Mededeling

Collapse
No announcement yet.

chromebrowser werkt meer niet dan wel....en IE is ook erg traag.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • chromebrowser werkt meer niet dan wel....en IE is ook erg traag.

    Hallo Nuciamedewerkers,

    Even geleden, maar ja.. hier zijn we toch weer es...
    Internet en zeker chrome, traag...
    Mijne norton antivirus update niet meer.. ( en is niet vervallen)
    Ik heb chrome ook al es verwijderd en opnieuw geïnstalleerd. Helpt niet.
    De stappen uitgevoerd: Defogger/Mbam: alles oké/DDS: zie logs/Gmer: zie logs
    Verder installeerde PREVX zich tijdens het scannen op rootkits?
    Nu is het me toch al gelukt om housecall te draaien maar erg traag ook. Voorlopig niets..
    Greetz !!





    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by ilse at 22:08:25 on 2013-08-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2165 [GMT 2:00]
    .
    AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}
    AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ================
    .
    F:\Program Files\Sandbox\SbieSvc.exe
    C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\WacomHost.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\KMService.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\WINDOWS\RTHDCPL.EXE
    F:\Program Files\Adobe\Acrobat\Acrotray.exe
    C:\Program Files\Bamboo Dock\BambooCore.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Office 2010\Office14\ONENOTEM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\ilse\Bureaublad\Defogger.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Documents and Settings\ilse\Bureaublad\h688q3ky.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.be/
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\office 2010\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\office 2010\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [AdobeBridge] <no file>
    mRun: [EasyTuneVPro] c:\program files\gigabyte\et5pro\ETcall.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [BCSSync] "f:\program files\office 2010\office14\BCSSync.exe" /DelayServices
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
    mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat\Acrotray.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
    mRun: [muBlinder] c:\documents and settings\ilse\mijn documenten\downloads\mublinder\muBlinder.exe -startup
    mRunOnce: [Malwarebytes Anti-Malware] f:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~2.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~1.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1040-7d00-7760-000000000003}\_SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - f:\program files\adobe\acrobat\AdobeCollabSync.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    IE: Converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - f:\progra~1\office~1\office14\EXCEL.EXE/3000
    IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Se&nd to OneNote - f:\progra~1\office~1\office14\ONBttnIE.dll/105
    IE: Selectie converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Toevoegen aan bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\office 2010\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\office 2010\office14\ONBttnIELinkedNotes.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350773546906
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350774295109
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{84F1B249-EB44-4570-A3A8-C28543DFB43D} : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\office 2010\office14\GROOVEEX.DLL
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\ilse\application data\mozilla\firefox\profiles\l1lfrgl6.default\
    FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npo1d.dll
    FF - plugin: c:\documents and settings\ilse\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - plugin: f:\progra~1\office~1\office14\NPAUTHZ.DLL
    FF - plugin: f:\progra~1\office~1\office14\NPSPWRAP.DLL
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: f:\program files\quicktime\plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2013-8-23 116224]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-1-10 8192]
    R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-10-22 22016]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
    R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-11-16 9216]
    R2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2013-8-23 744448]
    R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2013-1-17 526208]
    R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-22 106656]
    R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-1-17 11680]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-23 40776]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130705.002\naveng.sys [2013-7-5 93272]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130705.002\navex15.sys [2013-7-5 1611992]
    R3 SbieDrv;SbieDrv;f:\program files\sandbox\SbieDrv.sys [2013-7-8 159208]
    R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-1-17 69024]
    R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-1-17 13728]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-22 1691480]
    S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-15 83864]
    S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\live update 5\ntiolib.sys --> f:\program files\live update 5\NTIOLib.sys [?]
    S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-10-22 36384]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
    S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\sisoftware sandra lite 2013.sp4\RpcAgentSrv.exe [2013-7-4 71832]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-15 181912]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-3-23 114688]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2013-3-23 105088]
    SUnknown GVTDrv;GVTDrv; [x]
    .
    =============== Created Last 30 ================
    .
    2013-08-23 19:59:27 150160 ----a-w- c:\windows\system32\WRusr.dll
    2013-08-23 19:59:26 116224 ----a-w- c:\windows\system32\drivers\WRkrn.sys
    2013-08-23 19:59:21 -------- d-----w- c:\program files\Webroot
    2013-08-23 19:58:50 -------- d-----w- c:\documents and settings\all users\application data\WRData
    2013-08-23 19:31:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-08-23 19:31:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-08-23 11:22:50 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
    2013-08-20 23:12:26 -------- d-----w- c:\documents and settings\ilse\local settings\application data\Logitech
    2013-08-20 22:30:47 -------- d-----w- c:\program files\common files\Logitech
    2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-08-15 20:35:14 -------- d-----w- c:\windows\system32\MRT
    .
    ==================== Find3M ====================
    .
    2013-08-23 11:31:32 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:48:59 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-07-25 20:53:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-25 20:53:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-25 15:58:11 385024 ------w- c:\windows\system32\html.iec
    2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-27 20:59:46 1091636 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2013-06-27 20:59:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2013-06-27 20:59:40 1091636 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2013-06-12 19:48:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-06-12 19:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-12 19:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-12 19:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-11 23:55:25 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-06-05 09:08:29 1876864 ----a-w- c:\windows\system32\win32k.sys
    2013-06-04 07:22:58 563200 ----a-w- c:\windows\system32\qedit.dll
    2013-05-28 01:59:30 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-05-28 01:05:24 6656 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ============= FINISH: 22:08:44,21 ===============
    Last edited by idleidee; 23-08-13, 22:32.

  • #2
    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-08-23 22:08:06
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 Maxtor_6Y120M0 rev.YAR51EW0 114,50GB
    Running: h688q3ky.exe; Driver: C:\DOCUME~1\ilse\LOCALS~1\Temp\fxlyifog.sys


    ---- System - GMER 2.1 ----

    SSDT 89C19708 ZwAlertResumeThread
    SSDT 89C498E0 ZwAlertThread
    SSDT 89C77EB0 ZwAllocateVirtualMemory
    SSDT 89C49378 ZwConnectPort
    SSDT 89C407E8 ZwCreateMutant
    SSDT 89C4A6F8 ZwCreateThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB487A350]
    SSDT 8A840200 ZwFreeVirtualMemory
    SSDT 89C40820 ZwImpersonateAnonymousToken
    SSDT 89C0C300 ZwImpersonateThread
    SSDT 8A8521B8 ZwMapViewOfSection
    SSDT 89C35658 ZwOpenEvent
    SSDT 8A7D6768 ZwOpenProcessToken
    SSDT 89C7B678 ZwOpenThreadToken
    SSDT 89C46FC0 ZwQueryValueKey
    SSDT 89CA8E08 ZwResumeThread
    SSDT 89C03B80 ZwSetContextThread
    SSDT 89C15560 ZwSetInformationProcess
    SSDT 89C35C78 ZwSetInformationThread
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB487A580]
    SSDT 89C46F00 ZwSuspendProcess
    SSDT 89BFF3E8 ZwSuspendThread
    SSDT 89C193E0 ZwTerminateProcess
    SSDT 89D20C78 ZwTerminateThread
    SSDT 89C089A0 ZwUnmapViewOfSection
    SSDT 89C77E20 ZwWriteVirtualMemory

    Code B87FA47C ZwRequestPort
    Code B87FA51C ZwRequestWaitReplyPort
    Code B87FA47B NtRequestPort
    Code B87FA51B NtRequestWaitReplyPort

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D34 8050461C 4 Bytes [E8, 07, C4, 89]
    PAGE ntkrnlpa.exe!NtRequestPort 805A2A7E 5 Bytes JMP B87FA480
    PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2DAA 5 Bytes JMP B87FA520
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB731E3C0, 0x749CBA, 0xE8000020]
    ? C:\DOCUME~1\ilse\LOCALS~1\Temp\mbr.sys De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !

    ---- User code sections - GMER 2.1 ----

    .text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
    .text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll
    .text C:\WINDOWS\system32\SearchIndexer.exe[3232] kernel32.dll!WriteFile 7C7E12FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125A2
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912613
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912741
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, 4F, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919CEA
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919D5B
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919E89
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, C6, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585559 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC44 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417579EF C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41757921 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175798C C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577F2 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757854 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A52 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 417578B6 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A526
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A597
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A6C5
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, CF, 00]
    .text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\system32\SearchIndexer.exe[3232] kernel32.dll!WriteFile 7C7E12FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
    .text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
    .text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585559 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659BB9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D1F5 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC44 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C46B9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417579EF C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41757921 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175798C C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577F2 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757854 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A52 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 417578B6 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 4165DCA0 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 41757D57 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585559 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659BB9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D1F5 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC44 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C46B9 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417579EF C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41757921 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175798C C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577F2 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757854 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A52 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 417578B6 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 4165DCA0 C:\WINDOWS\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[2272] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 41757D57 C:\WINDOWS\system32\IEFRAME.dll

    ---- Devices - GMER 2.1 ----

    Device Ntfs.sys
    Device Fastfat.SYS

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
    AttachedDevice FLTMGR.SYS

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076
    Reg HKLM\SYSTEM\ControlSet002\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076
    Reg HKLM\SYSTEM\ControlSet002\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076

    ---- EOF - GMER 2.1 ----

    Comment


    • #3
      Hoi idleidee ,

      Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
      .
      • Log enkel in als beheerder met alle rechten.
      • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
      • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
      • Volg aandachtig de instructies die door mij worden gegeven.
      • Volg enkel het door mij gegeven advies op
      • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
      • Als je iets niet weet of verstaat, vraag het dan even aub.
      • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
      • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
      • Zet je emoticons (Smileys) uit als je logs plaatst aub .
      • De logs niet als bijlage, noch tussen codetags zetten aub.

      .
      Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
      De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

      Stap 1:

      Malware scannen en verwijderen....


      Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links: Dubbelklik op mbam-setup.exe om het programma te installeren.

      Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
      Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

      Zorg dat er na de installatie een vinkje is geplaatst bij:
      • Update MalwareBytes' Anti-Malware
      • Start MalwareBytes' Anti-Malware
      • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



      Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
      • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
      • Ga naar het tabblad "Updates" en Update MBAM.
      • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
      • Druk vervolgens op "Scannen" om de scan te starten.
      • Het scannen kan een tijdje duren, dus wees geduldig.
      • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
      • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
      • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

      Indien MBAM vraagt om een herstart, doe dit dan ook.
      Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
      In dat geval post je dus de twee logs.

      De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


      Bij problemen!!!

      ___________________________________________________________

      Stap 2:

      Controle op slechte toolbars...

      Download AdwCleaner by Xplode naar je Bureaublad.
      • Sluit alle openstaande vensters
      • Start AdwCleaner en klik op Clean
      • KLIK HIER voor een vergroting! 

      Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
      Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

      Vergeet niet om je "smileys" uit te schakelen.

      Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

      ___________________________________________________________

      Stap 3:

      Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


      DDS is een diagnosetool en maakt gebruik van scripts.
      Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


      Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
      Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
      Beide logfiles sla je op je bureaublad.

      Post de inhoud van DDS.txt.

      De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

      ___________________________________________________________

      Stap 4:

      Controle op updates...

      Download Security Check op je bureaublad via hier of hier

      Start Security Check
      Volg de Instructies in het scherm
      Aan het eind verschijnt een log ( checkup.txt )
      Plaats de inhoud ervan in je volgende antwoord.

      In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
      .
      • MBAM
      • AdwCleaner
      • DDS
      • checkup.txt

      .
      Deze logs NIET als bijlage of tussen codetags posten aub.
      (Desnoods in meerdere postingen.)

