Vraag & Antwoord

Beveiliging & privacy

Problemen tijdens en na installatie F Secure

Anoniem
PC1
15 antwoorden
  • Twijffel tussen deze of OS Windows, indien ik verkeerd zit hiet sorry, verzoek de moderator deze topic dan in de goede te plaatsen.

    Na het installeren van F Secure 2011 heb ik alleen maar problemen met het opstarten van bv Office Outlook 2007, Internet Exploreren die beiden niet meer reageren, Sitecom Printerserver die fouten geeft m.b.t. geheugenlocaties die niet beschikbaar zijn en er zowel draadloos- als bedraad internet niet mogelijk is.

    Tijdens de installatie van F Secure worden er een tweetal conflicterende applicaties gevonden, t.w. McAfee (logisch) en Nvidia Forceware Network Acces Manager (ok kan maar niet echt logiscg gezien die mijn LAN-poort aanstuurt).

    De overstap van McAfee naar F secure wil ik maken omdat ik op mijn site rotzooi heb staan waardoor Google mijn site als onveilig aanmerkt. McAfee vindt niets en F Secure wel (bij online scannen) en ik van die rotzooi af wil.

    Wat heb ik allemaal al gedaan:

    - F Secure installeren volgens standaard procedure
    - Na Key ingeve wordt gezocht naar conflicteren applicaties
    - Zowel McAfee als Nividia Forceware etc. worden gevonden maar niet automatisch verwijderd
    - Mc Afee is handmatig te verwijderen
    - Nvidia Forceware is niet te verwijderen
    - Installatie af moeten breken
    - Mirror c;\ partitie teruggezet

    - Via ms config alle Nvidia toepassingen en programma's uitgeschakeld en opnieuw opgestart
    - Zelfde procedure gevolgd als voorgaand maar met hetzelfde reultaat
    - Opnieuw mirro c;\partitie teruggezet

    - geprobeerd Nividia Forcwere te verwijderen wat niet lukt zonder enige melding
    - Via CCleaner, de waarden van Nvidia Forceware op nul gezet (sic niet normaal maar ok)
    - Lan verbinding uitgeschakeld
    - McAfee op voorhand verwijderd
    - Opnieuw instaal F Secure opgestart
    - Nivida Forceware wordt nu wel automatisch verwijderd
    - Installatie loopt nu netjes door tot ……..
    - Juist, is uren bezig en lijkt niet te eindigen met updaten, klopt dus
    - want er is geen verbinding met WAN
    - activeer Nvidia opnieuw, maar ook dus via LAN geen internetverbinding
    - Outlook 2007 start op maar krijg gelijk de melding dat die niet meer werkt
    - Geld ook voor IE 9 en FF 4
    - Krijg contineu foutmeldingen van Sitecom printerserver (mogelijk op te lossen door deze opnieuw te installen
    - Windows 7 (helemaal up to date) is retetraag

    - Werderom mirror can c:\ partitie terug gezet

    - Mail gezonden aan F Secure maar geen reactie mogen ontvangen
    - Hier gezocht maar niets kunnen vinden wat vergelijkbaar is

    Onderstaand ik de hijakthis laat zien, ben niet echt een leek maar dit gaat mijn pet te boven:


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:06:29, on 24-6-2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corba-web.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110519175503.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe"
    O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe -mini
    O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1480718370-4163580771-2151715521-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1480718370-4163580771-2151715521-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
    O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32
    vlsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn….9.3.0/GarminAxControl.CAB
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcAppFlt.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
    msrvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


    End of file - 12993 bytes


    Wie kan mij helpen?














  • Hoi PC1, het is duidelijk, conflicten dus.

    Je gaat nu eerst naar "Confuguratiescherm\[b:81f7b462f6]Programma's en onderdelen[/b:81f7b462f6]" en jeverwijdert daar:

    [b:81f7b462f6]NVIDIA NetworkAccessManager[/b:81f7b462f6]

    Dit is niks anders dan een buggy firewall van NVidia, welke helemaal niks in Windows te zooeken heeft.


    McAfee handmatig verwijderen is niet de juiste weg!

    Kijk nu eerst hier: http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033


    En post in je volgende bericht onderstaande:

    [b:81f7b462f6]Welk programma[/b:81f7b462f6]: sUbs [b:81f7b462f6]dds.scr[/b:81f7b462f6]
    [b:81f7b462f6]Waarvoor/waarom[/b:81f7b462f6]: DDS is een diagnosetool en maakt gebruik van scripts.
    [b:81f7b462f6]Moeilijkheidsgraad[/b:81f7b462f6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:81f7b462f6]Downloadlokatie[/b:81f7b462f6]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
    [b:81f7b462f6]Download[/b:81f7b462f6] sUBs dds.scr [b:81f7b462f6]hier[/b:81f7b462f6]

    [img:81f7b462f6]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:81f7b462f6]

    [b:81f7b462f6]sUBs dds.scr gebruiken[/b:81f7b462f6]:
    [list:81f7b462f6][*:81f7b462f6][b:81f7b462f6]
  • Ok Abraham, gaan we:

    Ik ben dus opnieuw vanaf de mirror begonnen:

    - Heb die Nvidia NetworkAccesManager verwijderd
    - Dan McAfee volgens hun instructies en niet zoals jij aangaf. Als je McAfee verwijderd via software verwijderen verschijnt er een eigen deïnstallascherm
    - Alle andere malware en Spywaresoftware verwijderd
    - Toen met Ccleaner alles schoongemaakt resp. gerepareerd
    - Nieuwe mirror gemaakt

    - Opnieuw F Secure gaan installeren, vond geen conflicterende zaken en liep tijdens de installatie netjes door tot bijna het einde
    - Kon niet valideren omdat F-secure geen internetverbinding vindt, ongeacht draadloos of bekabeld
    - Heb met met moeite een DDS in kladblok kunnen krijgen want niets functioneert meer, zelfs kladblok klapte eruit (gelukkig na het saven)
    De latop herstart maar de problemen bleven en kreeg veel foutmeldingen van niet werkende applicaties (ook van Windows zelf) en kreeg ook verbinding meer met internet
    (één van de meldingen was dat er een geheugenlocatie niet kon worden beschreven)
    - geheugentest uitgevoerd, geen problemen
    - F-Secure gedeïnstalleerd met eigen optie van F Secure
    - na herstart nog steeds veel problemen zoals bovenstaand genoemd
    - Laatste mirror weer teruggezet want anders heb ik geen goed werkende laptop

    hieronder de DDS log:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Piet at 17:43:02 on 2011-06-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1910 [GMT 2:00]
    .
    AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32
    vvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display
    vxdsync.exe
    C:\Windows\system32
    vvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\brsvc01a.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\brss01a.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcAppFlt.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    msrvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSHDLL32.EXE
    C:\Program Files\F-Secure\Common\fsm32.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\FSGUI\POSTINSTALL.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.corba-web.nl/
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure
    rs\iescript\baselitmus.dll
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure
    rs\iescript\baselitmus.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform
    mctxth.exe"
    mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Control Center] c:\program files\sitecom\mfp server control center\Control Center.exe -mini
    mRun: [NBAgent] "c:\program files
    ero
    ero 10
    ero backitup\NBAgent.exe" /WinStart
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo
    asnavi\NasNavi.exe
    StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
    StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: %SYSTEMROOT%\system32
    vLsp.dll
    LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D} : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D}\4586579637 : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{F7556BF4-820D-4B69-A248-1D4FAAD15648} : DhcpNameServer = 212.54.40.25 212.54.35.25
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\piet\appdata\roaming\mozilla\firefox\profiles\qkhe7l8f.default\
    FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
    FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins
    pFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57
    pGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0
    pctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-24 33408]
    R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2010-12-15 911552]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-6-24 72520]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-24 37832]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-24 72840]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 2475952]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2011-6-24 221864]
    R2 NAUpdate;Nero Update;c:\program files
    ero\update\NASvc.exe [2011-1-26 573224]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files
    vidia corporation
    vidia updatus\daemonu.exe [2011-6-23 2214504]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 159296]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-15 32256]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2011-6-24 102568]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-6-24 58024]
    R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-6-9 69376]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2011-6-24 14504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-7 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-7 8456]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
    S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-6-9 92928]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers
    etr28u.sys [2010-12-15 724992]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400]
    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2011-6-24 41896]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2011-6-24 27304]
    .
    =============== Created Last 30 ================
    .
    2011-06-24 15:42:36 7074640 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{e3925022-f435-4e5c-ae7e-e034f4f1ad93}\mpengine.dll
    2011-06-24 15:39:35 33408 —-a-w- c:\windows\system32\drivers\fsbts.sys
    2011-06-24 15:39:14 37832 —-a-w- c:\windows\system32\drivers\fses.sys
    2011-06-24 15:39:09 72840 —-a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-06-24 15:39:09 574632 —-a-w- c:\windows\system32\msvcp50.dll
    2011-06-24 15:38:16 ——– d—–w- c:\program files\F-Secure
    2011-06-24 15:37:21 ——– d—–w- c:\programdata\fssg
    2011-06-24 15:36:17 ——– d—–w- c:\programdata\f-secure
    2011-06-23 23:25:27 ——– d—–w- c:\users\piet\appdata\local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
    2011-06-23 17:44:34 66664 —-a-w- c:\windows\system32
    vshext.dll
    2011-06-23 17:44:34 615528 —-a-w- c:\windows\system32
    vvsvc.exe
    2011-06-23 17:44:34 2560616 —-a-w- c:\windows\system32
    vsvcr.dll
    2011-06-23 17:44:34 2557544 —-a-w- c:\windows\system32
    vsvc.dll
    2011-06-23 17:44:33 3693672 —-a-w- c:\windows\system32
    vcpl.dll
    2011-06-23 17:44:33 111208 —-a-w- c:\windows\system32
    vmctray.dll
    2011-06-23 17:44:28 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-06-23 17:44:11 ——– d—–w- c:\programdata\NVIDIA Corporation
    2011-06-23 17:39:00 57960 —-a-w- c:\windows\system32\OpenCL.dll
    2011-06-23 17:38:59 6555240 —-a-w- c:\windows\system32
    vwgf2um.dll
    2011-06-23 17:38:56 16456296 —-a-w- c:\windows\system32
    voglv32.dll
    2011-06-23 17:38:55 899688 —-a-w- c:\windows\system32
    vdispco3220150.dll
    2011-06-23 17:38:55 865896 —-a-w- c:\windows\system32
    vgenco322090.dll
    2011-06-23 17:38:55 10589800 —-a-w- c:\windows\system32\drivers
    vlddmkm.sys
    2011-06-23 17:38:54 11992680 —-a-w- c:\windows\system32
    vd3dum.dll
    2011-06-23 17:38:53 5301352 —-a-w- c:\windows\system32
    vcuda.dll
    2011-06-23 17:38:53 2804328 —-a-w- c:\windows\system32
    vcuvid.dll
    2011-06-23 17:38:53 2082408 —-a-w- c:\windows\system32
    vcuvenc.dll
    2011-06-23 17:38:52 2335848 —-a-w- c:\windows\system32
    vapi.dll
    2011-06-23 17:38:52 13011560 —-a-w- c:\windows\system32
    vcompiler.dll
    2011-06-20 23:55:43 ——– d—–w- c:\users\piet\appdata\local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
    2011-06-19 21:35:19 ——– d—–w- c:\users\piet\appdata\local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
    2011-06-19 00:44:39 ——– d—–w- c:\users\piet\appdata\local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
    2011-06-17 21:54:04 ——– d—–w- c:\users\piet\appdata\local\{DFF8575E-4067-4824-8009-92B15808F715}
    2011-06-17 00:41:16 ——– d—–w- c:\users\piet\appdata\local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
    2011-06-15 01:19:33 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 01:19:33 141104 —-a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-15 01:19:32 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 01:05:52 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 01:05:52 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 01:05:52 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 01:05:49 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 01:05:49 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 01:05:49 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-15 01:05:36 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 01:05:36 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 01:05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 01:05:32 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-14 23:00:44 ——– d—–w- c:\users\piet\appdata\local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
    2011-06-13 23:41:16 ——– d—–w- c:\users\piet\appdata\local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
    2011-06-13 01:49:47 ——– d—–w- c:\users\piet\appdata\local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
    2011-06-12 00:34:28 ——– d—–w- c:\users\piet\appdata\local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
    2011-06-11 00:34:11 ——– d—–w- c:\users\piet\appdata\local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
    2011-06-09 21:05:11 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-06-07 22:30:08 ——– d—–w- c:\users\piet\appdata\local\{28187619-3414-42AF-9EDC-D252D305B673}
    2011-06-07 02:16:59 ——– d—–w- c:\users\piet\appdata\local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
    2011-06-06 01:47:39 ——– d—–w- c:\users\piet\appdata\local\{F8D543DD-00B9-4229-B510-794656EAF063}
    2011-06-02 23:11:59 ——– d—–w- c:\users\piet\appdata\local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
    2011-05-31 00:12:51 ——– d—–w- c:\users\piet\appdata\local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
    2011-05-29 00:55:01 ——– d—–w- c:\users\piet\appdata\local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
    2011-05-27 21:11:00 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-26 23:14:16 ——– d—–w- c:\users\piet\appdata\local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
    2011-05-25 20:41:53 ——– d—–w- c:\users\piet\appdata\local\{379EB12C-9D95-4C01-A013-F95DC6678387}
    .
    ==================== Find3M ====================
    .
    2011-06-18 14:27:37 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 17:14:10 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-21 06:01:00 301672 —-a-w- c:\windows\system32
    vhotkey.dll
    2011-05-21 06:01:00 12392 —-a-w- c:\windows\system32\drivers
    vBridge.kmd
    2011-04-23 20:20:15 1061888 —-a-w- c:\windows\isRS-000.tmp
    2011-04-22 19:14:16 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 06:02:25 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02:25 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56:38 123904 —-a-w- c:\windows\system32\poqexec.exe
    .
    ============= FINISH: 17:45:11,63 ===============

    Ik hoop dat je verder wat licht in mijn duisternis kan doen schijnen, m.a.w. ik hoop op een oplossing :wink:











































  • Ok Abraham, gaan we:

    Ik ben dus opnieuw vanaf de mirror begonnen:

    - Heb die Nvidia NetworkAccesManager verwijderd
    - Dan McAfee volgens hun instructies en niet zoals jij aangaf. Als je McAfee verwijderd via software verwijderen verschijnt er een eigen deïnstallascherm
    - Alle andere malware en Spywaresoftware verwijderd
    - Toen met Ccleaner alles schoongemaakt resp. gerepareerd
    - Nieuwe mirror gemaakt

    - Opnieuw F Secure gaan installeren, vond geen conflicterende zaken en liep tijdens de installatie netjes door tot bijna het einde
    - Kon niet valideren omdat F-secure geen internetverbinding vindt, ongeacht draadloos of bekabeld
    - Heb met met moeite een DDS in kladblok kunnen krijgen want niets functioneert meer, zelfs kladblok klapte eruit (gelukkig na het saven)
    De latop herstart maar de problemen bleven en kreeg veel foutmeldingen van niet werkende applicaties (ook van Windows zelf) en kreeg ook verbinding meer met internet
    (één van de meldingen was dat er een geheugenlocatie niet kon worden beschreven)
    - geheugentest uitgevoerd, geen problemen
    - F-Secure gedeïnstalleerd met eigen optie van F Secure
    - na herstart nog steeds veel problemen zoals bovenstaand genoemd
    - Laatste mirror weer teruggezet want anders heb ik geen goed werkende laptop

    hieronder de DDS log:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Piet at 17:43:02 on 2011-06-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1910 [GMT 2:00]
    .
    AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32
    vvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display
    vxdsync.exe
    C:\Windows\system32
    vvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\brsvc01a.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\brss01a.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcAppFlt.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    msrvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
    SvcIp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform
    mctxth.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
    C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files\NVIDIA Corporation\Display
    vtray.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
    C:\Program Files\palmOne\HOTSYNC.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSHDLL32.EXE
    C:\Program Files\F-Secure\Common\fsm32.exe
    C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\FSGUI\POSTINSTALL.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.corba-web.nl/
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure
    rs\iescript\baselitmus.dll
    BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure
    rs\iescript\baselitmus.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform
    mctxth.exe"
    mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
    mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Control Center] c:\program files\sitecom\mfp server control center\Control Center.exe -mini
    mRun: [NBAgent] "c:\program files
    ero
    ero 10
    ero backitup\NBAgent.exe" /WinStart
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo
    asnavi\NasNavi.exe
    StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
    StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: %SYSTEMROOT%\system32
    vLsp.dll
    LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D} : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D}\4586579637 : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{F7556BF4-820D-4B69-A248-1D4FAAD15648} : DhcpNameServer = 212.54.40.25 212.54.35.25
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\piet\appdata\roaming\mozilla\firefox\profiles\qkhe7l8f.default\
    FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
    FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins
    pFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57
    pGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0
    pctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-24 33408]
    R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2010-12-15 911552]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-6-24 72520]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-24 37832]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-24 72840]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 2475952]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2011-6-24 221864]
    R2 NAUpdate;Nero Update;c:\program files
    ero\update\NASvc.exe [2011-1-26 573224]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files
    vidia corporation
    vidia updatus\daemonu.exe [2011-6-23 2214504]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 159296]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-15 32256]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2011-6-24 102568]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-6-24 58024]
    R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-6-9 69376]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2011-6-24 14504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-7 14216]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-7 8456]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
    S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-6-9 92928]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers
    etr28u.sys [2010-12-15 724992]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400]
    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2011-6-24 41896]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2011-6-24 27304]
    .
    =============== Created Last 30 ================
    .
    2011-06-24 15:42:36 7074640 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{e3925022-f435-4e5c-ae7e-e034f4f1ad93}\mpengine.dll
    2011-06-24 15:39:35 33408 —-a-w- c:\windows\system32\drivers\fsbts.sys
    2011-06-24 15:39:14 37832 —-a-w- c:\windows\system32\drivers\fses.sys
    2011-06-24 15:39:09 72840 —-a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-06-24 15:39:09 574632 —-a-w- c:\windows\system32\msvcp50.dll
    2011-06-24 15:38:16 ——– d—–w- c:\program files\F-Secure
    2011-06-24 15:37:21 ——– d—–w- c:\programdata\fssg
    2011-06-24 15:36:17 ——– d—–w- c:\programdata\f-secure
    2011-06-23 23:25:27 ——– d—–w- c:\users\piet\appdata\local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
    2011-06-23 17:44:34 66664 —-a-w- c:\windows\system32
    vshext.dll
    2011-06-23 17:44:34 615528 —-a-w- c:\windows\system32
    vvsvc.exe
    2011-06-23 17:44:34 2560616 —-a-w- c:\windows\system32
    vsvcr.dll
    2011-06-23 17:44:34 2557544 —-a-w- c:\windows\system32
    vsvc.dll
    2011-06-23 17:44:33 3693672 —-a-w- c:\windows\system32
    vcpl.dll
    2011-06-23 17:44:33 111208 —-a-w- c:\windows\system32
    vmctray.dll
    2011-06-23 17:44:28 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-06-23 17:44:11 ——– d—–w- c:\programdata\NVIDIA Corporation
    2011-06-23 17:39:00 57960 —-a-w- c:\windows\system32\OpenCL.dll
    2011-06-23 17:38:59 6555240 —-a-w- c:\windows\system32
    vwgf2um.dll
    2011-06-23 17:38:56 16456296 —-a-w- c:\windows\system32
    voglv32.dll
    2011-06-23 17:38:55 899688 —-a-w- c:\windows\system32
    vdispco3220150.dll
    2011-06-23 17:38:55 865896 —-a-w- c:\windows\system32
    vgenco322090.dll
    2011-06-23 17:38:55 10589800 —-a-w- c:\windows\system32\drivers
    vlddmkm.sys
    2011-06-23 17:38:54 11992680 —-a-w- c:\windows\system32
    vd3dum.dll
    2011-06-23 17:38:53 5301352 —-a-w- c:\windows\system32
    vcuda.dll
    2011-06-23 17:38:53 2804328 —-a-w- c:\windows\system32
    vcuvid.dll
    2011-06-23 17:38:53 2082408 —-a-w- c:\windows\system32
    vcuvenc.dll
    2011-06-23 17:38:52 2335848 —-a-w- c:\windows\system32
    vapi.dll
    2011-06-23 17:38:52 13011560 —-a-w- c:\windows\system32
    vcompiler.dll
    2011-06-20 23:55:43 ——– d—–w- c:\users\piet\appdata\local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
    2011-06-19 21:35:19 ——– d—–w- c:\users\piet\appdata\local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
    2011-06-19 00:44:39 ——– d—–w- c:\users\piet\appdata\local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
    2011-06-17 21:54:04 ——– d—–w- c:\users\piet\appdata\local\{DFF8575E-4067-4824-8009-92B15808F715}
    2011-06-17 00:41:16 ——– d—–w- c:\users\piet\appdata\local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
    2011-06-15 01:19:33 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 01:19:33 141104 —-a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-15 01:19:32 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 01:05:52 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 01:05:52 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 01:05:52 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 01:05:49 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 01:05:49 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 01:05:49 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-15 01:05:36 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 01:05:36 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 01:05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 01:05:32 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-14 23:00:44 ——– d—–w- c:\users\piet\appdata\local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
    2011-06-13 23:41:16 ——– d—–w- c:\users\piet\appdata\local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
    2011-06-13 01:49:47 ——– d—–w- c:\users\piet\appdata\local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
    2011-06-12 00:34:28 ——– d—–w- c:\users\piet\appdata\local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
    2011-06-11 00:34:11 ——– d—–w- c:\users\piet\appdata\local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
    2011-06-09 21:05:11 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-06-07 22:30:08 ——– d—–w- c:\users\piet\appdata\local\{28187619-3414-42AF-9EDC-D252D305B673}
    2011-06-07 02:16:59 ——– d—–w- c:\users\piet\appdata\local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
    2011-06-06 01:47:39 ——– d—–w- c:\users\piet\appdata\local\{F8D543DD-00B9-4229-B510-794656EAF063}
    2011-06-02 23:11:59 ——– d—–w- c:\users\piet\appdata\local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
    2011-05-31 00:12:51 ——– d—–w- c:\users\piet\appdata\local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
    2011-05-29 00:55:01 ——– d—–w- c:\users\piet\appdata\local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
    2011-05-27 21:11:00 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-26 23:14:16 ——– d—–w- c:\users\piet\appdata\local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
    2011-05-25 20:41:53 ——– d—–w- c:\users\piet\appdata\local\{379EB12C-9D95-4C01-A013-F95DC6678387}
    .
    ==================== Find3M ====================
    .
    2011-06-18 14:27:37 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-24 17:14:10 222080 ——w- c:\windows\system32\MpSigStub.exe
    2011-05-21 06:01:00 301672 —-a-w- c:\windows\system32
    vhotkey.dll
    2011-05-21 06:01:00 12392 —-a-w- c:\windows\system32\drivers
    vBridge.kmd
    2011-04-23 20:20:15 1061888 —-a-w- c:\windows\isRS-000.tmp
    2011-04-22 19:14:16 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 06:02:25 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02:25 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56:38 123904 —-a-w- c:\windows\system32\poqexec.exe
    .
    ============= FINISH: 17:45:11,63 ===============

    Ik hoop dat je verder wat licht in mijn duisternis kan doen schijnen, m.a.w. ik hoop op een oplossing :wink:











































  • Begrijp ik het goed,dat je telkens een image van je compleet ingerichte besturingssysteem terugzet?

    En ik mis Attach.txt.
  • Ja moet wel steeds mijn image terugzetten om weer op internet te kunnen want na install van F Secure krijg ik echt geen verbinding meer met internet etc. Sterker nog, niets werkt dan naar behoren en hen geen 2e systeem om op internet te komen.

    En alsk je Attach.txt mist is die dus niet door DDS aangemaakt vrees ik.
  • Ik ben benieuwd wat ComboFix mogelijk vindt:

    [b:4cb0090d17]Welk programma[/b:4cb0090d17]: ComboFix
    [b:4cb0090d17]Waarvoor/waarom[/b:4cb0090d17]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:4cb0090d17]Moeilijkheidsgraad[/b:4cb0090d17]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:4cb0090d17]Downloadlokatie[/b:4cb0090d17]: Dit programma absoluut naar het bureaublad downloaden!
    [b:4cb0090d17]Download ComboFix via één van deze locaties[/b:4cb0090d17]:
    [list:4cb0090d17][*:4cb0090d17][b:4cb0090d17]Bleepingcomputer[/b:4cb0090d17]
    [*:4cb0090d17][b:4cb0090d17]ForoSpyware[/b:4cb0090d17]
    [*:4cb0090d17][b:4cb0090d17]Geekstogo[/b:4cb0090d17][/list:u:4cb0090d17]
    [b:4cb0090d17]Hier[/b:4cb0090d17] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:4cb0090d17]Hier[/b:4cb0090d17] en [b:4cb0090d17]hier[/b:4cb0090d17] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:4cb0090d17]Voor alle duidelijkheid nogmaals[/b:4cb0090d17]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:4cb0090d17]Opmerkingen[/b:4cb0090d17]:
    [list:4cb0090d17][*:4cb0090d17] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:4cb0090d17]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:4cb0090d17]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:4cb0090d17]
    [b:4cb0090d17]ComboFix is opgestart[/b:4cb0090d17]:
    [list:4cb0090d17][*:4cb0090d17]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:4cb0090d17]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:4cb0090d17]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:4cb0090d17]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:4cb0090d17]Post de inhoud van dit logbestand in je volgende bericht.
    [*:4cb0090d17]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:4cb0090d17]
    [b:4cb0090d17]Belangrijke opmerking[/b:4cb0090d17]:
    [list:4cb0090d17][*:4cb0090d17][b:4cb0090d17]
  • Hier Combofix zonder dat er een virusscanner is geïnstalleerd. Wel heb ik bij McAffee nog een extra tool gevonden om de echte rotzooi van McAffee te verwujderen. Die heb ik eerst gedraaid alvorens onderstaande log aan te maken.

    ComboFix 11-06-25.01 - Piet 25-06-2011 17:04:56.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1894 [GMT 2:00]
    Gestart vanuit: c:\users\Piet\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-25 15:10 . 2011-06-25 15:11 ——– d—–w- c:\users\Piet\AppData\Local\temp
    2011-06-25 15:10 . 2011-06-25 15:10 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-25 14:46 . 2011-06-25 14:46 ——– d—–w- C:\found.000
    2011-06-25 14:23 . 2011-06-25 14:23 0 —ha-w- c:\users\Piet\AppData\Local\BITF381.tmp
    2011-06-24 22:48 . 2011-06-24 22:48 ——– d—–w- c:\users\Piet\AppData\Local\{BF9D7446-7235-4342-8B9E-1960E8AFA35B}
    2011-06-24 17:23 . 2011-06-24 17:23 ——– d—–w- C:\Studio webdesing
    2011-06-24 16:49 . 2011-06-24 16:49 ——– d—–w- c:\users\Piet\AppData\Roaming\AVG10
    2011-06-24 16:48 . 2011-06-24 16:48 ——– d–h–w- c:\programdata\Common Files
    2011-06-24 16:47 . 2011-06-25 14:54 ——– d—–w- c:\programdata\AVG10
    2011-06-24 16:46 . 2011-06-24 16:46 ——– d—–w- c:\program files\AVG
    2011-06-24 16:38 . 2011-06-25 14:53 ——– d—–w- c:\programdata\MFAData
    2011-06-23 23:25 . 2011-06-23 23:25 ——– d—–w- c:\users\Piet\AppData\Local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
    2011-06-23 17:47 . 2011-06-24 17:22 ——– d—–w- c:\users\UpdatusUser
    2011-06-23 17:44 . 2011-05-21 06:01 66664 —-a-w- c:\windows\system32
    vshext.dll
    2011-06-23 17:44 . 2011-05-21 06:01 615528 —-a-w- c:\windows\system32
    vvsvc.exe
    2011-06-23 17:44 . 2011-05-21 06:01 2560616 —-a-w- c:\windows\system32
    vsvcr.dll
    2011-06-23 17:44 . 2011-05-21 06:01 2557544 —-a-w- c:\windows\system32
    vsvc.dll
    2011-06-23 17:44 . 2011-05-21 06:01 3693672 —-a-w- c:\windows\system32
    vcpl.dll
    2011-06-23 17:44 . 2011-05-21 06:01 111208 —-a-w- c:\windows\system32
    vmctray.dll
    2011-06-23 17:44 . 2011-05-21 06:01 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-06-23 17:44 . 2011-06-23 17:44 ——– d—–w- c:\programdata\NVIDIA Corporation
    2011-06-23 17:39 . 2011-05-21 06:01 57960 —-a-w- c:\windows\system32\OpenCL.dll
    2011-06-23 17:38 . 2011-05-21 06:01 6555240 —-a-w- c:\windows\system32
    vwgf2um.dll
    2011-06-23 17:38 . 2011-05-21 06:01 16456296 —-a-w- c:\windows\system32
    voglv32.dll
    2011-06-23 17:38 . 2011-05-21 06:01 899688 —-a-w- c:\windows\system32
    vdispco3220150.dll
    2011-06-23 17:38 . 2011-05-21 06:01 865896 —-a-w- c:\windows\system32
    vgenco322090.dll
    2011-06-23 17:38 . 2011-05-21 06:01 10589800 —-a-w- c:\windows\system32\drivers
    vlddmkm.sys
    2011-06-23 17:38 . 2011-05-21 06:01 11992680 —-a-w- c:\windows\system32
    vd3dum.dll
    2011-06-23 17:38 . 2011-05-21 06:01 5301352 —-a-w- c:\windows\system32
    vcuda.dll
    2011-06-23 17:38 . 2011-05-21 06:01 2804328 —-a-w- c:\windows\system32
    vcuvid.dll
    2011-06-23 17:38 . 2011-05-21 06:01 2082408 —-a-w- c:\windows\system32
    vcuvenc.dll
    2011-06-23 17:38 . 2011-05-21 06:01 2335848 —-a-w- c:\windows\system32
    vapi.dll
    2011-06-23 17:38 . 2011-05-21 06:01 13011560 —-a-w- c:\windows\system32
    vcompiler.dll
    2011-06-20 23:55 . 2011-06-20 23:55 ——– d—–w- c:\users\Piet\AppData\Local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
    2011-06-19 21:35 . 2011-06-19 21:35 ——– d—–w- c:\users\Piet\AppData\Local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
    2011-06-19 00:44 . 2011-06-19 00:44 ——– d—–w- c:\users\Piet\AppData\Local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
    2011-06-17 21:54 . 2011-06-17 21:54 ——– d—–w- c:\users\Piet\AppData\Local\{DFF8575E-4067-4824-8009-92B15808F715}
    2011-06-17 00:41 . 2011-06-17 00:41 ——– d—–w- c:\users\Piet\AppData\Local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
    2011-06-15 01:19 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-15 01:19 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 01:19 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 01:05 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 01:05 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 01:05 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 01:05 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 01:05 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 01:05 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-15 01:05 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 01:05 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 01:05 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 01:05 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-14 23:00 . 2011-06-14 23:00 ——– d—–w- c:\users\Piet\AppData\Local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
    2011-06-13 23:41 . 2011-06-13 23:41 ——– d—–w- c:\users\Piet\AppData\Local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
    2011-06-13 01:49 . 2011-06-13 01:49 ——– d—–w- c:\users\Piet\AppData\Local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
    2011-06-12 00:34 . 2011-06-12 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
    2011-06-11 00:34 . 2011-06-11 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
    2011-06-09 21:05 . 2011-06-09 21:05 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-06-07 22:30 . 2011-06-07 22:30 ——– d—–w- c:\users\Piet\AppData\Local\{28187619-3414-42AF-9EDC-D252D305B673}
    2011-06-07 02:16 . 2011-06-07 02:17 ——– d—–w- c:\users\Piet\AppData\Local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
    2011-06-06 01:47 . 2011-06-06 01:47 ——– d—–w- c:\users\Piet\AppData\Local\{F8D543DD-00B9-4229-B510-794656EAF063}
    2011-06-02 23:11 . 2011-06-02 23:12 ——– d—–w- c:\users\Piet\AppData\Local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
    2011-05-31 00:12 . 2011-05-31 00:13 ——– d—–w- c:\users\Piet\AppData\Local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
    2011-05-29 00:55 . 2011-05-29 00:55 ——– d—–w- c:\users\Piet\AppData\Local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
    2011-05-27 21:11 . 2011-05-27 21:11 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-27 21:08 . 2011-05-27 21:08 ——– d—–w- c:\programdata\Lavasoft
    2011-05-26 23:14 . 2011-05-26 23:14 ——– d—–w- c:\users\Piet\AppData\Local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-18 14:27 . 2011-05-15 14:48 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-21 06:01 . 2011-06-23 17:38 12392 —-a-w- c:\windows\system32\drivers
    vBridge.kmd
    2011-05-21 06:01 . 2007-12-05 17:18 301672 —-a-w- c:\windows\system32
    vhotkey.dll
    2011-04-23 20:20 . 2011-04-23 20:20 1061888 —-a-w- c:\windows\isRS-000.tmp
    2011-04-22 19:14 . 2011-05-25 14:19 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-22 14:56 . 2011-04-22 14:56 159080 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-04-09 06:02 . 2011-05-10 17:06 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-10 17:06 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56 . 2011-05-10 17:06 123904 —-a-w- c:\windows\system32\poqexec.exe
    2011-03-18 18:03 . 2011-03-22 21:52 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-15 39408]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-06-17 93816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform
    mctxth.exe" [2008-12-12 642856]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
    "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
    "Control Center"="c:\program files\Sitecom\MFP Server Control Center\Control Center.exe" [2008-06-06 3127808]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
    .
    c:\users\Piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648]
    HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
    R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-06-09 92928]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-12-15 911552]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-15 2475952]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-15 159296]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
    S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-06-09 69376]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS
    etr28u.sys [2009-05-07 724992]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.corba-web.nl/
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    LSP: %SYSTEMROOT%\system32
    vLsp.dll
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    FF - ProfilePath - c:\users\Piet\AppData\Roaming\Mozilla\Firefox\Profiles\qkhe7l8f.default\
    FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
    FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2011-06-25 17:13:00
    ComboFix-quarantined-files.txt 2011-06-25 15:12
    .
    Pre-Run: 87.786.160.128 bytes beschikbaar
    Post-Run: 87.329.095.680 bytes beschikbaar
    .
    - - End Of File - - 9298B89A581DD7072BBEBC43B724FA80























  • Twee dingen:

    a) ComboFix is niet vanaf het bureaublad gestart, maar vanuit de map Downloads.
    Verplaats ComboFix dus naar het bureaublad.

    b) Nu zit ineens AVG10 in jouw Windows.
    Waarom niet eerst gevraagd?
    AVG10 is misschien nog lastiger weer te verwijderen dan F-Secure!

    In ieder geval start ComboFix vanaf de juiste lokatie voor een nieuwe scan.
  • Sorry joh, maar wilde niet helemaal onbeschermt het net op snap je. Heb mij niet gerealiseerd dat dit kwaad kon.

    Maar ik heb ook na het installeren van F Secure vanaf het bureaublad, nadat F Secure volledig is uitgeschakeld weer een Combofix vanaf het bureaublad gedraaid. Maar kreeg veel foutmeldingen van werfault.exe die 4 schrijffouten ga op geheugen locaties. Ook liepen de applicaties vaak vast en heeft mij inmiddels weer uren gekost om da log te verkrijgen.

    Wel maak ik na elk advies m.v.t. controle- en of verwijderen van applicaties een nieuwe image van waaruit ik verder ga. Fat houd in dat ik nu weer op een vorige image zit en ik als ik verder moet gaan eerst de voorgaande image terugzet vanwaar we zijn gebleven. Op die wijze zal je dit soort zaken als AVG niet meer tegenkomen.

    Hier volgt de log van Cpmbofix na uitschakeling van F Secure, ik kreeg dus geen waarschuwingen.

