik weet hoe dat moet miss wel ja:S
ik zal even via taakbeheer kijken of ik systeem herstel kan openen

**frankie3** · 29 August 2010, 14:05

ik kan het niet echt vinden :S

Discussie: Vertraagde laptop met popups.

Discussietools

Discussie doorzoeken

Weergave

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

vertraagde laptop

Popups

CID popups

Vertraagde pc (ErrorSafe en ?)

vertraagde pc

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten