Vraag & Antwoord
Problemen tijdens en na installatie F Secure
15 antwoorden
- Twijffel tussen deze of OS Windows, indien ik verkeerd zit hiet sorry, verzoek de moderator deze topic dan in de goede te plaatsen.
Na het installeren van F Secure 2011 heb ik alleen maar problemen met het opstarten van bv Office Outlook 2007, Internet Exploreren die beiden niet meer reageren, Sitecom Printerserver die fouten geeft m.b.t. geheugenlocaties die niet beschikbaar zijn en er zowel draadloos- als bedraad internet niet mogelijk is.
Tijdens de installatie van F Secure worden er een tweetal conflicterende applicaties gevonden, t.w. McAfee (logisch) en Nvidia Forceware Network Acces Manager (ok kan maar niet echt logiscg gezien die mijn LAN-poort aanstuurt).
De overstap van McAfee naar F secure wil ik maken omdat ik op mijn site rotzooi heb staan waardoor Google mijn site als onveilig aanmerkt. McAfee vindt niets en F Secure wel (bij online scannen) en ik van die rotzooi af wil.
Wat heb ik allemaal al gedaan:
- F Secure installeren volgens standaard procedure
- Na Key ingeve wordt gezocht naar conflicteren applicaties
- Zowel McAfee als Nividia Forceware etc. worden gevonden maar niet automatisch verwijderd
- Mc Afee is handmatig te verwijderen
- Nvidia Forceware is niet te verwijderen
- Installatie af moeten breken
- Mirror c;\ partitie teruggezet
- Via ms config alle Nvidia toepassingen en programma's uitgeschakeld en opnieuw opgestart
- Zelfde procedure gevolgd als voorgaand maar met hetzelfde reultaat
- Opnieuw mirro c;\partitie teruggezet
- geprobeerd Nividia Forcwere te verwijderen wat niet lukt zonder enige melding
- Via CCleaner, de waarden van Nvidia Forceware op nul gezet (sic niet normaal maar ok)
- Lan verbinding uitgeschakeld
- McAfee op voorhand verwijderd
- Opnieuw instaal F Secure opgestart
- Nivida Forceware wordt nu wel automatisch verwijderd
- Installatie loopt nu netjes door tot ……..
- Juist, is uren bezig en lijkt niet te eindigen met updaten, klopt dus
- want er is geen verbinding met WAN
- activeer Nvidia opnieuw, maar ook dus via LAN geen internetverbinding
- Outlook 2007 start op maar krijg gelijk de melding dat die niet meer werkt
- Geld ook voor IE 9 en FF 4
- Krijg contineu foutmeldingen van Sitecom printerserver (mogelijk op te lossen door deze opnieuw te installen
- Windows 7 (helemaal up to date) is retetraag
- Werderom mirror can c:\ partitie terug gezet
- Mail gezonden aan F Secure maar geen reactie mogen ontvangen
- Hier gezocht maar niets kunnen vinden wat vergelijkbaar is
Onderstaand ik de hijakthis laat zien, ben niet echt een leek maar dit gaat mijn pet te boven:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:06:29, on 24-6-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corba-web.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110519175503.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe -mini
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1480718370-4163580771-2151715521-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1480718370-4163580771-2151715521-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn….9.3.0/GarminAxControl.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 12993 bytes
Wie kan mij helpen? - Hoi PC1, het is duidelijk, conflicten dus.
Je gaat nu eerst naar "Confuguratiescherm\[b:81f7b462f6]Programma's en onderdelen[/b:81f7b462f6]" en jeverwijdert daar:
[b:81f7b462f6]NVIDIA NetworkAccessManager[/b:81f7b462f6]
Dit is niks anders dan een buggy firewall van NVidia, welke helemaal niks in Windows te zooeken heeft.
McAfee handmatig verwijderen is niet de juiste weg!
Kijk nu eerst hier: http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033
En post in je volgende bericht onderstaande:
[b:81f7b462f6]Welk programma[/b:81f7b462f6]: sUbs [b:81f7b462f6]dds.scr[/b:81f7b462f6]
[b:81f7b462f6]Waarvoor/waarom[/b:81f7b462f6]: DDS is een diagnosetool en maakt gebruik van scripts.
[b:81f7b462f6]Moeilijkheidsgraad[/b:81f7b462f6]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
[b:81f7b462f6]Downloadlokatie[/b:81f7b462f6]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
[b:81f7b462f6]Download[/b:81f7b462f6] sUBs dds.scr [b:81f7b462f6]hier[/b:81f7b462f6]
[img:81f7b462f6]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:81f7b462f6]
[b:81f7b462f6]sUBs dds.scr gebruiken[/b:81f7b462f6]:
[list:81f7b462f6][*:81f7b462f6][b:81f7b462f6] - Ok Abraham, gaan we:
Ik ben dus opnieuw vanaf de mirror begonnen:
- Heb die Nvidia NetworkAccesManager verwijderd
- Dan McAfee volgens hun instructies en niet zoals jij aangaf. Als je McAfee verwijderd via software verwijderen verschijnt er een eigen deïnstallascherm
- Alle andere malware en Spywaresoftware verwijderd
- Toen met Ccleaner alles schoongemaakt resp. gerepareerd
- Nieuwe mirror gemaakt
- Opnieuw F Secure gaan installeren, vond geen conflicterende zaken en liep tijdens de installatie netjes door tot bijna het einde
- Kon niet valideren omdat F-secure geen internetverbinding vindt, ongeacht draadloos of bekabeld
- Heb met met moeite een DDS in kladblok kunnen krijgen want niets functioneert meer, zelfs kladblok klapte eruit (gelukkig na het saven)
De latop herstart maar de problemen bleven en kreeg veel foutmeldingen van niet werkende applicaties (ook van Windows zelf) en kreeg ook verbinding meer met internet
(één van de meldingen was dat er een geheugenlocatie niet kon worden beschreven)
- geheugentest uitgevoerd, geen problemen
- F-Secure gedeïnstalleerd met eigen optie van F Secure
- na herstart nog steeds veel problemen zoals bovenstaand genoemd
- Laatste mirror weer teruggezet want anders heb ik geen goed werkende laptop
hieronder de DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Piet at 17:43:02 on 2011-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1910 [GMT 2:00]
.
AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\F-Secure\Common\fsm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\POSTINSTALL.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.corba-web.nl/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Control Center] c:\program files\sitecom\mfp server control center\Control Center.exe -mini
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D}\4586579637 : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{F7556BF4-820D-4B69-A248-1D4FAAD15648} : DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\piet\appdata\roaming\mozilla\firefox\profiles\qkhe7l8f.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-24 33408]
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2010-12-15 911552]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-6-24 72520]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-24 37832]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-24 72840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 2475952]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2011-6-24 221864]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-1-26 573224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-23 2214504]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 159296]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-15 32256]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2011-6-24 102568]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-6-24 58024]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-6-9 69376]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2011-6-24 14504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-7 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-7 8456]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-6-9 92928]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-12-15 724992]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2011-6-24 41896]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2011-6-24 27304]
.
=============== Created Last 30 ================
.
2011-06-24 15:42:36 7074640 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{e3925022-f435-4e5c-ae7e-e034f4f1ad93}\mpengine.dll
2011-06-24 15:39:35 33408 —-a-w- c:\windows\system32\drivers\fsbts.sys
2011-06-24 15:39:14 37832 —-a-w- c:\windows\system32\drivers\fses.sys
2011-06-24 15:39:09 72840 —-a-w- c:\windows\system32\drivers\fsdfw.sys
2011-06-24 15:39:09 574632 —-a-w- c:\windows\system32\msvcp50.dll
2011-06-24 15:38:16 ——– d—–w- c:\program files\F-Secure
2011-06-24 15:37:21 ——– d—–w- c:\programdata\fssg
2011-06-24 15:36:17 ——– d—–w- c:\programdata\f-secure
2011-06-23 23:25:27 ——– d—–w- c:\users\piet\appdata\local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
2011-06-23 17:44:34 66664 —-a-w- c:\windows\system32\nvshext.dll
2011-06-23 17:44:34 615528 —-a-w- c:\windows\system32\nvvsvc.exe
2011-06-23 17:44:34 2560616 —-a-w- c:\windows\system32\nvsvcr.dll
2011-06-23 17:44:34 2557544 —-a-w- c:\windows\system32\nvsvc.dll
2011-06-23 17:44:33 3693672 —-a-w- c:\windows\system32\nvcpl.dll
2011-06-23 17:44:33 111208 —-a-w- c:\windows\system32\nvmctray.dll
2011-06-23 17:44:28 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-23 17:44:11 ——– d—–w- c:\programdata\NVIDIA Corporation
2011-06-23 17:39:00 57960 —-a-w- c:\windows\system32\OpenCL.dll
2011-06-23 17:38:59 6555240 —-a-w- c:\windows\system32\nvwgf2um.dll
2011-06-23 17:38:56 16456296 —-a-w- c:\windows\system32\nvoglv32.dll
2011-06-23 17:38:55 899688 —-a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-23 17:38:55 865896 —-a-w- c:\windows\system32\nvgenco322090.dll
2011-06-23 17:38:55 10589800 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-23 17:38:54 11992680 —-a-w- c:\windows\system32\nvd3dum.dll
2011-06-23 17:38:53 5301352 —-a-w- c:\windows\system32\nvcuda.dll
2011-06-23 17:38:53 2804328 —-a-w- c:\windows\system32\nvcuvid.dll
2011-06-23 17:38:53 2082408 —-a-w- c:\windows\system32\nvcuvenc.dll
2011-06-23 17:38:52 2335848 —-a-w- c:\windows\system32\nvapi.dll
2011-06-23 17:38:52 13011560 —-a-w- c:\windows\system32\nvcompiler.dll
2011-06-20 23:55:43 ——– d—–w- c:\users\piet\appdata\local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
2011-06-19 21:35:19 ——– d—–w- c:\users\piet\appdata\local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
2011-06-19 00:44:39 ——– d—–w- c:\users\piet\appdata\local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
2011-06-17 21:54:04 ——– d—–w- c:\users\piet\appdata\local\{DFF8575E-4067-4824-8009-92B15808F715}
2011-06-17 00:41:16 ——– d—–w- c:\users\piet\appdata\local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
2011-06-15 01:19:33 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-06-15 01:19:33 141104 —-a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 01:19:32 1797632 —-a-w- c:\windows\system32\jscript9.dll
2011-06-15 01:05:52 311808 —-a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 01:05:52 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 01:05:52 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 01:05:49 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 01:05:49 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 01:05:49 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 01:05:36 338944 —-a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 01:05:36 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 01:05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
2011-06-15 01:05:32 741376 —-a-w- c:\windows\system32\inetcomm.dll
2011-06-14 23:00:44 ——– d—–w- c:\users\piet\appdata\local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
2011-06-13 23:41:16 ——– d—–w- c:\users\piet\appdata\local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
2011-06-13 01:49:47 ——– d—–w- c:\users\piet\appdata\local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
2011-06-12 00:34:28 ——– d—–w- c:\users\piet\appdata\local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
2011-06-11 00:34:11 ——– d—–w- c:\users\piet\appdata\local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
2011-06-09 21:05:11 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-07 22:30:08 ——– d—–w- c:\users\piet\appdata\local\{28187619-3414-42AF-9EDC-D252D305B673}
2011-06-07 02:16:59 ——– d—–w- c:\users\piet\appdata\local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
2011-06-06 01:47:39 ——– d—–w- c:\users\piet\appdata\local\{F8D543DD-00B9-4229-B510-794656EAF063}
2011-06-02 23:11:59 ——– d—–w- c:\users\piet\appdata\local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
2011-05-31 00:12:51 ——– d—–w- c:\users\piet\appdata\local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
2011-05-29 00:55:01 ——– d—–w- c:\users\piet\appdata\local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
2011-05-27 21:11:00 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-26 23:14:16 ——– d—–w- c:\users\piet\appdata\local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
2011-05-25 20:41:53 ——– d—–w- c:\users\piet\appdata\local\{379EB12C-9D95-4C01-A013-F95DC6678387}
.
==================== Find3M ====================
.
2011-06-18 14:27:37 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 17:14:10 222080 ——w- c:\windows\system32\MpSigStub.exe
2011-05-21 06:01:00 301672 —-a-w- c:\windows\system32\nvhotkey.dll
2011-05-21 06:01:00 12392 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-23 20:20:15 1061888 —-a-w- c:\windows\isRS-000.tmp
2011-04-22 19:14:16 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:02:25 3967872 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 —-a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 17:45:11,63 ===============
Ik hoop dat je verder wat licht in mijn duisternis kan doen schijnen, m.a.w. ik hoop op een oplossing :wink: - Ok Abraham, gaan we:
Ik ben dus opnieuw vanaf de mirror begonnen:
- Heb die Nvidia NetworkAccesManager verwijderd
- Dan McAfee volgens hun instructies en niet zoals jij aangaf. Als je McAfee verwijderd via software verwijderen verschijnt er een eigen deïnstallascherm
- Alle andere malware en Spywaresoftware verwijderd
- Toen met Ccleaner alles schoongemaakt resp. gerepareerd
- Nieuwe mirror gemaakt
- Opnieuw F Secure gaan installeren, vond geen conflicterende zaken en liep tijdens de installatie netjes door tot bijna het einde
- Kon niet valideren omdat F-secure geen internetverbinding vindt, ongeacht draadloos of bekabeld
- Heb met met moeite een DDS in kladblok kunnen krijgen want niets functioneert meer, zelfs kladblok klapte eruit (gelukkig na het saven)
De latop herstart maar de problemen bleven en kreeg veel foutmeldingen van niet werkende applicaties (ook van Windows zelf) en kreeg ook verbinding meer met internet
(één van de meldingen was dat er een geheugenlocatie niet kon worden beschreven)
- geheugentest uitgevoerd, geen problemen
- F-Secure gedeïnstalleerd met eigen optie van F Secure
- na herstart nog steeds veel problemen zoals bovenstaand genoemd
- Laatste mirror weer teruggezet want anders heb ik geen goed werkende laptop
hieronder de DDS log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Piet at 17:43:02 on 2011-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1910 [GMT 2:00]
.
AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Sitecom\MFP Server Control Center\Control Center.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\F-Secure\Common\fsm32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\POSTINSTALL.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.corba-web.nl/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1043
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Control Center] c:\program files\sitecom\mfp server control center\Control Center.exe -mini
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\buffal~1.lnk - c:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\users\piet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: c:\program files\f-secure\fsps\program\FSLSP.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{01923EEA-5F5F-4528-91A9-5E6C3185A49D}\4586579637 : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{F7556BF4-820D-4B69-A248-1D4FAAD15648} : DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\piet\appdata\roaming\mozilla\firefox\profiles\qkhe7l8f.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-6-24 33408]
R0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\drivers\tdrpm255.sys [2010-12-15 911552]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2011-6-24 72520]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-6-24 37832]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-6-24 72840]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-12-15 2475952]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2011-6-24 221864]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-1-26 573224]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-23 2214504]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-12-15 159296]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-12-15 32256]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2011-6-24 102568]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2011-6-24 58024]
R3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\KUSBusByTCPMasterBus.sys [2008-6-9 69376]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2011-6-24 14504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-4-7 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-4-7 8456]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 136176]
S3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\drivers\KUSBusByTCP.sys [2008-6-9 92928]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-12-15 724992]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-14 1343400]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2011-6-24 41896]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2011-6-24 27304]
.
=============== Created Last 30 ================
.
2011-06-24 15:42:36 7074640 —-a-w- c:\programdata\microsoft\windows defender\definition updates\{e3925022-f435-4e5c-ae7e-e034f4f1ad93}\mpengine.dll
2011-06-24 15:39:35 33408 —-a-w- c:\windows\system32\drivers\fsbts.sys
2011-06-24 15:39:14 37832 —-a-w- c:\windows\system32\drivers\fses.sys
2011-06-24 15:39:09 72840 —-a-w- c:\windows\system32\drivers\fsdfw.sys
2011-06-24 15:39:09 574632 —-a-w- c:\windows\system32\msvcp50.dll
2011-06-24 15:38:16 ——– d—–w- c:\program files\F-Secure
2011-06-24 15:37:21 ——– d—–w- c:\programdata\fssg
2011-06-24 15:36:17 ——– d—–w- c:\programdata\f-secure
2011-06-23 23:25:27 ——– d—–w- c:\users\piet\appdata\local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
2011-06-23 17:44:34 66664 —-a-w- c:\windows\system32\nvshext.dll
2011-06-23 17:44:34 615528 —-a-w- c:\windows\system32\nvvsvc.exe
2011-06-23 17:44:34 2560616 —-a-w- c:\windows\system32\nvsvcr.dll
2011-06-23 17:44:34 2557544 —-a-w- c:\windows\system32\nvsvc.dll
2011-06-23 17:44:33 3693672 —-a-w- c:\windows\system32\nvcpl.dll
2011-06-23 17:44:33 111208 —-a-w- c:\windows\system32\nvmctray.dll
2011-06-23 17:44:28 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-23 17:44:11 ——– d—–w- c:\programdata\NVIDIA Corporation
2011-06-23 17:39:00 57960 —-a-w- c:\windows\system32\OpenCL.dll
2011-06-23 17:38:59 6555240 —-a-w- c:\windows\system32\nvwgf2um.dll
2011-06-23 17:38:56 16456296 —-a-w- c:\windows\system32\nvoglv32.dll
