Mededeling

**idleidee** · 23-08-13, 22:28

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-23 22:08:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-12 Maxtor_6Y120M0 rev.YAR51EW0 114,50GB
Running: h688q3ky.exe; Driver: C:\DOCUME~1\ilse\LOCALS~1\Temp\fxlyifog.sys

---- System - GMER 2.1 ----

SSDT 89C19708 ZwAlertResumeThread
SSDT 89C498E0 ZwAlertThread
SSDT 89C77EB0 ZwAllocateVirtualMemory
SSDT 89C49378 ZwConnectPort
SSDT 89C407E8 ZwCreateMutant
SSDT 89C4A6F8 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB487A350]
SSDT 8A840200 ZwFreeVirtualMemory
SSDT 89C40820 ZwImpersonateAnonymousToken
SSDT 89C0C300 ZwImpersonateThread
SSDT 8A8521B8 ZwMapViewOfSection
SSDT 89C35658 ZwOpenEvent
SSDT 8A7D6768 ZwOpenProcessToken
SSDT 89C7B678 ZwOpenThreadToken
SSDT 89C46FC0 ZwQueryValueKey
SSDT 89CA8E08 ZwResumeThread
SSDT 89C03B80 ZwSetContextThread
SSDT 89C15560 ZwSetInformationProcess
SSDT 89C35C78 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB487A580]
SSDT 89C46F00 ZwSuspendProcess
SSDT 89BFF3E8 ZwSuspendThread
SSDT 89C193E0 ZwTerminateProcess
SSDT 89D20C78 ZwTerminateThread
SSDT 89C089A0 ZwUnmapViewOfSection
SSDT 89C77E20 ZwWriteVirtualMemory

Code B87FA47C ZwRequestPort
Code B87FA51C ZwRequestWaitReplyPort
Code B87FA47B NtRequestPort
Code B87FA51B NtRequestWaitReplyPort

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D34 8050461C 4 Bytes [E8, 07, C4, 89]
PAGE ntkrnlpa.exe!NtRequestPort 805A2A7E 5 Bytes JMP B87FA480
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2DAA 5 Bytes JMP B87FA520
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB731E3C0, 0x749CBA, 0xE8000020]
? C:\DOCUME~1\ilse\LOCALS~1\Temp\mbr.sys De syntaxis van de bestandsnaam, mapnaam of volumenaam is onjuist. !

---- User code sections - GMER 2.1 ----

.text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
.text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3232] kernel32.dll!WriteFile 7C7E12FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125A2
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912613
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912741
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, 4F, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D0, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, D3, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D0, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D1, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919CEA
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, D2, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D1, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, D2, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B919D5B
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D0, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919E89
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D1, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, D2, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, D3, C6, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585559 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC44 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417579EF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41757921 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175798C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577F2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757854 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A52 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3416] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 417578B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 0C, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 0F, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 0C, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 0D, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A526
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 0E, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 0D, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 0E, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A597
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 0C, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A6C5
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 0D, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 0E, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 0F, CF, 00]
.text C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\system32\SearchIndexer.exe[3232] kernel32.dll!WriteFile 7C7E12FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
.text F:\Program Files\Samsung Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe[472] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585559 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659BB9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D1F5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC44 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C46B9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417579EF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41757921 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175798C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577F2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757854 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A52 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 417578B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 4165DCA0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3852] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 41757D57 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 41585559 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659BB9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D1F5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DC44 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C46B9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 417579EF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 41757921 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4175798C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 417577F2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 41757854 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 41757A52 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 417578B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ole32.dll!CoCreateInstance 774BF1BC 5 Bytes JMP 4165DCA0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2272] ole32.dll!OleLoadFromStream 774E983B 5 Bytes JMP 41757D57 C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

Device Ntfs.sys
Device Fastfat.SYS

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
AttachedDevice FLTMGR.SYS

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076
Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076
Reg HKLM\SYSTEM\ControlSet002\Control\Video\{97555AB0-6E1C-42C2-881E-9EE5420F6A77}\[email protected]_\x3332\x3331 2089113076

---- EOF - GMER 2.1 ----

**Emphyrio** · 23-08-13, 22:41

Hoi idleidee ,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....

Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:

Dubbelklik op mbam-setup.exe om het programma te installeren.

Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!!

___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner en klik op Clean

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**idleidee** · 23-08-13, 23:02

adw log

# AdwCleaner v3.000 - Report created 23/08/2013 at 23:57:40
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ilse - HAXXOR-LTDS
# Running from : C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\ilse\LOCALS~1\Temp\Uninstall.exe

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v21.0 (nl)

[ File : C:\Documents and Settings\ilse\Application Data\Mozilla\Firefox\Profiles\l1lfrgl6.default\prefs.js ]

-\\ Google Chrome v29.0.1547.57

[ File : C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1627 octets] - [23/08/2013 23:57:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1687 octets] ##########

**idleidee** · 23-08-13, 23:05

Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Symantec AntiVirus Corporate Edition
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 29.0.1547.57
````````Process Check: objlist.exe by Laurent````````
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

**idleidee** · 23-08-13, 23:06

MBAm was oké
en dds staat hier boven al.. Of moet je de 'attach' ook?

**Emphyrio** · 23-08-13, 23:16

Oorspronkelijk geplaatst door idleidee Bekijk Berichten

MBAm was oké
en dds staat hier boven al.. Of moet je de 'attach' ook?

Lees en voer mijn instructies uit aub.
Vooral de volgorde waarin ze hadden moeten utgevoerd worden is van belang.

De attach.txt moet ik niet hebben, staat ook zo in de instructies.

**idleidee** · 23-08-13, 23:40

De volgorde is zoals jij het gevraagd had. Alleen niet zo gepost.

Mbam was oké, de log had ik niet opgeslagen. In elk geval ben ik niet overtuigd van die negatieve log en heb ik nu nog net een update gedaan van MBam en laat em nog es draaien. Inmiddels 2 infected objects

maar nog niet helemaal gedaan. Dus dan post ik het log alstie gedaan is.

**Emphyrio** · 23-08-13, 23:46

Prima

Als je maar niet vergeet dat het een VOLLEDIGE scan moet zijn en niet een snelle

**idleidee** · 24-08-13, 12:51

mbam

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.

Databaseversie: v2013.08.23.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ilse :: HAXXOR-LTDS [administrator]

24/08/2013 3:41:08
mbam-log-2013-08-24 (03-41-08).txt

Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 310758
Verstreken tijd: 2 uur/uren, 11 minuut/minuten, 58 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

------

# AdwCleaner v3.000 - Report created 24/08/2013 at 13:49:50
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : ilse - HAXXOR-LTDS
# Running from : C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v23.0.1 (nl)

[ File : C:\Documents and Settings\ilse\Application Data\Mozilla\Firefox\Profiles\l1lfrgl6.default\prefs.js ]

-\\ Google Chrome v29.0.1547.57

[ File : C:\Documents and Settings\ilse\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1767 octets] - [23/08/2013 23:57:40]
AdwCleaner[R1].txt - [1827 octets] - [24/08/2013 03:15:04]
AdwCleaner[R2].txt - [1142 octets] - [24/08/2013 03:36:31]
AdwCleaner[R3].txt - [1005 octets] - [24/08/2013 13:49:50]
AdwCleaner[S0].txt - [1910 octets] - [24/08/2013 03:17:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1125 octets] ##########

**idleidee** · 24-08-13, 12:53

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by ilse at 13:52:13 on 2013-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2244 [GMT 2:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
F:\Program Files\Sandbox\SbieSvc.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\KMService.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Adobe\Acrobat\Acrotray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Office 2010\Office14\ONENOTEM.EXE
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\office 2010\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\office 2010\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] <no file>
mRun: [EasyTuneVPro] c:\program files\gigabyte\et5pro\ETcall.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "f:\program files\office 2010\office14\BCSSync.exe" /DelayServices
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat\Acrotray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [muBlinder] c:\documents and settings\ilse\mijn documenten\downloads\mublinder\muBlinder.exe -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~2.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~1.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1040-7d00-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - f:\program files\adobe\acrobat\AdobeCollabSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
IE: Converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - f:\progra~1\office~1\office14\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Se&nd to OneNote - f:\progra~1\office~1\office14\ONBttnIE.dll/105
IE: Selectie converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\office 2010\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\office 2010\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350773546906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350774295109
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{84F1B249-EB44-4570-A3A8-C28543DFB43D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\office 2010\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ilse\application data\mozilla\firefox\profiles\l1lfrgl6.default\
FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ilse\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\progra~1\office~1\office14\NPAUTHZ.DLL
FF - plugin: f:\progra~1\office~1\office14\NPSPWRAP.DLL
FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-1-10 8192]
R2 MBAMScheduler;MBAMScheduler;f:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
R2 MBAMService;MBAMService;f:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-10-22 22016]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-11-16 9216]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2013-1-17 526208]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-22 106656]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-1-17 11680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-24 40776]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\naveng.sys [2013-8-24 93272]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\navex15.sys [2013-8-24 1611992]
R3 SbieDrv;SbieDrv;f:\program files\sandbox\SbieDrv.sys [2013-7-8 159208]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-1-17 69024]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-1-17 13728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-22 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-15 83864]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\live update 5\ntiolib.sys --> f:\program files\live update 5\NTIOLib.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-10-22 36384]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\sisoftware sandra lite 2013.sp4\RpcAgentSrv.exe [2013-7-4 71832]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-15 181912]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-3-23 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2013-3-23 105088]
SUnknown GVTDrv;GVTDrv; [x]
.
=============== Created Last 30 ================
.
2013-08-24 01:13:24 388096 ----a-r- c:\documents and settings\ilse\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-08-24 01:13:22 -------- d-----w- c:\program files\Trend Micro
2013-08-24 01:09:19 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
2013-08-23 22:09:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-23 21:56:54 -------- d-----w- C:\AdwCleaner
2013-08-23 19:59:21 -------- d-----w- c:\program files\Webroot
2013-08-23 19:31:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-20 23:12:26 -------- d-----w- c:\documents and settings\ilse\local settings\application data\Logitech
2013-08-20 22:30:47 -------- d-----w- c:\program files\common files\Logitech
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-15 20:35:14 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-08-24 02:39:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 02:39:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-24 01:26:58 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48:59 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:58:11 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-27 20:59:46 1091636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-06-27 20:59:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-06-27 20:59:40 1091636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-06-12 19:48:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 19:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 19:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-12 19:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-11 23:55:25 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 09:08:29 1876864 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22:58 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 01:59:30 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05:24 6656 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 13:52:36,60 ===============

**Emphyrio** · 24-08-13, 12:55

Mooi zo

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

* OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.

Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
Illegal operation attempted on a registry key that has been marked for deletion.

**idleidee** · 24-08-13, 13:26

ComboFix 13-08-22.01 - ilse 24/08/2013 14:02:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2378 [GMT 2:00]
Gestart vanuit: c:\documents and settings\ilse\Bureaublad\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-07-24 to 2013-08-24 ))))))))))))))))))))))))))))))
.
.
2013-08-24 01:13 . 2013-08-24 01:13 388096 ----a-r- c:\documents and settings\ilse\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-24 01:13 . 2013-08-24 01:13 -------- d-----w- c:\program files\Trend Micro
2013-08-24 01:09 . 2013-08-24 01:09 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
2013-08-23 21:56 . 2013-08-24 11:50 -------- d-----w- C:\AdwCleaner
2013-08-23 19:59 . 2013-08-23 20:33 -------- d-----w- c:\program files\Webroot
2013-08-23 19:31 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-20 23:12 . 2013-08-20 23:12 -------- d-----w- c:\documents and settings\ilse\Local Settings\Application Data\Logitech
2013-08-20 22:56 . 2013-08-20 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2013-08-20 22:30 . 2013-08-20 22:30 -------- d-----w- c:\program files\Common Files\Logitech
2013-08-20 22:30 . 2013-08-20 22:30 -------- d-----w- c:\program files\Logitech
2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-08-17 01:32 . 2013-08-17 01:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-08-17 01:31 . 2013-08-17 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-08-15 20:35 . 2013-08-15 20:41 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-24 02:39 . 2012-10-21 01:33 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 02:39 . 2012-10-21 01:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-24 01:26 . 2012-10-20 22:10 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-07-26 02:49 . 2008-04-15 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:58 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2008-04-15 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:33 . 2008-04-15 12:00 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2008-04-14 22:11 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 19:48 . 2013-02-05 00:34 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 19:48 . 2013-02-05 00:34 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 19:48 . 2013-06-22 01:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-12 19:35 . 2013-06-22 01:52 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-11 23:55 . 2013-06-11 22:55 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 09:08 . 2008-04-15 12:00 1876864 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2008-04-15 12:00 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 01:59 . 2008-04-15 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05 . 2008-05-05 05:25 6656 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="f:\program files\Sandbox\SbieCtrl.exe" [2013-07-08 543320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVPro"="c:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="f:\program files\Office 2010\Office14\BCSSync.exe" [2010-01-21 91520]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-05-12 49152]
"RTHDCPL"="RTHDCPL.EXE" [2012-04-24 20065896]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Acrobat Assistant 8.0"="f:\program files\Adobe\Acrobat\Acrotray.exe" [2006-10-22 620152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-05-12 15677728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-05-12 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-05-12 2562848]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
"muBlinder"="c:\documents and settings\ilse\Mijn documenten\Downloads\muBlinder\muBlinder.exe" [2012-10-27 1462784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\ilse\Menu Start\Programma's\Opstarten\
OneNote 2010 Schermopname en Snel starten.lnk - f:\program files\Office 2010\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
OneNote 2010 Screen Clipper and Launcher.lnk - f:\program files\Office 2010\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2013-1-16 295606]
Adobe Reader Synchronizer.lnk - f:\program files\Adobe\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ilse^Menu Start^Programma's^Opstarten^MagicDisc.lnk]
path=c:\documents and settings\ilse\Menu Start\Programma's\Opstarten\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-10-20 23:45 116648 ----atw- c:\documents and settings\ilse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2013-03-20 08:08 578560 ----a-w- f:\program files\Samsung Kies\Kies\kiesairmessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-04-23 04:48 1561968 ----a-w- f:\program files\Samsung Kies\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-04-23 04:48 311152 ----a-w- f:\program files\Samsung Kies\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-11-16 18:12 2463744 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-12-21 16:56 1090040 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-08-11 19:21 4640768 ----a-w- c:\documents and settings\ilse\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-08-11 19:21 1104384 ----a-w- c:\documents and settings\ilse\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gigabyte\\ET5Pro\\update.exe"=
"f:\\Program Files\\Utorrent\\uTorrent.exe"=
"f:\\Program Files\\Office 2010\\Office14\\GROOVE.EXE"=
"f:\\Program Files\\Office 2010\\Office14\\ONENOTE.EXE"=
"f:\\Program Files\\Office 2010\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\ilse\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\ilse\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"f:\\Program Files\\SiSoftware Sandra Lite 2013.SP4\\RpcAgentSrv.exe"=
"f:\\Program Files\\SiSoftware Sandra Lite 2013.SP4\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [10/01/2013 4:14 8192]
R2 MBAMScheduler;MBAMScheduler;f:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [23/08/2013 21:31 418376]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/08/2013 21:31 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [22/10/2012 3:54 22016]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [16/11/2009 20:12 9216]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [17/01/2013 4:33 526208]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [26/05/2013 14:06 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22/03/2013 22:19 106656]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [17/01/2013 4:33 11680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/08/2013 21:31 22856]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [17/01/2013 4:33 69024]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [17/01/2013 4:33 13728]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/10/2012 4:00 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [26/05/2013 14:06 28256]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [15/05/2013 22:12 83864]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\Live Update 5\NTIOLib.sys --> f:\program files\Live Update 5\NTIOLib.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [22/10/2012 3:54 36384]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [22/10/2012 3:54 17664]
S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [22/10/2012 3:54 17664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\SiSoftware Sandra Lite 2013.SP4\RpcAgentSrv.exe [4/07/2013 17:56 71832]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [7/10/2007 20:48 116664]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [15/05/2013 22:12 181912]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [23/03/2013 21:28 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [23/03/2013 21:28 105088]
SUnknown GVTDrv;GVTDrv; [x]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-23 21:40 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 02:39]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 01:50]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-31 01:50]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1409082233-682003330-1003Core.job
- c:\documents and settings\ilse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-20 23:45]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1409082233-682003330-1003UA.job
- c:\documents and settings\ilse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-20 23:45]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - f:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Se&nd to OneNote - f:\progra~1\OFFICE~1\Office14\ONBttnIE.dll/105
IE: Selectie converteren naar Adobe PDF - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - f:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\ilse\Application Data\Mozilla\Firefox\Profiles\l1lfrgl6.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-muBlinder - j:\pc\PC\Mu blinder\muBlinder7\muBlinder.exe
AddRemove-01_Simmental - f:\program files\Samsung Kies\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - f:\program files\Samsung Kies\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - f:\program files\Samsung Kies\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - f:\program files\Samsung Kies\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - f:\program files\Samsung Kies\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - f:\program files\Samsung Kies\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - f:\program files\Samsung Kies\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - f:\program files\Samsung Kies\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - f:\program files\Samsung Kies\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - f:\program files\Samsung Kies\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - f:\program files\Samsung Kies\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-24 14:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1409082233-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2876)
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\program files\NVIDIA Corporation\nview\NVWRSNL.DLL
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
f:\progra~1\OFFICE~1\Office14\1043\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2013-08-24 14:10:38
ComboFix-quarantined-files.txt 2013-08-24 12:10
.
Pre-Run: 3.073.327.104 bytes beschikbaar
Post-Run: 3.258.527.744 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 04DC5EDB642D69F2BB6F834DB790ABDC
3051207086651214E435112E51817DC5

**Emphyrio** · 24-08-13, 13:33

Mag ik de gevraagde DDS log aub?

**idleidee** · 24-08-13, 13:46

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by ilse at 13:52:13 on 2013-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.3582.2244 [GMT 2:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
F:\Program Files\Sandbox\SbieSvc.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\KMService.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Adobe\Acrobat\Acrotray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Office 2010\Office14\ONENOTEM.EXE
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ilse\Bureaublad\adwcleaner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - f:\program files\office 2010\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - f:\program files\office 2010\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - f:\program files\adobe\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge] <no file>
mRun: [EasyTuneVPro] c:\program files\gigabyte\et5pro\ETcall.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "f:\program files\office 2010\office14\BCSSync.exe" /DelayServices
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "f:\program files\adobe\acrobat\Acrotray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [muBlinder] c:\documents and settings\ilse\mijn documenten\downloads\mublinder\muBlinder.exe -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~2.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\ilse\menust~1\progra~1\opstar~1\onenot~1.lnk - f:\program files\office 2010\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1040-7d00-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\adober~1.lnk - f:\program files\adobe\acrobat\AdobeCollabSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
IE: Converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - f:\progra~1\office~1\office14\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Se&nd to OneNote - f:\progra~1\office~1\office14\ONBttnIE.dll/105
IE: Selectie converteren naar Adobe PDF - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - f:\program files\adobe\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - f:\program files\office 2010\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - f:\program files\office 2010\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350773546906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350774295109
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{84F1B249-EB44-4570-A3A8-C28543DFB43D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - f:\program files\office 2010\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ilse\application data\mozilla\firefox\profiles\l1lfrgl6.default\
FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\ilse\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\ilse\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\progra~1\office~1\office14\NPAUTHZ.DLL
FF - plugin: f:\progra~1\office~1\office14\NPSPWRAP.DLL
FF - plugin: f:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: f:\program files\quicktime\plugins\npqtplugin5.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2013-1-10 8192]
R2 MBAMScheduler;MBAMScheduler;f:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
R2 MBAMService;MBAMService;f:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2012-10-22 22016]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-11-16 9216]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2013-1-17 526208]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-3-22 106656]
R3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-1-17 11680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-24 40776]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\naveng.sys [2013-8-24 93272]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130821.002\navex15.sys [2013-8-24 1611992]
R3 SbieDrv;SbieDrv;f:\program files\sandbox\SbieDrv.sys [2013-7-8 159208]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-1-17 69024]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-1-17 13728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-10-22 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2013-5-26 28256]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-15 83864]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;\??\f:\program files\live update 5\ntiolib.sys --> f:\program files\live update 5\NTIOLib.sys [?]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2012-10-22 36384]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
S3 RTLVLANMP;Realtek Virtual Adapter;c:\windows\system32\drivers\RTLVLAN.SYS [2012-10-22 17664]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\program files\sisoftware sandra lite 2013.sp4\RpcAgentSrv.exe [2013-7-4 71832]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-15 181912]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2013-3-23 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2013-3-23 105088]
SUnknown GVTDrv;GVTDrv; [x]
.
=============== Created Last 30 ================
.
2013-08-24 01:13:24 388096 ----a-r- c:\documents and settings\ilse\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-08-24 01:13:22 -------- d-----w- c:\program files\Trend Micro
2013-08-24 01:09:19 -------- d--h--r- c:\documents and settings\ilse\Onlangs geopend
2013-08-23 22:09:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-23 21:56:54 -------- d-----w- C:\AdwCleaner
2013-08-23 19:59:21 -------- d-----w- c:\program files\Webroot
2013-08-23 19:31:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-20 23:12:26 -------- d-----w- c:\documents and settings\ilse\local settings\application data\Logitech
2013-08-20 22:30:47 -------- d-----w- c:\program files\common files\Logitech
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-17 01:32:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-15 20:35:14 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-08-24 02:39:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-24 02:39:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-24 01:26:58 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48:59 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:58:11 385024 ------w- c:\windows\system32\html.iec
2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-27 20:59:46 1091636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-06-27 20:59:46 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-06-27 20:59:40 1091636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-06-12 19:48:23 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-12 19:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 19:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-12 19:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-11 23:55:25 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-05 09:08:29 1876864 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22:58 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-28 01:59:30 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 01:05:24 6656 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 13:52:36,60 ===============

Mededeling

chromebrowser werkt meer niet dan wel....en IE is ook erg traag.

chromebrowser werkt meer niet dan wel....en IE is ook erg traag.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment