Ga naar inhoud

buffalo18

Lid
  • Items

    28
  • Registratiedatum

  • Laatst bezocht

buffalo18's prestaties

  1. Probleem is intussen al opgelost, voorlopig toch. Toch nog een vraagje, onderaan het logje zie ik veel (file missing) bij toch belangrijke bestanden? Kan dit geen kwaad?
  2. Ik heb denk ik een Trojaans paard op m'n pc staan. Mijn browser doet raar (chrome), als ik op vorige klik bijvoorbeeld sluit hij de pagina. Bij taakbeheer verschijnen de toepassingen, processen en services voor een halve seconde om dan te verdwijnen/verschijnen/verdwijnen... Ik ben nu een scan aan het doen met avast. Hieronder een logje van HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:38:25, on 7/05/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Users\Klaas\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\Downloads\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Official Site - The Power To Do More | Dell R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [installShieldSetup] C:\PROGRA~2\INSTAL~1\{399C3~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{399C3~1\reboot.ini -l0x13 O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: Dropbox.lnk = Klaas\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11273 bytes
  3. Is gestart, maar euhm, nu kan ik daar geen cd meer van maken zeker? Als er evt. bestanden weg zijn?
  4. Euhm Windows-cd? Ik heb nooit een Windows-cd gezien hoor. Windows 7 was gewoon geïnstalleerd, maar heb daar nooit cd van gezien. Ik herinner me wel dat hij me vroeg om een soort van cd te maken, waarschijnlijk voor dit soort gevallen. Maar waar die ligt..? Geen idee denk ik..
  5. Bwa, probeerde zonet een PDF te openen, 5 minuten later was hij open . Dus niet echt nee, misschien pc nog eens herstarten, maar daarnet duurde het ook weer zeer lang tegen dat ik eindelijk pc kon gebruiken. Bureaublad verschijnt wel heel snel maar dan blokkeert hij precies. En 5 minuten later schiet alles in gang . Toch bedankt voor de hulp...
  6. a2scan_120121-105242 Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 1/21/2012 10:51:40 AM Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, H:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 1/21/2012 10:52:42 AM c:\programdata\microsoft\windows\start menu\programs\cain Ontdekt: Trace.Directory.Cain!A2 c:\program files (x86)\cain Ontdekt: Trace.Directory.Cain!A2 c:\windows\system32\drivers\imon Ontdekt: Trace.Directory.AllMonitor!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} Ontdekt: Trace.Registry.ShoppingReports!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 Ontdekt: Trace.Registry.ShoppingReports!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib Ontdekt: Trace.Registry.ShoppingReports!A2 c:\windows\system32\drivers\imon\bar.jpg Ontdekt: Trace.File.AllMonitor!A2 Key: HKEY_CURRENT_USER\software\cain\settings Ontdekt: Trace.Registry.Cain!A2 Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} Ontdekt: Trace.Registry.IBISToolbar!A2 C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@doubleclick[1].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2 C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[1].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2 C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2 Gescand Bestanden: 104005 Sporen: 403649 Cookies: 140 Processen: 60 Gevonden Bestanden: 0 Sporen: 9 Cookies: 3 Processen: 0 Registersleutels: 0 Scan Geëindigd: 1/21/2012 1:42:37 PM Scantijd: 2:49:55 C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[1].txt Verwijderd Trace.TrackingCookie.serving-sys!A2 C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2 C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@doubleclick[1].txt Verwijderd Trace.TrackingCookie.doubleclick!A2 Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} Verwijderd Trace.Registry.IBISToolbar!A2 Key: HKEY_CURRENT_USER\software\cain\settings Verwijderd Trace.Registry.Cain!A2 c:\windows\system32\drivers\imon\bar.jpg Verwijderd Trace.File.AllMonitor!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} Verwijderd Trace.Registry.ShoppingReports!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 Verwijderd Trace.Registry.ShoppingReports!A2 Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib Verwijderd Trace.Registry.ShoppingReports!A2 c:\windows\system32\drivers\imon Verwijderd Trace.Directory.AllMonitor!A2 c:\programdata\microsoft\windows\start menu\programs\cain Verwijderd Trace.Directory.Cain!A2 c:\program files (x86)\cain Verwijderd Trace.Directory.Cain!A2 Verwijderd Bestanden: 0 Sporen: 9 Cookies: 3
  7. Traagheid is er nog steeds, maar is precies wel beter. Alles start precies met een lag op. Ik open verschillende programma's, het duurt zeer lang voor er iets opent, maar plots openen ze allemaal. Ook bij herstarten was pc zeer traag (programma's laden enzo), maar dan plots wel gebruiksklaar. ComboFix 12-01-19.02 - Klaas 21/01/2012 9:15:41.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2650 [GMT 1:00] Gestart vanuit: C:\Users\Klaas\Desktop\ComboFix.exe gebruikte Opdracht switches :: C:\Users\Klaas\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((( Bestanden Gemaakt van 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))) 2012-01-21 08:34:03 . 2012-01-21 08:34:03 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-01-20 16:44:04 . 2012-01-20 16:44:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-01-20 08:34:41 . 2012-01-06 05:15:20 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DA80C37-7514-4C5C-B4F9-D7CDB0CF24FC}\mpengine.dll 2012-01-11 07:47:15 . 2011-10-26 05:25:16 1572864 ----a-w- C:\Windows\system32\quartz.dll 2012-01-11 07:47:15 . 2011-10-26 05:25:15 366592 ----a-w- C:\Windows\system32\qdvd.dll 2012-01-11 07:47:15 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 07:47:15 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 07:47:13 . 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\system32\packager.dll 2012-01-11 07:47:13 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-11 07:47:13 . 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\system32\ntdll.dll 2012-01-11 07:47:13 . 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-08 11:20:38 . 2012-01-08 11:20:40 -------- d-----w- C:\Users\Klaas\AppData\Roaming\Stellarium 2012-01-08 11:20:01 . 2012-01-08 11:20:36 -------- d-----w- C:\Program Files (x86)\Stellarium . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-12-10 14:24:08 . 2010-05-22 18:08:47 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-12-06 20:34:22 . 2011-12-06 20:34:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-24 04:52:09 . 2011-12-14 16:14:14 3145216 ----a-w- C:\Windows\system32\win32k.sys 2011-11-15 13:29:56 . 2009-10-25 21:51:11 270720 ------w- C:\Windows\system32\MpSigStub.exe 2011-11-05 05:32:50 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\system32\tzres.dll 2011-11-05 04:26:03 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-04 01:53:39 . 2011-12-15 02:01:56 2309120 ----a-w- C:\Windows\system32\jscript9.dll 2011-11-04 01:44:47 . 2011-12-15 02:01:56 1390080 ----a-w- C:\Windows\system32\wininet.dll 2011-11-04 01:44:21 . 2011-12-15 02:01:56 1493504 ----a-w- C:\Windows\system32\inetcpl.cpl 2011-11-04 01:34:43 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2011-11-03 22:47:42 . 2011-12-15 02:01:56 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 . 2011-12-15 02:01:56 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 . 2011-12-15 02:01:56 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-29 10:56:39 . 2011-10-29 10:56:39 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-10-29 10:56:38 . 2011-10-29 10:56:38 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-10-26 05:21:20 . 2011-12-14 16:14:17 43520 ----a-w- C:\Windows\system32\csrsrv.dll 2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-07 09:18:12 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 08:01:50 145408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 21:09:34 199464] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-08-27 20:47:18 1200136] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064] "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 11:27:02 358336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux7"=wdmaud.drv R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664] R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 09:18:54 311592] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 00:25:50 62720] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 08:58:08 20480] R3 AF9035BDA;Cinergy T-Stick service;C:\Windows\system32\DRIVERS\AF9035BDA.sys [x] R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys [x] S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136] S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 05:40:12 796192] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys [x] S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496] S2 IGBASVC;EgisTec Service;c:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-08-06 05:21:04 3450368] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 16:12:12 208896] S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 23:47:10 191000] S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [x] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 12:32:14 34048] S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 09:54:44 253952] S2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 10:47:24 716024] S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160] S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 20:39:09 427192] S2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 13:31:44 116224] S3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\system32\DRIVERS\hidshim.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x] S3 nuvotonhidgeneric;Nuvoton EC Generic HID;C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [x] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai Inhoud van de 'Gedeelde Taken' map 2012-01-20 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job - C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51] 2012-01-21 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job - C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51] 2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36] 2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36] 2012-01-19 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job - C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33] 2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job - C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-07 09:19:54 137512 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 02:32:06 8060960] "SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab FF - ProfilePath - C:\Users\Klaas\AppData\Roaming\Mozilla\Firefox\Profiles\gukytds7.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
  8. Ook uitgevoerd ComboFix 12-01-19.02 - Klaas 21/01/2012 8:02:28.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2740 [GMT 1:00] Gestart vanuit: C:\Users\Klaas\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\install.exe c:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.dll C:\Program Files (x86)\Common Files\Acer GameZone online.ico C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Recent\ChattChitto.url C:\Users\Klaas\AppData\Roaming\Sdat.exe C:\Windows\SysWow64\drivers\imon\anti_end.dll C:\Windows\SysWow64\drivers\imon\browse_setting.ini C:\Windows\SysWow64\drivers\imon\gdiplus.dll C:\Windows\SysWow64\drivers\imon\imonsmtp.exe C:\Windows\SysWow64\drivers\imon\install_lsp.exe C:\Windows\SysWow64\drivers\imon\th_imgbrowser.ocx C:\Windows\SysWow64\drivers\imon\uninstall.exe C:\Windows\SysWow64\drivers\imon\wodSmtp.ocx (((((((((((((((((((( Bestanden Gemaakt van 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))) 2012-01-21 07:23:28 . 2012-01-21 07:23:28 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-01-20 16:44:04 . 2012-01-20 16:44:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-01-11 07:47:15 . 2011-10-26 05:25:16 1572864 ----a-w- C:\Windows\system32\quartz.dll 2012-01-11 07:47:15 . 2011-10-26 05:25:15 366592 ----a-w- C:\Windows\system32\qdvd.dll 2012-01-11 07:47:15 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 07:47:15 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 07:47:13 . 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\system32\packager.dll 2012-01-11 07:47:13 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-11 07:47:13 . 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\system32\ntdll.dll 2012-01-11 07:47:13 . 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-08 11:20:38 . 2012-01-08 11:20:40 -------- d-----w- C:\Users\Klaas\AppData\Roaming\Stellarium 2012-01-08 11:20:01 . 2012-01-08 11:20:36 -------- d-----w- C:\Program Files (x86)\Stellarium . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-01-06 05:15:20 . 2012-01-20 08:34:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DA80C37-7514-4C5C-B4F9-D7CDB0CF24FC}\mpengine.dll 2011-12-10 14:24:08 . 2010-05-22 18:08:47 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-12-06 20:34:22 . 2011-12-06 20:34:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-24 04:52:09 . 2011-12-14 16:14:14 3145216 ----a-w- C:\Windows\system32\win32k.sys 2011-11-15 13:29:56 . 2009-10-25 21:51:11 270720 ------w- C:\Windows\system32\MpSigStub.exe 2011-11-05 05:32:50 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\system32\tzres.dll 2011-11-05 04:26:03 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-04 01:53:39 . 2011-12-15 02:01:56 2309120 ----a-w- C:\Windows\system32\jscript9.dll 2011-11-04 01:44:47 . 2011-12-15 02:01:56 1390080 ----a-w- C:\Windows\system32\wininet.dll 2011-11-04 01:44:21 . 2011-12-15 02:01:56 1493504 ----a-w- C:\Windows\system32\inetcpl.cpl 2011-11-04 01:34:43 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2011-11-03 22:47:42 . 2011-12-15 02:01:56 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 . 2011-12-15 02:01:56 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 . 2011-12-15 02:01:56 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-29 10:56:39 . 2011-10-29 10:56:39 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-10-29 10:56:38 . 2011-10-29 10:56:38 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-10-26 05:21:20 . 2011-12-14 16:14:17 43520 ----a-w- C:\Windows\system32\csrsrv.dll 2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-07 09:18:12 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 08:01:50 145408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 21:09:34 199464] "LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-08-27 20:47:18 1200136] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064] "ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 11:27:02 358336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux7"=wdmaud.drv R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664] R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 09:18:54 311592] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 00:25:50 62720] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 08:58:08 20480] R3 AF9035BDA;Cinergy T-Stick service;C:\Windows\system32\DRIVERS\AF9035BDA.sys [x] R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys [x] S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136] S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 05:40:12 796192] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys [x] S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496] S2 IGBASVC;EgisTec Service;c:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-08-06 05:21:04 3450368] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 16:12:12 208896] S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 23:47:10 191000] S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [x] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 12:32:14 34048] S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 09:54:44 253952] S2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 10:47:24 716024] S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160] S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 20:39:09 427192] S2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 13:31:44 116224] S3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\system32\DRIVERS\hidshim.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys [x] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x] S3 nuvotonhidgeneric;Nuvoton EC Generic HID;C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys [x] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [x] S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai Inhoud van de 'Gedeelde Taken' map 2012-01-20 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job - C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51] 2012-01-21 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job - C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51] 2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36] 2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36] 2012-01-19 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job - C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33] 2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job - C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-07 09:19:54 137512 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 02:32:06 8060960] "combofix"="C:\ComboFix\CF14882.3XE" [2010-11-20 13:24:33 345088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.0.1 DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab FF - ProfilePath - C:\Users\Klaas\AppData\Roaming\Mozilla\Firefox\Profiles\gukytds7.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-fsm - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
  9. Voila, alles uitgevoerd, wel in veilige modus daar ik in normale modus niet meer kan werken door de extreme traagheid . Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.01.20.02 Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 Klaas :: KLAAS-PC [administrator] 20/01/2012 17:45:26 mbam-log-2012-01-20 (17-45-26).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 207816 Verstreken tijd: 13 minuut/minuten, 58 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 85 HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.22.0 (Adware.HotBar) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879047EB6765A503FA990 (Malware.Trace) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 35 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\plugins (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\plugins (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 47 C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaasupdate001.exe (Spyware.Passwords.XGen) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Local\Temp\0.9119469560445368.exe (Spyware.Passwords.XGen) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Local\Temp\60414.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\video (1).exe (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\video.exe (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\Webfetti (1).exe (Adware.FunWeb) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\Webfetti.exe (Adware.FunWeb) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\XvidSetup (1).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\XvidSetup (2).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\XvidSetup (3).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\XvidSetup (4).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\Downloads\XvidSetup.exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Roaming\data.dat (Stolen.Data) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Spyware Protection .lnk (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Local\Temp\Crypted.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Klaas\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:14:19, on 20/01/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12308 bytes
  10. Sins kort is m'n pc tergend traag. Ik heb Windows 7 (Acer Aspire 7738G). Hieronder de log van Hijack. Ik zag dat er bij veel bestanden (file missing) bijstond, misschien heeft het daar ergens mee te maken? Ook moet ik erbij vermelden dat m'n pc bijna altijd in slaapstand staat 's nachts, dus hij wordt eigenlijk nooit uitgeschakeld. Ik heb hem onlangs (sind dat hij zo traag was) en heropgestart en dat ging ook hééél traag. Iemand een idee? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:00:03, on 20/01/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: BTTray.lnk = ? O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing) O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12890 bytes
  11. Ik heb de laatste dagen last van een fake-antivirusprogramma dat zich telkens vanzelf voor m'n ogen installeert op m'n pc, je kan het installatievenster natuurlijk niet wegklikken... Ook komt er bij het opstarten een fake security-center op m'n scherm. En om de zoveel tijd komen er links naar verschillende websites op m'n bureaublad. Ik heb nu gezien dat ADaware een proces heeft geblokt, maar hieronder het rapport. Ik heb al veel scans gedaan met ADaware, maar telkens opnieuw vindt hij dezelfde bestanden, ze komen steeds terug. Ik wou ook nog een hijackscan doen maar ik krijg error bij opstarten 'kan ...hijackthis.exe' niet starten... Logfile created: 16/07/2010 19:24:03 Ad-Aware version: 8.2.6 Extended engine: 81608688 Extended engine version: User performing scan: Name *********************** Definitions database information *********************** Lavasoft definition file: 149.330 Genotype definition file version: 2010/07/15 08:06:49 ******************************** Scan results: ********************************* Scan profile name: Slim. scan (ID: smart) Objects scanned: 32033 Objects detected: 31 Type Detected ========================== Processes.......: 3 Registry entries: 3 Hostfile entries: 0 Files...........: 1 Folders.........: 8 LSPs............: 0 Cookies.........: 16 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0 Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0 Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0 Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0 Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0 Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0 Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0 Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514 Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514 Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514 Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514 Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514 Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514 Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514 Description: c:\users\name \appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514 Quarantined items: Description: c:\users\name\appdata\local\temp\msderun.exe Family Name: Win32.Trojan.FakeAV Engine: 1 Clean status: Success Item ID: 4296987 Family ID: 5429 Description: c:\users\name\appdata\local\temp\mschrt20ex.dll Family Name: Win32.Trojan.FakeAV Engine: 1 Clean status: Success Item ID: 4296981 Family ID: 5429 Description: c:\users\name\appdata\local\temp\wscsvc32.exe Family Name: Win32.Trojan.Fraudpack Engine: 1 Clean status: Success Item ID: 4296912 Family ID: 5226 Description: c:\program files (x86)\defense center\defcnt.exe Family Name: Win32.FraudTool.PaladinAntivirus/A Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 5fe9c026b40db8177ec69ddfd30620e2 Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{5E2121EE-0300-11D4-8D3B-444553540000} Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429946 Family ID: 2494514 Description: HKLM:SOFTWARE\Defense Center: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105626 Family ID: 2494514 Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105627 Family ID: 2494514 Scan and cleaning complete: Finished correctly after 151 seconds *********************************** Settings *********************************** Scan profile: ID: smart, enabled:1, value: Slim. scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: false ID: onlyexecutables, enabled:1, value: true ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Wed Apr 28 20:37:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Wed Apr 28 02:37:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Wed Apr 28 08:37:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Wed Apr 28 14:37:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Wed Apr 28 20:37:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: true ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: false ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: false ID: usespywareheuristics, enabled:1, value: false ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: name-PC Processor name: Intel® Core2 Quad CPU Q9000 @ 2.00GHz Processor identifier: Intel64 Family 6 Model 23 Stepping 10 Processor speed: ~1995MHZ Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 5898, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3] Physical memory available: 2799980544 bytes Physical memory total: 4289650688 bytes Virtual memory available: 1967296512 bytes Virtual memory total: 2147352576 bytes Memory load: 34% Microsoft (build 7600) Windows startup mode: Running processes: PID: 336 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 600 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY PID: 624 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 664 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 680 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 688 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY PID: 808 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 868 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 908 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 968 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1000 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 304 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 824 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1088 name: C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe owner: SYSTEM domain: NT AUTHORITY PID: 1120 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1252 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 1296 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1532 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1560 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1588 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY PID: 1604 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1696 name: C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe owner: SYSTEM domain: NT AUTHORITY PID: 1944 name: C:\Program Files\LSI SoftModem\agr64svc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1976 name: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 2016 name: C:\Program Files (x86)\Acer\Registration\GregHSRW.exe owner: SYSTEM domain: NT AUTHORITY PID: 1232 name: C:\Program Files (x86)\Acer Bio Protection\BASVC.exe owner: SYSTEM domain: NT AUTHORITY PID: 1228 name: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2056 name: C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2076 name: C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe owner: SYSTEM domain: NT AUTHORITY PID: 2128 name: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 2172 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 2196 name: C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2236 name: C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe owner: SYSTEM domain: NT AUTHORITY PID: 2256 name: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe owner: SYSTEM domain: NT AUTHORITY PID: 2344 name: C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2380 name: C:\Program Files\Acer\Acer Updater\UpdaterService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2404 name: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2424 name: C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2616 name: C:\Windows\System32\taskhost.exe owner: name domain: name-PC PID: 2688 name: C:\Windows\System32\taskeng.exe owner: name domain: name-PC PID: 2720 name: C:\Windows\System32\dwm.exe owner: name domain: name-PC PID: 2812 name: C:\Windows\explorer.exe owner: name domain: name-PC PID: 2984 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 3008 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY PID: 2492 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY PID: 2524 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 3140 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3224 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY PID: 3440 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 3712 name: C:\Users\name\AppData\Local\Temp\MSDERUN.EXE owner: name domain: name-PC PID: 3768 name: C:\Windows\PLFSetI.exe owner: name domain: name-PC PID: 3784 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: name domain: name-PC PID: 3820 name: C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe owner: name domain: name-PC PID: 3832 name: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe owner: name domain: name-PC PID: 3848 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: name domain: name-PC PID: 4052 name: C:\Users\name\AppData\Local\Temp\wscsvc32.exe owner: name domain: name-PC PID: 3272 name: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: name domain: name-PC PID: 3584 name: C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe owner: name domain: name-PC PID: 3576 name: C:\Program Files (x86)\Launch Manager\LManager.exe owner: name domain: name-PC PID: 1808 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: name domain: name-PC PID: 2768 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY PID: 3808 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 4192 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY PID: 4216 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY PID: 4500 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 4672 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: name domain: name-PC PID: 4724 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: name domain: name-PC PID: 2092 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: name domain: name-PC PID: 4088 name: C:\Program Files (x86)\Nero\Update\NASvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 2296 name: C:\Windows\System32\sppsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 4488 name: C:\Windows\System32\PrintIsolationHost.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: EgisTecLiveUpdate imagepath: "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" Name: LManager imagepath: C:\Program Files (x86)\Launch Manager\LManager.exe Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Name: imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: AeLookupSvc displayname: Application Experience Name: AgereModemAudio displayname: Agere Modem Call Progress Audio Name: AudioEndpointBuilder displayname: Windows Audio Endpoint Builder Name: AudioSrv displayname: Windows Audio Name: BFE displayname: Base Filtering Engine Name: BITS displayname: Background Intelligent Transfer Service Name: Browser displayname: Computer Browser Name: bthserv displayname: Bluetooth Support Service Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP-client Name: Dnscache displayname: DNS Client Name: DPS displayname: Diagnostic Policy Service Name: EapHost displayname: Extensible Authentication Protocol Name: ePowerSvc displayname: Acer ePower Service Name: eventlog displayname: Windows Event Log Name: EventSystem displayname: COM+ Event System Name: fdPHost displayname: Function Discovery Provider Host Name: FDResPub displayname: Function Discovery Resource Publication Name: gpsvc displayname: Group Policy Client Name: Greg_Service displayname: GRegService Name: hidserv displayname: Human Interface Device Access Name: HomeGroupListener displayname: HomeGroup Listener Name: HomeGroupProvider displayname: HomeGroup Provider Name: IAANTMON displayname: Intel® Matrix Storage Event Monitor Name: IGBASVC displayname: EgisTec Service Name: IKEEXT displayname: IKE and AuthIP IPsec Keying Modules Name: IPBusEnum displayname: PnP-X IP Bus Enumerator Name: iphlpsvc displayname: IP Helper Name: KeyIso displayname: CNG Key Isolation Name: LanmanServer displayname: Server Name: LanmanWorkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: lmhosts displayname: TCP/IP NetBIOS Helper Name: LVPrcS64 displayname: Process Monitor Name: MMCSS displayname: Multimedia Class Scheduler Name: MpsSvc displayname: Windows Firewall Name: MWLService displayname: MyWinLocker Service Name: NAUpdate displayname: Nero Update Name: Netman displayname: Network Connections Name: netprofm displayname: Network List Service Name: NlaSvc displayname: Network Location Awareness Name: nsi displayname: Network Store Interface Service Name: NTI IScheduleSvc displayname: NTI IScheduleSvc Name: NTISchedulerSvc displayname: NTI Backup Now 5 Scheduler Service Name: nTuneService displayname: Performance Service Name: nvsvc displayname: NVIDIA Display Driver Service Name: p2pimsvc displayname: Peer Networking Identity Manager Name: p2psvc displayname: Peer Networking Grouping Name: PcaSvc displayname: Program Compatibility Assistant Service Name: PlugPlay displayname: Plug and Play Name: PNRPsvc displayname: Peer Name Resolution Protocol Name: Power displayname: Power Name: ProfSvc displayname: User Profile Service Name: RasMan displayname: Remote Access Connection Manager Name: RetroLauncher displayname: Retrospect Launcher Name: RpcEptMapper displayname: RPC Endpoint Mapper Name: RpcSs displayname: Remote Procedure Call (RPC) Name: RS_Service displayname: Raw Socket Service Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: SENS displayname: System Event Notification Service Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: sppsvc displayname: Software Protection Name: SSDPSRV displayname: SSDP Discovery Name: SstpSvc displayname: Secure Socket Tunneling Protocol Service Name: SysMain displayname: Superfetch Name: TapiSrv displayname: Telephony Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: TrustedInstaller displayname: Windows Modules Installer Name: UpdateCenterService displayname: Update Center Service Name: Updater Service displayname: Updater Service Name: upnphost displayname: UPnP Device Host Name: UxSms displayname: Desktop Window Manager Session Manager Name: vpnagent displayname: Cisco AnyConnect VPN Agent Name: WDDMService displayname: WD SmartWare Drive Manager Service Name: WdiServiceHost displayname: Diagnostic Service Host Name: WdiSystemHost displayname: Diagnostic System Host Name: WDSmartWareBackgroundService displayname: WD SmartWare Background Service Name: WinDefend displayname: Windows Defender Name: WinHttpAutoProxySvc displayname: WinHTTP Web Proxy Auto-Discovery Service Name: Winmgmt displayname: Windows Management Instrumentation Name: Wlansvc displayname: WLAN AutoConfig Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: wscsvc displayname: Security Center Name: WSearch displayname: Windows Search Name: wuauserv displayname: Windows Update Name: wudfsvc displayname: Windows Driver Foundation - User-mode Driver Framework
  12. Die bestanden ken ik niet nee . Hieronder de logs. Maar het lijkt wel in orde nu.. zal die uhm.exe geweest zijn denk ik. Hijack log: Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = deredactie.be R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12971 bytes Databaseversie: 4131 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22/05/2010 20:14:28 mbam-log-2010-05-22 (20-14-28).txt Scantype: Snelle scan Objecten gescand: 127094 Verstreken tijd: 4 minuut/minuten, 10 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 8 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 47 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080500.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102443.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103752.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103753.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103754.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103800.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103801.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103805.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125451.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat164049.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165413.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165414.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165415.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165416.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165417.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat192752.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194117.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194118.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194121.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194940.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194941.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200309.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200310.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200311.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200312.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200314.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200317.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200318.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200319.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200323.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200324.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200325.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200326.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200327.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200328.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200329.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200334.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200336.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat281824.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat281825.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat281826.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580459.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  13. Ik heb de laatste tijd last van vreselijk vervelende pop-ups. De pop-ups verschijnen zelfs wanneer IE zelfs niet geopend is. Ik heb al gescand met ad-aware, spyware doctor, kaspersky en avg maar pop-ups blijven komen... Iemand raad? Hieronder de log van hijack: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:15:48, on 22/05/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\Uzyzub.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE C:\Users\Klaas\AppData\Local\Temp\Uhm.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = deredactie.be R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O2 - BHO: (no name) - {BFE7D8EF-0538-3F2B-A3FA-F4087F576789} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Klaas\AppData\Local\Temp\Uhm.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: mel.bat080500.bat O4 - Startup: mel.bat102443.bat O4 - Startup: mel.bat103752.bat O4 - Startup: mel.bat103753.bat O4 - Startup: mel.bat103754.bat O4 - Startup: mel.bat103800.bat O4 - Startup: mel.bat103801.bat O4 - Startup: mel.bat103805.bat O4 - Startup: mel.bat125451.bat O4 - Startup: mel.bat164049.bat O4 - Startup: mel.bat165413.bat O4 - Startup: mel.bat165414.bat O4 - Startup: mel.bat165415.bat O4 - Startup: mel.bat165416.bat O4 - Startup: mel.bat165417.bat O4 - Startup: mel.bat192752.bat O4 - Startup: mel.bat194117.bat O4 - Startup: mel.bat194118.bat O4 - Startup: mel.bat194121.bat O4 - Startup: mel.bat194940.bat O4 - Startup: mel.bat194941.bat O4 - Startup: mel.bat200309.bat O4 - Startup: mel.bat200310.bat O4 - Startup: mel.bat200311.bat O4 - Startup: mel.bat200312.bat O4 - Startup: mel.bat200314.bat O4 - Startup: mel.bat200317.bat O4 - Startup: mel.bat200318.bat O4 - Startup: mel.bat200319.bat O4 - Startup: mel.bat200323.bat O4 - Startup: mel.bat200324.bat O4 - Startup: mel.bat200325.bat O4 - Startup: mel.bat200326.bat O4 - Startup: mel.bat200327.bat O4 - Startup: mel.bat200328.bat O4 - Startup: mel.bat200329.bat O4 - Startup: mel.bat200334.bat O4 - Startup: mel.bat200336.bat O4 - Startup: mel.bat281824.bat O4 - Startup: mel.bat281825.bat O4 - Startup: mel.bat281826.bat O4 - Startup: mel.bat580459.bat O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14907 bytes
  14. Of met MS Office Picture Viewer, ook heel handig!
  15. Wil je draadloos aansluiten op dat apparaat of niet? Misschien staat de mac-filter aan.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.