Vraag & Antwoord

Beveiliging & privacy

trojan en problemen met HJT

20 antwoorden
  • Vrienden mijn f-secure kloon van Ziggo roept al een paar dagen dat ie een trojan niet kan verwijderen KDV.256843 HJT gedownload, maar die wil geen logfile wegschrijven, dus posten is ff niet mogelijk. MBAM is bugvrij, MS defender geeft niets. Kan ook die regel in kladblok niet invoeren die HJT opgeeft om Adminrechten te pakken
  • Hoi Anjo, begin hiermee: [b:fa1a54fc10]Welk programma[/b:fa1a54fc10]: sUbs [b:fa1a54fc10]dds.scr[/b:fa1a54fc10] [b:fa1a54fc10]Waarvoor/waarom[/b:fa1a54fc10]: DDS is een diagnosetool en maakt gebruik van scripts. [b:fa1a54fc10]Moeilijkheidsgraad[/b:fa1a54fc10]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:fa1a54fc10]Downloadlokatie[/b:fa1a54fc10]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen! [b:fa1a54fc10]Download[/b:fa1a54fc10] sUBs dds.scr [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b:fa1a54fc10]hier[/b:fa1a54fc10][/url] [img:fa1a54fc10]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:fa1a54fc10] [b:fa1a54fc10]sUBs dds.scr gebruiken[/b:fa1a54fc10]: [list:fa1a54fc10][*:fa1a54fc10][b:fa1a54fc10][color=Red:fa1a54fc10]Belangrijk[/color:fa1a54fc10][/b:fa1a54fc10]: deaktiveer eerst de antivirussoftware en de aktieve spywarescanners! [*:fa1a54fc10] [b:fa1a54fc10][color=Blue:fa1a54fc10]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:fa1a54fc10][/b:fa1a54fc10] [*:fa1a54fc10]Windows 2000 en Windows XP: start sUBs dds.scr middels dubbelklik op de snelkoppeling. [*:fa1a54fc10]Windows Vista en Windows 7: start sUBs dds.scr rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [*:fa1a54fc10] Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs maar let even op het volgende! [*:fa1a54fc10] Kopieer en plak de inhoud van de logs in je aansluitende bericht.[/list:u:fa1a54fc10]
  • . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by mobile at 15:37:16 on 2011-06-23 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.1920 [GMT 2:00] . AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE C:\Program Files\Internetbeveiliging\Anti-Virus\FSGK32.EXE C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internetbeveiliging\Common\FSLAUNCH.EXE C:\Windows\System32\svchost.exe -k swprv C:\Windows\helppane.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\Magnify.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/ mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\internetbeveiliging\nrs\iescript\baselitmus.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll TB: {7FF99715-3016-4381-84CE-E4E4C9673020} - No File TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\internetbeveiliging\nrs\iescript\baselitmus.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE" uRun: [GrooveMonitor] c:\program files\microsoft office\office14\GROOVEMN.EXE uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Badoo Desktop] "c:\programdata\badoo\badoo desktop\1.5.3.949\Badoo.Desktop.exe" mRun: [F-Secure Manager] "c:\program files\internetbeveiliging\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\internetbeveiliging\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\mobile\appdata\roaming\micros~1\windows\startm~1\programs\startup\foldin~1.lnk - c:\users\mobile\appdata\roaming\microsoft\installer\{6b755ec3-c709-4f5c-bc58-bc0d3967b6b6}\_2377D972A0372FCB34E3F7.exe StartupFolder: c:\users\mobile\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Verzenden naar OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\appdata\local\temp\rar$ex01.518\youtubefilehack\lawrence.htm IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\belkin\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll LSP: c:\program files\internetbeveiliging\fsps\program\FSLSP.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{5FF4AD82-514C-4221-9C6D-C58E30AA8334} : DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{8BA89B83-F99F-4BE6-9923-99875DB8C31E} : DhcpNameServer = 212.54.35.25 212.54.40.25 TCP: Interfaces\{B80064C7-CB84-4785-B3A2-CBE28B1DD410} : DhcpNameServer = 101.247.12.1 208.67.220.220 TCP: Interfaces\{D871AB16-E874-4425-B09F-9C752F23ABCB} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E1CD5BE0-C6B3-4E6E-A924-98EA6F64D244} : DhcpNameServer = 212.54.35.25 212.54.40.25 TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC} : DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\346746D4161647030313 : DhcpNameServer = 10.154.128.24 TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\7416D656F50516C6163656 : DhcpNameServer = 172.16.100.1 TCP: Interfaces\{EA4C30B1-2F4D-4BB5-958B-A664559D10AC}\7427164796370294E6475627E6564702F4070756E6865796A7562726275776 : DhcpNameServer = 213.171.69.19 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mobile\appdata\roaming\mozilla\firefox\profiles\qx8h49hm.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\abn amro e.dentifier2\mozilla\npBECON.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\mobile\appdata\roaming\mozilla\plugins\np-mswmp.dll . ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-2-18 42664] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\internetbeveiliging\hips\drivers\fshs.sys [2010-2-18 68064] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-2-18 35792] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-2-18 71040] R1 fsvista;F-Secure Vista Support Driver;c:\program files\internetbeveiliging\anti-virus\minifilter\fsvista.sys [2010-2-18 12384] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\internetbeveiliging\anti-virus\fsgk32st.exe [2010-2-18 215648] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-12-28 14976] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-5-30 2280312] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-12-25 343080] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\internetbeveiliging\anti-virus\minifilter\fsgk.sys [2010-2-18 148648] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\internetbeveiliging\orsp client\fsorsp.exe [2010-2-18 61088] S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-27 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-7 15872] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-1 27192] S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-7 52224] S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-15 1343400] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\internetbeveiliging\anti-virus\win2k\fsfilter.sys [2010-2-18 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\internetbeveiliging\anti-virus\win2k\fsrec.sys [2010-2-18 25184] . =============== Created Last 30 ================ . 2011-06-23 09:40:49 388096 ----a-r- c:\users\mobile\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-06-23 09:40:49 -------- d-----w- c:\program files\Trend Micro 2011-06-23 07:19:38 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-23 07:19:38 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-23 06:17:18 -------- d-----w- c:\users\mobile\appdata\local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD} 2011-06-22 05:59:17 -------- d-----w- c:\users\mobile\appdata\local\{ED3DBF97-E66A-4805-AACD-A0BC20705511} 2011-06-21 16:35:45 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{93a1d620-578a-464d-b1fd-b3d3e644dbe9}\mpengine.dll 2011-06-21 09:16:54 -------- d-----w- c:\users\mobile\appdata\local\{ABE48671-48A8-49F0-9F92-4AC014F732DF} 2011-06-20 21:16:30 -------- d-----w- c:\users\mobile\appdata\local\{7BF39052-F237-498A-9DA3-11D0CDF11195} 2011-06-18 18:30:12 -------- d-----w- c:\users\mobile\appdata\local\{14E14A5E-908F-45AE-99CF-893D52E41B46} 2011-06-18 06:29:49 -------- d-----w- c:\users\mobile\appdata\local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5} 2011-06-17 18:29:14 -------- d-----w- c:\users\mobile\appdata\local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C} 2011-06-17 06:28:50 -------- d-----w- c:\users\mobile\appdata\local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E} 2011-06-16 07:49:46 -------- d-----w- c:\users\mobile\appdata\local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE} 2011-06-15 18:27:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 18:27:28 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-06-15 18:27:26 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 06:17:47 -------- d-----w- c:\users\mobile\appdata\local\{FCDFCF71-5E01-418A-B26B-79056CD021FB} 2011-06-15 04:58:26 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 04:58:15 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 04:58:15 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 04:58:15 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 04:58:12 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 04:58:12 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 04:58:09 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 04:57:50 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 04:57:50 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 04:57:49 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 18:17:35 -------- d-----w- c:\users\mobile\appdata\local\{35E95620-9735-4FCC-A853-2B745C8185E1} 2011-06-14 06:17:24 -------- d-----w- c:\users\mobile\appdata\local\{9505C868-9EB6-4CD1-B95F-964A0639F264} 2011-06-13 14:37:10 -------- d-----w- c:\users\mobile\appdata\local\{73366D1C-E752-40BC-8DAC-70CA4F03380A} 2011-06-11 09:11:10 -------- d-----w- c:\users\mobile\appdata\local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB} 2011-06-10 13:02:19 -------- d-----w- c:\programdata\Badoo 2011-06-10 06:32:07 -------- d-----w- c:\users\mobile\appdata\local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5} 2011-06-09 18:31:43 -------- d-----w- c:\users\mobile\appdata\local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B} 2011-06-09 06:31:20 -------- d-----w- c:\users\mobile\appdata\local\{F87C0347-C5DE-4E57-A74F-63587F5B1067} 2011-06-08 05:24:46 -------- d-----w- c:\users\mobile\appdata\local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61} 2011-06-07 08:33:17 -------- d-----w- c:\users\mobile\appdata\local\{B28026DE-27D8-4875-A476-4ECB63B32D86} 2011-06-07 08:27:12 -------- d-----w- c:\program files\OpenCPN 2011-06-07 08:24:49 -------- d-----w- c:\programdata\opencpn 2011-06-06 18:35:41 -------- d-----w- c:\users\mobile\appdata\local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E} 2011-06-06 06:35:18 -------- d-----w- c:\users\mobile\appdata\local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E} 2011-06-05 16:59:25 -------- d-----w- c:\users\mobile\appdata\local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB} 2011-06-02 05:50:19 -------- d-----w- c:\users\mobile\appdata\local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1} 2011-06-01 10:19:03 -------- d-----w- c:\users\mobile\appdata\local\VS Revo Group 2011-06-01 10:18:55 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-06-01 10:18:49 -------- d-----w- c:\program files\VS Revo Group 2011-06-01 10:14:11 -------- d-----w- c:\program files\SW Programma 2011-06-01 06:37:18 -------- d-----w- c:\users\mobile\appdata\local\{AC319DA1-3293-42B2-9FF9-280656FB756E} 2011-05-31 18:36:05 -------- d-----w- c:\users\mobile\appdata\local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6} 2011-05-31 06:31:42 -------- d-----w- c:\users\mobile\appdata\local\{2189D683-C809-439E-AF1F-C4DE37C7C07F} 2011-05-30 17:32:08 -------- d-----w- c:\users\mobile\appdata\local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF} 2011-05-30 05:19:26 -------- d-----w- c:\users\mobile\appdata\local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC} 2011-05-29 08:04:36 -------- d-----w- c:\users\mobile\appdata\local\{B9AA83B4-F400-4C8C-9249-3106563863C1} 2011-05-28 05:36:46 -------- d-----w- c:\users\mobile\appdata\local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B} 2011-05-27 17:16:47 -------- d-----w- c:\users\mobile\appdata\local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C} 2011-05-27 05:16:24 -------- d-----w- c:\users\mobile\appdata\local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1} 2011-05-26 13:41:55 -------- d-----w- c:\users\mobile\appdata\local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B} 2011-05-25 07:50:25 -------- d-----w- c:\users\mobile\appdata\local\{3EDC3EF4-CB0A-4DBB-A319-E1BB63156E44} 2011-05-24 20:40:31 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys . ==================== Find3M ==================== . 2011-06-06 13:44:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 07:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe . ============= FINISH: 15:38:27,31 ===============
  • . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-12.02) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 17-2-2010 23:59:18 System Uptime: 23-6-2011 15:19:29 (0 hours ago) . Motherboard: Acer | | Acadia Processor: Intel(R) Celeron(R) CPU 530 @ 1.73GHz | uPGA-478 | 1729/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 61,975 GiB free. D: is FIXED (NTFS) - 367 GiB total, 294,865 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP291: 5-6-2011 18:41:50 - Windows Update RP292: 10-6-2011 8:24:15 - Windows Update RP293: 14-6-2011 11:34:23 - Windows Update RP294: 15-6-2011 20:11:10 - Windows Update RP295: 20-6-2011 23:12:58 - Installed Java(TM) 6 Update 26 RP296: 21-6-2011 18:35:06 - Windows Update RP297: 23-6-2011 11:38:46 - Installed HiJackThis RP299: 23-6-2011 15:31:34 - Windows Defender Checkpoint . ==== Installed Programs ====================== . ABN AMRO e.dentifier2 software Adobe Digital Editions Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Allway Sync version 11.1.3 AutoUnpack 4.5.2 Badoo Desktop BELKIN Bluetooth Software 6.0.1.4400 CCleaner D3DX10 Definition update for Microsoft Office 2010 (KB982726) DKW Manager DriverMax 5 Duplicate Cleaner 2.0 F-Secure PSC Prerequisites Feedback Tool Folding@home-x86 Foxit Reader 5.0 Google Apps Migration For Microsoft Outlook® 2.1.1.234 Google Calendar Sync Google Gears Google Update Helper GpsGate HDAUDIO Soft Data Fax Modem with SmartCP HiJackThis Intel(R) Graphics Media Accelerator Driver Intel(R) TV Wizard Java Auto Updater Java(TM) 6 Update 26 Logitech Webcam Software Malwarebytes' Anti-Malware versie 1.51.0.1200 MediaMonkey 3.2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Groove MUI (Dutch) 2010 Microsoft Office InfoPath MUI (Dutch) 2010 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Mobile Partner Mozilla Firefox 5.0 (x86 nl) MSVCRT NewsLeecher v3.9 Final OGA Notifier 2.0.0048.0 OpenCPN 2.3.1 PIXresizer PL-2303 USB-to-Serial PL-2303 Vista Driver Installer QuickPar 0.9 Realtek High Definition Audio Driver Revo Uninstaller Pro 2.5.3 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft Excel 2010 (KB2523021) Security Update for Microsoft InfoPath 2010 (KB2510065) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft PowerPoint 2010 (KB2519975) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Skype™ 5.3 Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD TeamViewer 6 TomTom HOME 2.8.1.2218 TomTom HOME Visual Studio Merge Modules Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2523113) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2441641) Update voor het stuurprogramma voor Windows Mobile Apparaatcentrum Update voor Microsoft Outlook Social Connector (KB2441641) VLC media player 1.0.1 Windows Installer Clean Up Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Mobile Apparaatcentrum WinGPS 4 Lite WinRAR YouTube Downloader 2.7 Ziggo uitgebreide internetbeveiliging ZyDAS IEEE 802.11 b+g Wireless LAN - USB . ==== End Of File ===========================
  • Hoi Anjo, ik tref in het log maplokaties aan, die ik nog niet eerder heb gezien. Ik vermoed dat jij dat zelf gedaan hebt? Voorbeeld: c:\users\[b:8610b14633]mobile[/b:8610b14633]\appdata\local\ En doe ook het volgende: Download [url=http://jpshortstuff.247fixes.com/SystemLook.exe][b:8610b14633]SystemLook.exe[/b:8610b14633][/url] en plaats het bestand op het [b:8610b14633]Bureaublad[/b:8610b14633]. [b:8610b14633]SystemLook.exe opstarten[/b:8610b14633]: • Windows 2000 en Windows XP: start SystemLook.exe middels dubbelklik op de snelkoppeling. • Windows Vista en Windows 7: start SystemLook.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren". In het venster dat opent kopieer je onderstaande code: [code:1:8610b14633]:filefind KDV.256843 [/code:1:8610b14633] Klik op de knop "[b:8610b14633]Look[/b:8610b14633]" om de scan te activeren. Als de scan klaar is opent een tekstbestand ([b:8610b14633]SystemLook.txt[/b:8610b14633]). Post de inhoud van in dit bestand.
  • Mobile is mn laptop.... log: SystemLook 04.09.10 by jpshortstuff Log created at 21:45 on 23/06/2011 by mobile Administrator - Elevation successful ========== filefind ========== Searching for "KDV.256843 " No files found. -= EOF =- Begin te geloven dat t -weer- een glitch van Fsecure is
  • Defender heeft nog een -laag gevaarlijk- dingetje verwijderd, en na reboot opeens wel een logfile HJT :lol: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:57:15, on 23-6-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Internetbeveiliging\Common\FSM32.EXE C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Users\mobile\AppData\Roaming\Folding@home-x86\FahCore_a4.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\System32\Magnify.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file) O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Badoo Desktop] "C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Folding@home.lnk = ? O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: >> Download This Youtube Video - UnlockForUs - C:\Users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9788 bytes
  • Hoi Anjo, je schrijft of vermoed dat c:\users\mobile\appdata\local\ verband houdt met het feit dat het om eem notebook gaat. Ik gebruik een notebook, en die speciale mappen staan niet nin mijn Windows. Vermoedelijk zijn deze onderdeel van de Badoo-desktop, iets dat met Apple-Apps te maken heeft, voorzover ik dat heb kunnen vinden. Je mag het het volgende doen: [b:03c7c10d00]Welk programma[/b:03c7c10d00]: ComboFix [b:03c7c10d00]Waarvoor/waarom[/b:03c7c10d00]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:03c7c10d00]Moeilijkheidsgraad[/b:03c7c10d00]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:03c7c10d00]Downloadlokatie[/b:03c7c10d00]: Dit programma absoluut naar het bureaublad downloaden! [b:03c7c10d00]Download ComboFix via één van deze locaties[/b:03c7c10d00]: [list:03c7c10d00][*:03c7c10d00][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:03c7c10d00]Bleepingcomputer[/b:03c7c10d00][/url] [*:03c7c10d00][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:03c7c10d00]ForoSpyware[/b:03c7c10d00][/url] [*:03c7c10d00][url=http://subs.geekstogo.com/ComboFix.exe][b:03c7c10d00]Geekstogo[/b:03c7c10d00][/url][/list:u:03c7c10d00] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:03c7c10d00]Hier[/b:03c7c10d00][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:03c7c10d00]Hier[/b:03c7c10d00][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:03c7c10d00]hier[/b:03c7c10d00][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:03c7c10d00]Voor alle duidelijkheid nogmaals[/b:03c7c10d00]: ComboFix dient vanaf het bureaublad gestart te worden. [b:03c7c10d00]Opmerkingen[/b:03c7c10d00]: [list:03c7c10d00][*:03c7c10d00] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:03c7c10d00]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:03c7c10d00]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:03c7c10d00] [b:03c7c10d00]ComboFix is opgestart[/b:03c7c10d00]: [list:03c7c10d00][*:03c7c10d00]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:03c7c10d00]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:03c7c10d00]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:03c7c10d00]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:03c7c10d00]Post de inhoud van dit logbestand in je volgende bericht. [*:03c7c10d00]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:03c7c10d00] [b:03c7c10d00]Belangrijke opmerking[/b:03c7c10d00]: [list:03c7c10d00][*:03c7c10d00][b:03c7c10d00][color=Red:03c7c10d00]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:03c7c10d00][/b:03c7c10d00] [*:03c7c10d00][b:03c7c10d00][color=blue:03c7c10d00]Illegal operation attempted on a registery key that has been marked for deletion.[/color:03c7c10d00][/b:03c7c10d00] [*:03c7c10d00][b:03c7c10d00][color=Red:03c7c10d00]Start dan de computer opnieuw op.[/color:03c7c10d00][/b:03c7c10d00][/list:u:03c7c10d00]
  • Lappie werd met een pre-install geleverd, ik moest dus een username invullen en dat is 'mobile" LOG: ComboFix 11-06-23.03 - mobile 24-06-2011 8:21.1.1 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.2153 [GMT 2:00] Gestart vanuit: c:\users\mobile\Desktop\ComboFix.exe AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml c:\users\mobile\AppData\Roaming\chrtmp c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\searchplugins\SearchquWebSearch.xml c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\searchqutb c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\searchqutb\preferences.dat c:\windows\system32\Drivers\jvpfqo.sys c:\windows\TEMP\logishrd\LVPrcInj01.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))) . . 2011-06-24 06:28 . 2011-06-24 06:32 -------- d-----w- c:\users\mobile\AppData\Local\temp 2011-06-24 06:28 . 2011-06-24 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-23 19:47 . 2011-06-23 19:48 -------- d-----w- c:\users\mobile\AppData\Local\{160E06C8-7CA5-4C9C-B807-DEFD9935C58E} 2011-06-23 16:47 . 2011-06-23 16:47 0 ---ha-w- c:\users\mobile\AppData\Local\BIT5239.tmp 2011-06-23 09:40 . 2011-06-23 09:40 388096 ----a-r- c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-23 09:40 . 2011-06-23 09:40 -------- d-----w- c:\program files\Trend Micro 2011-06-23 07:19 . 2011-06-23 07:19 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 07:19 . 2011-06-23 07:19 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 06:17 . 2011-06-23 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD} 2011-06-22 05:59 . 2011-06-22 05:59 -------- d-----w- c:\users\mobile\AppData\Local\{ED3DBF97-E66A-4805-AACD-A0BC20705511} 2011-06-21 16:35 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A1D620-578A-464D-B1FD-B3D3E644DBE9}\mpengine.dll 2011-06-21 09:16 . 2011-06-21 09:17 -------- d-----w- c:\users\mobile\AppData\Local\{ABE48671-48A8-49F0-9F92-4AC014F732DF} 2011-06-20 21:16 . 2011-06-20 21:16 -------- d-----w- c:\users\mobile\AppData\Local\{7BF39052-F237-498A-9DA3-11D0CDF11195} 2011-06-20 21:15 . 2011-06-20 21:15 -------- d-----w- c:\program files\Common Files\Java 2011-06-18 18:30 . 2011-06-18 18:30 -------- d-----w- c:\users\mobile\AppData\Local\{14E14A5E-908F-45AE-99CF-893D52E41B46} 2011-06-18 06:29 . 2011-06-18 06:29 -------- d-----w- c:\users\mobile\AppData\Local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5} 2011-06-17 18:29 . 2011-06-17 18:29 -------- d-----w- c:\users\mobile\AppData\Local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C} 2011-06-17 06:28 . 2011-06-17 06:29 -------- d-----w- c:\users\mobile\AppData\Local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E} 2011-06-16 07:49 . 2011-06-16 07:49 -------- d-----w- c:\users\mobile\AppData\Local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE} 2011-06-15 18:27 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 18:27 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-15 18:27 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 06:17 . 2011-06-15 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{FCDFCF71-5E01-418A-B26B-79056CD021FB} 2011-06-15 04:58 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 04:58 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 04:58 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 04:58 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 04:58 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 04:58 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 04:58 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 04:57 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 04:57 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 04:57 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 18:17 . 2011-06-14 18:17 -------- d-----w- c:\users\mobile\AppData\Local\{35E95620-9735-4FCC-A853-2B745C8185E1} 2011-06-14 06:17 . 2011-06-14 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{9505C868-9EB6-4CD1-B95F-964A0639F264} 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\users\mobile\AppData\Local\{73366D1C-E752-40BC-8DAC-70CA4F03380A} 2011-06-11 09:11 . 2011-06-11 09:11 -------- d-----w- c:\users\mobile\AppData\Local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB} 2011-06-10 13:02 . 2011-06-10 13:02 -------- d-----w- c:\programdata\Badoo 2011-06-10 06:32 . 2011-06-10 06:32 -------- d-----w- c:\users\mobile\AppData\Local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5} 2011-06-09 18:31 . 2011-06-09 18:31 -------- d-----w- c:\users\mobile\AppData\Local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B} 2011-06-09 06:31 . 2011-06-09 06:31 -------- d-----w- c:\users\mobile\AppData\Local\{F87C0347-C5DE-4E57-A74F-63587F5B1067} 2011-06-08 05:24 . 2011-06-08 05:24 -------- d-----w- c:\users\mobile\AppData\Local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61} 2011-06-07 08:33 . 2011-06-07 08:33 -------- d-----w- c:\users\mobile\AppData\Local\{B28026DE-27D8-4875-A476-4ECB63B32D86} 2011-06-07 08:27 . 2011-06-07 08:27 -------- d-----w- c:\program files\OpenCPN 2011-06-07 08:24 . 2011-06-10 14:13 -------- d-----w- c:\programdata\opencpn 2011-06-06 18:35 . 2011-06-06 18:35 -------- d-----w- c:\users\mobile\AppData\Local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E} 2011-06-06 06:35 . 2011-06-06 06:35 -------- d-----w- c:\users\mobile\AppData\Local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E} 2011-06-05 16:59 . 2011-06-05 16:59 -------- d-----w- c:\users\mobile\AppData\Local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB} 2011-06-02 05:50 . 2011-06-02 05:50 -------- d-----w- c:\users\mobile\AppData\Local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1} 2011-06-01 10:19 . 2011-06-01 10:19 -------- d-----w- c:\users\mobile\AppData\Local\VS Revo Group 2011-06-01 10:18 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-06-01 10:18 . 2011-06-01 10:18 -------- d-----w- c:\program files\VS Revo Group 2011-06-01 10:14 . 2011-06-01 10:16 -------- d-----w- c:\program files\SW Programma 2011-06-01 06:37 . 2011-06-01 06:37 -------- d-----w- c:\users\mobile\AppData\Local\{AC319DA1-3293-42B2-9FF9-280656FB756E} 2011-05-31 18:36 . 2011-05-31 18:36 -------- d-----w- c:\users\mobile\AppData\Local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6} 2011-05-31 06:31 . 2011-05-31 06:31 -------- d-----w- c:\users\mobile\AppData\Local\{2189D683-C809-439E-AF1F-C4DE37C7C07F} 2011-05-30 17:32 . 2011-05-30 17:32 -------- d-----w- c:\users\mobile\AppData\Local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF} 2011-05-30 05:19 . 2011-05-30 05:19 -------- d-----w- c:\users\mobile\AppData\Local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC} 2011-05-29 08:04 . 2011-05-29 08:04 -------- d-----w- c:\users\mobile\AppData\Local\{B9AA83B4-F400-4C8C-9249-3106563863C1} 2011-05-28 05:36 . 2011-05-28 05:36 -------- d-----w- c:\users\mobile\AppData\Local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B} 2011-05-27 17:16 . 2011-05-27 17:16 -------- d-----w- c:\users\mobile\AppData\Local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C} 2011-05-27 05:16 . 2011-05-27 05:16 -------- d-----w- c:\users\mobile\AppData\Local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1} 2011-05-26 13:41 . 2011-05-26 13:42 -------- d-----w- c:\users\mobile\AppData\Local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B} 2011-05-25 07:50 . 2011-05-25 07:50 -------- d-----w- c:\users\mobile\AppData\Local\{3EDC3EF4-CB0A-4DBB-A319-E1BB63156E44} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-06 13:44 . 2011-05-15 09:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 07:11 . 2010-10-06 14:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-10-06 14:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 17:14 . 2010-02-17 23:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:52 . 2011-02-05 10:02 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-22 19:14 . 2011-05-24 20:40 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:02 . 2011-05-11 05:52 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 05:52 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-14 10:15 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-04-07 05:51 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-03 05:31 . 2011-04-03 05:31 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-03 05:31 . 2011-04-03 05:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-03 05:31 . 2011-04-03 05:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-03 05:31 . 2011-04-03 05:31 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-03 05:31 . 2011-04-03 05:31 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-03 05:31 . 2011-04-03 05:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-03 05:31 . 2011-04-03 05:31 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-03 05:31 . 2011-04-03 05:31 367104 ----a-w- c:\windows\system32\html.iec 2011-04-03 05:31 . 2011-04-03 05:31 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-03 05:31 . 2011-04-03 05:31 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-03 05:31 . 2011-04-03 05:31 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-03 05:31 . 2011-04-03 05:31 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-03 05:31 . 2011-04-03 05:31 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-03 05:31 . 2011-04-03 05:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-03 05:31 . 2011-04-03 05:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-03 05:31 . 2011-04-03 05:31 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-03 05:31 . 2011-04-03 05:31 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-03 05:31 . 2011-04-03 05:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-03 05:31 . 2011-04-03 05:31 101888 ----a-w- c:\windows\system32\admparse.dll 2011-06-23 07:19 . 2011-05-02 07:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-24 944008] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Folding@home.lnk - c:\users\mobile\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-12-27 98477] OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk backupExtension=.CommonStartup backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] 2011-03-23 10:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART] 2011-03-23 10:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-19 35792] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040] S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-05-23 61088] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhoud van de 'Gedeelde Taken' map . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13] . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.searchqu.com/ IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q= FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(644) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(548) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'Explorer.exe'(4020) c:\program files\internetbeveiliging\hips\fshook32.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\taskhost.exe c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe c:\program files\Internetbeveiliging\Common\FSMA32.EXE c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe c:\windows\System32\Magnify.exe c:\windows\system32\conhost.exe c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-06-24 08:37:19 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-24 06:37 . Pre-Run: 66.131.283.968 bytes beschikbaar Post-Run: 65.843.855.360 bytes beschikbaar . - - End Of File - - E462BC36075E526B8236866DE085D7C6
  • Hoi Anjo, ik zie dat je Drivermax in jouw notebook hebt. Mijn inziens heeft dat weinig zin, daar je voor notebookdrivers altijd afhankelijk bent van de supply door de notebookfabrikant. Anderzijds kan het gebeuren dat er er een verkeerde driver wordt geïnstalleerd, waardoor in het uiterste geval Windows niet meer kan opstarten. Is jou overigens onderstaande melding bekend: tcp: dhcpnameserver = 212.54.40.25 212.54.35.25 Doe het volgende: open een nieuw kladblok bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:c5aa162e43]Kladblok[/b:c5aa162e43]". Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster [b:c5aa162e43][color=Blue:c5aa162e43]File:: c:\users\mobile\appdata\local\bit5239.tmp c:\users\mobile\appdata\local\temp\rar$ex01.518\youtubefilehack\lawrence.htm[/color:c5aa162e43][/b:c5aa162e43] Sla dit kladblokbestand op je bureaublad op als [b:c5aa162e43]CFScript.txt[/b:c5aa162e43]. [b:c5aa162e43][color=Red:c5aa162e43]Nu eerst de antivirus deaktiveren![/color:c5aa162e43][/b:c5aa162e43] Sleep CFScript.txt in ComboFix.exe [img:c5aa162e43]http://img517.imageshack.us/img517/8662/cfscript10uc2.gif[/img:c5aa162e43] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond! Daarna mag je onderstaand tool inzetten: [b:c5aa162e43]Welk programma[/b:c5aa162e43]: TFC. [b:c5aa162e43]Waarvoor/waarom[/b:c5aa162e43]:grondige reiniging van Windows. [b:c5aa162e43]Moeilijkheidsgraad[/b:c5aa162e43]: geen. [b:c5aa162e43]Download [url=http://oldtimer.geekstogo.com/TFC.exe][color=Blue:c5aa162e43]TFC naar je bureaublad (klick)[/color:c5aa162e43] [/b:c5aa162e43][/url] [b:c5aa162e43]TFC opstarten[/b:c5aa162e43]: Windows 2000 en Windows XP: start TFC.exe middels dubbelklik op de snelkoppeling. Windows Vista en Windows 7: start TFC.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren". [list:c5aa162e43][*:c5aa162e43] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen! [*:c5aa162e43] Vervolgens klik je op de knop [b:c5aa162e43]Start[/b:c5aa162e43] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is. [*:c5aa162e43] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt. [*:c5aa162e43] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op. [*:c5aa162e43] Noot: TFC vertoont geen log![/list:u:c5aa162e43]
  • TCP zegt me zogauw niets of t moet van mn FTPprog komen ( oming Beacon. drivermax gebruik ik op lappie vnl om elders mn configuraties te kunnen bijhouden/tontn en als updater voor mijn andere machines. Op lappie ben ik selectief met evt nieuwe drivers maar Acer is daar zeer traag mee Log voor reboot- moest wel want mn FF en IE wilden niet meer opstarten ComboFix 11-06-23.03 - mobile 24-06-2011 10:27:43.2.1 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.2118 [GMT 2:00] Gestart vanuit: c:\users\mobile\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\mobile\Desktop\CFScript.txt..txt AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . FILE :: "c:\users\mobile\appdata\local\bit5239.tmp" "c:\users\mobile\appdata\local\temp\rar$ex01.518\youtubefilehack\lawrence.htm" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\mobile\appdata\local\bit5239.tmp c:\windows\TEMP\logishrd\LVPrcInj01.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))) . . 2011-06-24 08:34 . 2011-06-24 08:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-24 06:28 . 2011-06-24 08:39 -------- d-----w- c:\users\mobile\AppData\Local\temp 2011-06-23 19:47 . 2011-06-23 19:48 -------- d-----w- c:\users\mobile\AppData\Local\{160E06C8-7CA5-4C9C-B807-DEFD9935C58E} 2011-06-23 09:40 . 2011-06-23 09:40 388096 ----a-r- c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-23 09:40 . 2011-06-23 09:40 -------- d-----w- c:\program files\Trend Micro 2011-06-23 07:19 . 2011-06-23 07:19 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 07:19 . 2011-06-23 07:19 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 06:17 . 2011-06-23 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD} 2011-06-22 05:59 . 2011-06-22 05:59 -------- d-----w- c:\users\mobile\AppData\Local\{ED3DBF97-E66A-4805-AACD-A0BC20705511} 2011-06-21 16:35 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A1D620-578A-464D-B1FD-B3D3E644DBE9}\mpengine.dll 2011-06-21 09:16 . 2011-06-21 09:17 -------- d-----w- c:\users\mobile\AppData\Local\{ABE48671-48A8-49F0-9F92-4AC014F732DF} 2011-06-20 21:16 . 2011-06-20 21:16 -------- d-----w- c:\users\mobile\AppData\Local\{7BF39052-F237-498A-9DA3-11D0CDF11195} 2011-06-20 21:15 . 2011-06-20 21:15 -------- d-----w- c:\program files\Common Files\Java 2011-06-18 18:30 . 2011-06-18 18:30 -------- d-----w- c:\users\mobile\AppData\Local\{14E14A5E-908F-45AE-99CF-893D52E41B46} 2011-06-18 06:29 . 2011-06-18 06:29 -------- d-----w- c:\users\mobile\AppData\Local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5} 2011-06-17 18:29 . 2011-06-17 18:29 -------- d-----w- c:\users\mobile\AppData\Local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C} 2011-06-17 06:28 . 2011-06-17 06:29 -------- d-----w- c:\users\mobile\AppData\Local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E} 2011-06-16 07:49 . 2011-06-16 07:49 -------- d-----w- c:\users\mobile\AppData\Local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE} 2011-06-15 18:27 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 18:27 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-15 18:27 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 06:17 . 2011-06-15 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{FCDFCF71-5E01-418A-B26B-79056CD021FB} 2011-06-15 04:58 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 04:58 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 04:58 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 04:58 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 04:58 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 04:58 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 04:58 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 04:57 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 04:57 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 04:57 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 18:17 . 2011-06-14 18:17 -------- d-----w- c:\users\mobile\AppData\Local\{35E95620-9735-4FCC-A853-2B745C8185E1} 2011-06-14 06:17 . 2011-06-14 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{9505C868-9EB6-4CD1-B95F-964A0639F264} 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\users\mobile\AppData\Local\{73366D1C-E752-40BC-8DAC-70CA4F03380A} 2011-06-11 09:11 . 2011-06-11 09:11 -------- d-----w- c:\users\mobile\AppData\Local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB} 2011-06-10 13:02 . 2011-06-10 13:02 -------- d-----w- c:\programdata\Badoo 2011-06-10 06:32 . 2011-06-10 06:32 -------- d-----w- c:\users\mobile\AppData\Local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5} 2011-06-09 18:31 . 2011-06-09 18:31 -------- d-----w- c:\users\mobile\AppData\Local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B} 2011-06-09 06:31 . 2011-06-09 06:31 -------- d-----w- c:\users\mobile\AppData\Local\{F87C0347-C5DE-4E57-A74F-63587F5B1067} 2011-06-08 05:24 . 2011-06-08 05:24 -------- d-----w- c:\users\mobile\AppData\Local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61} 2011-06-07 08:33 . 2011-06-07 08:33 -------- d-----w- c:\users\mobile\AppData\Local\{B28026DE-27D8-4875-A476-4ECB63B32D86} 2011-06-07 08:27 . 2011-06-07 08:27 -------- d-----w- c:\program files\OpenCPN 2011-06-07 08:24 . 2011-06-10 14:13 -------- d-----w- c:\programdata\opencpn 2011-06-06 18:35 . 2011-06-06 18:35 -------- d-----w- c:\users\mobile\AppData\Local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E} 2011-06-06 06:35 . 2011-06-06 06:35 -------- d-----w- c:\users\mobile\AppData\Local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E} 2011-06-05 16:59 . 2011-06-05 16:59 -------- d-----w- c:\users\mobile\AppData\Local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB} 2011-06-02 05:50 . 2011-06-02 05:50 -------- d-----w- c:\users\mobile\AppData\Local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1} 2011-06-01 10:19 . 2011-06-01 10:19 -------- d-----w- c:\users\mobile\AppData\Local\VS Revo Group 2011-06-01 10:18 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-06-01 10:18 . 2011-06-01 10:18 -------- d-----w- c:\program files\VS Revo Group 2011-06-01 10:14 . 2011-06-01 10:16 -------- d-----w- c:\program files\SW Programma 2011-06-01 06:37 . 2011-06-01 06:37 -------- d-----w- c:\users\mobile\AppData\Local\{AC319DA1-3293-42B2-9FF9-280656FB756E} 2011-05-31 18:36 . 2011-05-31 18:36 -------- d-----w- c:\users\mobile\AppData\Local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6} 2011-05-31 06:31 . 2011-05-31 06:31 -------- d-----w- c:\users\mobile\AppData\Local\{2189D683-C809-439E-AF1F-C4DE37C7C07F} 2011-05-30 17:32 . 2011-05-30 17:32 -------- d-----w- c:\users\mobile\AppData\Local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF} 2011-05-30 05:19 . 2011-05-30 05:19 -------- d-----w- c:\users\mobile\AppData\Local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC} 2011-05-29 08:04 . 2011-05-29 08:04 -------- d-----w- c:\users\mobile\AppData\Local\{B9AA83B4-F400-4C8C-9249-3106563863C1} 2011-05-28 05:36 . 2011-05-28 05:36 -------- d-----w- c:\users\mobile\AppData\Local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B} 2011-05-27 17:16 . 2011-05-27 17:16 -------- d-----w- c:\users\mobile\AppData\Local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C} 2011-05-27 05:16 . 2011-05-27 05:16 -------- d-----w- c:\users\mobile\AppData\Local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1} 2011-05-26 13:41 . 2011-05-26 13:42 -------- d-----w- c:\users\mobile\AppData\Local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-06 13:44 . 2011-05-15 09:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 07:11 . 2010-10-06 14:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-10-06 14:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 17:14 . 2010-02-17 23:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:52 . 2011-02-05 10:02 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-22 19:14 . 2011-05-24 20:40 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:02 . 2011-05-11 05:52 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 05:52 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-14 10:15 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-04-07 05:51 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-03 05:31 . 2011-04-03 05:31 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-03 05:31 . 2011-04-03 05:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-03 05:31 . 2011-04-03 05:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-03 05:31 . 2011-04-03 05:31 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-03 05:31 . 2011-04-03 05:31 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-03 05:31 . 2011-04-03 05:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-03 05:31 . 2011-04-03 05:31 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-03 05:31 . 2011-04-03 05:31 367104 ----a-w- c:\windows\system32\html.iec 2011-04-03 05:31 . 2011-04-03 05:31 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-03 05:31 . 2011-04-03 05:31 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-03 05:31 . 2011-04-03 05:31 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-03 05:31 . 2011-04-03 05:31 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-03 05:31 . 2011-04-03 05:31 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-03 05:31 . 2011-04-03 05:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-03 05:31 . 2011-04-03 05:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-03 05:31 . 2011-04-03 05:31 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-03 05:31 . 2011-04-03 05:31 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-03 05:31 . 2011-04-03 05:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-03 05:31 . 2011-04-03 05:31 101888 ----a-w- c:\windows\system32\admparse.dll 2011-06-23 07:19 . 2011-05-02 07:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-24 944008] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Folding@home.lnk - c:\users\mobile\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-12-27 98477] OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk backupExtension=.CommonStartup backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] 2011-03-23 10:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART] 2011-03-23 10:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-19 35792] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040] S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-05-23 61088] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhoud van de 'Gedeelde Taken' map . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13] . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.searchqu.com/ IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q= FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(632) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(548) c:\program files\internetbeveiliging\hips\fshook32.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\taskhost.exe c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE c:\program files\Internetbeveiliging\Common\FSMA32.EXE c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe c:\windows\System32\Magnify.exe c:\windows\system32\conhost.exe c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe c:\windows\system32\Mystify.scr c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Voltooingstijd: 2011-06-24 10:47:45 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-24 08:47 ComboFix2.txt 2011-06-24 06:37 . Pre-Run: 66.085.675.008 bytes beschikbaar Post-Run: 66.037.342.208 bytes beschikbaar . - - End Of File - - 4B5E199EFED333E211884D17AEBF0F19 Zal TFC straks draaien, of wil je eerst nog een nieuw log na deze laatste reboot??
  • Dat ip-adres wijst naar een lokatie in Maastricht. Geeft F-Secure nu nog steeds de melding waarmee je jouw topic begonnen bent? Je hoeft nauwelijks te verwachten, dat er enige driver door Acer wordt vernieuwd. Mogelijk dat er op zeker moment een biosupdate wel voorhanden is! Die handelwijze geldt voor vrijwel alle notebookfabrikanten!
  • Drivermax wordt dus ook vnl voor de andere 2 PC's gebruikt.... Ip adres zo niet te vinden Melding Fsecure weg Log na 2e reboot :ComboFix 11-06-23.03 - mobile 24-06-2011 11:37:32.4.1 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3062.1962 [GMT 2:00] Gestart vanuit: c:\users\mobile\Desktop\ComboFix.exe AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\logishrd\LVPrcInj01.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))) . . 2011-06-24 09:44 . 2011-06-24 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-24 08:47 . 2011-06-24 09:47 -------- d-----w- c:\users\mobile\AppData\Local\temp 2011-06-23 19:47 . 2011-06-23 19:48 -------- d-----w- c:\users\mobile\AppData\Local\{160E06C8-7CA5-4C9C-B807-DEFD9935C58E} 2011-06-23 09:40 . 2011-06-23 09:40 388096 ----a-r- c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-23 09:40 . 2011-06-23 09:40 -------- d-----w- c:\program files\Trend Micro 2011-06-23 07:19 . 2011-06-23 07:19 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 07:19 . 2011-06-23 07:19 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 06:17 . 2011-06-23 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{C775892C-7DDD-4653-AF5D-EF179E3FB6BD} 2011-06-22 05:59 . 2011-06-22 05:59 -------- d-----w- c:\users\mobile\AppData\Local\{ED3DBF97-E66A-4805-AACD-A0BC20705511} 2011-06-21 16:35 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93A1D620-578A-464D-B1FD-B3D3E644DBE9}\mpengine.dll 2011-06-21 09:16 . 2011-06-21 09:17 -------- d-----w- c:\users\mobile\AppData\Local\{ABE48671-48A8-49F0-9F92-4AC014F732DF} 2011-06-20 21:16 . 2011-06-20 21:16 -------- d-----w- c:\users\mobile\AppData\Local\{7BF39052-F237-498A-9DA3-11D0CDF11195} 2011-06-20 21:15 . 2011-06-20 21:15 -------- d-----w- c:\program files\Common Files\Java 2011-06-18 18:30 . 2011-06-18 18:30 -------- d-----w- c:\users\mobile\AppData\Local\{14E14A5E-908F-45AE-99CF-893D52E41B46} 2011-06-18 06:29 . 2011-06-18 06:29 -------- d-----w- c:\users\mobile\AppData\Local\{858E080E-4AE3-4286-ADA2-1EBFCFC6FCE5} 2011-06-17 18:29 . 2011-06-17 18:29 -------- d-----w- c:\users\mobile\AppData\Local\{EB8CA92B-FEEB-4E4F-A8C6-7924ECE7AC9C} 2011-06-17 06:28 . 2011-06-17 06:29 -------- d-----w- c:\users\mobile\AppData\Local\{54B76ECE-1641-4E38-BB4E-7AC73DACB90E} 2011-06-16 07:49 . 2011-06-16 07:49 -------- d-----w- c:\users\mobile\AppData\Local\{53289DC5-45B8-4CE3-8B6E-9359647FA0EE} 2011-06-15 18:27 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 18:27 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-15 18:27 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 06:17 . 2011-06-15 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{FCDFCF71-5E01-418A-B26B-79056CD021FB} 2011-06-15 04:58 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 04:58 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 04:58 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 04:58 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 04:58 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 04:58 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 04:58 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 04:57 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 04:57 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 04:57 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-14 18:17 . 2011-06-14 18:17 -------- d-----w- c:\users\mobile\AppData\Local\{35E95620-9735-4FCC-A853-2B745C8185E1} 2011-06-14 06:17 . 2011-06-14 06:17 -------- d-----w- c:\users\mobile\AppData\Local\{9505C868-9EB6-4CD1-B95F-964A0639F264} 2011-06-13 14:37 . 2011-06-13 14:37 -------- d-----w- c:\users\mobile\AppData\Local\{73366D1C-E752-40BC-8DAC-70CA4F03380A} 2011-06-11 09:11 . 2011-06-11 09:11 -------- d-----w- c:\users\mobile\AppData\Local\{EAFBC385-7FCF-4295-8D57-FF3B3CD94FDB} 2011-06-10 13:02 . 2011-06-10 13:02 -------- d-----w- c:\programdata\Badoo 2011-06-10 06:32 . 2011-06-10 06:32 -------- d-----w- c:\users\mobile\AppData\Local\{0EBC36EF-7673-4C06-AE59-FCA564EFD4C5} 2011-06-09 18:31 . 2011-06-09 18:31 -------- d-----w- c:\users\mobile\AppData\Local\{B36B9A1D-BF0D-453C-94E5-8BB906E4CA4B} 2011-06-09 06:31 . 2011-06-09 06:31 -------- d-----w- c:\users\mobile\AppData\Local\{F87C0347-C5DE-4E57-A74F-63587F5B1067} 2011-06-08 05:24 . 2011-06-08 05:24 -------- d-----w- c:\users\mobile\AppData\Local\{62E1CEFB-8052-4FE5-B6F8-5E67C775BD61} 2011-06-07 08:33 . 2011-06-07 08:33 -------- d-----w- c:\users\mobile\AppData\Local\{B28026DE-27D8-4875-A476-4ECB63B32D86} 2011-06-07 08:27 . 2011-06-07 08:27 -------- d-----w- c:\program files\OpenCPN 2011-06-07 08:24 . 2011-06-10 14:13 -------- d-----w- c:\programdata\opencpn 2011-06-06 18:35 . 2011-06-06 18:35 -------- d-----w- c:\users\mobile\AppData\Local\{240CF73B-C6B3-4A28-AFFA-DBE56684793E} 2011-06-06 06:35 . 2011-06-06 06:35 -------- d-----w- c:\users\mobile\AppData\Local\{346AAA07-08F4-49CE-A3B2-72BC99314C5E} 2011-06-05 16:59 . 2011-06-05 16:59 -------- d-----w- c:\users\mobile\AppData\Local\{ED7B4AC9-CDCB-4885-8919-8D4A4DEB05EB} 2011-06-02 05:50 . 2011-06-02 05:50 -------- d-----w- c:\users\mobile\AppData\Local\{2952A5B3-0242-4E5E-A9CD-4241BA47ABB1} 2011-06-01 10:19 . 2011-06-01 10:19 -------- d-----w- c:\users\mobile\AppData\Local\VS Revo Group 2011-06-01 10:18 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2011-06-01 10:18 . 2011-06-01 10:18 -------- d-----w- c:\program files\VS Revo Group 2011-06-01 10:14 . 2011-06-01 10:16 -------- d-----w- c:\program files\SW Programma 2011-06-01 06:37 . 2011-06-01 06:37 -------- d-----w- c:\users\mobile\AppData\Local\{AC319DA1-3293-42B2-9FF9-280656FB756E} 2011-05-31 18:36 . 2011-05-31 18:36 -------- d-----w- c:\users\mobile\AppData\Local\{4CFCF7D3-B67D-4208-855B-5CBCD1E440E6} 2011-05-31 06:31 . 2011-05-31 06:31 -------- d-----w- c:\users\mobile\AppData\Local\{2189D683-C809-439E-AF1F-C4DE37C7C07F} 2011-05-30 17:32 . 2011-05-30 17:32 -------- d-----w- c:\users\mobile\AppData\Local\{C3F3BDA8-ED7C-4383-A23A-218CDD6E84BF} 2011-05-30 05:19 . 2011-05-30 05:19 -------- d-----w- c:\users\mobile\AppData\Local\{A5BA49E6-F5C4-4622-B9C1-C64B50AD58FC} 2011-05-29 08:04 . 2011-05-29 08:04 -------- d-----w- c:\users\mobile\AppData\Local\{B9AA83B4-F400-4C8C-9249-3106563863C1} 2011-05-28 05:36 . 2011-05-28 05:36 -------- d-----w- c:\users\mobile\AppData\Local\{89A7AB36-4857-42A4-ABF6-582BA5635A8B} 2011-05-27 17:16 . 2011-05-27 17:16 -------- d-----w- c:\users\mobile\AppData\Local\{A0F4C3FB-6F42-476D-84C6-DCC21B05242C} 2011-05-27 05:16 . 2011-05-27 05:16 -------- d-----w- c:\users\mobile\AppData\Local\{776FF81F-3FDE-4EBE-88E3-4C97BC0104F1} 2011-05-26 13:41 . 2011-05-26 13:42 -------- d-----w- c:\users\mobile\AppData\Local\{DF97C53F-C5DC-409E-A4B8-AD34ECD1316B} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-06 13:44 . 2011-05-15 09:41 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 07:11 . 2010-10-06 14:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 07:11 . 2010-10-06 14:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-24 17:14 . 2010-02-17 23:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:52 . 2011-02-05 10:02 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-22 19:14 . 2011-05-24 20:40 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:02 . 2011-05-11 05:52 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-11 05:52 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-14 10:15 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-04-07 05:51 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-03 05:31 . 2011-04-03 05:31 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-04-03 05:31 . 2011-04-03 05:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-04-03 05:31 . 2011-04-03 05:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-04-03 05:31 . 2011-04-03 05:31 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-04-03 05:31 . 2011-04-03 05:31 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-03 05:31 . 2011-04-03 05:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-04-03 05:31 . 2011-04-03 05:31 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-03 05:31 . 2011-04-03 05:31 367104 ----a-w- c:\windows\system32\html.iec 2011-04-03 05:31 . 2011-04-03 05:31 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-04-03 05:31 . 2011-04-03 05:31 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-03 05:31 . 2011-04-03 05:31 161792 ----a-w- c:\windows\system32\msls31.dll 2011-04-03 05:31 . 2011-04-03 05:31 152064 ----a-w- c:\windows\system32\wextract.exe 2011-04-03 05:31 . 2011-04-03 05:31 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-04-03 05:31 . 2011-04-03 05:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-04-03 05:31 . 2011-04-03 05:31 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-03 05:31 . 2011-04-03 05:31 11776 ----a-w- c:\windows\system32\mshta.exe 2011-04-03 05:31 . 2011-04-03 05:31 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-04-03 05:31 . 2011-04-03 05:31 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-04-03 05:31 . 2011-04-03 05:31 101888 ----a-w- c:\windows\system32\admparse.dll 2011-06-23 07:19 . 2011-05-02 07:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208] "GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2010-03-24 944008] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264] "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-02-24 10025576] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Folding@home.lnk - c:\users\mobile\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-12-27 98477] OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk backupExtension=.CommonStartup backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] 2011-03-23 10:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART] 2011-03-23 10:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [2009-08-05 68064] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-19 35792] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040] S1 fsvista;F-Secure Vista Support Driver;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648] S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [2011-05-23 61088] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HsfXAudioService REG_MULTI_SZ HsfXAudioService . Inhoud van de 'Gedeelde Taken' map . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13] . 2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 13:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.searchqu.com/ IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: >> Download This Youtube Video - UnlockForUs - c:\users\mobile\AppData\Local\Temp\Rar$EX01.518\YoutubeFileHack\lawrence.htm IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\Belkin\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\mobile\AppData\Roaming\Mozilla\Firefox\Profiles\qx8h49hm.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q= FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000007b . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(632) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'lsass.exe'(548) c:\program files\internetbeveiliging\hips\fshook32.dll . - - - - - - - > 'Explorer.exe'(880) c:\program files\internetbeveiliging\hips\fshook32.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Internetbeveiliging\Anti-Virus\fsgk32st.exe c:\program files\Internetbeveiliging\Anti-Virus\FSGK32.EXE c:\program files\Internetbeveiliging\Common\FSMA32.EXE c:\windows\system32\taskhost.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Internetbeveiliging\Common\FSHDLL32.EXE c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\TeamViewer\Version6\TeamViewer.exe c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe c:\program files\Internetbeveiliging\FWES\Program\fsdfwd.exe c:\program files\Internetbeveiliging\Anti-Virus\fssm32.exe c:\windows\System32\Magnify.exe c:\windows\system32\conhost.exe c:\program files\Internetbeveiliging\Anti-Virus\fsav32.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\PrintIsolationHost.exe . ************************************************************************** . Voltooingstijd: 2011-06-24 11:53:04 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-24 09:53 ComboFix2.txt 2011-06-24 08:47 ComboFix3.txt 2011-06-24 06:37 . Pre-Run: 66.082.500.608 bytes beschikbaar Post-Run: 66.021.777.408 bytes beschikbaar . - - End Of File - - DDBECD12F1A0DAB8CFD2E182EECD2151
  • IP-gegevens: Host name: dns.tb.iss.as9143.net Country: Netherlands Netherlands Country Code: NL Region: Limburg City: Maastricht Latitude: 50.85 Longitude: 5.6833 [b:776e6995e1]Welk programma[/b:776e6995e1]: Malwarebytes MBAM [b:776e6995e1]Waarvoor/waarom[/b:776e6995e1]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:776e6995e1]Moeilijkheidsgraad[/b:776e6995e1]: geen. [b:776e6995e1]Malwarebytes MBAM opstarten[/b:776e6995e1]: Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling. [b:776e6995e1]Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/b:776e6995e1] [b:776e6995e1]Belangrijk: MBAM altijd eerst updaten![/b:776e6995e1] [list:776e6995e1][*:776e6995e1]Klik in het hoofdmenu van daarvoor op de tab 'Update' en vervolgens op de knop "Controleer op updates".[/list:u:776e6995e1] [b:776e6995e1]Scannen[/b:776e6995e1]: [list:776e6995e1][*:776e6995e1] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:776e6995e1]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:776e6995e1]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:776e6995e1] [b:776e6995e1]Infecties gevonden[/b:776e6995e1]: [list:776e6995e1][*:776e6995e1]Klik nu eerst op OK om de melding weg te klikken [*:776e6995e1]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:776e6995e1]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:776e6995e1]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:776e6995e1]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:776e6995e1]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:776e6995e1] [b:776e6995e1]MBAM-Log[/b:776e6995e1]: [list:776e6995e1][*:776e6995e1] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:776e6995e1] [b:776e6995e1]Post aansluitend de inhoud van het MBAM-log.[/b:776e6995e1]
  • Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Databaseversie: 6936 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 24-6-2011 12:40:47 mbam-log-2011-06-24 (12-40-47).txt Scantype: Snelle scan Objecten gescand: 152117 Verstreken tijd: 4 minuut/minuten, 19 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  • Mooi, we gaan opruimen: ComboFix mag nu verwijderd worden: [list:8eb9726df4][*:8eb9726df4] ga daarvoor naar Start - Uitvoeren [*:8eb9726df4] kopieer en plak hierin het volgende: [b:8eb9726df4]Combofix /Uninstall[/b:8eb9726df4] [*:8eb9726df4] klik daarna op [b:8eb9726df4]OK[/b:8eb9726df4]. [*:8eb9726df4] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:8eb9726df4] Voorbeeld: [img:8eb9726df4]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:8eb9726df4] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:8eb9726df4]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:8eb9726df4] Doe ook nog een test, om te kijken hoe je huidige veiligheidssituatie is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:8eb9726df4][color=darkblue:8eb9726df4]Security Check[/color:8eb9726df4][/b:8eb9726df4] (klik)[/url]. [list:8eb9726df4][*:8eb9726df4] Klik/dubbelklik op [b:8eb9726df4]SecurityCheck.exe[/b:8eb9726df4] en let op de instrukties in het zwarte venster. [*:8eb9726df4] Een Kladblok document genaamd [b:8eb9726df4]checkup.txt[/b:8eb9726df4] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:8eb9726df4] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:8eb9726df4] Post de inhoud van [b:8eb9726df4]checkup.txt [/b:8eb9726df4]in je volgende post.
  • Moest Ziggo bescherming uitzetten , deepguard wilde zelfs de tool niet laten starten LOG Results of screen317's Security Check version 0.99.15 Windows 7 Service Pack 1 (UAC is enabled) Internet Explorer 8 [b:59d1f91ee0]`````````````````````````````` [u:59d1f91ee0]Antivirus/Firewall Check:[/u:59d1f91ee0][/b:59d1f91ee0] [size=1:59d1f91ee0]WMI entry may not exist for antivirus; attempting automatic update.[/size:59d1f91ee0] [b:59d1f91ee0]``````````````````````````````` [u:59d1f91ee0]Anti-malware/Other Utilities Check:[/u:59d1f91ee0][/b:59d1f91ee0] Malwarebytes' Anti-Malware CCleaner Duplicate Cleaner 2.0 Java(TM) 6 Update 26 Adobe Flash Player 10.3.181.22 Mozilla Firefox (x86 nl..) [b:59d1f91ee0]```````````````````````````````` Process Check: [u:59d1f91ee0]objlist.exe by Laurent[/u:59d1f91ee0][/b:59d1f91ee0] [b:59d1f91ee0]``````````End of Log````````````[/b:59d1f91ee0]
  • Adobe Flash Player 10.3.181.26 is alweer uit. Dus snel updaten: http://get.adobe.com/nl/flashplayer/
  • Done. ik zie geen gekke dingen meer. Dus zoals eerdere malen DANK DANK DANK :lol:
  • Graag gedaan hoor, veel plezier met dat notebook.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.