    ComboFix 11-06-25.01 - Piet 25-06-2011 18:04:11.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2010 [GMT 2:00]
    Gestart vanuit: c:\users\Piet\Downloads\ComboFix.exe
    AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: F-Secure Internet Security 2011 10.51 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))
    .
    .
    2011-06-25 16:10 . 2011-06-25 16:10 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-06-25 15:44 . 2011-06-25 15:44 33408 —-a-w- c:\windows\system32\drivers\fsbts.sys
    2011-06-25 15:44 . 2011-06-25 15:44 37832 —-a-w- c:\windows\system32\drivers\fses.sys
    2011-06-25 15:44 . 2011-06-25 15:43 72840 —-a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-06-25 15:44 . 2011-06-25 15:43 574632 —-a-w- c:\windows\system32\msvcp50.dll
    2011-06-25 15:43 . 2011-06-25 15:45 ——– d—–w- c:\program files\F-Secure
    2011-06-25 15:42 . 2011-06-25 15:42 ——– d—–w- c:\programdata\fssg
    2011-06-25 15:41 . 2011-06-25 15:44 ——– d—–w- c:\programdata\f-secure
    2011-06-25 15:13 . 2011-06-25 16:10 ——– d—–w- c:\users\Piet\AppData\Local\temp
    2011-06-25 14:46 . 2011-06-25 14:46 ——– d—–w- C:\found.000
    2011-06-25 14:23 . 2011-06-25 14:23 0 —ha-w- c:\users\Piet\AppData\Local\BITF381.tmp
    2011-06-24 22:48 . 2011-06-24 22:48 ——– d—–w- c:\users\Piet\AppData\Local\{BF9D7446-7235-4342-8B9E-1960E8AFA35B}
    2011-06-24 17:23 . 2011-06-24 17:23 ——– d—–w- C:\Studio webdesing
    2011-06-24 16:49 . 2011-06-24 16:49 ——– d—–w- c:\users\Piet\AppData\Roaming\AVG10
    2011-06-24 16:48 . 2011-06-24 16:48 ——– d–h–w- c:\programdata\Common Files
    2011-06-24 16:47 . 2011-06-25 14:54 ——– d—–w- c:\programdata\AVG10
    2011-06-24 16:46 . 2011-06-24 16:46 ——– d—–w- c:\program files\AVG
    2011-06-24 16:38 . 2011-06-25 14:53 ——– d—–w- c:\programdata\MFAData
    2011-06-23 23:25 . 2011-06-23 23:25 ——– d—–w- c:\users\Piet\AppData\Local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
    2011-06-23 17:47 . 2011-06-24 17:22 ——– d—–w- c:\users\UpdatusUser
    2011-06-23 17:44 . 2011-05-21 06:01 66664 —-a-w- c:\windows\system32
    vshext.dll
    2011-06-23 17:44 . 2011-05-21 06:01 615528 —-a-w- c:\windows\system32
    vvsvc.exe
    2011-06-23 17:44 . 2011-05-21 06:01 2560616 —-a-w- c:\windows\system32
    vsvcr.dll
    2011-06-23 17:44 . 2011-05-21 06:01 2557544 —-a-w- c:\windows\system32
    vsvc.dll
    2011-06-23 17:44 . 2011-05-21 06:01 3693672 —-a-w- c:\windows\system32
    vcpl.dll
    2011-06-23 17:44 . 2011-05-21 06:01 111208 —-a-w- c:\windows\system32
    vmctray.dll
    2011-06-23 17:44 . 2011-05-21 06:01 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
    2011-06-23 17:44 . 2011-06-23 17:44 ——– d—–w- c:\programdata\NVIDIA Corporation
    2011-06-23 17:39 . 2011-05-21 06:01 57960 —-a-w- c:\windows\system32\OpenCL.dll
    2011-06-23 17:38 . 2011-05-21 06:01 6555240 —-a-w- c:\windows\system32
    vwgf2um.dll
    2011-06-23 17:38 . 2011-05-21 06:01 16456296 —-a-w- c:\windows\system32
    voglv32.dll
    2011-06-23 17:38 . 2011-05-21 06:01 899688 —-a-w- c:\windows\system32
    vdispco3220150.dll
    2011-06-23 17:38 . 2011-05-21 06:01 865896 —-a-w- c:\windows\system32
    vgenco322090.dll
    2011-06-23 17:38 . 2011-05-21 06:01 10589800 —-a-w- c:\windows\system32\drivers
    vlddmkm.sys
    2011-06-23 17:38 . 2011-05-21 06:01 11992680 —-a-w- c:\windows\system32
    vd3dum.dll
    2011-06-23 17:38 . 2011-05-21 06:01 5301352 —-a-w- c:\windows\system32
    vcuda.dll
    2011-06-23 17:38 . 2011-05-21 06:01 2804328 —-a-w- c:\windows\system32
    vcuvid.dll
    2011-06-23 17:38 . 2011-05-21 06:01 2082408 —-a-w- c:\windows\system32
    vcuvenc.dll
    2011-06-23 17:38 . 2011-05-21 06:01 2335848 —-a-w- c:\windows\system32
    vapi.dll
    2011-06-23 17:38 . 2011-05-21 06:01 13011560 —-a-w- c:\windows\system32
    vcompiler.dll
    2011-06-20 23:55 . 2011-06-20 23:55 ——– d—–w- c:\users\Piet\AppData\Local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
    2011-06-19 21:35 . 2011-06-19 21:35 ——– d—–w- c:\users\Piet\AppData\Local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
    2011-06-19 00:44 . 2011-06-19 00:44 ——– d—–w- c:\users\Piet\AppData\Local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
    2011-06-17 21:54 . 2011-06-17 21:54 ——– d—–w- c:\users\Piet\AppData\Local\{DFF8575E-4067-4824-8009-92B15808F715}
    2011-06-17 00:41 . 2011-06-17 00:41 ——– d—–w- c:\users\Piet\AppData\Local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
    2011-06-15 01:19 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-15 01:19 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
    2011-06-15 01:19 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
    2011-06-15 01:05 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 01:05 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 01:05 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 01:05 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 01:05 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 01:05 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-15 01:05 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 01:05 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 01:05 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 01:05 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
    2011-06-14 23:00 . 2011-06-14 23:00 ——– d—–w- c:\users\Piet\AppData\Local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
    2011-06-13 23:41 . 2011-06-13 23:41 ——– d—–w- c:\users\Piet\AppData\Local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
    2011-06-13 01:49 . 2011-06-13 01:49 ——– d—–w- c:\users\Piet\AppData\Local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
    2011-06-12 00:34 . 2011-06-12 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
    2011-06-11 00:34 . 2011-06-11 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
    2011-06-09 21:05 . 2011-06-09 21:05 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-06-07 22:30 . 2011-06-07 22:30 ——– d—–w- c:\users\Piet\AppData\Local\{28187619-3414-42AF-9EDC-D252D305B673}
    2011-06-07 02:16 . 2011-06-07 02:17 ——– d—–w- c:\users\Piet\AppData\Local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
    2011-06-06 01:47 . 2011-06-06 01:47 ——– d—–w- c:\users\Piet\AppData\Local\{F8D543DD-00B9-4229-B510-794656EAF063}
    2011-06-02 23:11 . 2011-06-02 23:12 ——– d—–w- c:\users\Piet\AppData\Local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
    2011-05-31 00:12 . 2011-05-31 00:13 ——– d—–w- c:\users\Piet\AppData\Local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
    2011-05-29 00:55 . 2011-05-29 00:55 ——– d—–w- c:\users\Piet\AppData\Local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
    2011-05-27 21:11 . 2011-05-27 21:11 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-05-27 21:08 . 2011-05-27 21:08 ——– d—–w- c:\programdata\Lavasoft
    2011-05-26 23:14 . 2011-05-26 23:14 ——– d—–w- c:\users\Piet\AppData\Local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-18 14:27 . 2011-05-15 14:48 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-21 06:01 . 2011-06-23 17:38 12392 —-a-w- c:\windows\system32\drivers
    vBridge.kmd
    2011-05-21 06:01 . 2007-12-05 17:18 301672 —-a-w- c:\windows\system32
    vhotkey.dll
    2011-04-23 20:20 . 2011-04-23 20:20 1061888 —-a-w- c:\windows\isRS-000.tmp
    2011-04-22 19:14 . 2011-05-25 14:19 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-22 14:56 . 2011-04-22 14:56 159080 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-04-09 06:02 . 2011-05-10 17:06 3967872 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2011-04-09 06:02 . 2011-05-10 17:06 3912576 —-a-w- c:\windows\system32
    toskrnl.exe
    2011-04-09 05:56 . 2011-05-10 17:06 123904 —-a-w- c:\windows\system32\poqexec.exe
    2011-03-18 18:03 . 2011-03-22 21:52 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 15:50 1197448 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-15 39408]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-06-17 93816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform
    mctxth.exe" [2008-12-12 642856]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
    "Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
    "Control Center"="c:\program files\Sitecom\MFP Server Control Center\Control Center.exe" [2008-06-06 3127808]
    "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
    .
    c:\users\Piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648]
    HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    2011-06-25 15:43 201384 —-a-w- c:\program files\F-Secure\Common\FSM32.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    2011-06-25 15:43 1655464 —-a-w- c:\program files\F-Secure\FSGUI\tnbutil.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
    R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-06-09 92928]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400]
    R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2011-06-25 41896]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2011-06-25 27304]
    R4 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2011-06-25 58024]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-06-25 33408]
    S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-12-15 911552]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2011-06-25 72520]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-06-25 37832]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-06-25 72840]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-06-25 14504]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-15 2475952]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-15 159296]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-25 102568]
    S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-06-09 69376]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS
    etr28u.sys [2009-05-07 724992]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.corba-web.nl/
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    LSP: %SYSTEMROOT%\system32
    vLsp.dll
    LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    FF - ProfilePath - c:\users\Piet\AppData\Roaming\Mozilla\Firefox\Profiles\qkhe7l8f.default\
    FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
    FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(2224)
    c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
    .
    Voltooingstijd: 2011-06-25 18:12:50
    ComboFix-quarantined-files.txt 2011-06-25 16:12
    ComboFix2.txt 2011-06-25 15:13
    .
    Pre-Run: 87.214.116.864 bytes beschikbaar
    Post-Run: 87.042.084.864 bytes beschikbaar
    .
    - - End Of File - - 1152C53D1D571770EEC6A3881D539C0A

    Dus F Secure geïnstalleerd maar geen werkende applicaties meer en kon F Secure ook niet valideren.

    En de volgende keer zal ik vragen voor als ik weer tussentijds wat installeer. Sorry, overzag de consequenties niet en wil niet onbeschermd op internet en heb dus maar één laptop in huis en verder niets!























  • Ik denk dat jij die image moet vergeten en Windows van de grond moet gaan opbouwen op een vers geformatteerde systeempartitie!
  • Pfff, ik ben er uit hoor. Naast de zeer goede contacten met F Secure en veel geklooi om het zomaar te noemen heb ik uiteindelijk mijn mirror uit februari teruggezet, die ik gelukkig op mijn NAS terug vond. Is een mirror van een "schone" installatie en hoefde daar alleen McAfee te verwijderen. De installatie verliep vlekkeloos en alles lijkt goed te werken.

    Aangezien al mijn data op zowel de E: partitie en de NAS staan heb ik op dat gebied geen verlies geleden, behalve dat ik nu veel moet updaten maar dat kan tussen andere bedrijven door.
  • Mooi dat je nog een ander mage vond.

    Maar een vraag: hoe heb je McAfee verwjderd uit die Windows?

    Want McAfee verwijderd via de Windows weg betekent meestal, dat er nog flink wat onderdelen achterblijven.

    Dus gebruik alsnog het tool van McAfee, om zeker te gaan dat McAfee definitief verdwijnt.

    http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033
  • Die beschrijving van McAfee waar jij de link voor gaf klopt dus niet. Inmiddels hebben zij, evenals Norton, een speciaal programma om alle rotzooi van McAfee te verwijderen.

    Die tool kun je vinden op:

    http://download.mcafee.com/products/licenced/cust_support_patches/MPCR.exe
  • Je hebt gelijk.
    Het is veranderd, zal verband houden met de overname van McAfee door Intel.
    Bedankt voor het melden!

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord