Beruchte Ukash politie virus dat het witte scherm oplevert
Geplaatst: 07 jun 2012 14:22
Hallo,
ik heb aan de hand van enkele andere topics op dit forum het virus al weten te verwijderen (met de tekst: "Please wait while the connection is beeing established" inclusief typfout en eronder de Duitse vertaling). Dit leverde echter, zoals bij de andere ook, enkele problemen op. Ook ik heb geen pictogrammen meer en ik kan niet eens naar het menu gaan als je op de rechtermuisknop klikt. Aangezien de stap erna een logbestand oplevert wat voor iedereen anders is, dacht ik dat een nieuw topic op z'n plaats was. Hieronder het logbestand van het DDS programma. Ik vroeg me enkel nog af waar zo'n virus vandaan kan komen?
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Joep at 13:19:29 on 2012-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4092.2846 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Users\Frans\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vvv-venlo.nl/default.htm" onclick="window.open(this.href);return false;
uWindow Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Facebook Update] "C:\Users\Joep\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Joep\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" onclick="window.open(this.href);return false;
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nabestelling.net/Scripts/ImageUploader6.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.uvt.nl/CACHE/stc/1/binaries/vpnweb.cab" onclick="window.open(this.href);return false;
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab" onclick="window.open(this.href);return false;
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{04688AD9-A736-4E84-B28D-4805EACDF998} : DhcpNameServer = 212.54.40.25 212.54.35.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2012-6-3 42504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-4 2280312]
R2 TomTomHOMEService;TomTomHOMEService;C:\Users\Frans\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-8-3 645048]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-18 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-5-4 24576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-18 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 tizeqdrv;tizeqdrv;C:\Users\Joep\AppData\Roaming\TZAC2\tizeq64.sys [2012-5-31 153784]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-07 11:13:29 -------- d-----w- C:\Users\Joep\AppData\Local\{BC264D64-A44A-4EE8-B53C-EC2D7FB4872C}
2012-06-07 11:13:18 -------- d-----w- C:\Users\Joep\AppData\Local\{5D901155-73F2-48BD-B92D-6E53916B308E}
2012-06-06 17:54:38 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-06 14:38:14 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA3F3FB7-CC40-4EB7-A0C4-455321A77101}\mpengine.dll
2012-06-05 10:57:24 -------- d-----w- C:\Users\Joep\AppData\Local\{44CFB127-8171-499A-BC31-ACD03728C549}
2012-06-05 10:57:11 -------- d-----w- C:\Users\Joep\AppData\Local\{8471E50B-E40C-470B-A067-70D714C4461A}
2012-06-04 17:34:56 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-04 12:08:34 -------- d-----w- C:\Users\Joep\AppData\Local\{F11AD78C-9079-4C65-8959-A790489176C6}
2012-06-04 12:08:16 -------- d-----w- C:\Users\Joep\AppData\Local\{7F3C139F-C182-4D39-8211-76C0F42D21E5}
2012-06-03 13:36:11 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39
2012-06-02 11:57:55 -------- d-----w- C:\Users\Joep\AppData\Local\{C7D3A9C7-A833-4A3C-A3C4-28C89DF51B6E}
2012-06-02 11:57:36 -------- d-----w- C:\Users\Joep\AppData\Local\{6655FC19-C330-4F8E-BC79-39E80B97966F}
2012-06-01 11:28:04 -------- d-----w- C:\Users\Joep\AppData\Local\{2236C27C-7B3A-48AD-994D-36440420536E}
2012-06-01 11:27:50 -------- d-----w- C:\Users\Joep\AppData\Local\{8DF0AA20-20FD-44E6-937E-67717A746524}
2012-05-31 14:46:24 -------- d-----w- C:\Users\Joep\AppData\Roaming\TZAC2
2012-05-31 14:46:15 -------- d-----w- C:\Program Files (x86)\TZAC2
2012-05-31 12:54:41 -------- d-----w- C:\Users\Joep\AppData\Local\{1EB8ED25-4184-42ED-9AB1-C8517B57AD43}
2012-05-31 12:54:18 -------- d-----w- C:\Users\Joep\AppData\Local\{F103148E-BA5B-49F3-A9AC-B53AEE9DFC69}
2012-05-29 11:42:20 -------- d-----w- C:\Users\Joep\AppData\Local\{9776EC3A-549F-472B-88B6-CF75E5E8928C}
2012-05-29 11:41:57 -------- d-----w- C:\Users\Joep\AppData\Local\{5D03A988-081F-4C49-B93E-BDD788430C88}
2012-05-28 23:41:27 -------- d-----w- C:\Users\Joep\AppData\Local\{37208346-407B-45B9-B16C-8458227C1102}
2012-05-28 23:41:05 -------- d-----w- C:\Users\Joep\AppData\Local\{1D51A471-8571-42E9-BDAC-86C840FC8CFE}
2012-05-28 11:40:49 -------- d-----w- C:\Users\Joep\AppData\Local\{601CC151-B88A-4359-A449-C693DB8F12BB}
2012-05-28 11:40:25 -------- d-----w- C:\Users\Joep\AppData\Local\{2B7EA7D7-FC17-4BA8-9B2A-0E789380B2B9}
2012-05-27 11:01:49 -------- d-----w- C:\Users\Joep\AppData\Local\{533EED66-F151-4B7F-B21F-D3D9E7F4FBED}
2012-05-27 11:01:28 -------- d-----w- C:\Users\Joep\AppData\Local\{59217A19-3C78-40AC-B57B-9BE882D71E2A}
2012-05-26 10:33:55 -------- d-----w- C:\Users\Joep\AppData\Local\{2FC7781D-BEAF-4550-8047-39BCE24DDABD}
2012-05-26 10:33:41 -------- d-----w- C:\Users\Joep\AppData\Local\{28CE7D65-9E47-4EA7-B1DD-2A676D048B57}
2012-05-24 13:57:51 -------- d-----w- C:\Users\Joep\AppData\Local\{5D4E153A-0F09-4D48-A0B2-6F76E30E02D2}
2012-05-24 13:57:39 -------- d-----w- C:\Users\Joep\AppData\Local\{21D0E5A7-3D24-42F3-972F-E5DAA710912C}
2012-05-23 10:01:56 -------- d-----w- C:\Users\Joep\AppData\Local\{D68B0FCE-BC6A-40FB-96AD-7DD909064918}
2012-05-23 10:01:29 -------- d-----w- C:\Users\Joep\AppData\Local\{A5C90787-1FA6-4F66-B8BE-815554616169}
2012-05-22 09:48:27 -------- d-----w- C:\Users\Joep\AppData\Local\{C76620BC-21F8-4F38-881A-9391C16A1E10}
2012-05-22 09:48:11 -------- d-----w- C:\Users\Joep\AppData\Local\{4ABDF79B-0E1F-40E2-8486-8D5FCA01B8BA}
2012-05-21 13:09:24 -------- d-----w- C:\Users\Joep\AppData\Local\{7D17AA13-498A-418D-928C-F94483ABC44E}
2012-05-21 13:09:01 -------- d-----w- C:\Users\Joep\AppData\Local\{A687602B-9AF1-4D44-B44D-6DD251793C66}
2012-05-21 13:04:18 -------- d-----w- C:\Users\Joep\AppData\Local\{E6DD7B9C-DDDA-4359-9823-E32EB172D8A9}
2012-05-19 11:36:46 -------- d-----w- C:\Users\Joep\AppData\Local\{BA241CE2-7B3A-43DB-9928-CD5E0CAF6B1C}
2012-05-19 11:36:25 -------- d-----w- C:\Users\Joep\AppData\Local\{BF93AF75-AA1B-4E74-8BF3-E3AADC4CA1AF}
2012-05-18 10:20:07 -------- d-----w- C:\Users\Joep\AppData\Local\{9EFB7527-090E-4AC1-96A4-22D22DB6B44A}
2012-05-18 10:19:44 -------- d-----w- C:\Users\Joep\AppData\Local\{CAEAE345-48F9-4A88-9B99-A370BB604E57}
2012-05-17 22:19:13 -------- d-----w- C:\Users\Joep\AppData\Local\{6434E25A-18FF-4659-BB47-F3F3BB0C4682}
2012-05-17 22:18:50 -------- d-----w- C:\Users\Joep\AppData\Local\{B7992227-AC07-4203-823E-2076C1A70695}
2012-05-17 10:18:16 -------- d-----w- C:\Users\Joep\AppData\Local\{A2523FD5-1B44-4691-8563-FFBDDEA23B06}
2012-05-17 10:17:53 -------- d-----w- C:\Users\Joep\AppData\Local\{AD937384-BC00-455D-9A2F-B885380BC094}
2012-05-16 17:32:55 -------- d-----w- C:\Users\Joep\AppData\Local\{16721E9B-1E70-4E74-ADFB-08CF1042EC2C}
2012-05-16 17:32:43 -------- d-----w- C:\Users\Joep\AppData\Local\{E3BBCD72-623D-4123-832F-44554FA8C465}
2012-05-14 09:31:22 -------- d-----w- C:\Users\Joep\AppData\Local\{F3F0D58D-CD57-4647-A0AE-168591971F9F}
2012-05-14 09:30:58 -------- d-----w- C:\Users\Joep\AppData\Local\{AF921909-BE09-4779-88A2-E69FB4705C06}
2012-05-13 10:20:32 -------- d-----w- C:\Users\Joep\AppData\Local\{10806D1A-D153-401F-97B5-29C4B604D802}
2012-05-13 10:20:20 -------- d-----w- C:\Users\Joep\AppData\Local\{8234311A-8E17-4DF8-8C44-75FDD5725C8E}
2012-05-12 10:38:04 -------- d-----w- C:\Users\Joep\AppData\Local\{0DED196C-A149-49E4-B026-AD0B2D30FB47}
2012-05-12 10:37:35 -------- d-----w- C:\Users\Joep\AppData\Local\{A93A4F9A-2F80-4D2E-938D-A48BA57ECC65}
2012-05-11 10:48:02 -------- d-----w- C:\Users\Joep\AppData\Local\{47E56606-1E41-4AEA-922C-99E79406E5DC}
2012-05-11 10:47:50 -------- d-----w- C:\Users\Joep\AppData\Local\{3DD8F913-FE3D-4995-898C-7CE7E4C8437A}
2012-05-10 10:13:09 -------- d-----w- C:\Users\Joep\AppData\Local\{E6BA729D-73E8-4962-B2B7-D6ACCBD1713F}
2012-05-10 10:12:46 -------- d-----w- C:\Users\Joep\AppData\Local\{DEF08978-0578-4BA0-89D4-B41B4FA2A814}
2012-05-09 13:31:53 -------- d-----w- C:\Users\Joep\AppData\Local\{43614D67-0609-417E-B642-105A5A451CA3}
2012-05-09 13:31:29 -------- d-----w- C:\Users\Joep\AppData\Local\{C5168F91-9C4C-4477-A88B-BEF20F7BE853}
.
==================== Find3M ====================
.
2012-06-05 12:21:51 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-05 12:21:51 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-05 12:21:23 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-17 15:43:14 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-05 15:41:33 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 15:41:33 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 15:41:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 18:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 13:19:56,24 ===============
ik heb aan de hand van enkele andere topics op dit forum het virus al weten te verwijderen (met de tekst: "Please wait while the connection is beeing established" inclusief typfout en eronder de Duitse vertaling). Dit leverde echter, zoals bij de andere ook, enkele problemen op. Ook ik heb geen pictogrammen meer en ik kan niet eens naar het menu gaan als je op de rechtermuisknop klikt. Aangezien de stap erna een logbestand oplevert wat voor iedereen anders is, dacht ik dat een nieuw topic op z'n plaats was. Hieronder het logbestand van het DDS programma. Ik vroeg me enkel nog af waar zo'n virus vandaan kan komen?
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Joep at 13:19:29 on 2012-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4092.2846 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Users\Frans\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vvv-venlo.nl/default.htm" onclick="window.open(this.href);return false;
uWindow Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
BHO: Search Assistant BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Facebook Update] "C:\Users\Joep\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
mRun: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Joep\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab" onclick="window.open(this.href);return false;
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nabestelling.net/Scripts/ImageUploader6.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.uvt.nl/CACHE/stc/1/binaries/vpnweb.cab" onclick="window.open(this.href);return false;
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab" onclick="window.open(this.href);return false;
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{04688AD9-A736-4E84-B28D-4805EACDF998} : DhcpNameServer = 212.54.40.25 212.54.35.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 MapsGalaxy_39Service;MapsGalaxyService;C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [2012-6-3 42504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-5-4 2280312]
R2 TomTomHOMEService;TomTomHOMEService;C:\Users\Frans\Documents\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-8-3 645048]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-18 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-22 2348352]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-5-4 24576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-18 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 tizeqdrv;tizeqdrv;C:\Users\Joep\AppData\Roaming\TZAC2\tizeq64.sys [2012-5-31 153784]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-07 11:13:29 -------- d-----w- C:\Users\Joep\AppData\Local\{BC264D64-A44A-4EE8-B53C-EC2D7FB4872C}
2012-06-07 11:13:18 -------- d-----w- C:\Users\Joep\AppData\Local\{5D901155-73F2-48BD-B92D-6E53916B308E}
2012-06-06 17:54:38 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-06 14:38:14 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA3F3FB7-CC40-4EB7-A0C4-455321A77101}\mpengine.dll
2012-06-05 10:57:24 -------- d-----w- C:\Users\Joep\AppData\Local\{44CFB127-8171-499A-BC31-ACD03728C549}
2012-06-05 10:57:11 -------- d-----w- C:\Users\Joep\AppData\Local\{8471E50B-E40C-470B-A067-70D714C4461A}
2012-06-04 17:34:56 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-04 12:08:34 -------- d-----w- C:\Users\Joep\AppData\Local\{F11AD78C-9079-4C65-8959-A790489176C6}
2012-06-04 12:08:16 -------- d-----w- C:\Users\Joep\AppData\Local\{7F3C139F-C182-4D39-8211-76C0F42D21E5}
2012-06-03 13:36:11 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39
2012-06-02 11:57:55 -------- d-----w- C:\Users\Joep\AppData\Local\{C7D3A9C7-A833-4A3C-A3C4-28C89DF51B6E}
2012-06-02 11:57:36 -------- d-----w- C:\Users\Joep\AppData\Local\{6655FC19-C330-4F8E-BC79-39E80B97966F}
2012-06-01 11:28:04 -------- d-----w- C:\Users\Joep\AppData\Local\{2236C27C-7B3A-48AD-994D-36440420536E}
2012-06-01 11:27:50 -------- d-----w- C:\Users\Joep\AppData\Local\{8DF0AA20-20FD-44E6-937E-67717A746524}
2012-05-31 14:46:24 -------- d-----w- C:\Users\Joep\AppData\Roaming\TZAC2
2012-05-31 14:46:15 -------- d-----w- C:\Program Files (x86)\TZAC2
2012-05-31 12:54:41 -------- d-----w- C:\Users\Joep\AppData\Local\{1EB8ED25-4184-42ED-9AB1-C8517B57AD43}
2012-05-31 12:54:18 -------- d-----w- C:\Users\Joep\AppData\Local\{F103148E-BA5B-49F3-A9AC-B53AEE9DFC69}
2012-05-29 11:42:20 -------- d-----w- C:\Users\Joep\AppData\Local\{9776EC3A-549F-472B-88B6-CF75E5E8928C}
2012-05-29 11:41:57 -------- d-----w- C:\Users\Joep\AppData\Local\{5D03A988-081F-4C49-B93E-BDD788430C88}
2012-05-28 23:41:27 -------- d-----w- C:\Users\Joep\AppData\Local\{37208346-407B-45B9-B16C-8458227C1102}
2012-05-28 23:41:05 -------- d-----w- C:\Users\Joep\AppData\Local\{1D51A471-8571-42E9-BDAC-86C840FC8CFE}
2012-05-28 11:40:49 -------- d-----w- C:\Users\Joep\AppData\Local\{601CC151-B88A-4359-A449-C693DB8F12BB}
2012-05-28 11:40:25 -------- d-----w- C:\Users\Joep\AppData\Local\{2B7EA7D7-FC17-4BA8-9B2A-0E789380B2B9}
2012-05-27 11:01:49 -------- d-----w- C:\Users\Joep\AppData\Local\{533EED66-F151-4B7F-B21F-D3D9E7F4FBED}
2012-05-27 11:01:28 -------- d-----w- C:\Users\Joep\AppData\Local\{59217A19-3C78-40AC-B57B-9BE882D71E2A}
2012-05-26 10:33:55 -------- d-----w- C:\Users\Joep\AppData\Local\{2FC7781D-BEAF-4550-8047-39BCE24DDABD}
2012-05-26 10:33:41 -------- d-----w- C:\Users\Joep\AppData\Local\{28CE7D65-9E47-4EA7-B1DD-2A676D048B57}
2012-05-24 13:57:51 -------- d-----w- C:\Users\Joep\AppData\Local\{5D4E153A-0F09-4D48-A0B2-6F76E30E02D2}
2012-05-24 13:57:39 -------- d-----w- C:\Users\Joep\AppData\Local\{21D0E5A7-3D24-42F3-972F-E5DAA710912C}
2012-05-23 10:01:56 -------- d-----w- C:\Users\Joep\AppData\Local\{D68B0FCE-BC6A-40FB-96AD-7DD909064918}
2012-05-23 10:01:29 -------- d-----w- C:\Users\Joep\AppData\Local\{A5C90787-1FA6-4F66-B8BE-815554616169}
2012-05-22 09:48:27 -------- d-----w- C:\Users\Joep\AppData\Local\{C76620BC-21F8-4F38-881A-9391C16A1E10}
2012-05-22 09:48:11 -------- d-----w- C:\Users\Joep\AppData\Local\{4ABDF79B-0E1F-40E2-8486-8D5FCA01B8BA}
2012-05-21 13:09:24 -------- d-----w- C:\Users\Joep\AppData\Local\{7D17AA13-498A-418D-928C-F94483ABC44E}
2012-05-21 13:09:01 -------- d-----w- C:\Users\Joep\AppData\Local\{A687602B-9AF1-4D44-B44D-6DD251793C66}
2012-05-21 13:04:18 -------- d-----w- C:\Users\Joep\AppData\Local\{E6DD7B9C-DDDA-4359-9823-E32EB172D8A9}
2012-05-19 11:36:46 -------- d-----w- C:\Users\Joep\AppData\Local\{BA241CE2-7B3A-43DB-9928-CD5E0CAF6B1C}
2012-05-19 11:36:25 -------- d-----w- C:\Users\Joep\AppData\Local\{BF93AF75-AA1B-4E74-8BF3-E3AADC4CA1AF}
2012-05-18 10:20:07 -------- d-----w- C:\Users\Joep\AppData\Local\{9EFB7527-090E-4AC1-96A4-22D22DB6B44A}
2012-05-18 10:19:44 -------- d-----w- C:\Users\Joep\AppData\Local\{CAEAE345-48F9-4A88-9B99-A370BB604E57}
2012-05-17 22:19:13 -------- d-----w- C:\Users\Joep\AppData\Local\{6434E25A-18FF-4659-BB47-F3F3BB0C4682}
2012-05-17 22:18:50 -------- d-----w- C:\Users\Joep\AppData\Local\{B7992227-AC07-4203-823E-2076C1A70695}
2012-05-17 10:18:16 -------- d-----w- C:\Users\Joep\AppData\Local\{A2523FD5-1B44-4691-8563-FFBDDEA23B06}
2012-05-17 10:17:53 -------- d-----w- C:\Users\Joep\AppData\Local\{AD937384-BC00-455D-9A2F-B885380BC094}
2012-05-16 17:32:55 -------- d-----w- C:\Users\Joep\AppData\Local\{16721E9B-1E70-4E74-ADFB-08CF1042EC2C}
2012-05-16 17:32:43 -------- d-----w- C:\Users\Joep\AppData\Local\{E3BBCD72-623D-4123-832F-44554FA8C465}
2012-05-14 09:31:22 -------- d-----w- C:\Users\Joep\AppData\Local\{F3F0D58D-CD57-4647-A0AE-168591971F9F}
2012-05-14 09:30:58 -------- d-----w- C:\Users\Joep\AppData\Local\{AF921909-BE09-4779-88A2-E69FB4705C06}
2012-05-13 10:20:32 -------- d-----w- C:\Users\Joep\AppData\Local\{10806D1A-D153-401F-97B5-29C4B604D802}
2012-05-13 10:20:20 -------- d-----w- C:\Users\Joep\AppData\Local\{8234311A-8E17-4DF8-8C44-75FDD5725C8E}
2012-05-12 10:38:04 -------- d-----w- C:\Users\Joep\AppData\Local\{0DED196C-A149-49E4-B026-AD0B2D30FB47}
2012-05-12 10:37:35 -------- d-----w- C:\Users\Joep\AppData\Local\{A93A4F9A-2F80-4D2E-938D-A48BA57ECC65}
2012-05-11 10:48:02 -------- d-----w- C:\Users\Joep\AppData\Local\{47E56606-1E41-4AEA-922C-99E79406E5DC}
2012-05-11 10:47:50 -------- d-----w- C:\Users\Joep\AppData\Local\{3DD8F913-FE3D-4995-898C-7CE7E4C8437A}
2012-05-10 10:13:09 -------- d-----w- C:\Users\Joep\AppData\Local\{E6BA729D-73E8-4962-B2B7-D6ACCBD1713F}
2012-05-10 10:12:46 -------- d-----w- C:\Users\Joep\AppData\Local\{DEF08978-0578-4BA0-89D4-B41B4FA2A814}
2012-05-09 13:31:53 -------- d-----w- C:\Users\Joep\AppData\Local\{43614D67-0609-417E-B642-105A5A451CA3}
2012-05-09 13:31:29 -------- d-----w- C:\Users\Joep\AppData\Local\{C5168F91-9C4C-4477-A88B-BEF20F7BE853}
.
==================== Find3M ====================
.
2012-06-05 12:21:51 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-05 12:21:51 282472 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-05 12:21:23 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-17 15:43:14 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-05 15:41:33 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 15:41:33 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 15:41:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-20 18:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 13:19:56,24 ===============