2011-06-23 17:38:55 899688 —-a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-23 17:38:55 865896 —-a-w- c:\windows\system32\nvgenco322090.dll
2011-06-23 17:38:55 10589800 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-23 17:38:54 11992680 —-a-w- c:\windows\system32\nvd3dum.dll
2011-06-23 17:38:53 5301352 —-a-w- c:\windows\system32\nvcuda.dll
2011-06-23 17:38:53 2804328 —-a-w- c:\windows\system32\nvcuvid.dll
2011-06-23 17:38:53 2082408 —-a-w- c:\windows\system32\nvcuvenc.dll
2011-06-23 17:38:52 2335848 —-a-w- c:\windows\system32\nvapi.dll
2011-06-23 17:38:52 13011560 —-a-w- c:\windows\system32\nvcompiler.dll
2011-06-20 23:55:43 ——– d—–w- c:\users\piet\appdata\local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
2011-06-19 21:35:19 ——– d—–w- c:\users\piet\appdata\local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
2011-06-19 00:44:39 ——– d—–w- c:\users\piet\appdata\local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
2011-06-17 21:54:04 ——– d—–w- c:\users\piet\appdata\local\{DFF8575E-4067-4824-8009-92B15808F715}
2011-06-17 00:41:16 ——– d—–w- c:\users\piet\appdata\local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
2011-06-15 01:19:33 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-06-15 01:19:33 141104 —-a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 01:19:32 1797632 —-a-w- c:\windows\system32\jscript9.dll
2011-06-15 01:05:52 311808 —-a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 01:05:52 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 01:05:52 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 01:05:49 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 01:05:49 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 01:05:49 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 01:05:36 338944 —-a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 01:05:36 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 01:05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
2011-06-15 01:05:32 741376 —-a-w- c:\windows\system32\inetcomm.dll
2011-06-14 23:00:44 ——– d—–w- c:\users\piet\appdata\local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
2011-06-13 23:41:16 ——– d—–w- c:\users\piet\appdata\local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
2011-06-13 01:49:47 ——– d—–w- c:\users\piet\appdata\local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
2011-06-12 00:34:28 ——– d—–w- c:\users\piet\appdata\local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
2011-06-11 00:34:11 ——– d—–w- c:\users\piet\appdata\local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
2011-06-09 21:05:11 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-07 22:30:08 ——– d—–w- c:\users\piet\appdata\local\{28187619-3414-42AF-9EDC-D252D305B673}
2011-06-07 02:16:59 ——– d—–w- c:\users\piet\appdata\local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
2011-06-06 01:47:39 ——– d—–w- c:\users\piet\appdata\local\{F8D543DD-00B9-4229-B510-794656EAF063}
2011-06-02 23:11:59 ——– d—–w- c:\users\piet\appdata\local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
2011-05-31 00:12:51 ——– d—–w- c:\users\piet\appdata\local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
2011-05-29 00:55:01 ——– d—–w- c:\users\piet\appdata\local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
2011-05-27 21:11:00 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-26 23:14:16 ——– d—–w- c:\users\piet\appdata\local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
2011-05-25 20:41:53 ——– d—–w- c:\users\piet\appdata\local\{379EB12C-9D95-4C01-A013-F95DC6678387}
.
==================== Find3M ====================
.
2011-06-18 14:27:37 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 17:14:10 222080 ——w- c:\windows\system32\MpSigStub.exe
2011-05-21 06:01:00 301672 —-a-w- c:\windows\system32\nvhotkey.dll
2011-05-21 06:01:00 12392 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-23 20:20:15 1061888 —-a-w- c:\windows\isRS-000.tmp
2011-04-22 19:14:16 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 06:02:25 3967872 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 —-a-w- c:\windows\system32\poqexec.exe
.
============= FINISH: 17:45:11,63 ===============
Ik hoop dat je verder wat licht in mijn duisternis kan doen schijnen, m.a.w. ik hoop op een oplossing :wink: - Begrijp ik het goed,dat je telkens een image van je compleet ingerichte besturingssysteem terugzet?
En ik mis Attach.txt. - Ja moet wel steeds mijn image terugzetten om weer op internet te kunnen want na install van F Secure krijg ik echt geen verbinding meer met internet etc. Sterker nog, niets werkt dan naar behoren en hen geen 2e systeem om op internet te komen.
En alsk je Attach.txt mist is die dus niet door DDS aangemaakt vrees ik. - Ik ben benieuwd wat ComboFix mogelijk vindt:
[b:4cb0090d17]Welk programma[/b:4cb0090d17]: ComboFix
[b:4cb0090d17]Waarvoor/waarom[/b:4cb0090d17]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
[b:4cb0090d17]Moeilijkheidsgraad[/b:4cb0090d17]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
[b:4cb0090d17]Downloadlokatie[/b:4cb0090d17]: Dit programma absoluut naar het bureaublad downloaden!
[b:4cb0090d17]Download ComboFix via één van deze locaties[/b:4cb0090d17]:
[list:4cb0090d17][*:4cb0090d17][b:4cb0090d17]Bleepingcomputer[/b:4cb0090d17]
[*:4cb0090d17][b:4cb0090d17]ForoSpyware[/b:4cb0090d17]
[*:4cb0090d17][b:4cb0090d17]Geekstogo[/b:4cb0090d17][/list:u:4cb0090d17]
[b:4cb0090d17]Hier[/b:4cb0090d17] zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
[b:4cb0090d17]Hier[/b:4cb0090d17] en [b:4cb0090d17]hier[/b:4cb0090d17] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
[b:4cb0090d17]Voor alle duidelijkheid nogmaals[/b:4cb0090d17]: ComboFix dient vanaf het bureaublad gestart te worden.
[b:4cb0090d17]Opmerkingen[/b:4cb0090d17]:
[list:4cb0090d17][*:4cb0090d17] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
[*:4cb0090d17]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
[*:4cb0090d17]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:4cb0090d17]
[b:4cb0090d17]ComboFix is opgestart[/b:4cb0090d17]:
[list:4cb0090d17][*:4cb0090d17]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:4cb0090d17]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
[*:4cb0090d17]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:4cb0090d17]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
[*:4cb0090d17]Post de inhoud van dit logbestand in je volgende bericht.
[*:4cb0090d17]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:4cb0090d17]
[b:4cb0090d17]Belangrijke opmerking[/b:4cb0090d17]:
[list:4cb0090d17][*:4cb0090d17][b:4cb0090d17] - Hier Combofix zonder dat er een virusscanner is geïnstalleerd. Wel heb ik bij McAffee nog een extra tool gevonden om de echte rotzooi van McAffee te verwujderen. Die heb ik eerst gedraaid alvorens onderstaande log aan te maken.
ComboFix 11-06-25.01 - Piet 25-06-2011 17:04:56.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1894 [GMT 2:00]
Gestart vanuit: c:\users\Piet\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))
.
.
2011-06-25 15:10 . 2011-06-25 15:11 ——– d—–w- c:\users\Piet\AppData\Local\temp
2011-06-25 15:10 . 2011-06-25 15:10 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-06-25 14:46 . 2011-06-25 14:46 ——– d—–w- C:\found.000
2011-06-25 14:23 . 2011-06-25 14:23 0 —ha-w- c:\users\Piet\AppData\Local\BITF381.tmp
2011-06-24 22:48 . 2011-06-24 22:48 ——– d—–w- c:\users\Piet\AppData\Local\{BF9D7446-7235-4342-8B9E-1960E8AFA35B}
2011-06-24 17:23 . 2011-06-24 17:23 ——– d—–w- C:\Studio webdesing
2011-06-24 16:49 . 2011-06-24 16:49 ——– d—–w- c:\users\Piet\AppData\Roaming\AVG10
2011-06-24 16:48 . 2011-06-24 16:48 ——– d–h–w- c:\programdata\Common Files
2011-06-24 16:47 . 2011-06-25 14:54 ——– d—–w- c:\programdata\AVG10
2011-06-24 16:46 . 2011-06-24 16:46 ——– d—–w- c:\program files\AVG
2011-06-24 16:38 . 2011-06-25 14:53 ——– d—–w- c:\programdata\MFAData
2011-06-23 23:25 . 2011-06-23 23:25 ——– d—–w- c:\users\Piet\AppData\Local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
2011-06-23 17:47 . 2011-06-24 17:22 ——– d—–w- c:\users\UpdatusUser
2011-06-23 17:44 . 2011-05-21 06:01 66664 —-a-w- c:\windows\system32\nvshext.dll
2011-06-23 17:44 . 2011-05-21 06:01 615528 —-a-w- c:\windows\system32\nvvsvc.exe
2011-06-23 17:44 . 2011-05-21 06:01 2560616 —-a-w- c:\windows\system32\nvsvcr.dll
2011-06-23 17:44 . 2011-05-21 06:01 2557544 —-a-w- c:\windows\system32\nvsvc.dll
2011-06-23 17:44 . 2011-05-21 06:01 3693672 —-a-w- c:\windows\system32\nvcpl.dll
2011-06-23 17:44 . 2011-05-21 06:01 111208 —-a-w- c:\windows\system32\nvmctray.dll
2011-06-23 17:44 . 2011-05-21 06:01 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-23 17:44 . 2011-06-23 17:44 ——– d—–w- c:\programdata\NVIDIA Corporation
2011-06-23 17:39 . 2011-05-21 06:01 57960 —-a-w- c:\windows\system32\OpenCL.dll
2011-06-23 17:38 . 2011-05-21 06:01 6555240 —-a-w- c:\windows\system32\nvwgf2um.dll
2011-06-23 17:38 . 2011-05-21 06:01 16456296 —-a-w- c:\windows\system32\nvoglv32.dll
2011-06-23 17:38 . 2011-05-21 06:01 899688 —-a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-23 17:38 . 2011-05-21 06:01 865896 —-a-w- c:\windows\system32\nvgenco322090.dll
2011-06-23 17:38 . 2011-05-21 06:01 10589800 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-23 17:38 . 2011-05-21 06:01 11992680 —-a-w- c:\windows\system32\nvd3dum.dll
2011-06-23 17:38 . 2011-05-21 06:01 5301352 —-a-w- c:\windows\system32\nvcuda.dll
2011-06-23 17:38 . 2011-05-21 06:01 2804328 —-a-w- c:\windows\system32\nvcuvid.dll
2011-06-23 17:38 . 2011-05-21 06:01 2082408 —-a-w- c:\windows\system32\nvcuvenc.dll
2011-06-23 17:38 . 2011-05-21 06:01 2335848 —-a-w- c:\windows\system32\nvapi.dll
2011-06-23 17:38 . 2011-05-21 06:01 13011560 —-a-w- c:\windows\system32\nvcompiler.dll
2011-06-20 23:55 . 2011-06-20 23:55 ——– d—–w- c:\users\Piet\AppData\Local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
2011-06-19 21:35 . 2011-06-19 21:35 ——– d—–w- c:\users\Piet\AppData\Local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
2011-06-19 00:44 . 2011-06-19 00:44 ——– d—–w- c:\users\Piet\AppData\Local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
2011-06-17 21:54 . 2011-06-17 21:54 ——– d—–w- c:\users\Piet\AppData\Local\{DFF8575E-4067-4824-8009-92B15808F715}
2011-06-17 00:41 . 2011-06-17 00:41 ——– d—–w- c:\users\Piet\AppData\Local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
2011-06-15 01:19 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 01:19 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-06-15 01:19 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
2011-06-15 01:05 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 01:05 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 01:05 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 01:05 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 01:05 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 01:05 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 01:05 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 01:05 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 01:05 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
2011-06-15 01:05 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
2011-06-14 23:00 . 2011-06-14 23:00 ——– d—–w- c:\users\Piet\AppData\Local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
2011-06-13 23:41 . 2011-06-13 23:41 ——– d—–w- c:\users\Piet\AppData\Local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
2011-06-13 01:49 . 2011-06-13 01:49 ——– d—–w- c:\users\Piet\AppData\Local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
2011-06-12 00:34 . 2011-06-12 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
2011-06-11 00:34 . 2011-06-11 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
2011-06-09 21:05 . 2011-06-09 21:05 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-07 22:30 . 2011-06-07 22:30 ——– d—–w- c:\users\Piet\AppData\Local\{28187619-3414-42AF-9EDC-D252D305B673}
2011-06-07 02:16 . 2011-06-07 02:17 ——– d—–w- c:\users\Piet\AppData\Local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
2011-06-06 01:47 . 2011-06-06 01:47 ——– d—–w- c:\users\Piet\AppData\Local\{F8D543DD-00B9-4229-B510-794656EAF063}
2011-06-02 23:11 . 2011-06-02 23:12 ——– d—–w- c:\users\Piet\AppData\Local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
2011-05-31 00:12 . 2011-05-31 00:13 ——– d—–w- c:\users\Piet\AppData\Local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
2011-05-29 00:55 . 2011-05-29 00:55 ——– d—–w- c:\users\Piet\AppData\Local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
2011-05-27 21:11 . 2011-05-27 21:11 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-27 21:08 . 2011-05-27 21:08 ——– d—–w- c:\programdata\Lavasoft
2011-05-26 23:14 . 2011-05-26 23:14 ——– d—–w- c:\users\Piet\AppData\Local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 14:27 . 2011-05-15 14:48 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 06:01 . 2011-06-23 17:38 12392 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 06:01 . 2007-12-05 17:18 301672 —-a-w- c:\windows\system32\nvhotkey.dll
2011-04-23 20:20 . 2011-04-23 20:20 1061888 —-a-w- c:\windows\isRS-000.tmp
2011-04-22 19:14 . 2011-05-25 14:19 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 14:56 . 2011-04-22 14:56 159080 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-09 06:02 . 2011-05-10 17:06 3967872 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 17:06 3912576 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-10 17:06 123904 —-a-w- c:\windows\system32\poqexec.exe
2011-03-18 18:03 . 2011-03-22 21:52 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-15 39408]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-06-17 93816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
"Control Center"="c:\program files\Sitecom\MFP Server Control Center\Control Center.exe" [2008-06-06 3127808]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
.
c:\users\Piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648]
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-06-09 92928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-12-15 911552]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-15 2475952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-15 159296]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-06-09 69376]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-07 724992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.corba-web.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Piet\AppData\Roaming\Mozilla\Firefox\Profiles\qkhe7l8f.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-06-25 17:13:00
ComboFix-quarantined-files.txt 2011-06-25 15:12
.
Pre-Run: 87.786.160.128 bytes beschikbaar
Post-Run: 87.329.095.680 bytes beschikbaar
.
- - End Of File - - 9298B89A581DD7072BBEBC43B724FA80 - Twee dingen:
a) ComboFix is niet vanaf het bureaublad gestart, maar vanuit de map Downloads.
Verplaats ComboFix dus naar het bureaublad.
b) Nu zit ineens AVG10 in jouw Windows.
Waarom niet eerst gevraagd?
AVG10 is misschien nog lastiger weer te verwijderen dan F-Secure!
In ieder geval start ComboFix vanaf de juiste lokatie voor een nieuwe scan. - Sorry joh, maar wilde niet helemaal onbeschermt het net op snap je. Heb mij niet gerealiseerd dat dit kwaad kon.
Maar ik heb ook na het installeren van F Secure vanaf het bureaublad, nadat F Secure volledig is uitgeschakeld weer een Combofix vanaf het bureaublad gedraaid. Maar kreeg veel foutmeldingen van werfault.exe die 4 schrijffouten ga op geheugen locaties. Ook liepen de applicaties vaak vast en heeft mij inmiddels weer uren gekost om da log te verkrijgen.
Wel maak ik na elk advies m.v.t. controle- en of verwijderen van applicaties een nieuwe image van waaruit ik verder ga. Fat houd in dat ik nu weer op een vorige image zit en ik als ik verder moet gaan eerst de voorgaande image terugzet vanwaar we zijn gebleven. Op die wijze zal je dit soort zaken als AVG niet meer tegenkomen.
Hier volgt de log van Cpmbofix na uitschakeling van F Secure, ik kreeg dus geen waarschuwingen.
ComboFix 11-06-25.01 - Piet 25-06-2011 18:04:11.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.2010 [GMT 2:00]
Gestart vanuit: c:\users\Piet\Downloads\ComboFix.exe
AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Internet Security 2011 10.51 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))
.
.
2011-06-25 16:10 . 2011-06-25 16:10 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-06-25 15:44 . 2011-06-25 15:44 33408 —-a-w- c:\windows\system32\drivers\fsbts.sys
2011-06-25 15:44 . 2011-06-25 15:44 37832 —-a-w- c:\windows\system32\drivers\fses.sys
2011-06-25 15:44 . 2011-06-25 15:43 72840 —-a-w- c:\windows\system32\drivers\fsdfw.sys
2011-06-25 15:44 . 2011-06-25 15:43 574632 —-a-w- c:\windows\system32\msvcp50.dll
2011-06-25 15:43 . 2011-06-25 15:45 ——– d—–w- c:\program files\F-Secure
2011-06-25 15:42 . 2011-06-25 15:42 ——– d—–w- c:\programdata\fssg
2011-06-25 15:41 . 2011-06-25 15:44 ——– d—–w- c:\programdata\f-secure
2011-06-25 15:13 . 2011-06-25 16:10 ——– d—–w- c:\users\Piet\AppData\Local\temp
2011-06-25 14:46 . 2011-06-25 14:46 ——– d—–w- C:\found.000
2011-06-25 14:23 . 2011-06-25 14:23 0 —ha-w- c:\users\Piet\AppData\Local\BITF381.tmp
2011-06-24 22:48 . 2011-06-24 22:48 ——– d—–w- c:\users\Piet\AppData\Local\{BF9D7446-7235-4342-8B9E-1960E8AFA35B}
2011-06-24 17:23 . 2011-06-24 17:23 ——– d—–w- C:\Studio webdesing
2011-06-24 16:49 . 2011-06-24 16:49 ——– d—–w- c:\users\Piet\AppData\Roaming\AVG10
2011-06-24 16:48 . 2011-06-24 16:48 ——– d–h–w- c:\programdata\Common Files
2011-06-24 16:47 . 2011-06-25 14:54 ——– d—–w- c:\programdata\AVG10
2011-06-24 16:46 . 2011-06-24 16:46 ——– d—–w- c:\program files\AVG
2011-06-24 16:38 . 2011-06-25 14:53 ——– d—–w- c:\programdata\MFAData
2011-06-23 23:25 . 2011-06-23 23:25 ——– d—–w- c:\users\Piet\AppData\Local\{7490FD38-64F5-4299-B4DB-45A3B33515DB}
2011-06-23 17:47 . 2011-06-24 17:22 ——– d—–w- c:\users\UpdatusUser
2011-06-23 17:44 . 2011-05-21 06:01 66664 —-a-w- c:\windows\system32\nvshext.dll
2011-06-23 17:44 . 2011-05-21 06:01 615528 —-a-w- c:\windows\system32\nvvsvc.exe
2011-06-23 17:44 . 2011-05-21 06:01 2560616 —-a-w- c:\windows\system32\nvsvcr.dll
2011-06-23 17:44 . 2011-05-21 06:01 2557544 —-a-w- c:\windows\system32\nvsvc.dll
2011-06-23 17:44 . 2011-05-21 06:01 3693672 —-a-w- c:\windows\system32\nvcpl.dll
2011-06-23 17:44 . 2011-05-21 06:01 111208 —-a-w- c:\windows\system32\nvmctray.dll
2011-06-23 17:44 . 2011-05-21 06:01 543336 —-a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-23 17:44 . 2011-06-23 17:44 ——– d—–w- c:\programdata\NVIDIA Corporation
2011-06-23 17:39 . 2011-05-21 06:01 57960 —-a-w- c:\windows\system32\OpenCL.dll
2011-06-23 17:38 . 2011-05-21 06:01 6555240 —-a-w- c:\windows\system32\nvwgf2um.dll
2011-06-23 17:38 . 2011-05-21 06:01 16456296 —-a-w- c:\windows\system32\nvoglv32.dll
2011-06-23 17:38 . 2011-05-21 06:01 899688 —-a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-23 17:38 . 2011-05-21 06:01 865896 —-a-w- c:\windows\system32\nvgenco322090.dll
2011-06-23 17:38 . 2011-05-21 06:01 10589800 —-a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-23 17:38 . 2011-05-21 06:01 11992680 —-a-w- c:\windows\system32\nvd3dum.dll
2011-06-23 17:38 . 2011-05-21 06:01 5301352 —-a-w- c:\windows\system32\nvcuda.dll
2011-06-23 17:38 . 2011-05-21 06:01 2804328 —-a-w- c:\windows\system32\nvcuvid.dll
2011-06-23 17:38 . 2011-05-21 06:01 2082408 —-a-w- c:\windows\system32\nvcuvenc.dll
2011-06-23 17:38 . 2011-05-21 06:01 2335848 —-a-w- c:\windows\system32\nvapi.dll
2011-06-23 17:38 . 2011-05-21 06:01 13011560 —-a-w- c:\windows\system32\nvcompiler.dll
2011-06-20 23:55 . 2011-06-20 23:55 ——– d—–w- c:\users\Piet\AppData\Local\{A7389609-4BE7-4347-9F38-1E8F18ADA35A}
2011-06-19 21:35 . 2011-06-19 21:35 ——– d—–w- c:\users\Piet\AppData\Local\{2E28E0E4-AF7E-4E71-AE43-7B68C8C1EB0C}
2011-06-19 00:44 . 2011-06-19 00:44 ——– d—–w- c:\users\Piet\AppData\Local\{9FF9C221-4122-4A88-8D9D-1E3BBFC4A587}
2011-06-17 21:54 . 2011-06-17 21:54 ——– d—–w- c:\users\Piet\AppData\Local\{DFF8575E-4067-4824-8009-92B15808F715}
2011-06-17 00:41 . 2011-06-17 00:41 ——– d—–w- c:\users\Piet\AppData\Local\{52698EA3-EA3A-4FEC-A591-89AD3A61F500}
2011-06-15 01:19 . 2011-04-25 15:29 141104 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 01:19 . 2011-04-22 23:25 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2011-06-15 01:19 . 2011-04-22 23:35 1797632 —-a-w- c:\windows\system32\jscript9.dll
2011-06-15 01:05 . 2011-04-29 02:46 311808 —-a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 01:05 . 2011-04-29 02:46 310272 —-a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 01:05 . 2011-04-29 02:46 114688 —-a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 01:05 . 2011-04-27 02:17 223744 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 01:05 . 2011-04-27 02:17 96768 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 01:05 . 2011-04-27 02:17 123904 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 01:05 . 2011-04-25 04:31 1290624 —-a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 01:05 . 2011-04-25 02:18 338944 —-a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 01:05 . 2011-02-25 05:34 571904 —-a-w- c:\windows\system32\oleaut32.dll
2011-06-15 01:05 . 2011-05-03 04:30 741376 —-a-w- c:\windows\system32\inetcomm.dll
2011-06-14 23:00 . 2011-06-14 23:00 ——– d—–w- c:\users\Piet\AppData\Local\{AA0E67CF-7DCE-4118-B3CE-94DF0684344F}
2011-06-13 23:41 . 2011-06-13 23:41 ——– d—–w- c:\users\Piet\AppData\Local\{F7F2DA3B-B416-47EB-82DF-8B81AF522E27}
2011-06-13 01:49 . 2011-06-13 01:49 ——– d—–w- c:\users\Piet\AppData\Local\{A5057FBA-E7A7-49D7-B1FE-16B2778C5167}
2011-06-12 00:34 . 2011-06-12 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{EDC3DDD9-F79B-4C14-8ABD-46F0C78991A9}
2011-06-11 00:34 . 2011-06-11 00:34 ——– d—–w- c:\users\Piet\AppData\Local\{167AD3C9-37B4-411C-AD1A-D6823CED637A}
2011-06-09 21:05 . 2011-06-09 21:05 121464 —-a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-07 22:30 . 2011-06-07 22:30 ——– d—–w- c:\users\Piet\AppData\Local\{28187619-3414-42AF-9EDC-D252D305B673}
2011-06-07 02:16 . 2011-06-07 02:17 ——– d—–w- c:\users\Piet\AppData\Local\{A66A296B-2E55-4D57-B91D-DD0F2510E080}
2011-06-06 01:47 . 2011-06-06 01:47 ——– d—–w- c:\users\Piet\AppData\Local\{F8D543DD-00B9-4229-B510-794656EAF063}
2011-06-02 23:11 . 2011-06-02 23:12 ——– d—–w- c:\users\Piet\AppData\Local\{C486C5E6-9868-4A44-A6B8-5A81615FA32E}
2011-05-31 00:12 . 2011-05-31 00:13 ——– d—–w- c:\users\Piet\AppData\Local\{18F47314-5F8F-4395-8A7E-3FFA4A031C5C}
2011-05-29 00:55 . 2011-05-29 00:55 ——– d—–w- c:\users\Piet\AppData\Local\{29983C0D-9941-4AA1-9F4A-D3E3EF587F9B}
2011-05-27 21:11 . 2011-05-27 21:11 98392 —-a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-27 21:08 . 2011-05-27 21:08 ——– d—–w- c:\programdata\Lavasoft
2011-05-26 23:14 . 2011-05-26 23:14 ——– d—–w- c:\users\Piet\AppData\Local\{23D9B2C9-53B7-43DB-A88C-8A07C627C7D7}
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 14:27 . 2011-05-15 14:48 404640 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-21 06:01 . 2011-06-23 17:38 12392 —-a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-21 06:01 . 2007-12-05 17:18 301672 —-a-w- c:\windows\system32\nvhotkey.dll
2011-04-23 20:20 . 2011-04-23 20:20 1061888 —-a-w- c:\windows\isRS-000.tmp
2011-04-22 19:14 . 2011-05-25 14:19 27008 —-a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 14:56 . 2011-04-22 14:56 159080 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-09 06:02 . 2011-05-10 17:06 3967872 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 17:06 3912576 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-10 17:06 123904 —-a-w- c:\windows\system32\poqexec.exe
2011-03-18 18:03 . 2011-03-22 21:52 142296 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-15 39408]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2011-06-17 93816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-05-11 1348144]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"Acronis Scheduler2Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
"Control Center"="c:\program files\Sitecom\MFP Server Control Center\Control Center.exe" [2008-06-06 3127808]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-10-28 1406248]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
.
c:\users\Piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-5-11 1070648]
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
2011-06-25 15:43 201384 —-a-w- c:\program files\F-Secure\Common\FSM32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2011-06-25 15:43 1655464 —-a-w- c:\program files\F-Secure\FSGUI\tnbutil.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [2008-06-09 92928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1343400]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2011-06-25 41896]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2011-06-25 27304]
R4 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2011-06-25 58024]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2011-06-25 33408]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [2010-12-15 911552]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2011-06-25 72520]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-06-25 37832]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-06-25 72840]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-06-25 14504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-15 2475952]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-26 573224]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-12-15 159296]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-25 102568]
S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\KUSBusByTCPMasterBus.sys [2008-06-09 69376]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-07 724992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 15:05]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.corba-web.nl/
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Piet\AppData\Roaming\Mozilla\Firefox\Profiles\qkhe7l8f.default\
FF - prefs.js: browser.search.selectedEngine - Secure-zoeken
FF - prefs.js: browser.startup.homepage - hxxp://www.corba-web.nl/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'Explorer.exe'(2224)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
.
Voltooingstijd: 2011-06-25 18:12:50
ComboFix-quarantined-files.txt 2011-06-25 16:12
ComboFix2.txt 2011-06-25 15:13
.
Pre-Run: 87.214.116.864 bytes beschikbaar
Post-Run: 87.042.084.864 bytes beschikbaar
.
- - End Of File - - 1152C53D1D571770EEC6A3881D539C0A
Dus F Secure geïnstalleerd maar geen werkende applicaties meer en kon F Secure ook niet valideren.
En de volgende keer zal ik vragen voor als ik weer tussentijds wat installeer. Sorry, overzag de consequenties niet en wil niet onbeschermd op internet en heb dus maar één laptop in huis en verder niets! - Ik denk dat jij die image moet vergeten en Windows van de grond moet gaan opbouwen op een vers geformatteerde systeempartitie!
- Pfff, ik ben er uit hoor. Naast de zeer goede contacten met F Secure en veel geklooi om het zomaar te noemen heb ik uiteindelijk mijn mirror uit februari teruggezet, die ik gelukkig op mijn NAS terug vond. Is een mirror van een "schone" installatie en hoefde daar alleen McAfee te verwijderen. De installatie verliep vlekkeloos en alles lijkt goed te werken.
Aangezien al mijn data op zowel de E: partitie en de NAS staan heb ik op dat gebied geen verlies geleden, behalve dat ik nu veel moet updaten maar dat kan tussen andere bedrijven door. - Mooi dat je nog een ander mage vond.
Maar een vraag: hoe heb je McAfee verwjderd uit die Windows?
Want McAfee verwijderd via de Windows weg betekent meestal, dat er nog flink wat onderdelen achterblijven.
Dus gebruik alsnog het tool van McAfee, om zeker te gaan dat McAfee definitief verdwijnt.
http://service.mcafee.com/FAQDocument.aspx?id=TS100507&lc=1033 - Die beschrijving van McAfee waar jij de link voor gaf klopt dus niet. Inmiddels hebben zij, evenals Norton, een speciaal programma om alle rotzooi van McAfee te verwijderen.
Die tool kun je vinden op:
http://download.mcafee.com/products/licenced/cust_support_patches/MPCR.exe - Je hebt gelijk.
Het is veranderd, zal verband houden met de overname van McAfee door Intel.
Bedankt voor het melden!
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
