Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trojan en problemen met HJT

None
20 antwoorden
  • Vrienden
    mijn f-secure kloon van Ziggo roept al een paar dagen dat ie een trojan niet kan verwijderen
    KDV.256843

    HJT gedownload, maar die wil geen logfile wegschrijven, dus posten is ff niet mogelijk.

    MBAM is bugvrij, MS defender geeft niets.
    Kan ook die regel in kladblok niet invoeren die HJT opgeeft om Adminrechten te pakken
  • Hoi Anjo, begin hiermee:

    [b:fa1a54fc10]Welk programma[/b:fa1a54fc10]: sUbs [b:fa1a54fc10]dds.scr[/b:fa1a54fc10]
    [b:fa1a54fc10]Waarvoor/waarom[/b:fa1a54fc10]: DDS is een diagnosetool en maakt gebruik van scripts.
    [b:fa1a54fc10]Moeilijkheidsgraad[/b:fa1a54fc10]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:fa1a54fc10]Downloadlokatie[/b:fa1a54fc10]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
    [b:fa1a54fc10]Download[/b:fa1a54fc10] sUBs dds.scr [b:fa1a54fc10]hier[/b:fa1a54fc10]

    [img:fa1a54fc10]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:fa1a54fc10]

    [b:fa1a54fc10]sUBs dds.scr gebruiken[/b:fa1a54fc10]:
    [list:fa1a54fc10][*:fa1a54fc10][b:fa1a54fc10]Belangrijk[/color:fa1a54fc10][/b:fa1a54fc10]: deaktiveer eerst de antivirussoftware en de aktieve spywarescanners!
    [*:fa1a54fc10] [b:fa1a54fc10]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:fa1a54fc10][/b:fa1a54fc10]
    [*:fa1a54fc10]Windows 2000 en Windows XP: start sUBs dds.scr middels dubbelklik op de snelkoppeling.
    [*:fa1a54fc10]Windows Vista en Windows 7: start sUBs dds.scr rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [*:fa1a54fc10] Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs maar let even op het volgende!
    [*:fa1a54fc10] Kopieer en plak de inhoud van de logs in je aansluitende bericht.[/list:u:fa1a54fc10]
  • .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by mobile at 15:37:16 on 2011-06-23
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.1920 [GMT 2:00]
    .
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE
    C:\Program Files\Internetbeveiliging\Anti-Virus\FSGK32.EXE
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
    C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internetbeveiliging\Common\FSLAUNCH.EXE
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\helppane.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\Magnify.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.searchqu.com/
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\internetbeveiliging
    rs\iescript\baselitmus.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    TB: {7FF99715-3016-4381-84CE-E4E4C9673020} - No File
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\internetbeveiliging
    rs\iescript\baselitmus.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [GrooveMonitor] c:\program files\microsoft office\office14\GROOVEMN.EXE
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Badoo Desktop] "c:\programdata\badoo\badoo desktop\1.5.3.949\Badoo.Desktop.exe"
    mRun: [F-Secure Manager] "c:\program files\internetbeveiliging\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\internetbeveiliging\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe"
    uncleanupscript
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\mobile\appdata\roaming\micros~1\windows\startm~1\programs\startup\foldin~1.lnk - c:\users\mobile\appdata\roaming\microsoft\installer\{6b755ec3-c709-4f5c-bc58-bc0d3967b6b6}\_2377D972A0372FCB34E3F7.exe
    StartupFolder: c:\users\mobile\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Verzenden naar OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\appdata\local\temp\rar$ex01.518\youtubefilehack\lawrence.htm
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\belkin\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: c:\program files\internetbeveiliging\fsps\program\FSLSP.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{5FF4AD82-514C-4221-9C6D-C58E30AA8334} : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{8BA89B83-F99F-4BE6-9923-99875DB8C31E} : DhcpNameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{B80064C7-CB84-4785-B3A2-CBE28B1DD410} : DhcpNameServer = 101.247.12.1 208.67.220.220
    TCP: Interfaces\{D871AB16-E874-4425-B09F-9C752F23ABCB} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{E1CD5BE0-C6B3-4E6E-A924-98EA6F64D244} : DhcpNameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC} : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\346746D4161647030313 : DhcpNameServer = 10.154.128.24
    TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\7416D656F50516C6163656 : DhcpNameServer = 172.16.100.1
    TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\7427164796370294E6475627E6564702F4070756E6865796A7562726275776 : DhcpNameServer = 213.171.69.19
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mobile\appdata\roaming\mozilla\firefox\profiles\qx8h49hm.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\abn amro e.dentifier2\mozilla
    pBECON.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins
    pFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57
    pGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin
    ew_plugin
    pdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0
    pctrlui.dll
    FF - plugin: c:\program files\microsoft\office live
    pOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins
    pdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\mobile\appdata\roaming\mozilla\plugins
    p-mswmp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-2-18 42664]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\internetbeveiliging\hips\drivers\fshs.sys [2010-2-18 68064]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-2-18 35792]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-2-18 71040]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\internetbeveiliging\anti-virus\minifilter\fsvista.sys [2010-2-18 12384]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\internetbeveiliging\anti-virus\fsgk32st.exe [2010-2-18 215648]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-12-28 14976]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-5-30 2280312]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-12-25 343080]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\internetbeveiliging\anti-virus\minifilter\fsgk.sys [2010-2-18 148648]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\internetbeveiliging\orsp client\fsorsp.exe [2010-2-18 61088]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-7 15872]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-1 27192]
    S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-7 52224]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-15 1343400]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\internetbeveiliging\anti-virus\win2k\fsfilter.sys [2010-2-18 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\internetbeveiliging\anti-virus\win2k\fsrec.sys [2010-2-18 25184]
    .
    =============== Created Last 30 ================
    .
    2011-06-23 09:40:49 388096 —-a-r- c:\users\mobile\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-06-23 09:40:49 ——– d—–w- c:\program files\Trend Micro
    2011-06-23 07:19:38 2106216 —-a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-06-23 07:19:38 1998168 —-a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-06-23 06:17:18 ——– d—–w- c:\users\mobile\appdata\local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD}
    2011-06-22 05:59:17 ——– d—–w- c:\users\mobile\appdata\local\{ED3DBF97-E66A-4805-AACD-A0BC20705511}
    2011-06-21 16:35:45 7074640 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{93a1d620-578a-464d-b1fd-b3d3e644dbe9}\mpengine.dll
    2011-06-21 09:16:54 ——– d—–w- c:\users\mobile\appdata\local\{ABE48671-48A8-49F0-9F92-4AC014F732DF}
    2011-06-20 21:16:30 ——– d—–w- c:\users\mobile\appdata\local\{7BF39052-F237-498A-9DA3-11D0CDF11195}
    2011-06-18 18:30:12 ——– d—–w- c:\users\mobile\appdata\local\{14E14A5E-908F-45AE-99CF-893D52E41B46}
    2011-06-18 06:29:49 ——– d—–w- c:\users\mobile\appdata\local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5}
    2011-06-17 18:29:14 ——– d—–w- c:\users\mobile\appdata\local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C}
    2011-06-17 06:28:50 ——– d—–w- c:\users\mobile\appdata\local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E}
    2011-06-16 07:49:46 ——– d—–w- c:\users\mobile\appdata\local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE}
    2011-06-15 18:27:29 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 18:27:28 141104 —-a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-15 18:27:26 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 06:17:47 ——– d—–w- c:\users\mobile\appdata\local\{FCDFCF71-5E01-418A-B26B-79056CD021FB}
    2011-06-15 04:58:26 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 04:58:15 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 04:58:15 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 04:58:15 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 04:58:12 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 04:58:12 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 04:58:09 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-15 04:57:50 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 04:57:50 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 04:57:49 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-14 18:17:35 ——– d—–w- c:\users\mobile\appdata\local\{35E95620-9735-4FCC-A853-2B745C8185E1}
    2011-06-14 06:17:24 ——– d—–w- c:\users\mobile\appdata\local\{9505C868-9EB6-4CD1-B95F-964A0639F264}
    2011-06-13 14:37:10 ——– d—–w- c:\users\mobile\appdata\local\{73366D1C-E752-40BC-8DAC-70CA4F03380A}
    2011-06-11 09:11:10 ——– d—–w- c:\users\mobile\appdata\local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB}
    2011-06-10 13:02:19 ——– d—–w- c:\programdata\Badoo
    2011-06-10 06:32:07 ——– d—–w- c:\users\mobile\appdata\local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5}
    2011-06-09 18:31:43 ——– d—–w- c:\users\mobile\appdata\local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B}
    2011-06-09 06:31:20 ——– d—–w- c:\users\mobile\appdata\local\{F87C0347-C5DE-4E57-A74F-63587F5B1067}
    2011-06-08 05:24:46 ——– d—–w- c:\users\mobile\appdata\local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61}
    2011-06-07 08:33:17 ——– d—–w- c:\users\mobile\appdata\local\{B28026DE-27D8-4875-A476-4ECB63B32D86}
    2011-06-07 08:27:12 ——– d—–w- c:\program files\OpenCPN
    2011-06-07 08:24:49 ——– d—–w- c:\programdata\opencpn
    2011-06-06 18:35:41 ——– d—–w- c:\users\mobile\appdata\local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E}
    2011-06-06 06:35:18 ——– d—–w- c:\users\mobile\appdata\local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E}
    2011-06-05 16:59:25 ——– d—–w- c:\users\mobile\appdata\local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB}
    2011-06-02 05:50:19 ——– d—–w- c:\users\mobile\appdata\local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1}
    2011-06-01 10:19:03 ——– d—–w- c:\users\mobile\appdata\local\VS Revo Group
    2011-06-01 10:18:55 27192 —-a-w- c:\windows\system32\drivers\revoflt.sys
    2011-06-01 10:18:49 ——– d—–w- c:\program files\VS Revo Group
    2011-06-01 10:14:11 ——– d—–w- c:\program files\SW Programma
    2011-06-01 06:37:18 ——– d—–w- c:\users\mobile\appdata\local\{AC319DA1-3293-42B2-9FF9-280656FB756E}
    2011-05-31 18:36:05 ——– d—–w- c:\users\mobile\appdata\local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6}
    2011-05-31 06:31:42 ——– d—–w- c:\users\mobile\appdata\local\{2189D683-C809-439E-AF1F-C4DE37C7C07F}
    2011-05-30 17:32:08 ——– d—–w- c:\users\mobile\appdata\local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF}
    2011-05-30 05:19:26 ——– d—–w- c:\users\mobile\appdata\local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC}
    2011-05-29 08:04:36 ——– d—–w- c:\users\mobile\appdata\local\{B9AA83B4-F400-4C8C-9249-3106563863C1}
    2011-05-28 05:36:46 ——– d—–w- c:\users\mobile\appdata\local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B}
    2011-05-27 17:16:47 ——– d—–w- c:\users\mobile\appdata\local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C}
    2011-05-27 05:16:24 ——– d—–w- c:\users\mobile\appdata\local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1}
    2011-05-26 13:41:55 ——– d—–w- c:\users\mobile\appdata\local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B}
    2011-05-25 07:50:25 ——– d—–w- c:\users\mobile\appdata\local\{3EDC3EF4-CB0A-4DBB-A319-E1BB63156E44}
    2011-05-24 20:40:31 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    .
    ==================== Find3M ====================
    .
    2011-06-06 13:44:27 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 07:11:30 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11:20 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 17:14:10 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-04 02:52:22 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-04-09 06:02:25 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02:25 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56:38 123904 —-a-w- c:\windows\system32\poqexec.exe
    .
    ============= FINISH: 15:38:27,31 ===============
  • .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17-2-2010 23:59:18
    System Uptime: 23-6-2011 15:19:29 (0 hours ago)
    .
    Motherboard: Acer | | Acadia
    Processor: Intel(R) Celeron(R) CPU 530 @ 1.73GHz | uPGA-478 | 1729/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 98 GiB total, 61,975 GiB free.
    D: is FIXED (NTFS) - 367 GiB total, 294,865 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP291: 5-6-2011 18:41:50 - Windows Update
    RP292: 10-6-2011 8:24:15 - Windows Update
    RP293: 14-6-2011 11:34:23 - Windows Update
    RP294: 15-6-2011 20:11:10 - Windows Update
    RP295: 20-6-2011 23:12:58 - Installed Java(TM) 6 Update 26
    RP296: 21-6-2011 18:35:06 - Windows Update
    RP297: 23-6-2011 11:38:46 - Installed HiJackThis
    RP299: 23-6-2011 15:31:34 - Windows Defender Checkpoint
    .
    ==== Installed Programs ======================
    .
    ABN AMRO e.dentifier2 software
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Allway Sync version 11.1.3
    AutoUnpack 4.5.2
    Badoo Desktop
    BELKIN Bluetooth Software 6.0.1.4400
    CCleaner
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    DKW Manager
    DriverMax 5
    Duplicate Cleaner 2.0
    F-Secure PSC Prerequisites
    Feedback Tool
    Folding@home-x86
    Foxit Reader 5.0
    Google Apps Migration For Microsoft Outlook® 2.1.1.234
    Google Calendar Sync
    Google Gears
    Google Update Helper
    GpsGate
    HDAUDIO Soft Data Fax Modem with SmartCP
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Java Auto Updater
    Java(TM) 6 Update 26
    Logitech Webcam Software
    Malwarebytes' Anti-Malware versie 1.51.0.1200
    MediaMonkey 3.2
    Microsoft .NET Compact Framework 3.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft Application Error Reporting
    Microsoft Office Access MUI (Dutch) 2010
    Microsoft Office Excel MUI (Dutch) 2010
    Microsoft Office Groove MUI (Dutch) 2010
    Microsoft Office InfoPath MUI (Dutch) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (Dutch) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Dutch) 2010
    Microsoft Office PowerPoint MUI (Dutch) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Publisher MUI (Dutch) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Word MUI (Dutch) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mobile Partner
    Mozilla Firefox 5.0 (x86 nl)
    MSVCRT
    NewsLeecher v3.9 Final
    OGA Notifier 2.0.0048.0
    OpenCPN 2.3.1
    PIXresizer
    PL-2303 USB-to-Serial
    PL-2303 Vista Driver Installer
    QuickPar 0.9
    Realtek High Definition Audio Driver
    Revo Uninstaller Pro 2.5.3
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Excel 2010 (KB2523021)
    Security Update for Microsoft InfoPath 2010 (KB2510065)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
    Skype™ 5.3
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    TeamViewer 6
    TomTom HOME 2.8.1.2218
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum
    Update voor Microsoft Outlook Social Connector (KB2441641)
    VLC media player 1.0.1
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile Apparaatcentrum
    WinGPS 4 Lite
    WinRAR
    YouTube Downloader 2.7
    Ziggo uitgebreide internetbeveiliging
    ZyDAS IEEE 802.11 b+g Wireless LAN - USB
    .
    ==== End Of File ===========================
  • Hoi Anjo, ik tref in het log maplokaties aan, die ik nog niet eerder heb gezien.

    Ik vermoed dat jij dat zelf gedaan hebt?

    Voorbeeld: c:\users\[b:8610b14633]mobile[/b:8610b14633]\appdata\local\


    En doe ook het volgende:

    Download [b:8610b14633]SystemLook.exe[/b:8610b14633] en plaats het bestand op het [b:8610b14633]Bureaublad[/b:8610b14633].

    [b:8610b14633]SystemLook.exe opstarten[/b:8610b14633]:
    • Windows 2000 en Windows XP: start SystemLook.exe middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start SystemLook.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".
    In het venster dat opent kopieer je onderstaande code:
    [code:1:8610b14633]:filefind
    KDV.256843
    [/code:1:8610b14633]
    Klik op de knop "[b:8610b14633]Look[/b:8610b14633]" om de scan te activeren.
    Als de scan klaar is opent een tekstbestand ([b:8610b14633]SystemLook.txt[/b:8610b14633]).
    Post de inhoud van in dit bestand.
  • Mobile is mn laptop….
    log:
    SystemLook 04.09.10 by jpshortstuff
    Log created at 21:45 on 23/06/2011 by mobile
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "KDV.256843 "
    No files found.

    -= EOF =-

    Begin te geloven dat t -weer- een glitch van Fsecure is
  • Defender heeft nog een -laag gevaarlijk- dingetje verwijderd, en na reboot opeens wel een logfile HJT :lol:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:57:15, on 23-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Internetbeveiliging\Common\FSM32.EXE
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
    C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Users\mobile\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\System32\Magnify.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    uncleanupscript
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Badoo Desktop] "C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Folding@home.lnk = ?
    O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: >> Download This Youtube Video - UnlockForUs - C:\Users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm
    O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat… - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat… - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe


    End of file - 9788 bytes
  • Hoi Anjo, je schrijft of vermoed dat c:\users\mobile\appdata\local\ verband houdt met het feit dat het om eem notebook gaat.

    Ik gebruik een notebook, en die speciale mappen staan niet nin mijn Windows.

    Vermoedelijk zijn deze onderdeel van de Badoo-desktop, iets dat met Apple-Apps te maken heeft, voorzover ik dat heb kunnen vinden.


    Je mag het het volgende doen:

    [b:03c7c10d00]Welk programma[/b:03c7c10d00]: ComboFix
    [b:03c7c10d00]Waarvoor/waarom[/b:03c7c10d00]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:03c7c10d00]Moeilijkheidsgraad[/b:03c7c10d00]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:03c7c10d00]Downloadlokatie[/b:03c7c10d00]: Dit programma absoluut naar het bureaublad downloaden!
    [b:03c7c10d00]Download ComboFix via één van deze locaties[/b:03c7c10d00]:
    [list:03c7c10d00][*:03c7c10d00][b:03c7c10d00]Bleepingcomputer[/b:03c7c10d00]
    [*:03c7c10d00][b:03c7c10d00]ForoSpyware[/b:03c7c10d00]
    [*:03c7c10d00][b:03c7c10d00]Geekstogo[/b:03c7c10d00][/list:u:03c7c10d00]
    [b:03c7c10d00]Hier[/b:03c7c10d00] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:03c7c10d00]Hier[/b:03c7c10d00] en [b:03c7c10d00]hier[/b:03c7c10d00] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:03c7c10d00]Voor alle duidelijkheid nogmaals[/b:03c7c10d00]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:03c7c10d00]Opmerkingen[/b:03c7c10d00]:
    [list:03c7c10d00][*:03c7c10d00] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:03c7c10d00]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:03c7c10d00]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:03c7c10d00]
    [b:03c7c10d00]ComboFix is opgestart[/b:03c7c10d00]:
    [list:03c7c10d00][*:03c7c10d00]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:03c7c10d00]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:03c7c10d00]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:03c7c10d00]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:03c7c10d00]Post de inhoud van dit logbestand in je volgende bericht.
    [*:03c7c10d00]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:03c7c10d00]
    [b:03c7c10d00]Belangrijke opmerking[/b:03c7c10d00]:
    [list:03c7c10d00][*:03c7c10d00][b:03c7c10d00]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:03c7c10d00][/b:03c7c10d00]
    [*:03c7c10d00][b:03c7c10d00]Illegal operation attempted on a registery key that has been marked for deletion.[/color:03c7c10d00][/b:03c7c10d00]
    [*:03c7c10d00][b:03c7c10d00]Start dan de computer opnieuw op.[/color:03c7c10d00][/b:03c7c10d00][/list:u:03c7c10d00]
  • Lappie werd met een pre-install geleverd, ik moest dus een username invullen en dat is 'mobile"
    LOG:
    ComboFix 11-06-23.03 - mobile 24-06-2011 8:21.1.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.2153 [GMT 2:00]
    Gestart vanuit: c:\users\mobile\Desktop\ComboFix.exe
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    c:\users\mobile\AppData\Roaming\chrtmp
    c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\searchplugins\SearchquWebSearch.xml
    c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\searchqutb
    c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\searchqutb\preferences.dat
    c:\windows\system32\Drivers\jvpfqo.sys
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-24 06:28 . 2011-06-24 06:32 ——– d—–w- c:\users\mobile\AppData\Local\temp
    2011-06-24 06:28 . 2011-06-24 06:28 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-23 19:47 . 2011-06-23 19:48 ——– d—–w- c:\users\mobile\AppData\Local\{160E06C8-7CA5-4C9C-B807-DEFD9935C58E}
    2011-06-23 16:47 . 2011-06-23 16:47 0 —ha-w- c:\users\mobile\AppData\Local\BIT5239.tmp
    2011-06-23 09:40 . 2011-06-23 09:40 388096 —-a-r- c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-23 09:40 . 2011-06-23 09:40 ——– d—–w- c:\program files\Trend Micro
    2011-06-23 07:19 . 2011-06-23 07:19 2106216 —-a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-23 07:19 . 2011-06-23 07:19 1998168 —-a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-23 06:17 . 2011-06-23 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD}
    2011-06-22 05:59 . 2011-06-22 05:59 ——– d—–w- c:\users\mobile\AppData\Local\{ED3DBF97-E66A-4805-AACD-A0BC20705511}
    2011-06-21 16:35 . 2011-06-07 15:55 7074640 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A1D620-578A-464D-B1FD-B3D3E644DBE9}\mpengine.dll
    2011-06-21 09:16 . 2011-06-21 09:17 ——– d—–w- c:\users\mobile\AppData\Local\{ABE48671-48A8-49F0-9F92-4AC014F732DF}
    2011-06-20 21:16 . 2011-06-20 21:16 ——– d—–w- c:\users\mobile\AppData\Local\{7BF39052-F237-498A-9DA3-11D0CDF11195}
    2011-06-20 21:15 . 2011-06-20 21:15 ——– d—–w- c:\program files\Common Files\Java
    2011-06-18 18:30 . 2011-06-18 18:30 ——– d—–w- c:\users\mobile\AppData\Local\{14E14A5E-908F-45AE-99CF-893D52E41B46}
    2011-06-18 06:29 . 2011-06-18 06:29 ——– d—–w- c:\users\mobile\AppData\Local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5}
    2011-06-17 18:29 . 2011-06-17 18:29 ——– d—–w- c:\users\mobile\AppData\Local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C}
    2011-06-17 06:28 . 2011-06-17 06:29 ——– d—–w- c:\users\mobile\AppData\Local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E}
    2011-06-16 07:49 . 2011-06-16 07:49 ——– d—–w- c:\users\mobile\AppData\Local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE}
    2011-06-15 18:27 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 18:27 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-15 18:27 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 06:17 . 2011-06-15 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{FCDFCF71-5E01-418A-B26B-79056CD021FB}
    2011-06-15 04:58 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 04:58 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 04:58 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 04:58 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 04:58 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 04:58 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 04:58 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-15 04:57 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 04:57 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 04:57 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-14 18:17 . 2011-06-14 18:17 ——– d—–w- c:\users\mobile\AppData\Local\{35E95620-9735-4FCC-A853-2B745C8185E1}
    2011-06-14 06:17 . 2011-06-14 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{9505C868-9EB6-4CD1-B95F-964A0639F264}
    2011-06-13 14:37 . 2011-06-13 14:37 ——– d—–w- c:\users\mobile\AppData\Local\{73366D1C-E752-40BC-8DAC-70CA4F03380A}
    2011-06-11 09:11 . 2011-06-11 09:11 ——– d—–w- c:\users\mobile\AppData\Local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB}
    2011-06-10 13:02 . 2011-06-10 13:02 ——– d—–w- c:\programdata\Badoo
    2011-06-10 06:32 . 2011-06-10 06:32 ——– d—–w- c:\users\mobile\AppData\Local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5}
    2011-06-09 18:31 . 2011-06-09 18:31 ——– d—–w- c:\users\mobile\AppData\Local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B}
    2011-06-09 06:31 . 2011-06-09 06:31 ——– d—–w- c:\users\mobile\AppData\Local\{F87C0347-C5DE-4E57-A74F-63587F5B1067}
    2011-06-08 05:24 . 2011-06-08 05:24 ——– d—–w- c:\users\mobile\AppData\Local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61}
    2011-06-07 08:33 . 2011-06-07 08:33 ——– d—–w- c:\users\mobile\AppData\Local\{B28026DE-27D8-4875-A476-4ECB63B32D86}
    2011-06-07 08:27 . 2011-06-07 08:27 ——– d—–w- c:\program files\OpenCPN
    2011-06-07 08:24 . 2011-06-10 14:13 ——– d—–w- c:\programdata\opencpn
    2011-06-06 18:35 . 2011-06-06 18:35 ——– d—–w- c:\users\mobile\AppData\Local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E}
    2011-06-06 06:35 . 2011-06-06 06:35 ——– d—–w- c:\users\mobile\AppData\Local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E}
    2011-06-05 16:59 . 2011-06-05 16:59 ——– d—–w- c:\users\mobile\AppData\Local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB}
    2011-06-02 05:50 . 2011-06-02 05:50 ——– d—–w- c:\users\mobile\AppData\Local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1}
    2011-06-01 10:19 . 2011-06-01 10:19 ——– d—–w- c:\users\mobile\AppData\Local\VS Revo Group
    2011-06-01 10:18 . 2009-12-30 09:21 27192 —-a-w- c:\windows\system32\drivers\revoflt.sys
    2011-06-01 10:18 . 2011-06-01 10:18 ——– d—–w- c:\program files\VS Revo Group
    2011-06-01 10:14 . 2011-06-01 10:16 ——– d—–w- c:\program files\SW Programma
    2011-06-01 06:37 . 2011-06-01 06:37 ——– d—–w- c:\users\mobile\AppData\Local\{AC319DA1-3293-42B2-9FF9-280656FB756E}
    2011-05-31 18:36 . 2011-05-31 18:36 ——– d—–w- c:\users\mobile\AppData\Local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6}
    2011-05-31 06:31 . 2011-05-31 06:31 ——– d—–w- c:\users\mobile\AppData\Local\{2189D683-C809-439E-AF1F-C4DE37C7C07F}
    2011-05-30 17:32 . 2011-05-30 17:32 ——– d—–w- c:\users\mobile\AppData\Local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF}
    2011-05-30 05:19 . 2011-05-30 05:19 ——– d—–w- c:\users\mobile\AppData\Local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC}
    2011-05-29 08:04 . 2011-05-29 08:04 ——– d—–w- c:\users\mobile\AppData\Local\{B9AA83B4-F400-4C8C-9249-3106563863C1}
    2011-05-28 05:36 . 2011-05-28 05:36 ——– d—–w- c:\users\mobile\AppData\Local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B}
    2011-05-27 17:16 . 2011-05-27 17:16 ——– d—–w- c:\users\mobile\AppData\Local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C}
    2011-05-27 05:16 . 2011-05-27 05:16 ——– d—–w- c:\users\mobile\AppData\Local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1}
    2011-05-26 13:41 . 2011-05-26 13:42 ——– d—–w- c:\users\mobile\AppData\Local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B}
    2011-05-25 07:50 . 2011-05-25 07:50 ——– d—–w- c:\users\mobile\AppData\Local\{3EDC3EF4-CB0A-4DBB-A319-E1BB63156E44}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-06 13:44 . 2011-05-15 09:41 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 07:11 . 2010-10-06 14:06 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11 . 2010-10-06 14:06 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 17:14 . 2010-02-17 23:10 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-04 02:52 . 2011-02-05 10:02 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-04-22 19:14 . 2011-05-24 20:40 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 06:02 . 2011-05-11 05:52 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 05:52 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56 . 2011-05-14 10:15 123904 —-a-w- c:\windows\system32\poqexec.exe
    2011-04-07 05:51 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-04-03 05:31 . 2011-04-03 05:31 86528 —-a-w- c:\windows\system32\iesysprep.dll
    2011-04-03 05:31 . 2011-04-03 05:31 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-03 05:31 . 2011-04-03 05:31 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-03 05:31 . 2011-04-03 05:31 74752 —-a-w- c:\windows\system32\iesetup.dll
    2011-04-03 05:31 . 2011-04-03 05:31 63488 —-a-w- c:\windows\system32\tdc.ocx
    2011-04-03 05:31 . 2011-04-03 05:31 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-04-03 05:31 . 2011-04-03 05:31 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-04-03 05:31 . 2011-04-03 05:31 367104 —-a-w- c:\windows\system32\html.iec
    2011-04-03 05:31 . 2011-04-03 05:31 35840 —-a-w- c:\windows\system32\imgutil.dll
    2011-04-03 05:31 . 2011-04-03 05:31 23552 —-a-w- c:\windows\system32\licmgr10.dll
    2011-04-03 05:31 . 2011-04-03 05:31 161792 —-a-w- c:\windows\system32\msls31.dll
    2011-04-03 05:31 . 2011-04-03 05:31 152064 —-a-w- c:\windows\system32\wextract.exe
    2011-04-03 05:31 . 2011-04-03 05:31 150528 —-a-w- c:\windows\system32\iexpress.exe
    2011-04-03 05:31 . 2011-04-03 05:31 142848 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-04-03 05:31 . 2011-04-03 05:31 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-04-03 05:31 . 2011-04-03 05:31 11776 —-a-w- c:\windows\system32\mshta.exe
    2011-04-03 05:31 . 2011-04-03 05:31 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-04-03 05:31 . 2011-04-03 05:31 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-03 05:31 . 2011-04-03 05:31 101888 —-a-w- c:\windows\system32\admparse.dll
    2011-06-23 07:19 . 2011-05-02 07:06 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-24 944008]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Folding@home.lnk - c:\users\mobile\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-12-27 98477]
    OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
    backupExtension=.CommonStartup
    backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-03-23 10:21 9226664 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-03-23 10:21 9226664 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 12:36 2793304 —-a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-03-09 12:30 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS
    lndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS
    lndis.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-19 35792]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-05-23 61088]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13]
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.searchqu.com/
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    FF - ProfilePath - c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000007b
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(644)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    - - - - - - - > 'lsass.exe'(548)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    - - - - - - - > 'Explorer.exe'(4020)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    c:\windows\system32\btncopy.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\taskhost.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    c:\program files\Internetbeveiliging\Common\FSMA32.EXE
    c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE
    c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\TeamViewer\Version6\TeamViewer.exe
    c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe
    c:\windows\System32\Magnify.exe
    c:\windows\system32\conhost.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-24 08:37:19 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-24 06:37
    .
    Pre-Run: 66.131.283.968 bytes beschikbaar
    Post-Run: 65.843.855.360 bytes beschikbaar
    .
    - - End Of File - - E462BC36075E526B8236866DE085D7C6
  • Hoi Anjo, ik zie dat je Drivermax in jouw notebook hebt.

    Mijn inziens heeft dat weinig zin, daar je voor notebookdrivers altijd afhankelijk bent van de supply door de notebookfabrikant.
    Anderzijds kan het gebeuren dat er er een verkeerde driver wordt geïnstalleerd, waardoor in het uiterste geval Windows niet meer kan opstarten.


    Is jou overigens onderstaande melding bekend:

    tcp: dhcpnameserver = 212.54.40.25 212.54.35.25


    Doe het volgende: open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:c5aa162e43]Kladblok[/b:c5aa162e43]".


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:c5aa162e43]File::
    c:\users\mobile\appdata\local\bit5239.tmp
    c:\users\mobile\appdata\local\temp\rar$ex01.518\youtubefilehack\lawrence.htm[/color:c5aa162e43][/b:c5aa162e43]


    Sla dit kladblokbestand op je bureaublad op als [b:c5aa162e43]CFScript.txt[/b:c5aa162e43].

    [b:c5aa162e43]Nu eerst de antivirus deaktiveren![/color:c5aa162e43][/b:c5aa162e43]


    Sleep CFScript.txt in ComboFix.exe


    [img:c5aa162e43]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:c5aa162e43]

    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


    Post het Combofix log dat na het opnieuw starten wordt getoond!


    Daarna mag je onderstaand tool inzetten:

    [b:c5aa162e43]Welk programma[/b:c5aa162e43]: TFC.
    [b:c5aa162e43]Waarvoor/waarom[/b:c5aa162e43]:grondige reiniging van Windows.
    [b:c5aa162e43]Moeilijkheidsgraad[/b:c5aa162e43]: geen.

    [b:c5aa162e43]Download TFC naar je bureaublad (klick)[/color:c5aa162e43] [/b:c5aa162e43]

    [b:c5aa162e43]TFC opstarten[/b:c5aa162e43]:
    Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".
    [list:c5aa162e43][*:c5aa162e43] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:c5aa162e43] Vervolgens klik je op de knop [b:c5aa162e43]Start[/b:c5aa162e43] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:c5aa162e43] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:c5aa162e43] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:c5aa162e43] Noot: TFC vertoont geen log![/list:u:c5aa162e43]
  • TCP zegt me zogauw niets of t moet van mn FTPprog komen ( oming Beacon.

    drivermax gebruik ik op lappie vnl om elders mn configuraties te kunnen bijhouden/tontn en als updater voor mijn andere machines. Op lappie ben ik selectief met evt nieuwe drivers maar Acer is daar zeer traag mee

    Log voor reboot- moest wel want mn FF en IE wilden niet meer opstarten ComboFix 11-06-23.03 - mobile 24-06-2011 10:27:43.2.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.2118 [GMT 2:00]
    Gestart vanuit: c:\users\mobile\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\mobile\Desktop\CFScript.txt..txt
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    .
    FILE ::
    "c:\users\mobile\appdata\local\bit5239.tmp"
    "c:\users\mobile\appdata\local\temp\rar$ex01.518\youtubefilehack\lawrence.htm"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\mobile\appdata\local\bit5239.tmp
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-24 08:34 . 2011-06-24 08:34 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-24 06:28 . 2011-06-24 08:39 ——– d—–w- c:\users\mobile\AppData\Local\temp
    2011-06-23 19:47 . 2011-06-23 19:48 ——– d—–w- c:\users\mobile\AppData\Local\{160E06C8-7CA5-4C9C-B807-DEFD9935C58E}
    2011-06-23 09:40 . 2011-06-23 09:40 388096 —-a-r- c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-23 09:40 . 2011-06-23 09:40 ——– d—–w- c:\program files\Trend Micro
    2011-06-23 07:19 . 2011-06-23 07:19 2106216 —-a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-23 07:19 . 2011-06-23 07:19 1998168 —-a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-23 06:17 . 2011-06-23 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD}
    2011-06-22 05:59 . 2011-06-22 05:59 ——– d—–w- c:\users\mobile\AppData\Local\{ED3DBF97-E66A-4805-AACD-A0BC20705511}
    2011-06-21 16:35 . 2011-06-07 15:55 7074640 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A1D620-578A-464D-B1FD-B3D3E644DBE9}\mpengine.dll
    2011-06-21 09:16 . 2011-06-21 09:17 ——– d—–w- c:\users\mobile\AppData\Local\{ABE48671-48A8-49F0-9F92-4AC014F732DF}
    2011-06-20 21:16 . 2011-06-20 21:16 ——– d—–w- c:\users\mobile\AppData\Local\{7BF39052-F237-498A-9DA3-11D0CDF11195}
    2011-06-20 21:15 . 2011-06-20 21:15 ——– d—–w- c:\program files\Common Files\Java
    2011-06-18 18:30 . 2011-06-18 18:30 ——– d—–w- c:\users\mobile\AppData\Local\{14E14A5E-908F-45AE-99CF-893D52E41B46}
    2011-06-18 06:29 . 2011-06-18 06:29 ——– d—–w- c:\users\mobile\AppData\Local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5}
    2011-06-17 18:29 . 2011-06-17 18:29 ——– d—–w- c:\users\mobile\AppData\Local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C}
    2011-06-17 06:28 . 2011-06-17 06:29 ——– d—–w- c:\users\mobile\AppData\Local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E}
    2011-06-16 07:49 . 2011-06-16 07:49 ——– d—–w- c:\users\mobile\AppData\Local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE}
    2011-06-15 18:27 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 18:27 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-15 18:27 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 06:17 . 2011-06-15 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{FCDFCF71-5E01-418A-B26B-79056CD021FB}
    2011-06-15 04:58 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 04:58 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 04:58 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 04:58 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 04:58 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 04:58 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 04:58 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-15 04:57 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 04:57 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 04:57 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-14 18:17 . 2011-06-14 18:17 ——– d—–w- c:\users\mobile\AppData\Local\{35E95620-9735-4FCC-A853-2B745C8185E1}
    2011-06-14 06:17 . 2011-06-14 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{9505C868-9EB6-4CD1-B95F-964A0639F264}
    2011-06-13 14:37 . 2011-06-13 14:37 ——– d—–w- c:\users\mobile\AppData\Local\{73366D1C-E752-40BC-8DAC-70CA4F03380A}
    2011-06-11 09:11 . 2011-06-11 09:11 ——– d—–w- c:\users\mobile\AppData\Local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB}
    2011-06-10 13:02 . 2011-06-10 13:02 ——– d—–w- c:\programdata\Badoo
    2011-06-10 06:32 . 2011-06-10 06:32 ——– d—–w- c:\users\mobile\AppData\Local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5}
    2011-06-09 18:31 . 2011-06-09 18:31 ——– d—–w- c:\users\mobile\AppData\Local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B}
    2011-06-09 06:31 . 2011-06-09 06:31 ——– d—–w- c:\users\mobile\AppData\Local\{F87C0347-C5DE-4E57-A74F-63587F5B1067}
    2011-06-08 05:24 . 2011-06-08 05:24 ——– d—–w- c:\users\mobile\AppData\Local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61}
    2011-06-07 08:33 . 2011-06-07 08:33 ——– d—–w- c:\users\mobile\AppData\Local\{B28026DE-27D8-4875-A476-4ECB63B32D86}
    2011-06-07 08:27 . 2011-06-07 08:27 ——– d—–w- c:\program files\OpenCPN
    2011-06-07 08:24 . 2011-06-10 14:13 ——– d—–w- c:\programdata\opencpn
    2011-06-06 18:35 . 2011-06-06 18:35 ——– d—–w- c:\users\mobile\AppData\Local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E}
    2011-06-06 06:35 . 2011-06-06 06:35 ——– d—–w- c:\users\mobile\AppData\Local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E}
    2011-06-05 16:59 . 2011-06-05 16:59 ——– d—–w- c:\users\mobile\AppData\Local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB}
    2011-06-02 05:50 . 2011-06-02 05:50 ——– d—–w- c:\users\mobile\AppData\Local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1}
    2011-06-01 10:19 . 2011-06-01 10:19 ——– d—–w- c:\users\mobile\AppData\Local\VS Revo Group
    2011-06-01 10:18 . 2009-12-30 09:21 27192 —-a-w- c:\windows\system32\drivers\revoflt.sys
    2011-06-01 10:18 . 2011-06-01 10:18 ——– d—–w- c:\program files\VS Revo Group
    2011-06-01 10:14 . 2011-06-01 10:16 ——– d—–w- c:\program files\SW Programma
    2011-06-01 06:37 . 2011-06-01 06:37 ——– d—–w- c:\users\mobile\AppData\Local\{AC319DA1-3293-42B2-9FF9-280656FB756E}
    2011-05-31 18:36 . 2011-05-31 18:36 ——– d—–w- c:\users\mobile\AppData\Local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6}
    2011-05-31 06:31 . 2011-05-31 06:31 ——– d—–w- c:\users\mobile\AppData\Local\{2189D683-C809-439E-AF1F-C4DE37C7C07F}
    2011-05-30 17:32 . 2011-05-30 17:32 ——– d—–w- c:\users\mobile\AppData\Local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF}
    2011-05-30 05:19 . 2011-05-30 05:19 ——– d—–w- c:\users\mobile\AppData\Local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC}
    2011-05-29 08:04 . 2011-05-29 08:04 ——– d—–w- c:\users\mobile\AppData\Local\{B9AA83B4-F400-4C8C-9249-3106563863C1}
    2011-05-28 05:36 . 2011-05-28 05:36 ——– d—–w- c:\users\mobile\AppData\Local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B}
    2011-05-27 17:16 . 2011-05-27 17:16 ——– d—–w- c:\users\mobile\AppData\Local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C}
    2011-05-27 05:16 . 2011-05-27 05:16 ——– d—–w- c:\users\mobile\AppData\Local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1}
    2011-05-26 13:41 . 2011-05-26 13:42 ——– d—–w- c:\users\mobile\AppData\Local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-06 13:44 . 2011-05-15 09:41 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 07:11 . 2010-10-06 14:06 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11 . 2010-10-06 14:06 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 17:14 . 2010-02-17 23:10 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-04 02:52 . 2011-02-05 10:02 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-04-22 19:14 . 2011-05-24 20:40 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 06:02 . 2011-05-11 05:52 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 05:52 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56 . 2011-05-14 10:15 123904 —-a-w- c:\windows\system32\poqexec.exe
    2011-04-07 05:51 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-04-03 05:31 . 2011-04-03 05:31 86528 —-a-w- c:\windows\system32\iesysprep.dll
    2011-04-03 05:31 . 2011-04-03 05:31 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-03 05:31 . 2011-04-03 05:31 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-03 05:31 . 2011-04-03 05:31 74752 —-a-w- c:\windows\system32\iesetup.dll
    2011-04-03 05:31 . 2011-04-03 05:31 63488 —-a-w- c:\windows\system32\tdc.ocx
    2011-04-03 05:31 . 2011-04-03 05:31 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-04-03 05:31 . 2011-04-03 05:31 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-04-03 05:31 . 2011-04-03 05:31 367104 —-a-w- c:\windows\system32\html.iec
    2011-04-03 05:31 . 2011-04-03 05:31 35840 —-a-w- c:\windows\system32\imgutil.dll
    2011-04-03 05:31 . 2011-04-03 05:31 23552 —-a-w- c:\windows\system32\licmgr10.dll
    2011-04-03 05:31 . 2011-04-03 05:31 161792 —-a-w- c:\windows\system32\msls31.dll
    2011-04-03 05:31 . 2011-04-03 05:31 152064 —-a-w- c:\windows\system32\wextract.exe
    2011-04-03 05:31 . 2011-04-03 05:31 150528 —-a-w- c:\windows\system32\iexpress.exe
    2011-04-03 05:31 . 2011-04-03 05:31 142848 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-04-03 05:31 . 2011-04-03 05:31 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-04-03 05:31 . 2011-04-03 05:31 11776 —-a-w- c:\windows\system32\mshta.exe
    2011-04-03 05:31 . 2011-04-03 05:31 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-04-03 05:31 . 2011-04-03 05:31 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-03 05:31 . 2011-04-03 05:31 101888 —-a-w- c:\windows\system32\admparse.dll
    2011-06-23 07:19 . 2011-05-02 07:06 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-24 944008]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Folding@home.lnk - c:\users\mobile\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-12-27 98477]
    OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
    backupExtension=.CommonStartup
    backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-03-23 10:21 9226664 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-03-23 10:21 9226664 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 12:36 2793304 —-a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-03-09 12:30 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS
    lndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS
    lndis.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-19 35792]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-05-23 61088]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13]
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.searchqu.com/
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    FF - ProfilePath - c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000007b
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(632)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    - - - - - - - > 'lsass.exe'(548)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32\taskhost.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE
    c:\program files\Internetbeveiliging\Common\FSMA32.EXE
    c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\TeamViewer\Version6\TeamViewer.exe
    c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe
    c:\windows\System32\Magnify.exe
    c:\windows\system32\conhost.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe
    c:\windows\system32\Mystify.scr
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-24 10:47:45 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-24 08:47
    ComboFix2.txt 2011-06-24 06:37
    .
    Pre-Run: 66.085.675.008 bytes beschikbaar
    Post-Run: 66.037.342.208 bytes beschikbaar
    .
    - - End Of File - - 4B5E199EFED333E211884D17AEBF0F19

    Zal TFC straks draaien, of wil je eerst nog een nieuw log na deze laatste reboot??
  • Dat ip-adres wijst naar een lokatie in Maastricht.

    Geeft F-Secure nu nog steeds de melding waarmee je jouw topic begonnen bent?

    Je hoeft nauwelijks te verwachten, dat er enige driver door Acer wordt vernieuwd.
    Mogelijk dat er op zeker moment een biosupdate wel voorhanden is!

    Die handelwijze geldt voor vrijwel alle notebookfabrikanten!
  • Drivermax wordt dus ook vnl voor de andere 2 PC's gebruikt….
    Ip adres zo niet te vinden
    Melding Fsecure weg
    Log na 2e reboot
    :ComboFix 11-06-23.03 - mobile 24-06-2011 11:37:32.4.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.1962 [GMT 2:00]
    Gestart vanuit: c:\users\mobile\Desktop\ComboFix.exe
    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-24 09:44 . 2011-06-24 09:44 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-24 08:47 . 2011-06-24 09:47 ——– d—–w- c:\users\mobile\AppData\Local\temp
    2011-06-23 19:47 . 2011-06-23 19:48 ——– d—–w- c:\users\mobile\AppData\Local\{160E06C8-7CA5-4C9C-B807-DEFD9935C58E}
    2011-06-23 09:40 . 2011-06-23 09:40 388096 —-a-r- c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-23 09:40 . 2011-06-23 09:40 ——– d—–w- c:\program files\Trend Micro
    2011-06-23 07:19 . 2011-06-23 07:19 2106216 —-a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-23 07:19 . 2011-06-23 07:19 1998168 —-a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-23 06:17 . 2011-06-23 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD}
    2011-06-22 05:59 . 2011-06-22 05:59 ——– d—–w- c:\users\mobile\AppData\Local\{ED3DBF97-E66A-4805-AACD-A0BC20705511}
    2011-06-21 16:35 . 2011-06-07 15:55 7074640 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A1D620-578A-464D-B1FD-B3D3E644DBE9}\mpengine.dll
    2011-06-21 09:16 . 2011-06-21 09:17 ——– d—–w- c:\users\mobile\AppData\Local\{ABE48671-48A8-49F0-9F92-4AC014F732DF}
    2011-06-20 21:16 . 2011-06-20 21:16 ——– d—–w- c:\users\mobile\AppData\Local\{7BF39052-F237-498A-9DA3-11D0CDF11195}
    2011-06-20 21:15 . 2011-06-20 21:15 ——– d—–w- c:\program files\Common Files\Java
    2011-06-18 18:30 . 2011-06-18 18:30 ——– d—–w- c:\users\mobile\AppData\Local\{14E14A5E-908F-45AE-99CF-893D52E41B46}
    2011-06-18 06:29 . 2011-06-18 06:29 ——– d—–w- c:\users\mobile\AppData\Local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5}
    2011-06-17 18:29 . 2011-06-17 18:29 ——– d—–w- c:\users\mobile\AppData\Local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C}
    2011-06-17 06:28 . 2011-06-17 06:29 ——– d—–w- c:\users\mobile\AppData\Local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E}
    2011-06-16 07:49 . 2011-06-16 07:49 ——– d—–w- c:\users\mobile\AppData\Local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE}
    2011-06-15 18:27 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 18:27 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-15 18:27 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 06:17 . 2011-06-15 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{FCDFCF71-5E01-418A-B26B-79056CD021FB}
    2011-06-15 04:58 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 04:58 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 04:58 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 04:58 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 04:58 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 04:58 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 04:58 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-15 04:57 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 04:57 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 04:57 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-14 18:17 . 2011-06-14 18:17 ——– d—–w- c:\users\mobile\AppData\Local\{35E95620-9735-4FCC-A853-2B745C8185E1}
    2011-06-14 06:17 . 2011-06-14 06:17 ——– d—–w- c:\users\mobile\AppData\Local\{9505C868-9EB6-4CD1-B95F-964A0639F264}
    2011-06-13 14:37 . 2011-06-13 14:37 ——– d—–w- c:\users\mobile\AppData\Local\{73366D1C-E752-40BC-8DAC-70CA4F03380A}
    2011-06-11 09:11 . 2011-06-11 09:11 ——– d—–w- c:\users\mobile\AppData\Local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB}
    2011-06-10 13:02 . 2011-06-10 13:02 ——– d—–w- c:\programdata\Badoo
    2011-06-10 06:32 . 2011-06-10 06:32 ——– d—–w- c:\users\mobile\AppData\Local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5}
    2011-06-09 18:31 . 2011-06-09 18:31 ——– d—–w- c:\users\mobile\AppData\Local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B}
    2011-06-09 06:31 . 2011-06-09 06:31 ——– d—–w- c:\users\mobile\AppData\Local\{F87C0347-C5DE-4E57-A74F-63587F5B1067}
    2011-06-08 05:24 . 2011-06-08 05:24 ——– d—–w- c:\users\mobile\AppData\Local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61}
    2011-06-07 08:33 . 2011-06-07 08:33 ——– d—–w- c:\users\mobile\AppData\Local\{B28026DE-27D8-4875-A476-4ECB63B32D86}
    2011-06-07 08:27 . 2011-06-07 08:27 ——– d—–w- c:\program files\OpenCPN
    2011-06-07 08:24 . 2011-06-10 14:13 ——– d—–w- c:\programdata\opencpn
    2011-06-06 18:35 . 2011-06-06 18:35 ——– d—–w- c:\users\mobile\AppData\Local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E}
    2011-06-06 06:35 . 2011-06-06 06:35 ——– d—–w- c:\users\mobile\AppData\Local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E}
    2011-06-05 16:59 . 2011-06-05 16:59 ——– d—–w- c:\users\mobile\AppData\Local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB}
    2011-06-02 05:50 . 2011-06-02 05:50 ——– d—–w- c:\users\mobile\AppData\Local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1}
    2011-06-01 10:19 . 2011-06-01 10:19 ——– d—–w- c:\users\mobile\AppData\Local\VS Revo Group
    2011-06-01 10:18 . 2009-12-30 09:21 27192 —-a-w- c:\windows\system32\drivers\revoflt.sys
    2011-06-01 10:18 . 2011-06-01 10:18 ——– d—–w- c:\program files\VS Revo Group
    2011-06-01 10:14 . 2011-06-01 10:16 ——– d—–w- c:\program files\SW Programma
    2011-06-01 06:37 . 2011-06-01 06:37 ——– d—–w- c:\users\mobile\AppData\Local\{AC319DA1-3293-42B2-9FF9-280656FB756E}
    2011-05-31 18:36 . 2011-05-31 18:36 ——– d—–w- c:\users\mobile\AppData\Local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6}
    2011-05-31 06:31 . 2011-05-31 06:31 ——– d—–w- c:\users\mobile\AppData\Local\{2189D683-C809-439E-AF1F-C4DE37C7C07F}
    2011-05-30 17:32 . 2011-05-30 17:32 ——– d—–w- c:\users\mobile\AppData\Local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF}
    2011-05-30 05:19 . 2011-05-30 05:19 ——– d—–w- c:\users\mobile\AppData\Local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC}
    2011-05-29 08:04 . 2011-05-29 08:04 ——– d—–w- c:\users\mobile\AppData\Local\{B9AA83B4-F400-4C8C-9249-3106563863C1}
    2011-05-28 05:36 . 2011-05-28 05:36 ——– d—–w- c:\users\mobile\AppData\Local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B}
    2011-05-27 17:16 . 2011-05-27 17:16 ——– d—–w- c:\users\mobile\AppData\Local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C}
    2011-05-27 05:16 . 2011-05-27 05:16 ——– d—–w- c:\users\mobile\AppData\Local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1}
    2011-05-26 13:41 . 2011-05-26 13:42 ——– d—–w- c:\users\mobile\AppData\Local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-06 13:44 . 2011-05-15 09:41 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 07:11 . 2010-10-06 14:06 39984 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 07:11 . 2010-10-06 14:06 22712 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-24 17:14 . 2010-02-17 23:10 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-04 02:52 . 2011-02-05 10:02 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2011-04-22 19:14 . 2011-05-24 20:40 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 06:02 . 2011-05-11 05:52 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 05:52 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56 . 2011-05-14 10:15 123904 —-a-w- c:\windows\system32\poqexec.exe
    2011-04-07 05:51 . 2010-06-24 09:33 18328 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-04-03 05:31 . 2011-04-03 05:31 86528 —-a-w- c:\windows\system32\iesysprep.dll
    2011-04-03 05:31 . 2011-04-03 05:31 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-04-03 05:31 . 2011-04-03 05:31 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-04-03 05:31 . 2011-04-03 05:31 74752 —-a-w- c:\windows\system32\iesetup.dll
    2011-04-03 05:31 . 2011-04-03 05:31 63488 —-a-w- c:\windows\system32\tdc.ocx
    2011-04-03 05:31 . 2011-04-03 05:31 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2011-04-03 05:31 . 2011-04-03 05:31 420864 —-a-w- c:\windows\system32\vbscript.dll
    2011-04-03 05:31 . 2011-04-03 05:31 367104 —-a-w- c:\windows\system32\html.iec
    2011-04-03 05:31 . 2011-04-03 05:31 35840 —-a-w- c:\windows\system32\imgutil.dll
    2011-04-03 05:31 . 2011-04-03 05:31 23552 —-a-w- c:\windows\system32\licmgr10.dll
    2011-04-03 05:31 . 2011-04-03 05:31 161792 —-a-w- c:\windows\system32\msls31.dll
    2011-04-03 05:31 . 2011-04-03 05:31 152064 —-a-w- c:\windows\system32\wextract.exe
    2011-04-03 05:31 . 2011-04-03 05:31 150528 —-a-w- c:\windows\system32\iexpress.exe
    2011-04-03 05:31 . 2011-04-03 05:31 142848 —-a-w- c:\windows\system32\ieUnatt.exe
    2011-04-03 05:31 . 2011-04-03 05:31 1427456 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-04-03 05:31 . 2011-04-03 05:31 11776 —-a-w- c:\windows\system32\mshta.exe
    2011-04-03 05:31 . 2011-04-03 05:31 1126912 —-a-w- c:\windows\system32\wininet.dll
    2011-04-03 05:31 . 2011-04-03 05:31 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
    2011-04-03 05:31 . 2011-04-03 05:31 101888 —-a-w- c:\windows\system32\admparse.dll
    2011-06-23 07:19 . 2011-05-02 07:06 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-24 944008]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Folding@home.lnk - c:\users\mobile\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-12-27 98477]
    OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
    backupExtension=.CommonStartup
    backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
    2011-03-23 10:21 9226664 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART]
    2011-03-23 10:21 9226664 —-a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 12:36 2793304 —-a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2011-03-09 12:30 247728 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS
    lndis.sys [x]
    R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS
    lndis.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-19 35792]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-05-23 61088]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13]
    .
    2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.searchqu.com/
    IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm
    IE: Afbeelding verzenden naar &Bluetooth-apparaat… - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Pagina verzenden naar &Bluetooth-apparaat… - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    FF - ProfilePath - c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:0000007b
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(632)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    - - - - - - - > 'lsass.exe'(548)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    .
    - - - - - - - > 'Explorer.exe'(880)
    c:\program files\internetbeveiliging\hips\fshook32.dll
    c:\windows\system32\btncopy.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
    c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE
    c:\program files\Internetbeveiliging\Common\FSMA32.EXE
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\TeamViewer\Version6\TeamViewer.exe
    c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe
    c:\windows\System32\Magnify.exe
    c:\windows\system32\conhost.exe
    c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\PrintIsolationHost.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-06-24 11:53:04 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-06-24 09:53
    ComboFix2.txt 2011-06-24 08:47
    ComboFix3.txt 2011-06-24 06:37
    .
    Pre-Run: 66.082.500.608 bytes beschikbaar
    Post-Run: 66.021.777.408 bytes beschikbaar
    .
    - - End Of File - - DDBECD12F1A0DAB8CFD2E182EECD2151
  • IP-gegevens:

    Host name: dns.tb.iss.as9143.net
    Country: Netherlands Netherlands
    Country Code: NL
    Region: Limburg
    City: Maastricht
    Latitude: 50.85
    Longitude: 5.6833


    [b:776e6995e1]Welk programma[/b:776e6995e1]: Malwarebytes MBAM
    [b:776e6995e1]Waarvoor/waarom[/b:776e6995e1]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:776e6995e1]Moeilijkheidsgraad[/b:776e6995e1]: geen.

    [b:776e6995e1]Malwarebytes MBAM opstarten[/b:776e6995e1]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.

    [b:776e6995e1]Windows Vista en Windows 7:
    start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/b:776e6995e1]

    [b:776e6995e1]Belangrijk: MBAM altijd eerst updaten![/b:776e6995e1]
    [list:776e6995e1][*:776e6995e1]Klik in het hoofdmenu van daarvoor op de tab 'Update' en vervolgens op de knop "Controleer op updates".[/list:u:776e6995e1]
    [b:776e6995e1]Scannen[/b:776e6995e1]:
    [list:776e6995e1][*:776e6995e1] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:776e6995e1]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:776e6995e1]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:776e6995e1]
    [b:776e6995e1]Infecties gevonden[/b:776e6995e1]:
    [list:776e6995e1][*:776e6995e1]Klik nu eerst op OK om de melding weg te klikken
    [*:776e6995e1]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:776e6995e1]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:776e6995e1]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:776e6995e1]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:776e6995e1]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:776e6995e1]
    [b:776e6995e1]MBAM-Log[/b:776e6995e1]:
    [list:776e6995e1][*:776e6995e1] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:776e6995e1]
    [b:776e6995e1]Post aansluitend de inhoud van het MBAM-log.[/b:776e6995e1]
  • Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Databaseversie: 6936

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    24-6-2011 12:40:47
    mbam-log-2011-06-24 (12-40-47).txt

    Scantype: Snelle scan
    Objecten gescand: 152117
    Verstreken tijd: 4 minuut/minuten, 19 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  • Mooi, we gaan opruimen:

    ComboFix mag nu verwijderd worden:
    [list:8eb9726df4][*:8eb9726df4] ga daarvoor naar Start - Uitvoeren
    [*:8eb9726df4] kopieer en plak hierin het volgende: [b:8eb9726df4]Combofix /Uninstall[/b:8eb9726df4]
    [*:8eb9726df4] klik daarna op [b:8eb9726df4]OK[/b:8eb9726df4].
    [*:8eb9726df4] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:8eb9726df4]

    Voorbeeld:

    [img:8eb9726df4]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:8eb9726df4]

    Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken.

    [i:8eb9726df4]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden,
    herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies,
    gaat verborgen bestanden en systeembestanden terug verbergen
    en reset je Systeemherstel opnieuw.[/i:8eb9726df4]

    Doe ook nog een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:8eb9726df4]Security Check[/color:8eb9726df4][/b:8eb9726df4] (klik).
    [list:8eb9726df4][*:8eb9726df4] Klik/dubbelklik op [b:8eb9726df4]SecurityCheck.exe[/b:8eb9726df4] en let op de instrukties in het zwarte venster.
    [*:8eb9726df4] Een Kladblok document genaamd [b:8eb9726df4]checkup.txt[/b:8eb9726df4] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:8eb9726df4] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:8eb9726df4]
    Post de inhoud van [b:8eb9726df4]checkup.txt [/b:8eb9726df4]in je volgende post.
  • Moest Ziggo bescherming uitzetten , deepguard wilde zelfs de tool niet laten starten
    LOG
    Results of screen317's Security Check version 0.99.15
    Windows 7 Service Pack 1 (UAC is enabled)
    Internet Explorer 8
    [b:59d1f91ee0]``````````````````````````````
    [u:59d1f91ee0]Antivirus/Firewall Check:[/u:59d1f91ee0][/b:59d1f91ee0]
    [size=1:59d1f91ee0]WMI entry may not exist for antivirus; attempting automatic update.[/size:59d1f91ee0]
    [b:59d1f91ee0]```````````````````````````````
    [u:59d1f91ee0]Anti-malware/Other Utilities Check:[/u:59d1f91ee0][/b:59d1f91ee0]
    Malwarebytes' Anti-Malware
    CCleaner
    Duplicate Cleaner 2.0
    Java(TM) 6 Update 26
    Adobe Flash Player 10.3.181.22
    Mozilla Firefox (x86 nl..)
    [b:59d1f91ee0]````````````````````````````````
    Process Check:
    [u:59d1f91ee0]objlist.exe by Laurent[/u:59d1f91ee0][/b:59d1f91ee0]
    [b:59d1f91ee0]``````````End of Log````````````[/b:59d1f91ee0]
  • Adobe Flash Player 10.3.181.26 is alweer uit.

    Dus snel updaten: http://get.adobe.com/nl/flashplayer/
  • Done.

    ik zie geen gekke dingen meer.
    Dus zoals eerdere malen DANK DANK DANK :lol:
  • Graag gedaan hoor, veel plezier met dat notebook.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.