Vraag & Antwoord

Beveiliging & privacy

Problemen tijdens en na installatie F Secure

15 antwoorden
  • Twijffel tussen deze of OS Windows, indien ik verkeerd zit hiet sorry, verzoek de moderator deze topic dan in de goede te plaatsen. Na het installeren van F Secure 2011 heb ik alleen maar problemen met het opstarten van bv Office Outlook 2007, Internet Exploreren die beiden niet meer reageren, Sitecom Printerserver die fouten geeft m.b.t. geheugenlocaties die niet beschikbaar zijn en er zowel draadloos- als bedraad internet niet mogelijk is. Tijdens de installatie van F Secure worden er een tweetal conflicterende applicaties gevonden, t.w. McAfee (logisch) en Nvidia Forceware Network Acces Manager (ok kan maar niet echt logiscg gezien die mijn LAN-poort aanstuurt). De overstap van McAfee naar F secure wil ik maken omdat ik op mijn site rotzooi heb staan waardoor Google mijn site als onveilig aanmerkt. McAfee vindt niets en F Secure wel (bij online scannen) en ik van die rotzooi af wil. Wat heb ik allemaal al gedaan: - F Secure installeren volgens standaard procedure - Na Key ingeve wordt gezocht naar conflicteren applicaties - Zowel McAfee als Nividia Forceware etc. worden gevonden maar niet automatisch verwijderd - Mc Afee is handmatig te verwijderen - Nvidia Forceware is niet te verwijderen - Installatie af moeten breken - Mirror c;\ partitie teruggezet - Via ms config alle Nvidia toepassingen en programma's uitgeschakeld en opnieuw opgestart - Zelfde procedure gevolgd als voorgaand maar met hetzelfde reultaat - Opnieuw mirro c;\partitie teruggezet - geprobeerd Nividia Forcwere te verwijderen wat niet lukt zonder enige melding - Via CCleaner, de waarden van Nvidia Forceware op nul gezet (sic niet normaal maar ok) - Lan verbinding uitgeschakeld - McAfee op voorhand verwijderd - Opnieuw instaal F Secure opgestart - Nivida Forceware wordt nu wel automatisch verwijderd - Installatie loopt nu netjes door tot ........ - Juist, is uren bezig en lijkt niet te eindigen met updaten, klopt dus - want er is geen verbinding met WAN - activeer Nvidia opnieuw, maar ook dus via LAN geen internetverbinding - Outlook 2007 start op maar krijg gelijk de melding dat die niet meer werkt - Geld ook voor IE 9 en FF 4 - Krijg contineu foutmeldingen van Sitecom printerserver (mogelijk op te lossen door deze opnieuw te installen - Windows 7 (helemaal up to date) is retetraag - Werderom mirror can c:\ partitie terug gezet - Mail gezonden aan F Secure maar geen reactie mogen ontvangen - Hier gezocht maar niets kunnen vinden wat vergelijkbaar is Onderstaand ik de hijakthis laat zien, ben niet echt een leek maar dit gaat mijn pet te boven: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:06:29, on 24-6-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corba-web.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110519175503.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1043 O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Control Center] C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe -mini O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1480718370-4163580771-2151715521-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1480718370-4163580771-2151715521-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn....9.3.0/GarminAxControl.CAB O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12993 bytes Wie kan mij helpen?
  • Hoi PC1, het is duidelijk, conflicten dus. Je gaat nu eerst naar "Confuguratiescherm\[b:81f7b462f6]Programma's en onderdelen[/b:81f7b462f6]" en jeverwijdert daar: [b:81f7b462f6]NVIDIA NetworkAccessManager[/b:81f7b462f6] Dit is niks anders dan een buggy firewall van NVidia, welke helemaal niks in Windows te zooeken heeft. McAfee handmatig verwijderen is niet de juiste weg! Kijk nu eerst hier: http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033 En post in je volgende bericht onderstaande: [b:81f7b462f6]Welk programma[/b:81f7b462f6]: sUbs [b:81f7b462f6]dds.scr[/b:81f7b462f6] [b:81f7b462f6]Waarvoor/waarom[/b:81f7b462f6]: DDS is een diagnosetool en maakt gebruik van scripts. [b:81f7b462f6]Moeilijkheidsgraad[/b:81f7b462f6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:81f7b462f6]Downloadlokatie[/b:81f7b462f6]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen! [b:81f7b462f6]Download[/b:81f7b462f6] sUBs dds.scr [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b:81f7b462f6]hier[/b:81f7b462f6][/url] [img:81f7b462f6]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:81f7b462f6] [b:81f7b462f6]sUBs dds.scr gebruiken[/b:81f7b462f6]: [list:81f7b462f6][*:81f7b462f6][b:81f7b462f6][color=Red:81f7b462f6]Belangrijk[/color:81f7b462f6][/b:81f7b462f6]: deaktiveer eerst de antivirussoftware en de aktieve spywarescanners! [*:81f7b462f6] [b:81f7b462f6][color=Blue:81f7b462f6]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:81f7b462f6][/b:81f7b462f6] [*:81f7b462f6]Windows 2000 en Windows XP: start sUBs dds.scr middels dubbelklik op de snelkoppeling. [*:81f7b462f6]Windows Vista en Windows 7: start sUBs dds.scr rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [*:81f7b462f6] Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs.[/list:u:81f7b462f6]
  • Ok Abraham, gaan we: Ik ben dus opnieuw vanaf de mirror begonnen: - Heb die Nvidia NetworkAccesManager verwijderd - Dan McAfee volgens hun instructies en niet zoals jij aangaf. Als je McAfee verwijderd via software verwijderen verschijnt er een eigen deïnstallascherm - Alle andere malware en Spywaresoftware verwijderd - Toen met Ccleaner alles schoongemaakt resp. gerepareerd - Nieuwe mirror gemaakt - Opnieuw F Secure gaan installeren, vond geen conflicterende zaken en liep tijdens de installatie netjes door tot bijna het einde - Kon niet valideren omdat F-secure geen internetverbinding vindt, ongeacht draadloos of bekabeld - Heb met met moeite een DDS in kladblok kunnen krijgen want niets functioneert meer, zelfs kladblok klapte eruit (gelukkig na het saven) De latop herstart maar de problemen bleven en kreeg veel foutmeldingen van niet werkende applicaties (ook van Windows zelf) en kreeg ook verbinding meer met internet (één van de meldingen was dat er een geheugenlocatie niet kon worden beschreven) - geheugentest uitgevoerd, geen problemen - F-Secure gedeïnstalleerd met eigen optie van F Secure - na herstart nog steeds veel problemen zoals bovenstaand genoemd - Laatste mirror weer teruggezet want anders heb ik geen goed werkende laptop hieronder de DDS log: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Piet at 17:43:02 on 2011-06-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1910 [GMT 2:00] . AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\brss01a.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\msiexec.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSHDLL32.EXE C:\Program Files\F-Secure\Common\fsm32.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\ORSP Client\fsorsp.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\POSTINSTALL.EXE C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.corba-web.nl/ BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1043 mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Control Center] c:\program files\sitecom\mfp server control center\Control Center.exe -mini mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvLsp.dll LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D} : DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D}\4586579637 : DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{F7556BF4-820D-4B69-A248-1D4FAAD15648} : DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\piet\appdata\roaming\mozilla\firefox\profiles\qkhe7l8f.default\ FF - prefs.js: browser.search.selectedEngine - Secure-zoeken FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\components\Scriptff.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-24 33408] R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2010-12-15 911552] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-6-24 72520] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-24 37832] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-24 72840] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 2475952] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2011-6-24 221864] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-1-26 573224] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-23 2214504] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 159296] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-15 32256] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2011-6-24 102568] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-6-24 58024] R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-6-9 69376] S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2011-6-24 14504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-7 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-7 8456] S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176] S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-6-9 92928] S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-12-15 724992] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2011-6-24 41896] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2011-6-24 27304] . =============== Created Last 30 ================ . 2011-06-24 15:42:36 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e3925022-f435-4e5c-ae7e-e034f4f1ad93}\mpengine.dll 2011-06-24 15:39:35 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys 2011-06-24 15:39:14 37832 ----a-w- c:\windows\system32\drivers\fses.sys 2011-06-24 15:39:09 72840 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2011-06-24 15:39:09 574632 ----a-w- c:\windows\system32\msvcp50.dll 2011-06-24 15:38:16 -------- d-----w- c:\program files\F-Secure 2011-06-24 15:37:21 -------- d-----w- c:\programdata\fssg 2011-06-24 15:36:17 -------- d-----w- c:\programdata\f-secure 2011-06-23 23:25:27 -------- d-----w- c:\users\piet\appdata\local\{7490FD38-64F5-4299-B4DB-45A3B33515DB} 2011-06-23 17:44:34 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-06-23 17:44:34 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-06-23 17:44:34 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-06-23 17:44:34 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-06-23 17:44:33 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-06-23 17:44:33 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-06-23 17:44:28 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-06-23 17:44:11 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-06-23 17:39:00 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-06-23 17:38:59 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-06-23 17:38:56 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-06-23 17:38:55 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-06-23 17:38:55 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-06-23 17:38:55 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-06-23 17:38:54 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-06-23 17:38:53 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-06-23 17:38:53 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-06-23 17:38:53 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-06-23 17:38:52 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-06-23 17:38:52 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-06-20 23:55:43 -------- d-----w- c:\users\piet\appdata\local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A} 2011-06-19 21:35:19 -------- d-----w- c:\users\piet\appdata\local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C} 2011-06-19 00:44:39 -------- d-----w- c:\users\piet\appdata\local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587} 2011-06-17 21:54:04 -------- d-----w- c:\users\piet\appdata\local\{DFF8575E-4067-4824-8009-92B15808F715} 2011-06-17 00:41:16 -------- d-----w- c:\users\piet\appdata\local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500} 2011-06-15 01:19:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 01:19:33 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-06-15 01:19:32 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 01:05:52 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 01:05:52 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 01:05:52 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 01:05:49 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 01:05:49 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 01:05:49 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 01:05:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 01:05:36 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 01:05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 01:05:32 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 23:00:44 -------- d-----w- c:\users\piet\appdata\local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F} 2011-06-13 23:41:16 -------- d-----w- c:\users\piet\appdata\local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27} 2011-06-13 01:49:47 -------- d-----w- c:\users\piet\appdata\local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167} 2011-06-12 00:34:28 -------- d-----w- c:\users\piet\appdata\local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9} 2011-06-11 00:34:11 -------- d-----w- c:\users\piet\appdata\local\{167AD3C9-37B4-411C-AD1A-D6823CED637A} 2011-06-09 21:05:11 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2011-06-07 22:30:08 -------- d-----w- c:\users\piet\appdata\local\{28187619-3414-42AF-9EDC-D252D305B673} 2011-06-07 02:16:59 -------- d-----w- c:\users\piet\appdata\local\{A66A296B-2E55-4D57-B91D-DD0F2510E080} 2011-06-06 01:47:39 -------- d-----w- c:\users\piet\appdata\local\{F8D543DD-00B9-4229-B510-794656EAF063} 2011-06-02 23:11:59 -------- d-----w- c:\users\piet\appdata\local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E} 2011-05-31 00:12:51 -------- d-----w- c:\users\piet\appdata\local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C} 2011-05-29 00:55:01 -------- d-----w- c:\users\piet\appdata\local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B} 2011-05-27 21:11:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-26 23:14:16 -------- d-----w- c:\users\piet\appdata\local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7} 2011-05-25 20:41:53 -------- d-----w- c:\users\piet\appdata\local\{379EB12C-9D95-4C01-A013-F95DC6678387} . ==================== Find3M ==================== . 2011-06-18 14:27:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-21 06:01:00 301672 ----a-w- c:\windows\system32\nvhotkey.dll 2011-05-21 06:01:00 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-23 20:20:15 1061888 ----a-w- c:\windows\isRS-000.tmp 2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe . ============= FINISH: 17:45:11,63 =============== Ik hoop dat je verder wat licht in mijn duisternis kan doen schijnen, m.a.w. ik hoop op een oplossing :wink:
  • Ok Abraham, gaan we: Ik ben dus opnieuw vanaf de mirror begonnen: - Heb die Nvidia NetworkAccesManager verwijderd - Dan McAfee volgens hun instructies en niet zoals jij aangaf. Als je McAfee verwijderd via software verwijderen verschijnt er een eigen deïnstallascherm - Alle andere malware en Spywaresoftware verwijderd - Toen met Ccleaner alles schoongemaakt resp. gerepareerd - Nieuwe mirror gemaakt - Opnieuw F Secure gaan installeren, vond geen conflicterende zaken en liep tijdens de installatie netjes door tot bijna het einde - Kon niet valideren omdat F-secure geen internetverbinding vindt, ongeacht draadloos of bekabeld - Heb met met moeite een DDS in kladblok kunnen krijgen want niets functioneert meer, zelfs kladblok klapte eruit (gelukkig na het saven) De latop herstart maar de problemen bleven en kreeg veel foutmeldingen van niet werkende applicaties (ook van Windows zelf) en kreeg ook verbinding meer met internet (één van de meldingen was dat er een geheugenlocatie niet kon worden beschreven) - geheugentest uitgevoerd, geen problemen - F-Secure gedeïnstalleerd met eigen optie van F Secure - na herstart nog steeds veel problemen zoals bovenstaand genoemd - Laatste mirror weer teruggezet want anders heb ik geen goed werkende laptop hieronder de DDS log: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Piet at 17:43:02 on 2011-06-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1910 [GMT 2:00] . AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\brss01a.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe C:\Program Files\palmOne\HOTSYNC.EXE C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\msiexec.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Common\FSHDLL32.EXE C:\Program Files\F-Secure\Common\fsm32.exe C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\ORSP Client\fsorsp.exe C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\POSTINSTALL.EXE C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.corba-web.nl/ BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe" mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1043 mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Control Center] c:\program files\sitecom\mfp server control center\Control Center.exe -mini mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: %SYSTEMROOT%\system32\nvLsp.dll LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D} : DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D}\4586579637 : DhcpNameServer = 212.54.40.25 212.54.35.25 TCP: Interfaces\{F7556BF4-820D-4B69-A248-1D4FAAD15648} : DhcpNameServer = 212.54.40.25 212.54.35.25 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\piet\appdata\roaming\mozilla\firefox\profiles\qkhe7l8f.default\ FF - prefs.js: browser.search.selectedEngine - Secure-zoeken FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - component: c:\program files\mozilla firefox\components\Scriptff.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-24 33408] R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2010-12-15 911552] R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-6-24 72520] R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-24 37832] R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-24 72840] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 2475952] R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2011-6-24 221864] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-1-26 573224] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-23 2214504] R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 159296] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-15 32256] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2011-6-24 102568] R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-6-24 58024] R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-6-9 69376] S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2011-6-24 14504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-7 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-7 8456] S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176] S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-6-9 92928] S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-12-15 724992] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920] S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2011-6-24 41896] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2011-6-24 27304] . =============== Created Last 30 ================ . 2011-06-24 15:42:36 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e3925022-f435-4e5c-ae7e-e034f4f1ad93}\mpengine.dll 2011-06-24 15:39:35 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys 2011-06-24 15:39:14 37832 ----a-w- c:\windows\system32\drivers\fses.sys 2011-06-24 15:39:09 72840 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2011-06-24 15:39:09 574632 ----a-w- c:\windows\system32\msvcp50.dll 2011-06-24 15:38:16 -------- d-----w- c:\program files\F-Secure 2011-06-24 15:37:21 -------- d-----w- c:\programdata\fssg 2011-06-24 15:36:17 -------- d-----w- c:\programdata\f-secure 2011-06-23 23:25:27 -------- d-----w- c:\users\piet\appdata\local\{7490FD38-64F5-4299-B4DB-45A3B33515DB} 2011-06-23 17:44:34 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-06-23 17:44:34 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-06-23 17:44:34 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-06-23 17:44:34 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-06-23 17:44:33 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-06-23 17:44:33 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-06-23 17:44:28 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-06-23 17:44:11 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-06-23 17:39:00 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-06-23 17:38:59 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-06-23 17:38:56 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-06-23 17:38:55 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-06-23 17:38:55 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-06-23 17:38:55 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-06-23 17:38:54 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-06-23 17:38:53 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-06-23 17:38:53 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-06-23 17:38:53 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-06-23 17:38:52 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-06-23 17:38:52 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-06-20 23:55:43 -------- d-----w- c:\users\piet\appdata\local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A} 2011-06-19 21:35:19 -------- d-----w- c:\users\piet\appdata\local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C} 2011-06-19 00:44:39 -------- d-----w- c:\users\piet\appdata\local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587} 2011-06-17 21:54:04 -------- d-----w- c:\users\piet\appdata\local\{DFF8575E-4067-4824-8009-92B15808F715} 2011-06-17 00:41:16 -------- d-----w- c:\users\piet\appdata\local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500} 2011-06-15 01:19:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 01:19:33 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll 2011-06-15 01:19:32 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 01:05:52 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 01:05:52 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 01:05:52 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 01:05:49 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 01:05:49 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 01:05:49 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 01:05:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 01:05:36 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 01:05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 01:05:32 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 23:00:44 -------- d-----w- c:\users\piet\appdata\local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F} 2011-06-13 23:41:16 -------- d-----w- c:\users\piet\appdata\local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27} 2011-06-13 01:49:47 -------- d-----w- c:\users\piet\appdata\local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167} 2011-06-12 00:34:28 -------- d-----w- c:\users\piet\appdata\local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9} 2011-06-11 00:34:11 -------- d-----w- c:\users\piet\appdata\local\{167AD3C9-37B4-411C-AD1A-D6823CED637A} 2011-06-09 21:05:11 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2011-06-07 22:30:08 -------- d-----w- c:\users\piet\appdata\local\{28187619-3414-42AF-9EDC-D252D305B673} 2011-06-07 02:16:59 -------- d-----w- c:\users\piet\appdata\local\{A66A296B-2E55-4D57-B91D-DD0F2510E080} 2011-06-06 01:47:39 -------- d-----w- c:\users\piet\appdata\local\{F8D543DD-00B9-4229-B510-794656EAF063} 2011-06-02 23:11:59 -------- d-----w- c:\users\piet\appdata\local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E} 2011-05-31 00:12:51 -------- d-----w- c:\users\piet\appdata\local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C} 2011-05-29 00:55:01 -------- d-----w- c:\users\piet\appdata\local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B} 2011-05-27 21:11:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-26 23:14:16 -------- d-----w- c:\users\piet\appdata\local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7} 2011-05-25 20:41:53 -------- d-----w- c:\users\piet\appdata\local\{379EB12C-9D95-4C01-A013-F95DC6678387} . ==================== Find3M ==================== . 2011-06-18 14:27:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 17:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-21 06:01:00 301672 ----a-w- c:\windows\system32\nvhotkey.dll 2011-05-21 06:01:00 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-04-23 20:20:15 1061888 ----a-w- c:\windows\isRS-000.tmp 2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe . ============= FINISH: 17:45:11,63 =============== Ik hoop dat je verder wat licht in mijn duisternis kan doen schijnen, m.a.w. ik hoop op een oplossing :wink:
  • Begrijp ik het goed,dat je telkens een image van je compleet ingerichte besturingssysteem terugzet? En ik mis Attach.txt.
  • Ja moet wel steeds mijn image terugzetten om weer op internet te kunnen want na install van F Secure krijg ik echt geen verbinding meer met internet etc. Sterker nog, niets werkt dan naar behoren en hen geen 2e systeem om op internet te komen. En alsk je Attach.txt mist is die dus niet door DDS aangemaakt vrees ik.
  • Ik ben benieuwd wat ComboFix mogelijk vindt: [b:4cb0090d17]Welk programma[/b:4cb0090d17]: ComboFix [b:4cb0090d17]Waarvoor/waarom[/b:4cb0090d17]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen. [b:4cb0090d17]Moeilijkheidsgraad[/b:4cb0090d17]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:4cb0090d17]Downloadlokatie[/b:4cb0090d17]: Dit programma absoluut naar het bureaublad downloaden! [b:4cb0090d17]Download ComboFix via één van deze locaties[/b:4cb0090d17]: [list:4cb0090d17][*:4cb0090d17][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:4cb0090d17]Bleepingcomputer[/b:4cb0090d17][/url] [*:4cb0090d17][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:4cb0090d17]ForoSpyware[/b:4cb0090d17][/url] [*:4cb0090d17][url=http://subs.geekstogo.com/ComboFix.exe][b:4cb0090d17]Geekstogo[/b:4cb0090d17][/url][/list:u:4cb0090d17] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:4cb0090d17]Hier[/b:4cb0090d17][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:4cb0090d17]Hier[/b:4cb0090d17][/url] en [url=http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html][b:4cb0090d17]hier[/b:4cb0090d17][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:4cb0090d17]Voor alle duidelijkheid nogmaals[/b:4cb0090d17]: ComboFix dient vanaf het bureaublad gestart te worden. [b:4cb0090d17]Opmerkingen[/b:4cb0090d17]: [list:4cb0090d17][*:4cb0090d17] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:4cb0090d17]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten. [*:4cb0090d17]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:4cb0090d17] [b:4cb0090d17]ComboFix is opgestart[/b:4cb0090d17]: [list:4cb0090d17][*:4cb0090d17]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:4cb0090d17]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:4cb0090d17]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:4cb0090d17]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:4cb0090d17]Post de inhoud van dit logbestand in je volgende bericht. [*:4cb0090d17]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:4cb0090d17] [b:4cb0090d17]Belangrijke opmerking[/b:4cb0090d17]: [list:4cb0090d17][*:4cb0090d17][b:4cb0090d17][color=Red:4cb0090d17]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:4cb0090d17][/b:4cb0090d17] [*:4cb0090d17][b:4cb0090d17][color=blue:4cb0090d17]Illegal operation attempted on a registery key that has been marked for deletion.[/color:4cb0090d17][/b:4cb0090d17] [*:4cb0090d17][b:4cb0090d17][color=Red:4cb0090d17]Start dan de computer opnieuw op.[/color:4cb0090d17][/b:4cb0090d17][/list:u:4cb0090d17]
  • Hier Combofix zonder dat er een virusscanner is geïnstalleerd. Wel heb ik bij McAffee nog een extra tool gevonden om de echte rotzooi van McAffee te verwujderen. Die heb ik eerst gedraaid alvorens onderstaande log aan te maken. ComboFix 11-06-25.01 - Piet 25-06-2011 17:04:56.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1894 [GMT 2:00] Gestart vanuit: c:\users\Piet\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))) . . 2011-06-25 15:10 . 2011-06-25 15:11 -------- d-----w- c:\users\Piet\AppData\Local\temp 2011-06-25 15:10 . 2011-06-25 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-25 14:46 . 2011-06-25 14:46 -------- d-----w- C:\found.000 2011-06-25 14:23 . 2011-06-25 14:23 0 ---ha-w- c:\users\Piet\AppData\Local\BITF381.tmp 2011-06-24 22:48 . 2011-06-24 22:48 -------- d-----w- c:\users\Piet\AppData\Local\{BF9D7446-7235-4342-8B9E-1960E8AFA35B} 2011-06-24 17:23 . 2011-06-24 17:23 -------- d-----w- C:\Studio webdesing 2011-06-24 16:49 . 2011-06-24 16:49 -------- d-----w- c:\users\Piet\AppData\Roaming\AVG10 2011-06-24 16:48 . 2011-06-24 16:48 -------- d--h--w- c:\programdata\Common Files 2011-06-24 16:47 . 2011-06-25 14:54 -------- d-----w- c:\programdata\AVG10 2011-06-24 16:46 . 2011-06-24 16:46 -------- d-----w- c:\program files\AVG 2011-06-24 16:38 . 2011-06-25 14:53 -------- d-----w- c:\programdata\MFAData 2011-06-23 23:25 . 2011-06-23 23:25 -------- d-----w- c:\users\Piet\AppData\Local\{7490FD38-64F5-4299-B4DB-45A3B33515DB} 2011-06-23 17:47 . 2011-06-24 17:22 -------- d-----w- c:\users\UpdatusUser 2011-06-23 17:44 . 2011-05-21 06:01 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-06-23 17:44 . 2011-05-21 06:01 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-06-23 17:44 . 2011-05-21 06:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-06-23 17:44 . 2011-05-21 06:01 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-06-23 17:44 . 2011-05-21 06:01 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-06-23 17:44 . 2011-05-21 06:01 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-06-23 17:44 . 2011-05-21 06:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-06-23 17:44 . 2011-06-23 17:44 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-06-23 17:39 . 2011-05-21 06:01 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-06-23 17:38 . 2011-05-21 06:01 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-06-23 17:38 . 2011-05-21 06:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-06-23 17:38 . 2011-05-21 06:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-06-23 17:38 . 2011-05-21 06:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-06-23 17:38 . 2011-05-21 06:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-06-23 17:38 . 2011-05-21 06:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-06-23 17:38 . 2011-05-21 06:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-06-23 17:38 . 2011-05-21 06:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-06-23 17:38 . 2011-05-21 06:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-06-23 17:38 . 2011-05-21 06:01 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-06-23 17:38 . 2011-05-21 06:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-06-20 23:55 . 2011-06-20 23:55 -------- d-----w- c:\users\Piet\AppData\Local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A} 2011-06-19 21:35 . 2011-06-19 21:35 -------- d-----w- c:\users\Piet\AppData\Local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C} 2011-06-19 00:44 . 2011-06-19 00:44 -------- d-----w- c:\users\Piet\AppData\Local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587} 2011-06-17 21:54 . 2011-06-17 21:54 -------- d-----w- c:\users\Piet\AppData\Local\{DFF8575E-4067-4824-8009-92B15808F715} 2011-06-17 00:41 . 2011-06-17 00:41 -------- d-----w- c:\users\Piet\AppData\Local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500} 2011-06-15 01:19 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-15 01:19 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 01:19 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 01:05 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 01:05 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 01:05 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 01:05 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 01:05 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 01:05 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 01:05 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 01:05 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 01:05 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 01:05 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 23:00 . 2011-06-14 23:00 -------- d-----w- c:\users\Piet\AppData\Local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F} 2011-06-13 23:41 . 2011-06-13 23:41 -------- d-----w- c:\users\Piet\AppData\Local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27} 2011-06-13 01:49 . 2011-06-13 01:49 -------- d-----w- c:\users\Piet\AppData\Local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167} 2011-06-12 00:34 . 2011-06-12 00:34 -------- d-----w- c:\users\Piet\AppData\Local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9} 2011-06-11 00:34 . 2011-06-11 00:34 -------- d-----w- c:\users\Piet\AppData\Local\{167AD3C9-37B4-411C-AD1A-D6823CED637A} 2011-06-09 21:05 . 2011-06-09 21:05 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2011-06-07 22:30 . 2011-06-07 22:30 -------- d-----w- c:\users\Piet\AppData\Local\{28187619-3414-42AF-9EDC-D252D305B673} 2011-06-07 02:16 . 2011-06-07 02:17 -------- d-----w- c:\users\Piet\AppData\Local\{A66A296B-2E55-4D57-B91D-DD0F2510E080} 2011-06-06 01:47 . 2011-06-06 01:47 -------- d-----w- c:\users\Piet\AppData\Local\{F8D543DD-00B9-4229-B510-794656EAF063} 2011-06-02 23:11 . 2011-06-02 23:12 -------- d-----w- c:\users\Piet\AppData\Local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E} 2011-05-31 00:12 . 2011-05-31 00:13 -------- d-----w- c:\users\Piet\AppData\Local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C} 2011-05-29 00:55 . 2011-05-29 00:55 -------- d-----w- c:\users\Piet\AppData\Local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B} 2011-05-27 21:11 . 2011-05-27 21:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-27 21:08 . 2011-05-27 21:08 -------- d-----w- c:\programdata\Lavasoft 2011-05-26 23:14 . 2011-05-26 23:14 -------- d-----w- c:\users\Piet\AppData\Local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-18 14:27 . 2011-05-15 14:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 06:01 . 2011-06-23 17:38 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-05-21 06:01 . 2007-12-05 17:18 301672 ----a-w- c:\windows\system32\nvhotkey.dll 2011-04-23 20:20 . 2011-04-23 20:20 1061888 ----a-w- c:\windows\isRS-000.tmp 2011-04-22 19:14 . 2011-05-25 14:19 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-22 14:56 . 2011-04-22 14:56 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin 2011-04-09 06:02 . 2011-05-10 17:06 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-10 17:06 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-10 17:06 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-03-18 18:03 . 2011-03-22 21:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-15 39408] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-06-17 93816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776] "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "Control Center"="c:\program files\Sitecom\MFP Server Control Center\Control Center.exe" [2008-06-06 3127808] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] . c:\users\Piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648] HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176] R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-06-09 92928] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400] R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-12-15 911552] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-15 2475952] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-15 159296] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256] S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-06-09 69376] S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-07 724992] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05] . 2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.corba-web.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\Piet\AppData\Roaming\Mozilla\Firefox\Profiles\qkhe7l8f.default\ FF - prefs.js: browser.search.selectedEngine - Secure-zoeken FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-06-25 17:13:00 ComboFix-quarantined-files.txt 2011-06-25 15:12 . Pre-Run: 87.786.160.128 bytes beschikbaar Post-Run: 87.329.095.680 bytes beschikbaar . - - End Of File - - 9298B89A581DD7072BBEBC43B724FA80
  • Twee dingen: a) ComboFix is niet vanaf het bureaublad gestart, maar vanuit de map Downloads. Verplaats ComboFix dus naar het bureaublad. b) Nu zit ineens AVG10 in jouw Windows. Waarom niet eerst gevraagd? AVG10 is misschien nog lastiger weer te verwijderen dan F-Secure! In ieder geval start ComboFix vanaf de juiste lokatie voor een nieuwe scan.
  • Sorry joh, maar wilde niet helemaal onbeschermt het net op snap je. Heb mij niet gerealiseerd dat dit kwaad kon. Maar ik heb ook na het installeren van F Secure vanaf het bureaublad, nadat F Secure volledig is uitgeschakeld weer een Combofix vanaf het bureaublad gedraaid. Maar kreeg veel foutmeldingen van werfault.exe die 4 schrijffouten ga op geheugen locaties. Ook liepen de applicaties vaak vast en heeft mij inmiddels weer uren gekost om da log te verkrijgen. Wel maak ik na elk advies m.v.t. controle- en of verwijderen van applicaties een nieuwe image van waaruit ik verder ga. Fat houd in dat ik nu weer op een vorige image zit en ik als ik verder moet gaan eerst de voorgaande image terugzet vanwaar we zijn gebleven. Op die wijze zal je dit soort zaken als AVG niet meer tegenkomen. Hier volgt de log van Cpmbofix na uitschakeling van F Secure, ik kreeg dus geen waarschuwingen. ComboFix 11-06-25.01 - Piet 25-06-2011 18:04:11.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2010 [GMT 2:00] Gestart vanuit: c:\users\Piet\Downloads\ComboFix.exe AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} FW: F-Secure Internet Security 2011 10.51 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C} SP: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))) . . 2011-06-25 16:10 . 2011-06-25 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-25 15:44 . 2011-06-25 15:44 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys 2011-06-25 15:44 . 2011-06-25 15:44 37832 ----a-w- c:\windows\system32\drivers\fses.sys 2011-06-25 15:44 . 2011-06-25 15:43 72840 ----a-w- c:\windows\system32\drivers\fsdfw.sys 2011-06-25 15:44 . 2011-06-25 15:43 574632 ----a-w- c:\windows\system32\msvcp50.dll 2011-06-25 15:43 . 2011-06-25 15:45 -------- d-----w- c:\program files\F-Secure 2011-06-25 15:42 . 2011-06-25 15:42 -------- d-----w- c:\programdata\fssg 2011-06-25 15:41 . 2011-06-25 15:44 -------- d-----w- c:\programdata\f-secure 2011-06-25 15:13 . 2011-06-25 16:10 -------- d-----w- c:\users\Piet\AppData\Local\temp 2011-06-25 14:46 . 2011-06-25 14:46 -------- d-----w- C:\found.000 2011-06-25 14:23 . 2011-06-25 14:23 0 ---ha-w- c:\users\Piet\AppData\Local\BITF381.tmp 2011-06-24 22:48 . 2011-06-24 22:48 -------- d-----w- c:\users\Piet\AppData\Local\{BF9D7446-7235-4342-8B9E-1960E8AFA35B} 2011-06-24 17:23 . 2011-06-24 17:23 -------- d-----w- C:\Studio webdesing 2011-06-24 16:49 . 2011-06-24 16:49 -------- d-----w- c:\users\Piet\AppData\Roaming\AVG10 2011-06-24 16:48 . 2011-06-24 16:48 -------- d--h--w- c:\programdata\Common Files 2011-06-24 16:47 . 2011-06-25 14:54 -------- d-----w- c:\programdata\AVG10 2011-06-24 16:46 . 2011-06-24 16:46 -------- d-----w- c:\program files\AVG 2011-06-24 16:38 . 2011-06-25 14:53 -------- d-----w- c:\programdata\MFAData 2011-06-23 23:25 . 2011-06-23 23:25 -------- d-----w- c:\users\Piet\AppData\Local\{7490FD38-64F5-4299-B4DB-45A3B33515DB} 2011-06-23 17:47 . 2011-06-24 17:22 -------- d-----w- c:\users\UpdatusUser 2011-06-23 17:44 . 2011-05-21 06:01 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-06-23 17:44 . 2011-05-21 06:01 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-06-23 17:44 . 2011-05-21 06:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-06-23 17:44 . 2011-05-21 06:01 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-06-23 17:44 . 2011-05-21 06:01 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-06-23 17:44 . 2011-05-21 06:01 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-06-23 17:44 . 2011-05-21 06:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-06-23 17:44 . 2011-06-23 17:44 -------- d-----w- c:\programdata\NVIDIA Corporation 2011-06-23 17:39 . 2011-05-21 06:01 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-06-23 17:38 . 2011-05-21 06:01 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-06-23 17:38 . 2011-05-21 06:01 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-06-23 17:38 . 2011-05-21 06:01 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-06-23 17:38 . 2011-05-21 06:01 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-06-23 17:38 . 2011-05-21 06:01 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-06-23 17:38 . 2011-05-21 06:01 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-06-23 17:38 . 2011-05-21 06:01 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-06-23 17:38 . 2011-05-21 06:01 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-06-23 17:38 . 2011-05-21 06:01 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-06-23 17:38 . 2011-05-21 06:01 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-06-23 17:38 . 2011-05-21 06:01 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-06-20 23:55 . 2011-06-20 23:55 -------- d-----w- c:\users\Piet\AppData\Local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A} 2011-06-19 21:35 . 2011-06-19 21:35 -------- d-----w- c:\users\Piet\AppData\Local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C} 2011-06-19 00:44 . 2011-06-19 00:44 -------- d-----w- c:\users\Piet\AppData\Local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587} 2011-06-17 21:54 . 2011-06-17 21:54 -------- d-----w- c:\users\Piet\AppData\Local\{DFF8575E-4067-4824-8009-92B15808F715} 2011-06-17 00:41 . 2011-06-17 00:41 -------- d-----w- c:\users\Piet\AppData\Local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500} 2011-06-15 01:19 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-15 01:19 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-15 01:19 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-15 01:05 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 01:05 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 01:05 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 01:05 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 01:05 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 01:05 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 01:05 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 01:05 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 01:05 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 01:05 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-14 23:00 . 2011-06-14 23:00 -------- d-----w- c:\users\Piet\AppData\Local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F} 2011-06-13 23:41 . 2011-06-13 23:41 -------- d-----w- c:\users\Piet\AppData\Local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27} 2011-06-13 01:49 . 2011-06-13 01:49 -------- d-----w- c:\users\Piet\AppData\Local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167} 2011-06-12 00:34 . 2011-06-12 00:34 -------- d-----w- c:\users\Piet\AppData\Local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9} 2011-06-11 00:34 . 2011-06-11 00:34 -------- d-----w- c:\users\Piet\AppData\Local\{167AD3C9-37B4-411C-AD1A-D6823CED637A} 2011-06-09 21:05 . 2011-06-09 21:05 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2011-06-07 22:30 . 2011-06-07 22:30 -------- d-----w- c:\users\Piet\AppData\Local\{28187619-3414-42AF-9EDC-D252D305B673} 2011-06-07 02:16 . 2011-06-07 02:17 -------- d-----w- c:\users\Piet\AppData\Local\{A66A296B-2E55-4D57-B91D-DD0F2510E080} 2011-06-06 01:47 . 2011-06-06 01:47 -------- d-----w- c:\users\Piet\AppData\Local\{F8D543DD-00B9-4229-B510-794656EAF063} 2011-06-02 23:11 . 2011-06-02 23:12 -------- d-----w- c:\users\Piet\AppData\Local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E} 2011-05-31 00:12 . 2011-05-31 00:13 -------- d-----w- c:\users\Piet\AppData\Local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C} 2011-05-29 00:55 . 2011-05-29 00:55 -------- d-----w- c:\users\Piet\AppData\Local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B} 2011-05-27 21:11 . 2011-05-27 21:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-05-27 21:08 . 2011-05-27 21:08 -------- d-----w- c:\programdata\Lavasoft 2011-05-26 23:14 . 2011-05-26 23:14 -------- d-----w- c:\users\Piet\AppData\Local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-18 14:27 . 2011-05-15 14:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-21 06:01 . 2011-06-23 17:38 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-05-21 06:01 . 2007-12-05 17:18 301672 ----a-w- c:\windows\system32\nvhotkey.dll 2011-04-23 20:20 . 2011-04-23 20:20 1061888 ----a-w- c:\windows\isRS-000.tmp 2011-04-22 19:14 . 2011-05-25 14:19 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-22 14:56 . 2011-04-22 14:56 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin 2011-04-09 06:02 . 2011-05-10 17:06 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:02 . 2011-05-10 17:06 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-10 17:06 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-03-18 18:03 . 2011-03-22 21:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-15 39408] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-06-17 93816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856] "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776] "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "Control Center"="c:\program files\Sitecom\MFP Server Control Center\Control Center.exe" [2008-06-06 3127808] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] . c:\users\Piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648] HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] 2011-06-25 15:43 201384 ----a-w- c:\program files\F-Secure\Common\FSM32.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] 2011-06-25 15:43 1655464 ----a-w- c:\program files\F-Secure\FSGUI\tnbutil.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176] R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-06-09 92928] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400] R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2011-06-25 41896] R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2011-06-25 27304] R4 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2011-06-25 58024] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-06-25 33408] S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-12-15 911552] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2011-06-25 72520] S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-06-25 37832] S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-06-25 72840] S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-06-25 14504] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-15 2475952] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-15 159296] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-25 102568] S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-06-09 69376] S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-07 724992] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05] . 2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.corba-web.nl/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: %SYSTEMROOT%\system32\nvLsp.dll LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB FF - ProfilePath - c:\users\Piet\AppData\Roaming\Mozilla\Firefox\Profiles\qkhe7l8f.default\ FF - prefs.js: browser.search.selectedEngine - Secure-zoeken FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2224) c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll . Voltooingstijd: 2011-06-25 18:12:50 ComboFix-quarantined-files.txt 2011-06-25 16:12 ComboFix2.txt 2011-06-25 15:13 . Pre-Run: 87.214.116.864 bytes beschikbaar Post-Run: 87.042.084.864 bytes beschikbaar . - - End Of File - - 1152C53D1D571770EEC6A3881D539C0A Dus F Secure geïnstalleerd maar geen werkende applicaties meer en kon F Secure ook niet valideren. En de volgende keer zal ik vragen voor als ik weer tussentijds wat installeer. Sorry, overzag de consequenties niet en wil niet onbeschermd op internet en heb dus maar één laptop in huis en verder niets!
  • Ik denk dat jij die image moet vergeten en Windows van de grond moet gaan opbouwen op een vers geformatteerde systeempartitie!
  • Pfff, ik ben er uit hoor. Naast de zeer goede contacten met F Secure en veel geklooi om het zomaar te noemen heb ik uiteindelijk mijn mirror uit februari teruggezet, die ik gelukkig op mijn NAS terug vond. Is een mirror van een "schone" installatie en hoefde daar alleen McAfee te verwijderen. De installatie verliep vlekkeloos en alles lijkt goed te werken. Aangezien al mijn data op zowel de E: partitie en de NAS staan heb ik op dat gebied geen verlies geleden, behalve dat ik nu veel moet updaten maar dat kan tussen andere bedrijven door.
  • Mooi dat je nog een ander mage vond. Maar een vraag: hoe heb je McAfee verwjderd uit die Windows? Want McAfee verwijderd via de Windows weg betekent meestal, dat er nog flink wat onderdelen achterblijven. Dus gebruik alsnog het tool van McAfee, om zeker te gaan dat McAfee definitief verdwijnt. http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033
  • Die beschrijving van McAfee waar jij de link voor gaf klopt dus niet. Inmiddels hebben zij, evenals Norton, een speciaal programma om alle rotzooi van McAfee te verwijderen. Die tool kun je vinden op: http://download.mcafee.com/products/licenced/cust_support_patches/MPCR.exe
  • Je hebt gelijk. Het is veranderd, zal verband houden met de overname van McAfee door Intel. Bedankt voor het melden!

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.