      Emphyrio
      Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
      E Dev * McAfee verwijderen. * Ccleaner * E-Peek

      Comment


      • #4
        adw log

        # AdwCleaner v3.000 - Report created 23/08/2013 at 23:57:40
        # Updated 20/08/2013 by Xplode
        # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
        # Username : ilse - HAXXOR-LTDS
        # Running from : C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
        # Option : Scan

        ***** [ Services ] *****


        ***** [ Files / Folders ] *****

        File Found : C:\DOCUME~1\ilse\LOCALS~1\Temp\Uninstall.exe

        ***** [ Shortcuts ] *****


        ***** [ Registry ] *****

        Key Found : HKCU\Software\Conduit
        Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
        Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
        Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
        Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
        Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
        Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
        Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
        Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
        Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

        ***** [ Browsers ] *****

        -\\ Internet Explorer v8.0.6001.18702


        -\\ Mozilla Firefox v21.0 (nl)

        [ File : C:\Documents and Settings\ilse\Application Data\Mozilla\Firefox\Profiles\l1lfrgl6.default\prefs.js ]


        -\\ Google Chrome v29.0.1547.57

        [ File : C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


        *************************

        AdwCleaner[R0].txt - [1627 octets] - [23/08/2013 23:57:40]

        ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1687 octets] ##########

        Comment


        • #5
          Results of screen317's Security Check version 0.99.72
          Windows XP Service Pack 3 x86
          Internet Explorer 8
          ``````````````Antivirus/Firewall Check:``````````````
          Symantec AntiVirus Corporate Edition
          Antivirus out of date!
          `````````Anti-malware/Other Utilities Check:`````````
          CCleaner
          Java 7 Update 25
          Adobe Flash Player 11.7.700.224
          Adobe Reader XI
          Mozilla Firefox 21.0 Firefox out of Date!
          Google Chrome 29.0.1547.57
          ````````Process Check: objlist.exe by Laurent````````
          Symantec AntiVirus DefWatch.exe
          Symantec AntiVirus Rtvscan.exe
          `````````````````System Health check`````````````````
          Total Fragmentation on Drive C::
          ````````````````````End of Log``````````````````````

          Comment


          • #6
            MBAm was oké
            en dds staat hier boven al.. Of moet je de 'attach' ook?

            Comment


            • #7
              Oorspronkelijk geplaatst door idleidee Bekijk Berichten
              MBAm was oké
              en dds staat hier boven al.. Of moet je de 'attach' ook?
              Lees en voer mijn instructies uit aub.
              Vooral de volgorde waarin ze hadden moeten utgevoerd worden is van belang.

              De attach.txt moet ik niet hebben, staat ook zo in de instructies.
              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

              Comment


              • #8
                De volgorde is zoals jij het gevraagd had. Alleen niet zo gepost.

                Mbam was oké, de log had ik niet opgeslagen. In elk geval ben ik niet overtuigd van die negatieve log en heb ik nu nog net een update gedaan van MBam en laat em nog es draaien. Inmiddels 2 infected objects maar nog niet helemaal gedaan. Dus dan post ik het log alstie gedaan is.

                Comment


                • #9
                  Prima
                  Als je maar niet vergeet dat het een VOLLEDIGE scan moet zijn en niet een snelle
                  Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                  E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                  Comment


                  • #10
                    mbam

                    Malwarebytes Anti-Malware 1.75.0.1300
                    www.malwarebytes.org

                    Databaseversie: v2013.08.23.08

                    Windows XP Service Pack 3 x86 NTFS
                    Internet Explorer 8.0.6001.18702
                    ilse :: HAXXOR-LTDS [administrator]

                    24/08/2013 3:41:08
                    mbam-log-2013-08-24 (03-41-08).txt

                    Scan type: Volledige scan (C:\|)
                    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
                    Uitgeschakelde scan opties: P2P
                    Objecten gescand: 310758
                    Verstreken tijd: 2 uur/uren, 11 minuut/minuten, 58 seconde(n)

                    Geheugenprocessen gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Geheugenmodulen gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Registersleutels gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Registerwaarden gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Registerdata gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Mappen gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    Bestanden gedetecteerd: 0
                    (Geen kwaadaardige objecten gedetecteerd)

                    (einde)


                    ------


                    # AdwCleaner v3.000 - Report created 24/08/2013 at 13:49:50
                    # Updated 20/08/2013 by Xplode
                    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
                    # Username : ilse - HAXXOR-LTDS
                    # Running from : C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
                    # Option : Scan

                    ***** [ Services ] *****


                    ***** [ Files / Folders ] *****


                    ***** [ Shortcuts ] *****


                    ***** [ Registry ] *****


                    ***** [ Browsers ] *****

                    -\\ Internet Explorer v8.0.6001.18702


                    -\\ Mozilla Firefox v23.0.1 (nl)

                    [ File : C:\Documents and Settings\ilse\Application Data\Mozilla\Firefox\Profiles\l1lfrgl6.default\prefs.js ]


                    -\\ Google Chrome v29.0.1547.57

                    [ File : C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


                    *************************

                    AdwCleaner[R0].txt - [1767 octets] - [23/08/2013 23:57:40]
                    AdwCleaner[R1].txt - [1827 octets] - [24/08/2013 03:15:04]
                    AdwCleaner[R2].txt - [1142 octets] - [24/08/2013 03:36:31]
                    AdwCleaner[R3].txt - [1005 octets] - [24/08/2013 13:49:50]
                    AdwCleaner[S0].txt - [1910 octets] - [24/08/2013 03:17:20]

                    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1125 octets] ##########

                    Comment


                    • #11
                      DDS (Ver_2012-11-20.01) - NTFS_x86
                      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
                      Run by ilse at 13:52:13 on 2013-08-24
                      Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2244 [GMT 2:00]
                      .
                      AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                      .
                      ============== Running Processes ================
                      .
                      F:\Program Files\Sandbox\SbieSvc.exe
                      C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
                      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Symantec AntiVirus\DefWatch.exe
                      C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
                      C:\Program Files\Tablet\Pen\WacomHost.exe
                      C:\Program Files\Tablet\Pen\Pen_Tablet.exe
                      C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
                      C:\WINDOWS\Explorer.EXE
                      C:\Program Files\Google\Update\GoogleUpdate.exe
                      C:\Program Files\Java\jre7\bin\jqs.exe
                      C:\WINDOWS\system32\srvany.exe
                      C:\WINDOWS\KMService.exe
                      F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
                      F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
                      C:\WINDOWS\system32\nvsvc32.exe
                      F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
                      C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
                      C:\WINDOWS\system32\SearchIndexer.exe
                      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                      C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
                      C:\PROGRA~1\SYMANT~1\VPTray.exe
                      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
                      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                      C:\WINDOWS\system32\wscntfy.exe
                      C:\WINDOWS\RTHDCPL.EXE
                      F:\Program Files\Adobe\Acrobat\Acrotray.exe
                      C:\WINDOWS\System32\alg.exe
                      C:\Program Files\Bamboo Dock\BambooCore.exe
                      C:\Program Files\Common Files\Java\Java Update\jusched.exe
                      C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
                      C:\WINDOWS\system32\RUNDLL32.EXE
                      C:\WINDOWS\system32\rundll32.exe
                      C:\Program Files\Logitech\Gaming Software\LWEMon.exe
                      C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      F:\Program Files\Office 2010\Office14\ONENOTEM.EXE
                      F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
                      C:\WINDOWS\system32\taskmgr.exe
                      C:\WINDOWS\notepad.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
                      C:\WINDOWS\system32\NOTEPAD.EXE
                      C:\WINDOWS\system32\SearchProtocolHost.exe
                      C:\WINDOWS\system32\SearchFilterHost.exe
                      C:\WINDOWS\system32\wbem\wmiprvse.exe
                      C:\WINDOWS\System32\svchost.exe -k netsvcs
                      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                      C:\WINDOWS\system32\svchost.exe -k NetworkService
                      C:\WINDOWS\system32\svchost.exe -k LocalService
                      C:\WINDOWS\system32\svchost.exe -k LocalService
                      C:\WINDOWS\system32\svchost.exe -k imgsvc
                      .
                      ============== Pseudo HJT Report ===============
                      .
                      uStart Page = hxxp://www.google.be/
                      BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\office 2010\office14\GROOVEEX.DLL
                      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                      BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                      BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\office 2010\office14\URLREDIR.DLL
                      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                      TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                      TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                      EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                      uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
                      uRun: [AdobeBridge] <no file>
                      mRun: [EasyTuneVPro] c:\program files\gigabyte\et5pro\ETcall.exe
                      mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
                      mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
                      mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
                      mRun: [BCSSync] "f:\program files\office 2010\office14\BCSSync.exe" /DelayServices
                      mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
                      mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
                      mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
                      mRun: [RTHDCPL] RTHDCPL.EXE
                      mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
                      mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat\Acrotray.exe"
                      mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
                      mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
                      mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
                      mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
                      mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                      mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
                      mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
                      mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
                      mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
                      mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
                      mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
                      mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
                      mRun: [muBlinder] c:\documents and settings\ilse\mijn documenten\downloads\mublinder\muBlinder.exe -startup
                      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                      StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~2.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
                      StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~1.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
                      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1040-7d00-7760-000000000003}\_SC_Acrobat.exe
                      StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - f:\program files\adobe\acrobat\AdobeCollabSync.exe
                      uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
                      mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
                      IE: Converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      IE: E&xport to Microsoft Excel - f:\progra~1\office~1\office14\EXCEL.EXE/3000
                      IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                      IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                      IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      IE: Se&nd to OneNote - f:\progra~1\office~1\office14\ONBttnIE.dll/105
                      IE: Selectie converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
                      IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      IE: Toevoegen aan bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\office 2010\office14\ONBttnIE.dll
                      IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\office 2010\office14\ONBttnIELinkedNotes.dll
                      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                      DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                      DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350773546906
                      DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350774295109
                      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                      TCP: NameServer = 192.168.1.1
                      TCP: Interfaces\{84F1B249-EB44-4570-A3A8-C28543DFB43D} : DHCPNameServer = 192.168.1.1
                      Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
                      Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
                      Notify: NavLogon - c:\windows\system32\NavLogon.dll
                      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
                      SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\office 2010\office14\GROOVEEX.DLL
                      SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
                      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                      .
                      ================= FIREFOX ===================
                      .
                      FF - ProfilePath - c:\documents and settings\ilse\application data\mozilla\firefox\profiles\l1lfrgl6.default\
                      FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgoogletalk.dll
                      FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgtpo3dautoplugin.dll
                      FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npo1d.dll
                      FF - plugin: c:\documents and settings\ilse\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
                      FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
                      FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
                      FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
                      FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
                      FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
                      FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
                      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
                      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
                      FF - plugin: c:\windows\system32\npDeployJava1.dll
                      FF - plugin: c:\windows\system32\npptools.dll
                      FF - plugin: f:\progra~1\office~1\office14\NPAUTHZ.DLL
                      FF - plugin: f:\progra~1\office~1\office14\NPSPWRAP.DLL
                      FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
                      FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
                      FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
                      FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
                      FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
                      .
                      ============= SERVICES / DRIVERS ===============
                      .
                      R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
                      R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
                      R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
                      R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
                      R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-1-10 8192]
                      R2 MBAMScheduler;MBAMScheduler;f:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
                      R2 MBAMService;MBAMService;f:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
                      R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-10-22 22016]
                      R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
                      R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-11-16 9216]
                      R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2013-1-17 526208]
                      R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
                      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-22 106656]
                      R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-1-17 11680]
                      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
                      R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-24 40776]
                      R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\naveng.sys [2013-8-24 93272]
                      R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\navex15.sys [2013-8-24 1611992]
                      R3 SbieDrv;SbieDrv;f:\program files\sandbox\SbieDrv.sys [2013-7-8 159208]
                      R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-1-17 69024]
                      R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-1-17 13728]
                      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                      S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-22 1691480]
                      S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
                      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-15 83864]
                      S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\live update 5\ntiolib.sys --> f:\program files\live update 5\NTIOLib.sys [?]
                      S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-10-22 36384]
                      S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
                      S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
                      S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\sisoftware sandra lite 2013.sp4\RpcAgentSrv.exe [2013-7-4 71832]
                      S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
                      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-15 181912]
                      S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
                      S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
                      S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-3-23 114688]
                      S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2013-3-23 105088]
                      SUnknown GVTDrv;GVTDrv; [x]
                      .
                      =============== Created Last 30 ================
                      .
                      2013-08-24 01:13:24 388096 ----a-r- c:\documents and settings\ilse\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
                      2013-08-24 01:13:22 -------- d-----w- c:\program files\Trend Micro
                      2013-08-24 01:09:19 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
                      2013-08-23 22:09:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                      2013-08-23 21:56:54 -------- d-----w- C:\AdwCleaner
                      2013-08-23 19:59:21 -------- d-----w- c:\program files\Webroot
                      2013-08-23 19:31:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                      2013-08-20 23:12:26 -------- d-----w- c:\documents and settings\ilse\local settings\application data\Logitech
                      2013-08-20 22:30:47 -------- d-----w- c:\program files\common files\Logitech
                      2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
                      2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
                      2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
                      2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
                      2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
                      2013-08-15 20:35:14 -------- d-----w- c:\windows\system32\MRT
                      .
                      ==================== Find3M ====================
                      .
                      2013-08-24 02:39:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                      2013-08-24 02:39:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                      2013-08-24 01:26:58 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
                      2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
                      2013-07-26 02:48:59 43520 ------w- c:\windows\system32\licmgr10.dll
                      2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
                      2013-07-25 15:58:11 385024 ------w- c:\windows\system32\html.iec
                      2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
                      2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                      2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                      2013-06-27 20:59:46 1091636 ----a-w- c:\windows\system32\nvdrsdb1.bin
                      2013-06-27 20:59:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
                      2013-06-27 20:59:40 1091636 ----a-w- c:\windows\system32\nvdrsdb0.bin
                      2013-06-12 19:48:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
                      2013-06-12 19:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
                      2013-06-12 19:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                      2013-06-12 19:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
                      2013-06-11 23:55:25 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
                      2013-06-05 09:08:29 1876864 ----a-w- c:\windows\system32\win32k.sys
                      2013-06-04 07:22:58 563200 ----a-w- c:\windows\system32\qedit.dll
                      2013-05-28 01:59:30 590848 ----a-w- c:\windows\system32\rpcrt4.dll
                      2013-05-28 01:05:24 6656 ----a-w- c:\windows\system32\xpsp4res.dll
                      .
                      ============= FINISH: 13:52:36,60 ===============

                      Comment


                      • #12
                        Mooi zo

                        Download Combofix en plaats het op je bureaublad.

                        Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                        Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                        Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                        Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                        Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                        Als Combofix vraagt om een update, dan staat je dit toe.

                        Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                        Deze kan je vinden als C:\combofix.txt.

                        Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                        * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                        • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                        • Illegal operation attempted on a registry key that has been marked for deletion.
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          ComboFix 13-08-22.01 - ilse 24/08/2013 14:02:48.1.2 - x86
                          Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2378 [GMT 2:00]
                          Gestart vanuit: c:\documents and settings\ilse\Bureaublad\ComboFix.exe
                          AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                          .
                          .
                          (((((((((((((((((((( Bestanden Gemaakt van 2013-07-24 to 2013-08-24 ))))))))))))))))))))))))))))))
                          .
                          .
                          2013-08-24 01:13 . 2013-08-24 01:13 388096 ----a-r- c:\documents and settings\ilse\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                          2013-08-24 01:13 . 2013-08-24 01:13 -------- d-----w- c:\program files\Trend Micro
                          2013-08-24 01:09 . 2013-08-24 01:09 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
                          2013-08-23 21:56 . 2013-08-24 11:50 -------- d-----w- C:\AdwCleaner
                          2013-08-23 19:59 . 2013-08-23 20:33 -------- d-----w- c:\program files\Webroot
                          2013-08-23 19:31 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                          2013-08-20 23:12 . 2013-08-20 23:12 -------- d-----w- c:\documents and settings\ilse\Local Settings\Application Data\Logitech
                          2013-08-20 22:56 . 2013-08-20 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
                          2013-08-20 22:30 . 2013-08-20 22:30 -------- d-----w- c:\program files\Common Files\Logitech
                          2013-08-20 22:30 . 2013-08-20 22:30 -------- d-----w- c:\program files\Logitech
                          2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
                          2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
                          2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
                          2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
                          2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
                          2013-08-17 01:31 . 2013-08-17 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
                          2013-08-15 20:35 . 2013-08-15 20:41 -------- d-----w- c:\windows\system32\MRT
                          .
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          2013-08-24 02:39 . 2012-10-21 01:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                          2013-08-24 02:39 . 2012-10-21 01:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                          2013-08-24 01:26 . 2012-10-20 22:10 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
                          2013-07-26 02:49 . 2008-04-15 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
                          2013-07-26 02:48 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
                          2013-07-26 02:48 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
                          2013-07-25 15:58 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec
                          2013-07-10 10:37 . 2008-04-15 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
                          2013-07-04 07:33 . 2008-04-15 12:00 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                          2013-07-04 07:33 . 2008-04-14 22:11 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                          2013-06-12 19:48 . 2013-02-05 00:34 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
                          2013-06-12 19:48 . 2013-02-05 00:34 789416 ----a-w- c:\windows\system32\deployJava1.dll
                          2013-06-12 19:48 . 2013-06-22 01:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                          2013-06-12 19:35 . 2013-06-22 01:52 144896 ----a-w- c:\windows\system32\javacpl.cpl
                          2013-06-11 23:55 . 2013-06-11 22:55 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
                          2013-06-05 09:08 . 2008-04-15 12:00 1876864 ----a-w- c:\windows\system32\win32k.sys
                          2013-06-04 07:22 . 2008-04-15 12:00 563200 ----a-w- c:\windows\system32\qedit.dll
                          2013-05-28 01:59 . 2008-04-15 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
                          2013-05-28 01:05 . 2008-05-05 05:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll
                          .
                          .
                          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                          .
                          .
                          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                          REGEDIT4
                          .
                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "SandboxieControl"="f:\program files\Sandbox\SbieCtrl.exe" [2013-07-08 543320]
                          .
                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                          "EasyTuneVPro"="c:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
                          "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
                          "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
                          "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
                          "BCSSync"="f:\program files\Office 2010\Office14\BCSSync.exe" [2010-01-21 91520]
                          "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
                          "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
                          "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 49152]
                          "RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
                          "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
                          "Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat\Acrotray.exe" [2006-10-22 620152]
                          "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
                          "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
                          "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
                          "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
                          "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
                          "Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
                          "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-05-12 15677728]
                          "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-05-12 223008]
                          "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-05-12 2562848]
                          "QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
                          "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
                          "muBlinder"="c:\documents and settings\ilse\Mijn documenten\Downloads\muBlinder\muBlinder.exe" [2012-10-27 1462784]
                          .
                          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                          "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
                          .
                          c:\documents and settings\ilse\Menu Start\Programma's\Opstarten\
                          OneNote 2010 Schermopname en Snel starten.lnk - f:\program files\Office 2010\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
                          OneNote 2010 Screen Clipper and Launcher.lnk - f:\program files\Office 2010\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
                          .
                          c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
                          Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2013-1-16 295606]
                          Adobe Reader Synchronizer.lnk - f:\program files\Adobe\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
                          .
                          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                          "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                          .
                          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                          @="Driver"
                          .
                          [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
                          path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
                          backup=c:\windows\pss\Windows Search.lnkCommon Startup
                          .
                          [HKLM\~\startupfolder\C:^Documents and Settings^ilse^Menu Start^Programma's^Opstarten^MagicDisc.lnk]
                          path=c:\documents and settings\ilse\Menu Start\Programma's\Opstarten\MagicDisc.lnk
                          backup=c:\windows\pss\MagicDisc.lnkStartup
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
                          2012-10-20 23:45 116648 ----atw- c:\documents and settings\ilse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
                          2013-03-20 08:08 578560 ----a-w- f:\program files\Samsung Kies\Kies\kiesairmessage.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
                          2013-04-23 04:48 1561968 ----a-w- f:\program files\Samsung Kies\Kies\Kies.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
                          2013-04-23 04:48 311152 ----a-w- f:\program files\Samsung Kies\Kies\KiesTrayAgent.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
                          2009-11-16 18:12 2463744 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
                          2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
                          2013-08-11 19:21 4640768 ----a-w- c:\documents and settings\ilse\Application Data\Spotify\spotify.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
                          2013-08-11 19:21 1104384 ----a-w- c:\documents and settings\ilse\Application Data\Spotify\Data\SpotifyWebHelper.exe
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
                          "DisableMonitoring"=dword:00000001
                          .
                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                          "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                          "%windir%\\system32\\sessmgr.exe"=
                          "c:\\Program Files\\Gigabyte\\ET5Pro\\update.exe"=
                          "f:\\Program Files\\Utorrent\\uTorrent.exe"=
                          "f:\\Program Files\\Office 2010\\Office14\\GROOVE.EXE"=
                          "f:\\Program Files\\Office 2010\\Office14\\ONENOTE.EXE"=
                          "f:\\Program Files\\Office 2010\\Office14\\OUTLOOK.EXE"=
                          "c:\\WINDOWS\\system32\\dxdiag.exe"=
                          "c:\\WINDOWS\\system32\\dpnsvr.exe"=
                          "c:\\WINDOWS\\system32\\dpvsetup.exe"=
                          "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
                          "c:\\Documents and Settings\\ilse\\Application Data\\Spotify\\spotify.exe"=
                          "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
                          "c:\\Documents and Settings\\ilse\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
                          "f:\\Program Files\\SiSoftware Sandra Lite 2013.SP4\\RpcAgentSrv.exe"=
                          "f:\\Program Files\\SiSoftware Sandra Lite 2013.SP4\\WNt500x86\\RpcSandraSrv.exe"=
                          "c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
                          .
                          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
                          "AllowInboundEchoRequest"= 1 (0x1)
                          .
                          R2 KMService;KMService;c:\windows\system32\srvany.exe [10/01/2013 4:14 8192]
                          R2 MBAMScheduler;MBAMScheduler;f:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [23/08/2013 21:31 418376]
                          R2 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/08/2013 21:31 701512]
                          R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [22/10/2012 3:54 22016]
                          R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [16/11/2009 20:12 9216]
                          R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [17/01/2013 4:33 526208]
                          R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [26/05/2013 14:06 28256]
                          R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/03/2013 22:19 106656]
                          R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [17/01/2013 4:33 11680]
                          R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/08/2013 21:31 22856]
                          R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [17/01/2013 4:33 69024]
                          R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [17/01/2013 4:33 13728]
                          S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/10/2012 4:00 1691480]
                          S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [26/05/2013 14:06 28256]
                          S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [15/05/2013 22:12 83864]
                          S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\Live Update 5\NTIOLib.sys --> f:\program files\Live Update 5\NTIOLib.sys [?]
                          S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [22/10/2012 3:54 36384]
                          S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [22/10/2012 3:54 17664]
                          S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [22/10/2012 3:54 17664]
                          S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [4/07/2013 17:56 71832]
                          S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [7/10/2007 20:48 116664]
                          S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [15/05/2013 22:12 181912]
                          S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
                          S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [23/03/2013 21:28 114688]
                          S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [23/03/2013 21:28 105088]
                          SUnknown GVTDrv;GVTDrv; [x]
                          .
                          --- Andere Services/Drivers In Geheugen ---
                          .
                          *Deregistered* - MBAMSwissArmy
                          .
                          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                          2013-08-23 21:40 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
                          .
                          Inhoud van de 'Gedeelde Taken' map
                          .
                          2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
                          - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 02:39]
                          .
                          2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                          - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 01:50]
                          .
                          2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                          - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 01:50]
                          .
                          2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1409082233-682003330-1003Core.job
                          - c:\documents and settings\ilse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-20 23:45]
                          .
                          2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1409082233-682003330-1003UA.job
                          - c:\documents and settings\ilse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-20 23:45]
                          .
                          .
                          ------- Bijkomende Scan -------
                          .
                          uStart Page = hxxp://www.google.be/
                          IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          IE: E&xport to Microsoft Excel - f:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000
                          IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                          IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                          IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          IE: Se&nd to OneNote - f:\progra~1\OFFICE~1\Office14\ONBttnIE.dll/105
                          IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                          IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                          TCP: DhcpNameServer = 192.168.1.1
                          FF - ProfilePath - c:\documents and settings\ilse\Application Data\Mozilla\Firefox\Profiles\l1lfrgl6.default\
                          .
                          - - - - ORPHANS VERWIJDERD - - - -
                          .
                          HKCU-Run-AdobeBridge - (no file)
                          MSConfigStartUp-muBlinder - j:\pc\PC\Mu blinder\muBlinder7\muBlinder.exe
                          AddRemove-01_Simmental - f:\program files\Samsung Kies\USB Drivers\01_Simmental\Uninstall.exe
                          AddRemove-02_Siberian - f:\program files\Samsung Kies\USB Drivers\02_Siberian\Uninstall.exe
                          AddRemove-03_Swallowtail - f:\program files\Samsung Kies\USB Drivers\03_Swallowtail\Uninstall.exe
                          AddRemove-04_semseyite - f:\program files\Samsung Kies\USB Drivers\04_semseyite\Uninstall.exe
                          AddRemove-07_Schorl - f:\program files\Samsung Kies\USB Drivers\07_Schorl\Uninstall.exe
                          AddRemove-09_Hsp - f:\program files\Samsung Kies\USB Drivers\09_Hsp\Uninstall.exe
                          AddRemove-11_HSP_Plus_Default - f:\program files\Samsung Kies\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
                          AddRemove-16_Shrewsbury - f:\program files\Samsung Kies\USB Drivers\16_Shrewsbury\Uninstall.exe
                          AddRemove-20_NXP_Driver - f:\program files\Samsung Kies\USB Drivers\20_NXP_Driver\Uninstall.exe
                          AddRemove-24_flashusbdriver - f:\program files\Samsung Kies\USB Drivers\24_flashusbdriver\Uninstall.exe
                          AddRemove-25_escape - f:\program files\Samsung Kies\USB Drivers\25_escape\Uninstall.exe
                          .
                          .
                          .
                          **************************************************************************
                          .
                          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                          Rootkit scan 2013-08-24 14:08
                          Windows 5.1.2600 Service Pack 3 NTFS
                          .
                          scannen van verborgen processen ...
                          .
                          scannen van verborgen autostart items ...
                          .
                          scannen van verborgen bestanden ...
                          .
                          Scan succesvol afgerond
                          verborgen bestanden: 0
                          .
                          **************************************************************************
                          .
                          --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                          .
                          [HKEY_USERS\S-1-5-21-1343024091-1409082233-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
                          @Allowed: (Read) (RestrictedCode)
                          @Allowed: (Read) (RestrictedCode)
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="FlashBroker"
                          "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                          "Enabled"=dword:00000001
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                          @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                          @Denied: (A 2) (Everyone)
                          @="IFlashBroker5"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                          @="{00020424-0000-0000-C000-000000000046}"
                          .
                          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                          "Version"="1.0"
                          .
                          --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                          .
                          - - - - - - - > 'explorer.exe'(2876)
                          c:\program files\NVIDIA Corporation\nview\nview.dll
                          c:\program files\NVIDIA Corporation\nview\NVWRSNL.DLL
                          c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
                          f:\progra~1\OFFICE~1\Office14\1043\GrooveIntlResource.dll
                          c:\windows\system32\webcheck.dll
                          c:\windows\system32\WPDShServiceObj.dll
                          c:\windows\system32\PortableDeviceTypes.dll
                          c:\windows\system32\PortableDeviceApi.dll
                          .
                          Voltooingstijd: 2013-08-24 14:10:38
                          ComboFix-quarantined-files.txt 2013-08-24 12:10
                          .
                          Pre-Run: 3.073.327.104 bytes beschikbaar
                          Post-Run: 3.258.527.744 bytes beschikbaar
                          .
                          WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
                          [boot loader]
                          timeout=2
                          default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                          [operating systems]
                          c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                          UnsupportedDebug="do not select this" /debug
                          multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
                          multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
                          .
                          - - End Of File - - 04DC5EDB642D69F2BB6F834DB790ABDC
                          3051207086651214E435112E51817DC5

                          Comment


                          • #14
                            Mag ik de gevraagde DDS log aub?
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              DDS (Ver_2012-11-20.01) - NTFS_x86
                              Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
                              Run by ilse at 13:52:13 on 2013-08-24
                              Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2244 [GMT 2:00]
                              .
                              AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
                              .
                              ============== Running Processes ================
                              .
                              F:\Program Files\Sandbox\SbieSvc.exe
                              C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
                              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                              C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Symantec AntiVirus\DefWatch.exe
                              C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
                              C:\Program Files\Tablet\Pen\WacomHost.exe
                              C:\Program Files\Tablet\Pen\Pen_Tablet.exe
                              C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\Program Files\Google\Update\GoogleUpdate.exe
                              C:\Program Files\Java\jre7\bin\jqs.exe
                              C:\WINDOWS\system32\srvany.exe
                              C:\WINDOWS\KMService.exe
                              F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
                              F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
                              C:\WINDOWS\system32\nvsvc32.exe
                              F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
                              C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                              C:\Program Files\Symantec AntiVirus\Rtvscan.exe
                              C:\WINDOWS\system32\SearchIndexer.exe
                              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                              C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
                              C:\PROGRA~1\SYMANT~1\VPTray.exe
                              C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                              C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
                              C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                              C:\WINDOWS\system32\wscntfy.exe
                              C:\WINDOWS\RTHDCPL.EXE
                              F:\Program Files\Adobe\Acrobat\Acrotray.exe
                              C:\WINDOWS\System32\alg.exe
                              C:\Program Files\Bamboo Dock\BambooCore.exe
                              C:\Program Files\Common Files\Java\Java Update\jusched.exe
                              C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
                              C:\WINDOWS\system32\RUNDLL32.EXE
                              C:\WINDOWS\system32\rundll32.exe
                              C:\Program Files\Logitech\Gaming Software\LWEMon.exe
                              C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              F:\Program Files\Office 2010\Office14\ONENOTEM.EXE
                              F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
                              C:\WINDOWS\system32\taskmgr.exe
                              C:\WINDOWS\notepad.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Program Files\Internet Explorer\iexplore.exe
                              C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
                              C:\WINDOWS\system32\NOTEPAD.EXE
                              C:\WINDOWS\system32\SearchProtocolHost.exe
                              C:\WINDOWS\system32\SearchFilterHost.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\WINDOWS\System32\svchost.exe -k netsvcs
                              C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                              C:\WINDOWS\system32\svchost.exe -k NetworkService
                              C:\WINDOWS\system32\svchost.exe -k LocalService
                              C:\WINDOWS\system32\svchost.exe -k LocalService
                              C:\WINDOWS\system32\svchost.exe -k imgsvc
                              .
                              ============== Pseudo HJT Report ===============
                              .
                              uStart Page = hxxp://www.google.be/
                              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\office 2010\office14\GROOVEEX.DLL
                              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                              BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                              BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\office 2010\office14\URLREDIR.DLL
                              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                              TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                              TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                              EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
                              uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
                              uRun: [AdobeBridge] <no file>
                              mRun: [EasyTuneVPro] c:\program files\gigabyte\et5pro\ETcall.exe
                              mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
                              mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
                              mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
                              mRun: [BCSSync] "f:\program files\office 2010\office14\BCSSync.exe" /DelayServices
                              mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
                              mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
                              mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
                              mRun: [RTHDCPL] RTHDCPL.EXE
                              mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
                              mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat\Acrotray.exe"
                              mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
                              mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
                              mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
                              mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
                              mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                              mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
                              mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
                              mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
                              mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
                              mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
                              mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
                              mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
                              mRun: [muBlinder] c:\documents and settings\ilse\mijn documenten\downloads\mublinder\muBlinder.exe -startup
                              dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                              StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~2.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
                              StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~1.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
                              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1040-7d00-7760-000000000003}\_SC_Acrobat.exe
                              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - f:\program files\adobe\acrobat\AdobeCollabSync.exe
                              uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
                              mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
                              IE: Converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
                              IE: E&xport to Microsoft Excel - f:\progra~1\office~1\office14\EXCEL.EXE/3000
                              IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                              IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                              IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
                              IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                              IE: Se&nd to OneNote - f:\progra~1\office~1\office14\ONBttnIE.dll/105
                              IE: Selectie converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
                              IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                              IE: Toevoegen aan bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\office 2010\office14\ONBttnIE.dll
                              IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\office 2010\office14\ONBttnIELinkedNotes.dll
                              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                              DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
                              DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350773546906
                              DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350774295109
                              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                              TCP: NameServer = 192.168.1.1
                              TCP: Interfaces\{84F1B249-EB44-4570-A3A8-C28543DFB43D} : DHCPNameServer = 192.168.1.1
                              Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
                              Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
                              Notify: NavLogon - c:\windows\system32\NavLogon.dll
                              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
                              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\office 2010\office14\GROOVEEX.DLL
                              SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
                              mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                              .
                              ================= FIREFOX ===================
                              .
                              FF - ProfilePath - c:\documents and settings\ilse\application data\mozilla\firefox\profiles\l1lfrgl6.default\
                              FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgoogletalk.dll
                              FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgtpo3dautoplugin.dll
                              FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npo1d.dll
                              FF - plugin: c:\documents and settings\ilse\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
                              FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
                              FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
                              FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
                              FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
                              FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
                              FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
                              FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
                              FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
                              FF - plugin: c:\windows\system32\npDeployJava1.dll
                              FF - plugin: c:\windows\system32\npptools.dll
                              FF - plugin: f:\progra~1\office~1\office14\NPAUTHZ.DLL
                              FF - plugin: f:\progra~1\office~1\office14\NPSPWRAP.DLL
                              FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
                              FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
                              FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
                              FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
                              FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
                              .
                              ============= SERVICES / DRIVERS ===============
                              .
                              R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
                              R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
                              R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
                              R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
                              R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-1-10 8192]
                              R2 MBAMScheduler;MBAMScheduler;f:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
                              R2 MBAMService;MBAMService;f:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
                              R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-10-22 22016]
                              R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
                              R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-11-16 9216]
                              R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2013-1-17 526208]
                              R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
                              R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-22 106656]
                              R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-1-17 11680]
                              R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
                              R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-24 40776]
                              R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\naveng.sys [2013-8-24 93272]
                              R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\navex15.sys [2013-8-24 1611992]
                              R3 SbieDrv;SbieDrv;f:\program files\sandbox\SbieDrv.sys [2013-7-8 159208]
                              R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-1-17 69024]
                              R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-1-17 13728]
                              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                              S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-22 1691480]
                              S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
                              S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-15 83864]
                              S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\live update 5\ntiolib.sys --> f:\program files\live update 5\NTIOLib.sys [?]
                              S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-10-22 36384]
                              S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
                              S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
                              S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\sisoftware sandra lite 2013.sp4\RpcAgentSrv.exe [2013-7-4 71832]
                              S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
                              S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-15 181912]
                              S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
                              S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
                              S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-3-23 114688]
                              S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2013-3-23 105088]
                              SUnknown GVTDrv;GVTDrv; [x]
                              .
                              =============== Created Last 30 ================
                              .
                              2013-08-24 01:13:24 388096 ----a-r- c:\documents and settings\ilse\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
                              2013-08-24 01:13:22 -------- d-----w- c:\program files\Trend Micro
                              2013-08-24 01:09:19 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
                              2013-08-23 22:09:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
                              2013-08-23 21:56:54 -------- d-----w- C:\AdwCleaner
                              2013-08-23 19:59:21 -------- d-----w- c:\program files\Webroot
                              2013-08-23 19:31:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                              2013-08-20 23:12:26 -------- d-----w- c:\documents and settings\ilse\local settings\application data\Logitech
                              2013-08-20 22:30:47 -------- d-----w- c:\program files\common files\Logitech
                              2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
                              2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
                              2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
                              2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
                              2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
                              2013-08-15 20:35:14 -------- d-----w- c:\windows\system32\MRT
                              .
                              ==================== Find3M ====================
                              .
                              2013-08-24 02:39:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                              2013-08-24 02:39:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                              2013-08-24 01:26:58 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
                              2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
                              2013-07-26 02:48:59 43520 ------w- c:\windows\system32\licmgr10.dll
                              2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
                              2013-07-25 15:58:11 385024 ------w- c:\windows\system32\html.iec
                              2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
                              2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                              2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                              2013-06-27 20:59:46 1091636 ----a-w- c:\windows\system32\nvdrsdb1.bin
                              2013-06-27 20:59:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
                              2013-06-27 20:59:40 1091636 ----a-w- c:\windows\system32\nvdrsdb0.bin
                              2013-06-12 19:48:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
                              2013-06-12 19:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
                              2013-06-12 19:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
                              2013-06-12 19:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
                              2013-06-11 23:55:25 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
                              2013-06-05 09:08:29 1876864 ----a-w- c:\windows\system32\win32k.sys
                              2013-06-04 07:22:58 563200 ----a-w- c:\windows\system32\qedit.dll
                              2013-05-28 01:59:30 590848 ----a-w- c:\windows\system32\rpcrt4.dll
                              2013-05-28 01:05:24 6656 ----a-w- c:\windows\system32\xpsp4res.dll
                              .
                              ============= FINISH: 13:52:36,60 ===============

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X