Ga naar inhoud

arrows

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    177

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door arrows

  1. arrows
    Das beiden ok. Het lampje van de verbinding brandt en ook de netwerkverbinding geeft aan te zijn verbonden. Toch bedankt voor het meedenken.
  2. arrows
    Hallo iedereen, de laptop van men pa geraakt niet meer op internet. De verbinding en modem zijn ok. Indien hij internet openklikt krijgt hij steeds een wit scherm dat even oplicht. Bij mijn weten is er niets speciaals aan gebeurt, geen installaties ofzo... Het betreft een draadloze verbinding. Kan het zijn dat bv IE 9 automatisch ge-update werd? Ik heb gelezen dat je in dat geval bij geavanceerde internetopties "softwarerendering ipv van GPU rendering moet aanvinken. Alleen bij hem is dit niet terug te vinden onder geavanceerde internetopties???? Heeft iemand een idee wat dit kan zijn? Ik woon niet meer bij hem thuis dus het kan zijn dat ik niet meteen kan terugantwoorden wat het resultaat is. Alvast bedankt!
  3. arrows
    Super! ik bekijk soluto eens! Aan iedereen bedankt voor de reactie en Kape bedankt voor de hulp!!!
  4. arrows
    Bedankt Kape de spatie was ik inderdaad vergeten ... ;-) Het lijkt inderdaad iets beter wat de opstart betreft... Ik veronderstel dat ik het item als "opgelost" mag zetten? In dit geval, alweer hartelijk dank voor de hulp Kape!
  5. arrows
    Dank je Kape! Ik veronderstel dat Combofix verwijderd is, heb het manueel gedaan aangezien ik niet veel beweging zag via de procedure "start > combofix/uninstall Qoobox kon ik niet manueel verwijderen... ik kreeg steeds de melding dat ik geen rechten had om dit te doen. Voor de rest de CCleaner procedure gevolgd. Dit lijkt in orde Dank je wel hoor voor de moeite!
  6. arrows
    Dank je wel Kape en Doedelzak voor jullie snel antwoord. Dit is het logje: ComboFix 11-08-06.02 - Sven 06/08/2011 18:50:00.6.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2831 [GMT 2:00] Gestart vanuit: c:\users\Sven\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))) . . 2011-08-06 17:01 . 2011-08-06 17:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-08-06 17:01 . 2011-08-06 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-06 17:01 . 2011-08-06 17:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-07-25 07:42 . 2011-07-25 07:42 -------- d-----w- c:\windows\system32\EventProviders . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-21 17:00 . 2011-05-16 17:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-02 05:56 . 2011-07-13 17:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-28 07:07 . 2011-05-28 07:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-05-28 07:07 . 2011-05-28 07:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-05-28 07:07 . 2011-05-28 07:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-05-28 07:07 . 2011-05-28 07:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-05-28 07:07 . 2011-05-28 07:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-05-28 07:07 . 2011-05-28 07:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-05-28 07:07 . 2011-05-28 07:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-05-28 07:07 . 2011-05-28 07:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-05-28 07:07 . 2011-05-28 07:07 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-05-28 07:07 . 2011-05-28 07:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-05-28 07:07 . 2011-05-28 07:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-05-28 07:07 . 2011-05-28 07:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-05-28 07:07 . 2011-05-28 07:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-05-28 07:07 . 2011-05-28 07:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-05-28 07:07 . 2011-05-28 07:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-05-28 07:07 . 2011-05-28 07:07 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-05-28 07:07 . 2011-05-28 07:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-05-28 07:07 . 2011-05-28 07:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-05-28 07:07 . 2011-05-28 07:07 222208 ----a-w- c:\windows\system32\msls31.dll 2011-05-28 07:07 . 2011-05-28 07:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-28 07:07 . 2011-05-28 07:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-05-28 07:07 . 2011-05-28 07:07 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-05-28 07:07 . 2011-05-28 07:07 12288 ----a-w- c:\windows\system32\mshta.exe 2011-05-28 07:07 . 2011-05-28 07:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-05-28 07:07 . 2011-05-28 07:07 114176 ----a-w- c:\windows\system32\admparse.dll 2011-05-28 07:07 . 2011-05-28 07:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-05-28 07:06 . 2011-05-28 07:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-28 07:06 . 2011-05-28 07:06 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-05-28 07:06 . 2011-05-28 07:06 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-05-28 07:06 . 2011-05-28 07:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-05-28 07:06 . 2011-05-28 07:06 448512 ----a-w- c:\windows\system32\html.iec 2011-05-28 07:06 . 2011-05-28 07:06 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-28 07:06 . 2011-05-28 07:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-05-28 07:06 . 2011-05-28 07:06 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-28 07:06 . 2011-05-28 07:06 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-05-28 07:06 . 2011-05-28 07:06 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-28 07:06 . 2011-05-28 07:06 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-05-28 07:06 . 2011-05-28 07:06 160256 ----a-w- c:\windows\system32\wextract.exe 2011-05-24 11:21 . 2011-06-29 17:37 404992 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:34 . 2011-06-29 17:37 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:34 . 2011-06-29 17:37 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:34 . 2011-06-29 17:37 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:32 . 2011-06-29 17:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-06_16.28.54 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-06 17:03 . 2011-08-06 17:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-06 16:27 . 2011-08-06 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-08-06 17:03 . 2011-08-06 17:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-08-06 16:27 . 2011-08-06 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2011-08-06 17:01 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-08-06 16:26 308556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-06 17:12 . 2011-08-06 17:01 2251580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat - 2010-11-06 17:12 . 2011-08-06 16:26 2251580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-05-30 09:33 2495816 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA&inst=NwA3AC0ANAA0ADEAMAAwADcAMAA4ADcALQBGAEwAKwA5AC0AWABPADMANgArADEALQBYAE8AOQArADEA∏=90&ver=9.0.894" [?] . c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . 2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984 mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 195.130.131.130 195.130.130.2 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe . ************************************************************************** . Voltooingstijd: 2011-08-06 19:13:44 - machine werd herstart ComboFix-quarantined-files.txt 2011-08-06 17:13 ComboFix2.txt 2011-08-06 16:37 ComboFix3.txt 2011-05-11 15:11 . Pre-Run: 578.186.932.224 bytes beschikbaar Post-Run: 577.753.145.344 bytes beschikbaar . - - End Of File - - D815C862965878E007E79DD008EB61B8
  7. arrows
    Hallo, Wil eens iemand dit logje bekijken... gewoon routineonderzoek. Heb wel n probleempje met een vrij trage opstart... en het lijkt wel of er de eerste 5 minuten met men laptop niet veel aan te vangen is... het duurt lang eer ik bv een site kan openen... Na die 5minuten valt het vrij goed mee. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:08:23, on 6/08/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Sven\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11605 bytes
  8. arrows
    De opstart verloopt inmiddels wel al vlotter hoor! Erg bedankt voor de moeite !!!!
  9. arrows
    Dank je wel Clarkie! Dit lijkt mij een betere oplossing... ik ken mezelf
  10. arrows
    Bedankt voor de info Clarkie maar ik zie het eerlijk gezegd niet zitten om hier verder aan te prutsen aangezien ik totaal niet waar ik mee bezig ben en ik wil mij niet nog meer problemen om de nek halen voor een of andere update die niet meteen lukt.
  11. arrows
    Weet nu niet of dit belangrijk is natuurlijk... KB2446708: Beveiligingsupdate voor Microsoft .NET Framework 4 op Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 voor x64-systemen Downloadgrootte: 23,3 MB
  12. arrows
    Hey Clarkie Hartelijk dank voor jouw reactie Ondertussen heb ik alles voor wat betreft de CCcleaner uitgevoerd. Heb ook de eventuele updates eens manueel gedaan, maar die lijken mislukt. Ik kreeg steeds code 66A. Alvast toch bedankt!
  13. arrows
    Hallo, Ik zit met 2 probleempjes die niet zo erg zijn, maar wel wat vervelend. Tegenwoordig start mijn laptop traag op. Ook na de opstart blijft hij nog n 5tal minuutjes traag, nadien werkt hij quasi normaal. Ik heb de indruk dat deze traagheid vooral begonnen is nadat ik internet explorer 9 heb gedownload. Ter info zelf heb ik windows 7. En ander probleempje is het feit dat ik bij het afsluiten van de pc deze nooit direct kan afsluiten vooraleer hij een update doet. Ik begrijp wel dat er af en toe updates zijn, maar elke maal lijkt mij toch wat veel niet? Alvast bedankt voor jullie reactie.
  14. arrows
    In orde! bedankt hoor Kape!
  15. arrows
    Dag Kape, Blijkbaar had ik toch wat te snel op opgelost gedrukt, want deze ochtend kreeg ik alweer de melding dat er malware was gedetecteerd door AVG en in quarentaine werd geplaatst. Blijkbaar moet alles toch niet in orde zijn geweest. Kan je nog ns naar het logje van hijack kijken aub? Alvast bedankt hoor! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:48:15, on 14/05/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe E:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Free Uninstall Survey | AVG Nederland O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11406 bytes
  16. arrows
    Ok Kape, Heel erg hartelijk bedankt alsook aan Kweezie die mij ook de voorbije goed heeft geholpen. Ik snap nog altijd niet hoe jullie aan al die lettertjes en cijfertje uitgeraken... Jullie zijn supergasten Groeten en nogmaals bedankt voor jullie hulp!
  17. arrows
    Dank voor jouw uitleg Kape, alle werken zijn inmiddels uitgevoerd Ik heb ondertussen ook terug men AVG geinstalleerd. Hoop dat dit al mocht?
  18. arrows
    Kape in bijlage het nieuwe logje. Men laptop werkt momenteel zonder problemen en terug supersnel ComboFix 11-05-10.02 - Sven 11/05/2011 16:55:14.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2908 [GMT 2:00] Gestart vanuit: c:\users\Sven\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Sven\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Sven\AppData\Local\{6D907A33-42F4-4D1A-9A4F-61A992066B05} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))) . . 2011-05-11 15:07 . 2011-05-11 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-11 15:07 . 2011-05-11 15:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-17 16:33 . 2011-04-17 16:33 -------- d--h--w- c:\programdata\Common Files 2011-04-16 18:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-04-16 18:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-04-16 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-04-16 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-04-16 16:57 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-04-16 16:57 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-04-16 16:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-16 16:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-04 06:17 . 2011-04-26 17:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17 . 2011-04-26 17:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-10_16.28.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-28 17:10 . 2011-05-11 14:45 56468 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-05-11 14:45 48088 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-03 17:18 . 2011-05-11 14:45 11630 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2726101024-492574099-2719201097-1000_UserData.bin + 2010-01-04 08:04 . 2011-05-11 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-04 08:04 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-04 08:04 . 2011-05-10 16:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-01-04 08:04 . 2011-05-11 14:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-05-11 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-03 18:50 . 2011-05-11 14:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-03 18:50 . 2011-05-10 16:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-01-03 18:50 . 2011-05-11 14:44 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-03 18:50 . 2011-05-11 14:44 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-03 17:08 . 2011-05-11 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-03 17:08 . 2011-05-11 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-11 14:43 . 2011-05-11 14:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-11 14:43 . 2011-05-11 14:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-05-10 15:58 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-05-11 06:40 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-06 17:12 . 2011-05-11 06:40 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat - 2010-11-06 17:12 . 2011-05-10 15:58 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat - 2009-07-14 02:34 . 2011-05-10 16:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-05-11 14:57 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984 mLocal Page = c:\windows\SysWOW64\blank.htm . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] @="Microsoft Windows Media Player" "Version"="12,0,7600,16667" "IsInstalled"=dword:00000000 "ComponentID"="WMPACCESS" "LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128" "StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP" "DontAsk"=dword:00000002 "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] @="Internet Explorer" "Version"="8,0,7600,17136" "IsInstalled"=dword:00000001 "ComponentID"="IEACCESS" "LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21" "StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig" "Dontask"=dword:00000002 "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] @="Browser Customizations" "IsInstalled"=dword:00000001 "Version"="8,0,7100,0" "ComponentiD"="BRANDING.CAB" "LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052" "StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] @="Java (Sun)" "ComponentID"="JAVAVM" "IsInstalled"=dword:00000001 "KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll" "Version"="5,0,5000,0" "Locale"="EN" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] @="Microsoft Windows Media Player 12.0" "IsInstalled"=dword:00000001 "Version"="12,0,7600,16667" "DontAsk"=dword:00000002 "Locale"="EN" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] @="Themes Setup" "LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682" "ComponentID"="Theme Component" "IsInstalled"=dword:00000001 "Locale"="EN" "StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll" "Version"="1,1,1,9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] @="Offline Browsing Pack" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="MobilePk" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "IsInstalled"=dword:00000001 "Dontask"=dword:00000002 "Locale"="*" "ComponentID"="MailNews" "CloneUser"=dword:00000001 "StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE" "Version"="6,1,7600,16385" @="Microsoft Windows" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] @="DirectDrawEx" "ComponentID"="DirectDrawEx" "IsInstalled"=dword:00000001 "Locale"="*" "Version"="4,71,1113,0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] @="Internet Explorer Help" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="HelpCont" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] @="Microsoft Windows Script 5.6" "ComponentID"="MSVBScript" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,6,0,8833" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] @="Internet Explorer Setup Tools" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="GenSetup" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll" @="Browsing Enhancements" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="ExtraPack" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] @="Microsoft Windows Media Player" "IsInstalled"=dword:00000001 "Version"="12,0,7600,16667" "ComponentID"="Microsoft Windows Media Player" "LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128" "StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI" "DontAsk"=dword:00000002 "Locale"="EN" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] @="MSN Site Access" "IsInstalled"=dword:00000001 "Version"="4,9,9,2" "ComponentID"="MSN_Auth" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] @="Address Book 7" "Version"="6,1,7600,16684" "IsInstalled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] @=".NET Framework" "Locale"="" "ComponentID"=".NETFramework" "Version"="2,0,50727,0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] @="Windows Desktop Update" "LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969" "ComponentID"="IE4_SHELLID" "IsInstalled"=dword:00000001 "Locale"="en" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" "Version"="6,1,7600,16644" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] @="Web Platform Customizations" "IsInstalled"=dword:00000001 "Version"="8,0,7600,17136" "ComponentID"="BASEIE40_W2K" "LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000" "StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings" "Locale"="en" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "IsInstalled"=dword:00000001 "ComponentID"="DOTNETFRAMEWORKS" "StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install" "DontAsk"=dword:00000002 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] @="Dynamic HTML Data Binding" "IsInstalled"=dword:00000001 "Version"="8,0,7600,16385" "ComponentID"="Tridata" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] @="Internet Explorer Core Fonts" "IsInstalled"=dword:00000001 "Version"="8,0,7600,17136" "ComponentID"="Fontcore" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}] @="Adobe Flash Player" "ComponentID"="Flash" "IsInstalled"=hex:01,00,00,00 "Version"="10.0.32.18" "Locale"="EN" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] @="HTML Help" "IsInstalled"=dword:00000001 "Version"="6,1,7600,16385" "ComponentID"="HTMLHelp" "Locale"="*" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] @="Active Directory Service Interface" "ComponentID"="ADSI" "IsInstalled"=dword:00000001 "Locale"="EN" "Version"="5,0,00,0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] "Locale"="" "Version"="4,0,30319,0" "ComponentID"=".NETFramework" @=".NET Framework" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-05-11 17:11:44 ComboFix-quarantined-files.txt 2011-05-11 15:11 ComboFix2.txt 2011-05-11 05:19 ComboFix3.txt 2011-05-11 05:00 ComboFix4.txt 2011-05-10 16:32 . Pre-Run: 581.141.880.832 bytes beschikbaar Post-Run: 580.854.849.536 bytes beschikbaar . - - End Of File - - DAC2E3437CA5B96EFF45D1D945F92E25
  19. arrows
    Hopelijk is het gelukt: In bijlage het nieuwe logje... Alvast bedankt voor de controle hiervan. ComboFix 11-05-10.01 - Sven 11/05/2011 7:04.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2946 [GMT 2:00] Gestart vanuit: c:\users\Sven\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Sven\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\290c2e9b29d72f0f45e5 c:\290c2e9b29d72f0f45e5\1025\eula.rtf c:\290c2e9b29d72f0f45e5\1025\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1025\SetupResources.dll c:\290c2e9b29d72f0f45e5\1028\eula.rtf c:\290c2e9b29d72f0f45e5\1028\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1028\SetupResources.dll c:\290c2e9b29d72f0f45e5\1029\eula.rtf c:\290c2e9b29d72f0f45e5\1029\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1029\SetupResources.dll c:\290c2e9b29d72f0f45e5\1030\eula.rtf c:\290c2e9b29d72f0f45e5\1030\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1030\SetupResources.dll c:\290c2e9b29d72f0f45e5\1031\eula.rtf c:\290c2e9b29d72f0f45e5\1031\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1031\SetupResources.dll c:\290c2e9b29d72f0f45e5\1032\eula.rtf c:\290c2e9b29d72f0f45e5\1032\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1032\SetupResources.dll c:\290c2e9b29d72f0f45e5\1033\eula.rtf c:\290c2e9b29d72f0f45e5\1033\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1033\SetupResources.dll c:\290c2e9b29d72f0f45e5\1035\eula.rtf c:\290c2e9b29d72f0f45e5\1035\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1035\SetupResources.dll c:\290c2e9b29d72f0f45e5\1036\eula.rtf c:\290c2e9b29d72f0f45e5\1036\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1036\SetupResources.dll c:\290c2e9b29d72f0f45e5\1037\eula.rtf c:\290c2e9b29d72f0f45e5\1037\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1037\SetupResources.dll c:\290c2e9b29d72f0f45e5\1038\eula.rtf c:\290c2e9b29d72f0f45e5\1038\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1038\SetupResources.dll c:\290c2e9b29d72f0f45e5\1040\eula.rtf c:\290c2e9b29d72f0f45e5\1040\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1040\SetupResources.dll c:\290c2e9b29d72f0f45e5\1041\eula.rtf c:\290c2e9b29d72f0f45e5\1041\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1041\SetupResources.dll c:\290c2e9b29d72f0f45e5\1042\eula.rtf c:\290c2e9b29d72f0f45e5\1042\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1042\SetupResources.dll c:\290c2e9b29d72f0f45e5\1043\eula.rtf c:\290c2e9b29d72f0f45e5\1043\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1043\SetupResources.dll c:\290c2e9b29d72f0f45e5\1044\eula.rtf c:\290c2e9b29d72f0f45e5\1044\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1044\SetupResources.dll c:\290c2e9b29d72f0f45e5\1045\eula.rtf c:\290c2e9b29d72f0f45e5\1045\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1045\SetupResources.dll c:\290c2e9b29d72f0f45e5\1046\eula.rtf c:\290c2e9b29d72f0f45e5\1046\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1046\SetupResources.dll c:\290c2e9b29d72f0f45e5\1049\eula.rtf c:\290c2e9b29d72f0f45e5\1049\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1049\SetupResources.dll c:\290c2e9b29d72f0f45e5\1053\eula.rtf c:\290c2e9b29d72f0f45e5\1053\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1053\SetupResources.dll c:\290c2e9b29d72f0f45e5\1055\eula.rtf c:\290c2e9b29d72f0f45e5\1055\LocalizedData.xml c:\290c2e9b29d72f0f45e5\1055\SetupResources.dll c:\290c2e9b29d72f0f45e5\2052\eula.rtf c:\290c2e9b29d72f0f45e5\2052\LocalizedData.xml c:\290c2e9b29d72f0f45e5\2052\SetupResources.dll c:\290c2e9b29d72f0f45e5\2070\eula.rtf c:\290c2e9b29d72f0f45e5\2070\LocalizedData.xml c:\290c2e9b29d72f0f45e5\2070\SetupResources.dll c:\290c2e9b29d72f0f45e5\3076\eula.rtf c:\290c2e9b29d72f0f45e5\3076\LocalizedData.xml c:\290c2e9b29d72f0f45e5\3076\SetupResources.dll c:\290c2e9b29d72f0f45e5\3082\eula.rtf c:\290c2e9b29d72f0f45e5\3082\LocalizedData.xml c:\290c2e9b29d72f0f45e5\3082\SetupResources.dll c:\290c2e9b29d72f0f45e5\Client\ParameterInfo.xml c:\290c2e9b29d72f0f45e5\Client\UiInfo.xml c:\290c2e9b29d72f0f45e5\DHtmlHeader.html c:\290c2e9b29d72f0f45e5\DisplayIcon.ico c:\290c2e9b29d72f0f45e5\Graphics\Print.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate1.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate2.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate3.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate4.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate5.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate6.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate7.ico c:\290c2e9b29d72f0f45e5\Graphics\Rotate8.ico c:\290c2e9b29d72f0f45e5\Graphics\Save.ico c:\290c2e9b29d72f0f45e5\Graphics\Setup.ico c:\290c2e9b29d72f0f45e5\Graphics\stop.ico c:\290c2e9b29d72f0f45e5\Graphics\SysReqMet.ico c:\290c2e9b29d72f0f45e5\Graphics\SysReqNotMet.ico c:\290c2e9b29d72f0f45e5\Graphics\warn.ico c:\290c2e9b29d72f0f45e5\header.bmp c:\290c2e9b29d72f0f45e5\netfx_Core.mzz c:\290c2e9b29d72f0f45e5\netfx_Core_x64.msi c:\290c2e9b29d72f0f45e5\netfx_Core_x86.msi c:\290c2e9b29d72f0f45e5\Parameterinfo.xml c:\290c2e9b29d72f0f45e5\RGB9RAST_x64.msi c:\290c2e9b29d72f0f45e5\RGB9Rast_x86.msi c:\290c2e9b29d72f0f45e5\Setup.exe c:\290c2e9b29d72f0f45e5\SetupEngine.dll c:\290c2e9b29d72f0f45e5\SetupUi.dll c:\290c2e9b29d72f0f45e5\SetupUi.xsd c:\290c2e9b29d72f0f45e5\SetupUtility.exe c:\290c2e9b29d72f0f45e5\SplashScreen.bmp c:\290c2e9b29d72f0f45e5\sqmapi.dll c:\290c2e9b29d72f0f45e5\Strings.xml c:\290c2e9b29d72f0f45e5\UiInfo.xml c:\290c2e9b29d72f0f45e5\watermark.bmp c:\290c2e9b29d72f0f45e5\Windows6.0-KB956250-v6001-x64.msu c:\290c2e9b29d72f0f45e5\Windows6.0-KB956250-v6001-x86.msu c:\290c2e9b29d72f0f45e5\Windows6.1-KB958488-v6001-x64.msu c:\290c2e9b29d72f0f45e5\Windows6.1-KB958488-v6001-x86.msu C:\3327e58467bc60de6a950f96 c:\3327e58467bc60de6a950f96\1025\eula.rtf c:\3327e58467bc60de6a950f96\1025\LocalizedData.xml c:\3327e58467bc60de6a950f96\1025\SetupResources.dll c:\3327e58467bc60de6a950f96\1028\eula.rtf c:\3327e58467bc60de6a950f96\1028\LocalizedData.xml c:\3327e58467bc60de6a950f96\1028\SetupResources.dll c:\3327e58467bc60de6a950f96\1029\eula.rtf c:\3327e58467bc60de6a950f96\1029\LocalizedData.xml c:\3327e58467bc60de6a950f96\1029\SetupResources.dll c:\3327e58467bc60de6a950f96\1030\eula.rtf c:\3327e58467bc60de6a950f96\1030\LocalizedData.xml c:\3327e58467bc60de6a950f96\1030\SetupResources.dll c:\3327e58467bc60de6a950f96\1031\eula.rtf c:\3327e58467bc60de6a950f96\1031\LocalizedData.xml c:\3327e58467bc60de6a950f96\1031\SetupResources.dll c:\3327e58467bc60de6a950f96\1032\eula.rtf c:\3327e58467bc60de6a950f96\1032\LocalizedData.xml c:\3327e58467bc60de6a950f96\1032\SetupResources.dll c:\3327e58467bc60de6a950f96\1033\eula.rtf c:\3327e58467bc60de6a950f96\1033\LocalizedData.xml c:\3327e58467bc60de6a950f96\1033\SetupResources.dll c:\3327e58467bc60de6a950f96\1035\eula.rtf c:\3327e58467bc60de6a950f96\1035\LocalizedData.xml c:\3327e58467bc60de6a950f96\1035\SetupResources.dll c:\3327e58467bc60de6a950f96\1036\eula.rtf c:\3327e58467bc60de6a950f96\1036\LocalizedData.xml c:\3327e58467bc60de6a950f96\1036\SetupResources.dll c:\3327e58467bc60de6a950f96\1037\eula.rtf c:\3327e58467bc60de6a950f96\1037\LocalizedData.xml c:\3327e58467bc60de6a950f96\1037\SetupResources.dll c:\3327e58467bc60de6a950f96\1038\eula.rtf c:\3327e58467bc60de6a950f96\1038\LocalizedData.xml c:\3327e58467bc60de6a950f96\1038\SetupResources.dll c:\3327e58467bc60de6a950f96\1040\eula.rtf c:\3327e58467bc60de6a950f96\1040\LocalizedData.xml c:\3327e58467bc60de6a950f96\1040\SetupResources.dll c:\3327e58467bc60de6a950f96\1041\eula.rtf c:\3327e58467bc60de6a950f96\1041\LocalizedData.xml c:\3327e58467bc60de6a950f96\1041\SetupResources.dll c:\3327e58467bc60de6a950f96\1042\eula.rtf c:\3327e58467bc60de6a950f96\1042\LocalizedData.xml c:\3327e58467bc60de6a950f96\1042\SetupResources.dll c:\3327e58467bc60de6a950f96\1043\eula.rtf c:\3327e58467bc60de6a950f96\1043\LocalizedData.xml c:\3327e58467bc60de6a950f96\1043\SetupResources.dll c:\3327e58467bc60de6a950f96\1044\eula.rtf c:\3327e58467bc60de6a950f96\1044\LocalizedData.xml c:\3327e58467bc60de6a950f96\1044\SetupResources.dll c:\3327e58467bc60de6a950f96\1045\eula.rtf c:\3327e58467bc60de6a950f96\1045\LocalizedData.xml c:\3327e58467bc60de6a950f96\1045\SetupResources.dll c:\3327e58467bc60de6a950f96\1046\eula.rtf c:\3327e58467bc60de6a950f96\1046\LocalizedData.xml c:\3327e58467bc60de6a950f96\1046\SetupResources.dll c:\3327e58467bc60de6a950f96\1049\eula.rtf c:\3327e58467bc60de6a950f96\1049\LocalizedData.xml c:\3327e58467bc60de6a950f96\1049\SetupResources.dll c:\3327e58467bc60de6a950f96\1053\eula.rtf c:\3327e58467bc60de6a950f96\1053\LocalizedData.xml c:\3327e58467bc60de6a950f96\1053\SetupResources.dll c:\3327e58467bc60de6a950f96\1055\eula.rtf c:\3327e58467bc60de6a950f96\1055\LocalizedData.xml c:\3327e58467bc60de6a950f96\1055\SetupResources.dll c:\3327e58467bc60de6a950f96\2052\eula.rtf c:\3327e58467bc60de6a950f96\2052\LocalizedData.xml c:\3327e58467bc60de6a950f96\2052\SetupResources.dll c:\3327e58467bc60de6a950f96\2070\eula.rtf c:\3327e58467bc60de6a950f96\2070\LocalizedData.xml c:\3327e58467bc60de6a950f96\2070\SetupResources.dll c:\3327e58467bc60de6a950f96\3076\eula.rtf c:\3327e58467bc60de6a950f96\3076\LocalizedData.xml c:\3327e58467bc60de6a950f96\3076\SetupResources.dll c:\3327e58467bc60de6a950f96\3082\eula.rtf c:\3327e58467bc60de6a950f96\3082\LocalizedData.xml c:\3327e58467bc60de6a950f96\3082\SetupResources.dll c:\3327e58467bc60de6a950f96\Client\ParameterInfo.xml c:\3327e58467bc60de6a950f96\Client\UiInfo.xml c:\3327e58467bc60de6a950f96\DHtmlHeader.html c:\3327e58467bc60de6a950f96\DisplayIcon.ico c:\3327e58467bc60de6a950f96\Graphics\Print.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate1.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate2.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate3.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate4.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate5.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate6.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate7.ico c:\3327e58467bc60de6a950f96\Graphics\Rotate8.ico c:\3327e58467bc60de6a950f96\Graphics\Save.ico c:\3327e58467bc60de6a950f96\Graphics\Setup.ico c:\3327e58467bc60de6a950f96\Graphics\stop.ico c:\3327e58467bc60de6a950f96\Graphics\SysReqMet.ico c:\3327e58467bc60de6a950f96\Graphics\SysReqNotMet.ico c:\3327e58467bc60de6a950f96\Graphics\warn.ico c:\3327e58467bc60de6a950f96\header.bmp c:\3327e58467bc60de6a950f96\netfx_Core.mzz c:\3327e58467bc60de6a950f96\netfx_Core_x64.msi c:\3327e58467bc60de6a950f96\netfx_Core_x86.msi c:\3327e58467bc60de6a950f96\Parameterinfo.xml c:\3327e58467bc60de6a950f96\RGB9RAST_x64.msi c:\3327e58467bc60de6a950f96\RGB9Rast_x86.msi c:\3327e58467bc60de6a950f96\Setup.exe c:\3327e58467bc60de6a950f96\SetupEngine.dll c:\3327e58467bc60de6a950f96\SetupUi.dll c:\3327e58467bc60de6a950f96\SetupUi.xsd c:\3327e58467bc60de6a950f96\SetupUtility.exe c:\3327e58467bc60de6a950f96\SplashScreen.bmp c:\3327e58467bc60de6a950f96\sqmapi.dll c:\3327e58467bc60de6a950f96\Strings.xml c:\3327e58467bc60de6a950f96\UiInfo.xml c:\3327e58467bc60de6a950f96\watermark.bmp c:\3327e58467bc60de6a950f96\Windows6.0-KB956250-v6001-x64.msu c:\3327e58467bc60de6a950f96\Windows6.0-KB956250-v6001-x86.msu c:\3327e58467bc60de6a950f96\Windows6.1-KB958488-v6001-x64.msu c:\3327e58467bc60de6a950f96\Windows6.1-KB958488-v6001-x86.msu c:\users\Sven\AppData\Local\{08C9B72C-9E10-4729-936E-7B837939EC37} c:\users\Sven\AppData\Local\{0F71727A-9167-4F92-8319-26CB0F349F8F} c:\users\Sven\AppData\Local\{105C6E71-D73B-4D0A-9B59-A36D81AE3E08} c:\users\Sven\AppData\Local\{16E20478-2D22-4968-9E46-4B4F2C0F11A5} c:\users\Sven\AppData\Local\{19A5A80B-5716-4E88-89B6-EEC932064809} c:\users\Sven\AppData\Local\{22176266-D9AB-46BF-B5BE-F0D1476A78B4} c:\users\Sven\AppData\Local\{253D6A90-E429-4334-B1C0-E2E07F886C1C} c:\users\Sven\AppData\Local\{2FE9BE33-A542-4E71-A069-BEAD8E204192} c:\users\Sven\AppData\Local\{3BAA3AFE-241B-48C0-81B6-873AABD04AE4} c:\users\Sven\AppData\Local\{431B2D69-72C4-49BF-B07D-93524EC15A86} c:\users\Sven\AppData\Local\{4D2EE73B-E5A6-485D-9A6A-869E9E4EBFB4} c:\users\Sven\AppData\Local\{5194CA1C-9C78-4EB7-8BFC-43F0899AB35E} c:\users\Sven\AppData\Local\{67F563DA-161D-4ECB-93E1-DD86E13E234C} c:\users\Sven\AppData\Local\{7030AC68-3627-41AD-995D-22C271ECD3E3} c:\users\Sven\AppData\Local\{77EF650C-992B-4F75-8569-CD6678CC5050} c:\users\Sven\AppData\Local\{7ECC12FA-47EF-4300-89AF-C4D6B6EF1C0D} c:\users\Sven\AppData\Local\{87B7CF0A-CFE4-47F8-B9B7-1B93F50AA378} c:\users\Sven\AppData\Local\{943BDD36-953F-475B-865D-1E97BD8201BD} c:\users\Sven\AppData\Local\{AC5E5B32-6967-4DA9-A993-DC4E5C080D1F} c:\users\Sven\AppData\Local\{B3A5FAD4-885F-4961-9684-BC02C92AF6EE} c:\users\Sven\AppData\Local\{C0CE9147-A0B2-4920-99C5-D3B5E86C6A73} c:\users\Sven\AppData\Local\{C9EFDC49-5586-4F22-A786-AF24A24A0E00} c:\users\Sven\AppData\Local\{D5A5B592-6889-4AD0-9EF1-A0A1E8F53B67} c:\users\Sven\AppData\Local\{D634CB66-151F-4556-886E-339455525E74} c:\users\Sven\AppData\Local\{D7F99C48-F2E5-45C5-8521-A89E84252657} c:\users\Sven\AppData\Local\{E8FDC932-06D0-4A0F-9095-1E57204C079D} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))) . . 2011-05-11 05:16 . 2011-05-11 05:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-11 05:16 . 2011-05-11 05:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-05-11 04:20 . 2011-05-11 04:21 -------- d-----w- c:\users\Sven\AppData\Local\{6D907A33-42F4-4D1A-9A4F-61A992066B05} 2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-04-17 16:33 . 2011-04-17 16:33 -------- d--h--w- c:\programdata\Common Files 2011-04-16 18:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-04-16 18:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-04-16 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-04-16 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-04-16 16:57 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-04-16 16:57 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-04-16 16:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-16 16:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-04 06:17 . 2011-04-26 17:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17 . 2011-04-26 17:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-10_16.28.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-28 17:10 . 2011-05-11 04:21 56436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-05-11 04:21 48032 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-01-03 17:18 . 2011-05-10 16:01 11444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2726101024-492574099-2719201097-1000_UserData.bin + 2010-01-03 17:18 . 2011-05-11 04:21 11444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2726101024-492574099-2719201097-1000_UserData.bin - 2010-01-04 08:04 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-04 08:04 . 2011-05-11 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-04 08:04 . 2011-05-10 16:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-01-04 08:04 . 2011-05-11 04:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-05-10 16:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-05-11 04:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-03 18:50 . 2011-05-11 04:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-03 18:50 . 2011-05-10 16:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-01-03 18:50 . 2011-05-11 04:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-01-03 18:50 . 2011-05-10 16:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-03 18:50 . 2011-05-11 04:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-03 17:08 . 2011-05-11 05:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-03 17:08 . 2011-05-11 05:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-01-03 17:08 . 2011-05-10 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-11 04:18 . 2011-05-11 04:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-11 04:18 . 2011-05-11 04:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-05-10 15:58 . 2011-05-10 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-05-10 15:58 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-05-10 18:36 305456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-06 17:12 . 2011-05-10 18:36 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat - 2010-11-06 17:12 . 2011-05-10 15:58 907280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2726101024-492574099-2719201097-1000-8192.dat - 2009-07-14 02:34 . 2011-05-10 16:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-05-11 04:32 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . 2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984 mLocal Page = c:\windows\SysWOW64\blank.htm . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-05-11 07:19:09 ComboFix-quarantined-files.txt 2011-05-11 05:19 ComboFix2.txt 2011-05-11 05:00 ComboFix3.txt 2011-05-10 16:32 . Pre-Run: 581.311.205.376 bytes beschikbaar Post-Run: 581.251.997.696 bytes beschikbaar . - - End Of File - - E50B824B0DA641A8B0314C96801289DB
  20. arrows
    Dag Kweezie Wabbit, Allereerst erg bedankt voor de controle van men logje. Het is inderdaad zo dat sinds ik via men USB stick Hijackthis heb laten scannen, de symptomen van het virus verdwenen zijn als sneeuw voor de zon???? Tot op heden niks van problemen meer gehad. Dit is men combofix logje: ComboFix 11-05-09.03 - Sven 10/05/2011 18:16:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.4091.2998 [GMT 2:00] Gestart vanuit: c:\users\Sven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9SIGCB2\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\gG01803OeIhA01803 c:\programdata\gG01803OeIhA01803\gG01803OeIhA01803 c:\programdata\gG01803OeIhA01803\gG01803OeIhA01803.exe c:\users\Sven\AppData\Roaming\.# c:\users\Sven\AppData\Roaming\.#\MBX@D58@292770.### c:\users\Sven\AppData\Roaming\.#\MBX@D58@2927A0.### c:\windows\wintybrdf.jpg . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))) . . 2011-05-10 16:28 . 2011-05-10 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-10 16:11 . 2011-05-10 16:11 -------- d-----w- c:\users\Sven\AppData\Local\{5194CA1C-9C78-4EB7-8BFC-43F0899AB35E} 2011-05-10 04:10 . 2011-05-10 04:10 -------- d-----w- c:\users\Sven\AppData\Local\{431B2D69-72C4-49BF-B07D-93524EC15A86} 2011-05-09 18:02 . 2011-05-09 18:02 388096 ----a-r- c:\users\Sven\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-09 16:09 . 2011-05-09 16:10 -------- d-----w- c:\users\Sven\AppData\Local\{C9EFDC49-5586-4F22-A786-AF24A24A0E00} 2011-05-08 06:31 . 2011-05-08 06:31 -------- d-----w- c:\users\Sven\AppData\Local\{77EF650C-992B-4F75-8569-CD6678CC5050} 2011-05-07 06:22 . 2011-05-07 06:22 -------- d-----w- c:\users\Sven\AppData\Local\{16E20478-2D22-4968-9E46-4B4F2C0F11A5} 2011-05-06 18:03 . 2011-05-06 18:03 -------- d-----w- c:\users\Sven\AppData\Local\{3BAA3AFE-241B-48C0-81B6-873AABD04AE4} 2011-05-05 17:31 . 2011-05-05 17:31 -------- d-----w- c:\users\Sven\AppData\Local\{D5A5B592-6889-4AD0-9EF1-A0A1E8F53B67} 2011-05-04 16:51 . 2011-05-04 16:51 -------- d-----w- c:\users\Sven\AppData\Local\{D634CB66-151F-4556-886E-339455525E74} 2011-05-03 17:00 . 2011-05-03 17:00 -------- d-----w- c:\users\Sven\AppData\Local\{22176266-D9AB-46BF-B5BE-F0D1476A78B4} 2011-05-02 16:29 . 2011-05-02 16:29 -------- d-----w- c:\users\Sven\AppData\Local\{7030AC68-3627-41AD-995D-22C271ECD3E3} 2011-05-01 18:57 . 2011-05-01 18:57 -------- d-----w- c:\users\Sven\AppData\Local\{943BDD36-953F-475B-865D-1E97BD8201BD} 2011-05-01 06:56 . 2011-05-01 06:56 -------- d-----w- c:\users\Sven\AppData\Local\{C0CE9147-A0B2-4920-99C5-D3B5E86C6A73} 2011-04-30 14:54 . 2011-04-30 14:54 -------- d-----w- c:\users\Sven\AppData\Local\{D7F99C48-F2E5-45C5-8521-A89E84252657} 2011-04-29 16:26 . 2011-04-29 16:26 -------- d-----w- c:\users\Sven\AppData\Local\{4D2EE73B-E5A6-485D-9A6A-869E9E4EBFB4} 2011-04-28 17:05 . 2011-04-28 17:05 -------- d-----w- c:\users\Sven\AppData\Local\{B3A5FAD4-885F-4961-9684-BC02C92AF6EE} 2011-04-27 17:24 . 2011-04-27 17:24 -------- d-----w- c:\users\Sven\AppData\Local\{E8FDC932-06D0-4A0F-9095-1E57204C079D} 2011-04-26 17:12 . 2011-04-26 17:12 -------- d-----w- c:\users\Sven\AppData\Local\{67F563DA-161D-4ECB-93E1-DD86E13E234C} 2011-04-25 16:56 . 2011-04-25 16:56 -------- d-----w- c:\users\Sven\AppData\Local\{253D6A90-E429-4334-B1C0-E2E07F886C1C} 2011-04-24 18:17 . 2011-04-24 18:18 -------- d-----w- c:\users\Sven\AppData\Local\{19A5A80B-5716-4E88-89B6-EEC932064809} 2011-04-24 05:54 . 2011-04-24 05:54 -------- d-----w- c:\users\Sven\AppData\Local\{2FE9BE33-A542-4E71-A069-BEAD8E204192} 2011-04-23 16:08 . 2011-04-23 16:08 -------- d-----w- c:\users\Sven\AppData\Local\{7ECC12FA-47EF-4300-89AF-C4D6B6EF1C0D} 2011-04-22 16:55 . 2011-04-22 16:56 -------- d-----w- c:\users\Sven\AppData\Local\{0F71727A-9167-4F92-8319-26CB0F349F8F} 2011-04-21 17:53 . 2011-04-21 17:53 -------- d-----w- c:\users\Sven\AppData\Local\{AC5E5B32-6967-4DA9-A993-DC4E5C080D1F} 2011-04-20 17:35 . 2011-04-20 17:35 -------- d-----w- c:\users\Sven\AppData\Local\{87B7CF0A-CFE4-47F8-B9B7-1B93F50AA378} 2011-04-18 20:09 . 2011-04-18 20:09 -------- d-----w- C:\290c2e9b29d72f0f45e5 2011-04-18 17:39 . 2011-04-18 17:39 -------- d-----w- c:\users\Sven\AppData\Local\{08C9B72C-9E10-4729-936E-7B837939EC37} 2011-04-17 16:33 . 2011-04-17 16:33 -------- d--h--w- c:\programdata\Common Files 2011-04-17 16:27 . 2011-04-17 16:28 -------- d-----w- c:\users\Sven\AppData\Local\{105C6E71-D73B-4D0A-9B59-A36D81AE3E08} 2011-04-16 20:26 . 2011-04-16 20:26 -------- d-----w- C:\3327e58467bc60de6a950f96 2011-04-16 18:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-04-16 18:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-04-16 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-04-16 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-04-16 16:57 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll 2011-04-16 16:57 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-04-16 16:45 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-16 16:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-04 06:17 . 2011-04-26 17:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17 . 2011-04-26 17:20 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-06 181480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 08:43] . 2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000Core.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . 2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2726101024-492574099-2719201097-1000UA.job - c:\users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 17:53] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_7736&r=27360110g626l03d8z175t58k1a984 mLocal Page = c:\windows\SysWOW64\blank.htm . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-05-10 18:32:52 ComboFix-quarantined-files.txt 2011-05-10 16:32 . Pre-Run: 580.976.582.656 bytes beschikbaar Post-Run: 580.812.140.544 bytes beschikbaar . - - End Of File - - C5E505FF8823587E24B8885666A5830B
  21. arrows
    Het lijkt mij gelukt om een log te maken Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:53:26, on 9/05/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16766) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10835 bytes
  22. arrows
    kweezie, Het probleem is dat ik maar over 1 (besmette) pc beschik. Hier op het werk kunnen we jammer genoeg niks downloaden. Mag eventueel eens proberen om Hijack in veilige modus te proberen downloaden of gaat dat ook niet lukken?
  23. arrows
    Als ik kijk bij alle programma's en bij configuratiescherm om uiteindelijk programma's te verwijderen vind ik hijackthis niet meer terug, waarschijnlijk omdat ik het gisteren al verwijderd had. Heb wel momenteel een icoontje op men bureaublad staan met een soort van PC en printer en daaronder Hijack.. maar heb de indruk dat het herinstalleren niet volledig is gelukt aangezien ik niet verder kan in het verdere proces van het installeren en steeds die melding krijg van hierboven. Ondertussen kreeg ik bij het proberen installeren van Eset onderaan ook de melding: warning application cannot be executed the file ieinstall.exe is infected. Please activate your antivirus software. Ook men ccleaner werkt niet...krijg eveneens onderaan de melding dat hij geinfecteerd is. Alvast bedankt voor jullie reactie
  24. arrows
    Kweezie, Dit heb ik gedaan maar blijf na enkele schermpjes steeds de melding krijgen: kan een van de invoegtoepassingen van deze site niet uitvoeren. Controleer de beveiligingsinstellingen in de internetopties op mogelijke conflicten. Wat Hijack betreft. Hier heb ik op men bureaublad enkel een icoontje met een pc en niet de gekende rode man met vergrootglas. Indien ik daar op klik en op uitvoeren klik, krijg ik steeds de melding: kan geen toegang tot het opgegeven apparaat, pad of bestand krijgen. Mogelijk hebt u geen toegangsmachtigingen voor het item. Alvast bedankt
  25. arrows
    Kape, Ik had ondertussen Hijack verwijderd omdat ik dacht dat het toch niet meer werkte en ook n oude versie had. Nu krijg ik deze zelfs niet meer geinstalleerd via bovenstaande link.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.