Archief - Google Chrome doet niets

magnusjb1 · 13 apr 2010

Zoals het onderwerp al zegt doet Google Chrome sinds kort niets. Hij start wel op, maar laad geen enkele pagina.

Alvast bedankt voor het checken,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:53, on 13-4-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, entertainment, concerten, video, sport, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by TU Delft University of Technology
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verzenden naar Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {DD628D6E-5DDE-457B-8932-304EC8CC4F77} (Cebra Virtuocity Client) - http://get.virtuocity.eu/2.5/virtuocity.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91288041-2507-4555-A474-59AEEA87BF44}: NameServer = 195.241.77.55,195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\..\{F57F4CB0-6531-410D-A7F4-BADE35E6647F}: NameServer = 195.241.77.55,195.241.77.58
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate1c9a03bd7f1d1e) (gupdate1c9a03bd7f1d1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: USBDLM - Uwe Sieber - Uwe Sieber's Homepage - C:\Program Files\USBDLM\USBDLM.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13929 bytes

^MystiQ · 13 apr 2010

Krijg je ook een error in google chrome of niet?

magnusjb1 · 13 apr 2010

Nee, alleen de volgende melding:

De volgende pagina's reageren niet meer. U kunt wachten tot ze reageren of de pagina's sluiten

Flex · 13 apr 2010

Verwijderen en dan nog eens installeren?

magnusjb1 · 13 apr 2010

Heb ik ook al geprobeerd, heeft ook niets uitgehaald.
Het lijkt er op dat het wel vaker voor komt, maar er is niet echt een standaard oplossing. Bij veel mensen lost een update het probleem op, of heeft het met een anti virus programma te maken. Ik gebruik AntiVir, maar kan daar niets specifieks over vinden.

Juisterr · 13 apr 2010

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Download Java Runtime Environment (JRE) 6 Update 19

Scroll omlaag naar : Java SE Runtime Environment (JRE) 6 Update 19.
Klik op de Download knop aan de rechterkant.
In het uitklapmenu rechts naast Platform, selecteer Windows

Vink aan: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement, en klik op Continue. De pagina zal herladen.
Klik op de jre-6u19windows-i586.exe link ONDER Windows Offline Installation en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u19windows-i586.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download Combofix naar je Bureaublad en gebruik het volgens deze handleiding.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord

magnusjb1 · 14 apr 2010

De tekst is te lang, dus moet in 2 delen

ComboFix 10-04-13.04 - 14-04-2010 13:12:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2031.1582 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: F-Secure Client Security 7.12 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dwstasab.ini
c:\windows\system32\mljkcoha.ini
c:\windows\system32\mnWFeMoq.ini
c:\windows\system32\mnWFeMoq.ini2
c:\windows\system32\Thumbs.db
c:\windows\system32\vaanngxv.ini
c:\windows\system32\xrywgjfd.ini
c:\windows\Tasks\fwosvgoq.job
O:\autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-03-14 to 2010-04-14 ))))))))))))))))))))))))))))))
.

2010-04-14 10:40 . 2010-04-14 10:40 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-15905d06-n\msvcp71.dll
2010-04-14 10:40 . 2010-04-14 10:40 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-15905d06-n\jmc.dll
2010-04-14 10:40 . 2010-04-14 10:40 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-15905d06-n\msvcr71.dll
2010-04-14 10:40 . 2010-04-14 10:40 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-204f563b-n\decora-sse.dll
2010-04-14 10:40 . 2010-04-14 10:40 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-204f563b-n\decora-d3d.dll
2010-04-14 10:31 . 2010-04-14 10:31 -------- d-----w- c:\program files\Common Files\Java
2010-04-13 00:07 . 2010-04-13 00:09 -------- d-----w- C:\Empire.of.the.Seas.How.the.Navy.Forged.the.Modern.World.S01.2010.720p.HDTV.x264-SFM
2010-04-09 10:07 . 2010-04-09 10:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-09 10:06 . 2010-04-09 10:06 -------- d-----w- c:\program files\Common Files\Apple
2010-04-09 10:06 . 2010-04-09 10:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2010-04-09 10:06 . 2010-04-09 10:06 -------- d-----w- c:\program files\Apple Software Update
2010-04-09 10:06 . 2010-04-09 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-08 00:33 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-08 00:33 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-08 00:33 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-08 00:33 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-08 00:33 . 2010-04-13 16:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\XBMC
2010-04-08 00:33 . 2010-04-08 00:34 -------- d-----w- c:\program files\XBMC
2010-04-07 20:08 . 2010-04-07 20:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA
2010-04-07 15:50 . 2010-04-07 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-04-07 15:50 . 2010-04-13 21:21 150345 ----a-w- c:\windows\system32\nvModes.dat
2010-04-07 15:46 . 2010-04-07 15:46 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-07 15:41 . 2010-04-07 15:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-07 15:39 . 2010-04-07 15:49 -------- d-----w- c:\windows\nview
2010-04-07 08:32 . 2010-03-17 00:01 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-07 08:32 . 2010-03-17 00:01 2647144 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-07 08:32 . 2010-03-17 00:01 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-07 08:32 . 2010-03-17 00:01 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-07 08:32 . 2010-03-17 00:01 2185518 ----a-w- c:\windows\system32\nvdata.bin
2010-04-07 08:32 . 2010-03-17 00:01 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-05 11:28 . 2010-04-05 11:28 -------- d-----w- c:\program files\Psiloc
2010-04-03 13:55 . 2010-04-03 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-03-22 09:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-15 16:08 . 2010-03-15 16:08 -------- d-----w- c:\windows\system32\AGEIA
2010-03-15 16:08 . 2010-03-15 16:08 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-15 16:08 . 2010-03-15 16:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-15 16:08 . 2010-04-07 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-15 16:07 . 2010-03-12 09:26 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-15 16:06 . 2010-03-15 16:09 -------- d-----w- C:\NVIDIA

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-14 11:21 . 2010-02-28 14:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-14 10:40 . 2009-05-07 11:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-14 10:25 . 2008-08-06 10:36 -------- d-----w- c:\program files\Java
2010-04-14 10:24 . 2009-04-20 19:39 -------- d-----w- c:\program files\j2sdk1.4.2_19
2010-04-14 10:21 . 2008-11-08 12:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-04-14 09:53 . 2008-11-01 00:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-04-09 10:08 . 2008-08-06 10:45 -------- d-----w- c:\program files\QuickTime
2010-04-08 09:38 . 2009-03-08 22:13 -------- d-----w- c:\program files\Google
2010-04-07 17:24 . 2010-03-04 21:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-04-07 17:24 . 2010-03-04 21:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-04-07 15:38 . 2010-01-01 17:00 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-03 13:55 . 2009-08-02 12:44 -------- d-----w- c:\program files\TVUPlayer
2010-03-17 00:01 . 2008-08-06 12:06 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-17 00:01 . 2007-05-25 18:07 6445824 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-17 00:01 . 2007-05-25 18:07 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-17 00:01 . 2007-05-25 18:07 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-17 00:01 . 2007-05-25 18:07 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-17 00:01 . 2007-05-25 18:07 1101824 ----a-w- c:\windows\system32\nvapi.dll
2010-03-17 00:01 . 2007-05-25 18:07 10259488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-16 17:58 . 2010-03-16 17:58 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 17:58 . 2010-03-16 17:58 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 17:58 . 2010-03-16 17:58 13671016 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 17:58 . 2010-03-16 17:58 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 17:58 . 2010-03-16 17:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2010-03-16 17:58 . 2010-03-16 17:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-16 13:48 . 2010-02-19 00:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-03-15 16:03 . 2008-11-10 17:04 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-10 20:46 . 2010-03-06 18:10 239984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-10 06:15 . 1980-01-01 00:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 23:01 . 2010-01-28 12:43 -------- d-----w- c:\program files\Ask.com
2010-03-09 21:00 . 2010-03-09 21:00 2131336 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ahqv0a93.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-03-09 12:16 . 2008-11-08 12:02 -------- d-----w- c:\program files\uTorrent
2010-03-08 20:25 . 2010-03-08 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\MathWorks
2010-03-04 21:16 . 2010-03-04 21:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-03-04 21:13 . 2010-03-04 21:13 -------- d-----r- c:\program files\Skype
2010-03-04 21:13 . 2010-03-04 21:13 -------- d-----w- c:\program files\Common Files\Skype
2010-03-04 21:13 . 2010-03-04 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-04 12:31 . 2010-03-04 12:31 -------- d-----w- c:\program files\Veetle
2010-03-03 09:09 . 2008-08-06 10:41 -------- d-----w- c:\program files\MathType
2010-03-03 08:25 . 2008-11-30 22:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Design Science
2010-03-03 08:25 . 2008-10-31 23:59 129664 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-02 07:54 . 2010-02-28 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Metacafe
2010-02-28 14:31 . 2010-02-28 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe
2010-02-28 14:31 . 2010-02-28 14:31 -------- d-----w- c:\program files\Metacafe
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ahqv0a93.default\extensions\[email protected]\plugins\npTVUAx.dll
2010-02-25 06:24 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1980-01-01 00:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 17:41 . 2010-02-22 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\LucasArts
2010-02-22 17:40 . 2008-10-31 23:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 00:10 . 2010-02-19 00:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-02-17 20:08 . 2010-02-17 20:08 -------- d-----w- c:\program files\RealVNC
2010-02-16 14:08 . 1980-01-01 00:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 1980-01-01 00:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1980-01-01 00:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 02:52 . 2008-08-06 12:01 98304 ----a-w- c:\windows\DUMP68db.tmp
2010-01-22 16:02 . 2010-01-22 16:02 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-22 16:02 . 2010-01-22 16:02 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-22 16:02 . 2010-01-22 16:02 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-22 16:02 . 2010-01-22 16:02 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-22 16:02 . 2010-01-22 16:02 34507392 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_dut.exe
2010-01-21 18:59 . 2010-01-21 18:59 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-21 18:58 . 2009-12-03 09:30 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2007-11-09 15:10 . 2007-11-09 15:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 . 2007-11-09 15:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 . 2007-11-09 15:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 . 2007-11-09 15:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 . 2007-11-09 15:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 . 2007-11-09 15:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 . 2007-11-09 15:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 15:11 . 2007-11-09 15:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 . 2007-11-09 15:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-11-05 15:04 . 2008-11-05 15:03 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-13 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-02 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-10-07 75048]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-22 2331936]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"nwiz"="nwiz.exe" [2007-05-25 1626112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13671016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Ahead\Lib\NMFirstStart.exe" [2007-03-12 16944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-6 576104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Games\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Games\\Age of Empires III\\age3x.exe"=
"d:\\Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"d:\\Games\\East India Company\\eastindia.exe"=
"d:\\Games\\East India Company\\piratebay.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=
"d:\\Games\\Steam\\steamapps\\*\\team fortress 2\\hl2.exe"=
"d:\\Games\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"c:\\Programs\\eclipse\\eclipse.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Games\\Steam\\steamapps\\common\\tropico 3 - demo\\Tropico3 Demo.exe"=
"d:\\Games\\Steam\\steamapps\\*\\day of defeat source\\hl2.exe"=
"d:\\Games\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"d:\\Games\\Steam\\steamapps\\common\\command and conquer red alert 3\\runme.exe"=
"d:\\Games\\Steam\\steamapps\\common\\command and conquer red alert 3\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"d:\\Games\\Steam\\steamapps\\common\\freedom force\\fforce.exe"=
"d:\\Games\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"d:\\Games\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"d:\\Games\\Steam\\steamapps\\common\\uplink\\Uplink.exe"=
"d:\\Games\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"d:\\Games\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Psiloc\\WirelessPresenter\\PsilocWirelessPresenterDesktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"d:\\Games\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30975:TCP"= 30975:TCP:uTorrent
"30975:UDP"= 30975:UDP:uTorrent
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [11-7-2003 15:22 14912]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23-4-2007 13:03 82200]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7-10-2008 21:31 61424]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1-1-1980 2:00 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21-1-2010 19:46 108289]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29-4-2006 7:32 49152]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [6-8-2008 12:56 1373480]
R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [27-5-2008 10:02 156672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12-6-2008 15:40 477696]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1-11-2008 1:39 41216]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [1-11-2008 1:39 47616]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5-11-2009 22:41 691696]
S2 gupdate1c9a03bd7f1d1e;Google Update Service (gupdate1c9a03bd7f1d1e);c:\program files\Google\Update\GoogleUpdate.exe [9-3-2009 0:13 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Patch_HKCU_Context-v2.0]
2008-04-02 12:32 121202 ----a-w- c:\program files\ConTEXT\Patch_HKCU_Context-v2.0.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Inhoud van de 'Gedeelde Taken' map

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 22:13]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 22:13]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178283366-1490259860-3907998667-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 00:32]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3178283366-1490259860-3907998667-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-13 00:32]

2010-04-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]

2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{5F137AC1-D3F4-4F0F-BB9B-43561A5C0416}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verzenden naar Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: tudelft.net\srv610
TCP: {91288041-2507-4555-A474-59AEEA87BF44} = 195.241.77.55,195.241.77.58
TCP: {F57F4CB0-6531-410D-A7F4-BADE35E6647F} = 195.241.77.55,195.241.77.58
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
DPF: {DD628D6E-5DDE-457B-8932-304EC8CC4F77} - hxxp://get.virtuocity.eu/2.5/virtuocity.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ahqv0a93.default\
FF - prefs.js: browser.startup.homepage - hxxp://thefreevpn.com/home.php
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ahqv0a93.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\VirtuoCity Browser Plugin 2.5\NPV3DMozilla.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

magnusjb1 · 14 apr 2010

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS VERWIJDERD - - - -

AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Wireless Presenter - c:\program files\Psiloc\WirelessPresenter\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-14 13:21
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x871C6AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7ef3852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3178283366-1490259860-3907998667-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,be,1e,48,88,50,bf,4e,a9,03,ef,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,be,1e,48,88,50,bf,4e,a9,03,ef,\

[HKEY_USERS\S-1-5-21-3178283366-1490259860-3907998667-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5d,d7,63,ee,54,9d,8a,a1,f8,40,b1,31,b0,d4,ec,03,72,36,ec,44,12,27,84,
de,8b,50,03,f7,47,51,79,5b,aa,18,7f,1f,05,ca,25,6a,06,f6,f5,66,4c,86,00,29,\
"??"=hex:e5,d7,a2,cc,58,87,b3,72,1f,4d,51,0b,3f,6a,c8,80

[HKEY_USERS\S-1-5-21-3178283366-1490259860-3907998667-500\Software\SecuROM\License information*]
"datasecu"=hex:c6,8b,58,b8,cd,70,f8,cd,ab,51,a2,48,de,be,1c,2c,dc,fa,cb,ad,ad,
8e,14,41,6c,8a,49,8b,da,12,52,6e,fb,3f,34,51,0d,54,c1,36,c6,36,ad,97,a5,ff,\
"rkeysecu"=hex:65,e2,3d,ab,0e,4e,07,5d,0a,68,d0,03,55,0d,8a,16

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1584)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1644)
c:\windows\system32\WININET.dll
.
Voltooingstijd: 2010-04-14 13:24:46
ComboFix-quarantined-files.txt 2010-04-14 11:24

Pre-Run: 5.408.989.184 bytes free
Post-Run: 7.058.460.672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7B59BF8F35F0C1379ED75F3780285A69

Ik zie trouwens iets over F-Secure staan. Ik dacht dat ik die verwijderd had, maar kennelijk zijn daar nog wat restanten van over gebleven.

Chrome doet het trouwens nog steeds niet.

Juisterr · 14 apr 2010

Ok, doe even het volgende..

Download mbr.exe en sla deze op je bureaublad op.

Zet je Antivirus en Firewall tool tijdelijk uit.

Dubbelklik op mbr.exe om het programma te starten.

Mocht er een waarschuwing komen van een beveiligingsprogramma, sta dan toe dat mbr.exe start.

Open een kladblokbestand.
Kopieer onderstaande in dit kladblokbestand.

Code:

@echo off
cd %userprofile%\Desktop
start mbr.exe /f
exit

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: fix.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik nu op fix.bat.

Je ziet een zwart schermpje komen dat snel weer verdwijnt.
Start hierna je computer opnieuw op. (belangrijk!)

Daarna staat er een nieuw bestandje op het bureaublad: mbr.log

Post de inhoud van dat bestand in je volgende bericht.

Download TDSSKiller.zip, unzip het en plaats het op je bureaublad: http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Open een kladblokbestand.
Kopieer onderstaande code in dit kladblokbestand.

@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
Bij "Bestandsnaam" zet je: start.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Daarna, Dubbelklik op start.bat
Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt. (eventueel na een reboot)

magnusjb1 · 16 apr 2010

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

13:07:23:093 5596 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
13:07:23:093 5596 ================================================================================
13:07:23:093 5596 SystemInfo:

13:07:23:093 5596 OS Version: 5.1.2600 ServicePack: 3.0
13:07:23:093 5596 Product type: Workstation
13:07:23:093 5596 ComputerName: MARTIJNLAPTOP
13:07:23:093 5596 UserName: *
13:07:23:093 5596 Windows directory: C:\WINDOWS
13:07:23:093 5596 Processor architecture: Intel x86
13:07:23:093 5596 Number of processors: 2
13:07:23:093 5596 Page size: 0x1000
13:07:23:093 5596 Boot type: Normal boot
13:07:23:093 5596 ================================================================================
13:07:23:125 5596 UnloadDriverW: NtUnloadDriver error 2
13:07:23:125 5596 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
13:07:23:187 5596 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
13:07:23:187 5596 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:07:23:187 5596 wfopen_ex: Trying to KLMD file open
13:07:23:187 5596 wfopen_ex: File opened ok (Flags 2)
13:07:23:187 5596 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
13:07:23:187 5596 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
13:07:23:187 5596 wfopen_ex: Trying to KLMD file open
13:07:23:187 5596 wfopen_ex: File opened ok (Flags 2)
13:07:23:187 5596 Initialize success
13:07:23:187 5596
13:07:23:187 5596 Scanning Services ...
13:07:23:625 5596 Raw services enum returned 390 services
13:07:23:625 5596
13:07:23:625 5596 Scanning Kernel memory ...
13:07:23:625 5596 Devices to scan: 5
13:07:23:625 5596
13:07:23:625 5596 Driver Name: Disk
13:07:23:625 5596 IRP_MJ_CREATE : B810EBB0
13:07:23:625 5596 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:07:23:625 5596 IRP_MJ_CLOSE : B810EBB0
13:07:23:625 5596 IRP_MJ_READ : B8108D1F
13:07:23:625 5596 IRP_MJ_WRITE : B8108D1F
13:07:23:625 5596 IRP_MJ_QUERY_INFORMATION : 804F4562
13:07:23:625 5596 IRP_MJ_SET_INFORMATION : 804F4562
13:07:23:625 5596 IRP_MJ_QUERY_EA : 804F4562
13:07:23:625 5596 IRP_MJ_SET_EA : 804F4562
13:07:23:625 5596 IRP_MJ_FLUSH_BUFFERS : B81092E2
13:07:23:625 5596 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:07:23:625 5596 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:07:23:625 5596 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:07:23:625 5596 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:07:23:625 5596 IRP_MJ_DEVICE_CONTROL : B81093BB
13:07:23:625 5596 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
13:07:23:625 5596 IRP_MJ_SHUTDOWN : B81092E2
13:07:23:625 5596 IRP_MJ_LOCK_CONTROL : 804F4562
13:07:23:625 5596 IRP_MJ_CLEANUP : 804F4562
13:07:23:625 5596 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:07:23:625 5596 IRP_MJ_QUERY_SECURITY : 804F4562
13:07:23:625 5596 IRP_MJ_SET_SECURITY : 804F4562
13:07:23:625 5596 IRP_MJ_POWER : B810AC82
13:07:23:625 5596 IRP_MJ_SYSTEM_CONTROL : B810F99E
13:07:23:625 5596 IRP_MJ_DEVICE_CHANGE : 804F4562
13:07:23:625 5596 IRP_MJ_QUERY_QUOTA : 804F4562
13:07:23:625 5596 IRP_MJ_SET_QUOTA : 804F4562
13:07:23:656 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:07:23:656 5596
13:07:23:656 5596 Driver Name: USBSTOR
13:07:23:656 5596 IRP_MJ_CREATE : 8A151500
13:07:23:656 5596 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:07:23:656 5596 IRP_MJ_CLOSE : 8A151500
13:07:23:656 5596 IRP_MJ_READ : 8A151500
13:07:23:656 5596 IRP_MJ_WRITE : 8A151500
13:07:23:656 5596 IRP_MJ_QUERY_INFORMATION : 804F4562
13:07:23:656 5596 IRP_MJ_SET_INFORMATION : 804F4562
13:07:23:656 5596 IRP_MJ_QUERY_EA : 804F4562
13:07:23:656 5596 IRP_MJ_SET_EA : 804F4562
13:07:23:656 5596 IRP_MJ_FLUSH_BUFFERS : 804F4562
13:07:23:656 5596 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:07:23:656 5596 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:07:23:656 5596 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:07:23:656 5596 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:07:23:656 5596 IRP_MJ_DEVICE_CONTROL : 8A151500
13:07:23:656 5596 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A151500
13:07:23:656 5596 IRP_MJ_SHUTDOWN : 804F4562
13:07:23:656 5596 IRP_MJ_LOCK_CONTROL : 804F4562
13:07:23:656 5596 IRP_MJ_CLEANUP : 804F4562
13:07:23:656 5596 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:07:23:656 5596 IRP_MJ_QUERY_SECURITY : 804F4562
13:07:23:656 5596 IRP_MJ_SET_SECURITY : 804F4562
13:07:23:656 5596 IRP_MJ_POWER : 8A151500
13:07:23:656 5596 IRP_MJ_SYSTEM_CONTROL : 8A151500
13:07:23:656 5596 IRP_MJ_DEVICE_CHANGE : 804F4562
13:07:23:656 5596 IRP_MJ_QUERY_QUOTA : 804F4562
13:07:23:656 5596 IRP_MJ_SET_QUOTA : 804F4562
13:07:23:671 5596 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
13:07:23:671 5596
13:07:23:671 5596 Driver Name: Disk
13:07:23:671 5596 IRP_MJ_CREATE : B810EBB0
13:07:23:671 5596 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:07:23:671 5596 IRP_MJ_CLOSE : B810EBB0
13:07:23:671 5596 IRP_MJ_READ : B8108D1F
13:07:23:671 5596 IRP_MJ_WRITE : B8108D1F
13:07:23:671 5596 IRP_MJ_QUERY_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_SET_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_QUERY_EA : 804F4562
13:07:23:671 5596 IRP_MJ_SET_EA : 804F4562
13:07:23:671 5596 IRP_MJ_FLUSH_BUFFERS : B81092E2
13:07:23:671 5596 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:07:23:671 5596 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:07:23:671 5596 IRP_MJ_DEVICE_CONTROL : B81093BB
13:07:23:671 5596 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
13:07:23:671 5596 IRP_MJ_SHUTDOWN : B81092E2
13:07:23:671 5596 IRP_MJ_LOCK_CONTROL : 804F4562
13:07:23:671 5596 IRP_MJ_CLEANUP : 804F4562
13:07:23:671 5596 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:07:23:671 5596 IRP_MJ_QUERY_SECURITY : 804F4562
13:07:23:671 5596 IRP_MJ_SET_SECURITY : 804F4562
13:07:23:671 5596 IRP_MJ_POWER : B810AC82
13:07:23:671 5596 IRP_MJ_SYSTEM_CONTROL : B810F99E
13:07:23:671 5596 IRP_MJ_DEVICE_CHANGE : 804F4562
13:07:23:671 5596 IRP_MJ_QUERY_QUOTA : 804F4562
13:07:23:671 5596 IRP_MJ_SET_QUOTA : 804F4562
13:07:23:671 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:07:23:671 5596
13:07:23:671 5596 Driver Name: Disk
13:07:23:671 5596 IRP_MJ_CREATE : B810EBB0
13:07:23:671 5596 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
13:07:23:671 5596 IRP_MJ_CLOSE : B810EBB0
13:07:23:671 5596 IRP_MJ_READ : B8108D1F
13:07:23:671 5596 IRP_MJ_WRITE : B8108D1F
13:07:23:671 5596 IRP_MJ_QUERY_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_SET_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_QUERY_EA : 804F4562
13:07:23:671 5596 IRP_MJ_SET_EA : 804F4562
13:07:23:671 5596 IRP_MJ_FLUSH_BUFFERS : B81092E2
13:07:23:671 5596 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
13:07:23:671 5596 IRP_MJ_DIRECTORY_CONTROL : 804F4562
13:07:23:671 5596 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
13:07:23:671 5596 IRP_MJ_DEVICE_CONTROL : B81093BB
13:07:23:671 5596 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
13:07:23:671 5596 IRP_MJ_SHUTDOWN : B81092E2
13:07:23:671 5596 IRP_MJ_LOCK_CONTROL : 804F4562
13:07:23:671 5596 IRP_MJ_CLEANUP : 804F4562
13:07:23:671 5596 IRP_MJ_CREATE_MAILSLOT : 804F4562
13:07:23:671 5596 IRP_MJ_QUERY_SECURITY : 804F4562
13:07:23:671 5596 IRP_MJ_SET_SECURITY : 804F4562
13:07:23:671 5596 IRP_MJ_POWER : B810AC82
13:07:23:671 5596 IRP_MJ_SYSTEM_CONTROL : B810F99E
13:07:23:671 5596 IRP_MJ_DEVICE_CHANGE : 804F4562
13:07:23:671 5596 IRP_MJ_QUERY_QUOTA : 804F4562
13:07:23:671 5596 IRP_MJ_SET_QUOTA : 804F4562
13:07:23:671 5596 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
13:07:23:671 5596
13:07:23:671 5596 Driver Name: atapi
13:07:23:671 5596 IRP_MJ_CREATE : 87068AC8
13:07:23:671 5596 IRP_MJ_CREATE_NAMED_PIPE : 87068AC8
13:07:23:671 5596 IRP_MJ_CLOSE : 87068AC8
13:07:23:671 5596 IRP_MJ_READ : 87068AC8
13:07:23:671 5596 IRP_MJ_WRITE : 87068AC8
13:07:23:671 5596 IRP_MJ_QUERY_INFORMATION : 87068AC8
13:07:23:671 5596 IRP_MJ_SET_INFORMATION : 87068AC8
13:07:23:671 5596 IRP_MJ_QUERY_EA : 87068AC8
13:07:23:671 5596 IRP_MJ_SET_EA : 87068AC8
13:07:23:671 5596 IRP_MJ_FLUSH_BUFFERS : 87068AC8
13:07:23:671 5596 IRP_MJ_QUERY_VOLUME_INFORMATION : 87068AC8
13:07:23:671 5596 IRP_MJ_SET_VOLUME_INFORMATION : 87068AC8
13:07:23:671 5596 IRP_MJ_DIRECTORY_CONTROL : 87068AC8
13:07:23:671 5596 IRP_MJ_FILE_SYSTEM_CONTROL : 87068AC8
13:07:23:671 5596 IRP_MJ_DEVICE_CONTROL : 87068AC8
13:07:23:671 5596 IRP_MJ_INTERNAL_DEVICE_CONTROL : 87068AC8
13:07:23:671 5596 IRP_MJ_SHUTDOWN : 87068AC8
13:07:23:671 5596 IRP_MJ_LOCK_CONTROL : 87068AC8
13:07:23:671 5596 IRP_MJ_CLEANUP : 87068AC8
13:07:23:671 5596 IRP_MJ_CREATE_MAILSLOT : 87068AC8
13:07:23:671 5596 IRP_MJ_QUERY_SECURITY : 87068AC8
13:07:23:671 5596 IRP_MJ_SET_SECURITY : 87068AC8
13:07:23:671 5596 IRP_MJ_POWER : 87068AC8
13:07:23:671 5596 IRP_MJ_SYSTEM_CONTROL : 87068AC8
13:07:23:671 5596 IRP_MJ_DEVICE_CHANGE : 87068AC8
13:07:23:671 5596 IRP_MJ_QUERY_QUOTA : 87068AC8
13:07:23:671 5596 IRP_MJ_SET_QUOTA : 87068AC8
13:07:23:671 5596 Driver "atapi" infected by TDSS rootkit!
13:07:23:671 5596 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
13:07:23:671 5596 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 13:07:23:671 5596 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
13:07:23:671 5596 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
13:07:23:843 5596 vfvi6
13:07:23:890 5596 !dsvbh1
13:07:24:140 5596 dsvbh2
13:07:24:140 5596 fdfb2
13:07:24:140 5596 Backup copy found, using it..
13:07:24:156 5596 will be cured on next reboot
13:07:24:156 5596 Reboot required for cure complete..
13:07:24:156 5596 Cure on reboot scheduled successfully
13:07:24:156 5596
13:07:24:156 5596 Completed
13:07:24:156 5596
13:07:24:156 5596 Results:
13:07:24:156 5596 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
13:07:24:156 5596 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:07:24:156 5596 File objects infected / cured / cured on reboot: 1 / 0 / 1
13:07:24:156 5596
13:07:24:156 5596 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
13:07:24:156 5596 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
13:07:24:156 5596 UnloadDriverW: NtUnloadDriver error 1
13:07:24:156 5596 KLMD(ARK) unloaded successfully

Juisterr · 16 apr 2010

Download GMER van één van de volgende locaties, en sla het op je Bureaublad op:

Primaire downloadlocatie Deze mirror zal een random genaamd bestand geven (Aanbevolen)
Gezipt bestand Deze optie zal een zip-bestand geven dat eerst uitgepakt moet worden. Als je deze gebruikt, pak het dan uit naar je bureaublad.

Disconnecteer van het internet, en sluit alle open programma's.
Schakel tijdelijk je real-time beveiligingssoftware uit.
Dubbelklik op hetrandom vernoemd GMER bestand (bijv. n7gmo46c.exe) en sta toe dat de gmer.sys driver wordt geladen, als dit gevraagd wordt.
Let op: Als je de gezipte vesie hebt gedownload, pak het bestand dan uit naar een vaste map, zoals bijvoorbeeld C:\gmer en dubbelklik dan op gmer.exe.
GMER zal het Rootkit/Malware tabblad openen, en een automatische snelle scan uitvoeren wanneer GMER voor de eerste keer uitgevoerd wordt. (gebruik de computer niet tijdens de scan)
Als je een WARNING!!! over rootkit activiteit ontvangt, en je wordt gevraagd om je systeem geheel te scannen...klik dan op NO.
Klik nu op de Scan knop. Als je een rootkit waarschuwingsvenster krijgt, klik dan op OK.
Klik op de Save... knop als de scan voltooid is, en sla het logbestand op je bureaublad op. Sla het bestand op als gmer.log.
Klik op de Copy knop en post de log in je volgende bericht.
Sluit GMER en zet alle real-time protectie weer aan.

-- Als je enige problemen hebt, probeer GMER dan in veilige modus uit te voeren.

magnusjb1 · 22 apr 2010

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-22 19:18:43
Windows 5.1.2600 Service Pack 3
Running: vdj3gvrs.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxliakow.sys

---- System - GMER 1.0.15 ----

SSDT B8721336 ZwCreateKey
SSDT B872132C ZwCreateThread
SSDT B872133B ZwDeleteKey
SSDT B8721345 ZwDeleteValueKey
SSDT spyz.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spyz.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT B872134A ZwLoadKey
SSDT spyz.sys ZwOpenKey [0xB7EB50C0]
SSDT B8721318 ZwOpenProcess
SSDT B872131D ZwOpenThread
SSDT spyz.sys ZwQueryKey [0xB7ECE20A]
SSDT spyz.sys ZwQueryValueKey [0xB7ECE08A]
SSDT B8721354 ZwReplaceKey
SSDT B872134F ZwRestoreKey
SSDT B8721340 ZwSetValueKey
SSDT B8721327 ZwTerminateProcess

INT 0x62 ? 8A645BF8
INT 0x63 ? 8A645BF8
INT 0x63 ? 8A645BF8
INT 0x63 ? 8A304BF8
INT 0x63 ? 8A304BF8
INT 0x73 ? 8A304BF8
INT 0x82 ? 8A645BF8
INT 0x83 ? 8A304BF8
INT 0x94 ? 8A304BF8

---- Kernel code sections - GMER 1.0.15 ----

? spyz.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C9A360, 0x56C395, 0xE8000020]
.text USBPORT.SYS!DllUnload B6C398AC 5 Bytes JMP 8A3041D8
.text ak6pr78r.SYS B68E0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ak6pr78r.SYS B68E03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ak6pr78r.SYS B68E03C4 3 Bytes [00, 80, 02]
.text ak6pr78r.SYS B68E03C9 1 Byte [30]
.text ak6pr78r.SYS B68E03C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.rsrc C:\WINDOWS\system32\DRIVERS\ssmdrv.sys entry point in ".rsrc" section [0xB8344C14]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB11DA300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8388300, 0x1BCE, 0xE8000020]
C:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in "" section [0xB03DC41C]
.clc C:\Program Files\CyberLink\PowerDVD8\000.fcl unknown last code section [0xB03DD000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[304] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\System32\svchost.exe[304] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0269000A
.text C:\WINDOWS\System32\svchost.exe[304] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0250000A
.text C:\WINDOWS\Explorer.EXE[1352] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[1352] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\WINDOWS\system32\SearchIndexer.exe[1492] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spyz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spyz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spyz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spyz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spyz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spyz.sys
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ak6pr78r.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6441F8

AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBPDO-0 8A3D11F8
Device \Driver\sptd \Device\3072348578 spyz.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6B71F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6B71F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6B71F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6B71F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3D11F8
Device \Driver\usbehci \Device\USBPDO-2 8A3C51F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3D11F8
Device \Driver\usbuhci \Device\USBPDO-4 8A3D11F8

AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBPDO-5 8A3D11F8
Device \Driver\usbehci \Device\USBPDO-6 8A3C51F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6461F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6461F8
Device \Driver\Cdrom \Device\CdRom0 8A2AD1F8
Device \Driver\PCI_PNP4828 \Device\00000072 spyz.sys
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6461F8
Device \Driver\Cdrom \Device\CdRom1 8A2AD1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [B7DEBB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 870D91F8
Device \Driver\NetBT \Device\NetbiosSmb 870D91F8
Device \Driver\USBSTOR \Device\000000d2 8A141500

AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBFDO-0 8A3D11F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3D11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE8C9D9A-92EB-4D23-BAB1-DF5213A63B81} 870D91F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A139500
Device \Driver\USBSTOR \Device\000000d9 8A141500
Device \Driver\usbehci \Device\USBFDO-2 8A3C51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A139500
Device \Driver\usbuhci \Device\USBFDO-3 8A3D11F8
Device \Driver\usbuhci \Device\USBFDO-4 8A3D11F8
Device \Driver\Ftdisk \Device\FtControl 8A6461F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F57F4CB0-6531-410D-A7F4-BADE35E6647F} 870D91F8
Device \Driver\usbuhci \Device\USBFDO-5 8A3D11F8
Device \Driver\usbehci \Device\USBFDO-6 8A3C51F8
Device \Driver\ak6pr78r \Device\Scsi\ak6pr78r1 8A153500
Device \Driver\ak6pr78r \Device\Scsi\ak6pr78r1Port5Path0Target0Lun0 8A153500
Device \FileSystem\Cdfs \Cdfs 8A13D500
Device -> \Driver\atapi \Device\Harddisk0\DR0 86FEAAC8

magnusjb1 · 22 apr 2010

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0x4A 0x85 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x98 0x72 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0xF5 0xC3 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x45 0xB5 0x67 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0x4A 0x85 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF2 0x98 0x72 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0xF5 0xC3 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x45 0xB5 0x67 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\ie7updates\KB958215-IE7\msfeeds.dll 459264 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\advpack.dll 124928 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\dxtmsft.dll 347136 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\dxtrans.dll 214528 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\extmgr.dll 133120 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\icardie.dll 63488 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ie4uinit.exe 70656 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ieakeng.dll 153088 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ieaksie.dll 230400 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ieakui.dll 161792 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ieapfltr.dll 383488 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\iedkcs32.dll 384512 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ieframe.dll 6066176 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\iernonce.dll 44544 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\iertutil.dll 267776 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\ieudinit.exe 13824 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe 635848 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\inetcpl.cpl 1831424 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\jsproxy.dll 27648 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\msfeedsbs.dll 52224 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\mshtml.dll 3593216 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\mshtmled.dll 477696 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\msrating.dll 193024 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\mstime.dll 671232 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\occache.dll 102912 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\pngfilt.dll 44544 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00002 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00003 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00004 114688 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00005 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00006 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00007 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00008 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00009 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00010 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00011 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00012 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00013 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00014 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00015 8192 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\reg00016 12288 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\spuninst 0 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe 213216 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.inf 23936 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.txt 7811 bytes
File C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\updspapi.dll 371424 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\url.dll 105984 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\urlmon.dll 1159680 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\webcheck.dll 233472 bytes executable
File C:\WINDOWS\ie7updates\KB958215-IE7\wininet.dll 826368 bytes executable
File C:\WINDOWS\ie7updates\KB960714-IE7\mshtml.dll 0 bytes
File C:\WINDOWS\ie7updates\KB960714-IE7\spuninst 0 bytes
File C:\WINDOWS\system32\DRIVERS\ssmdrv.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Juisterr · 23 apr 2010

Laat combofix nogmaals scannen en plaats de uitslag aub, vertel ook gelijk even hoe het nu gaat.

Archief - Google Chrome doet niets

magnusjb1

Legacy Member

^MystiQ

Legacy Member

magnusjb1

Legacy Member

Flex

Legacy Member

magnusjb1

Legacy Member

Juisterr

Legacy Member

magnusjb1

Legacy Member

magnusjb1

Legacy Member

Juisterr

Legacy Member

magnusjb1

Legacy Member

Juisterr

Legacy Member

magnusjb1

Legacy Member

magnusjb1

Legacy Member

Juisterr

Legacy Member