Discussie gesloten
Pagina 1 van 2 12 LaatsteLaatste
Resultaten: 1 t/m 10 van 11
Overzicht bedankjes1Bedankjes

KLPD virus of politievirus

Dit is een discussie over KLPD virus of politievirus in het forum Archief Bestrijding malware & virussen , en maakt deel van de Bestrijding malware & virussen categorie; Hallo allemaal, Ik had onlangs zo een politievirus. Ik had er toen een recovery over heen gegooid. Alleen ik ben ...

  1. #1
    Nieuweling
    Geregistreerd
    18 juli 2012
    Berichten
    6

    Standaard KLPD virus of politievirus

    Hallo allemaal,

    Ik had onlangs zo een politievirus. Ik had er toen een recovery over heen gegooid. Alleen ik ben nog steeds bang dat er iets is. Daarom wilde ik jullie vragen of er nog iets merkwaardigs te vinden is in mijn logfile. Ik heb de stappen gevolgd van oudere posts in het forum voor het maken van een logfile, ik hoop dat ik het goed heb gedaan.

    Alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:02:58, on 19-7-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal


    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719171251.dll
    O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
    O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    --
    End of file - 12909 bytes

  2. #2
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    39.363

    Standaard

    Er zijn zeker geen sporen van het KPLD-virus meer te vinden in dit logje. Dat is het goede nieuws

    Maar er zitten wel enkele zaakjes in die je beter meteen aanpakt (nu we toch bezig zijn)

    Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Partner Service"
    Druk op Enter.
    Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Partner Service"
    Druk op Enter.

    Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

    Klik op 'Fix checked' om de items te verwijderen.

    Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

    Download MBAM (Malwarebytes Anti-Malware)

    Dubbelklik op mbam-setup.exe om het programma te installeren.

    Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
    Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
    Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
    Het scannen kan een tijdje duren, dus wees geduldig.
    Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
    Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

    Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
    MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.


    Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Plak de inhoud van het logje in je volgende bericht
    , samen met een nieuw HijackThis log.



  3. #3
    Nieuweling
    Geregistreerd
    18 juli 2012
    Berichten
    6

    Standaard

    Beste kape,

    Ik heb gedaan wat u voorstelde. Alleen bij de scan met MBAM werd er niets gevonden. Heb ik iets verkeerd gedaan?

    Dit is nu mijn logfile.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:38:03, on 19-7-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719171251.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
    O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13283 bytes

  4. #4
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    39.363

    Standaard

    Neen, bij Malwarebytes heb je niets fout gedaan. Het is enkel "goed" nieuws dat die niets gevonden heeft bij het scannen

    Eén zaak is blijkbaar niet correct uitgevoerd en/of correct verlopen. Wil je dit nog eens herhalen :

    Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop "Partner Service"
    Druk op Enter.
    Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete "Partner Service"
    Druk op Enter.

    ... en hang daarna een nieuw logje van HijackThis ter controle in je volgende bericht.



  5. #5
    Nieuweling
    Geregistreerd
    18 juli 2012
    Berichten
    6

    Standaard

    Mijn nieuwe HijackThis log.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:08:11, on 19-7-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal


    Running processes:
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
    O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    --
    End of file - 10900 bytes

  6. #6
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    39.363

    Standaard

    Ook nu is die Partner Service nog niet verdwenen ? Even een andere weg zoeken :

    Download ComboFix van één van deze locaties:

    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
    Klik hier

    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
    3. Dubbelklik op "Combofix.exe" om de tool te starten.
    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

    Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

    5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.



  7. #7
    Nieuweling
    Geregistreerd
    18 juli 2012
    Berichten
    6

    Standaard

    Mijn Combofix logfile.

    En even nog snel een vraagje. Kan ik Microsoft Security Essentials samen met Malwarebytes gebruiken? Of kan ik beter alleen MSE gebruiken?


    ComboFix 12-07-20.02 - Hasan 20-07-2012 15:56:02.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2721 [GMT 2:00]
    Gestart vanuit: c:\users\Hasan\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 14:05 . 2012-07-20 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-20 13:40 . 2012-07-20 13:40 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C203D30-D01C-4BED-81B5-FC25B0103E97}\offreg.dll
    2012-07-20 13:32 . 2012-07-20 13:31 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A573EC2-2EE8-4213-AC64-EC5C38C53BE2}\gapaengine.dll
    2012-07-20 13:32 . 2012-06-29 01:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C203D30-D01C-4BED-81B5-FC25B0103E97}\mpengine.dll
    2012-07-20 13:31 . 2012-07-20 13:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-20 13:30 . 2012-07-20 13:31 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-20 13:21 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64D43E35-081D-43F3-A454-274F8DE21E4A}\mpengine.dll
    2012-07-20 13:21 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-07-19 18:29 . 2012-07-19 18:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-19 18:29 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-19 18:29 . 2012-07-19 18:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\XPSViewer
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\nl
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\drivers\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\0413
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\system32\nl
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\system32\0413
    2012-07-19 18:16 . 2012-07-19 15:06 -------- d-----w- c:\windows\SysWow64\wbem\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
    2012-07-19 18:16 . 2012-07-19 15:06 -------- d-----w- c:\windows\system32\drivers\nl-NL
    2012-07-19 18:16 . 2012-07-19 15:06 -------- d-----w- c:\windows\system32\wbem\nl-NL
    2012-07-19 18:15 . 2012-07-19 18:15 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
    2012-07-19 18:09 . 2012-07-19 18:09 -------- d-----w- c:\windows\NAPP_Dism_Log
    2012-07-19 15:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-19 15:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-19 14:29 . 2012-07-19 14:29 -------- d-----w- c:\windows\system32\SPReview
    2012-07-19 14:28 . 2012-07-19 14:28 -------- d-----w- c:\windows\system32\EventProviders
    2012-07-19 14:07 . 2010-11-20 13:27 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2012-07-19 14:06 . 2010-11-20 13:34 71552 ----a-w- c:\windows\system32\drivers\volmgr.sys
    2012-07-19 14:05 . 2010-11-20 13:27 154624 ----a-w- c:\windows\system32\uxlib.dll
    2012-07-19 14:04 . 2010-11-20 13:26 41472 ----a-w- c:\windows\system32\mciqtz32.dll
    2012-07-19 14:03 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2012-07-19 14:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
    2012-07-19 14:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
    2012-07-19 14:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2012-07-19 14:02 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
    2012-07-19 14:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-07-19 13:59 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-07-19 13:59 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2012-07-19 13:59 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2012-07-19 13:16 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2012-07-19 13:16 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2012-07-19 13:16 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2012-07-19 13:16 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-07-19 13:16 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2012-07-19 13:16 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2012-07-19 13:16 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2012-07-19 13:16 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-07-19 13:16 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
    2012-07-19 13:16 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
    2012-07-19 13:15 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-07-19 13:15 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
    2012-07-19 13:15 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
    2012-07-19 13:15 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2012-07-19 13:15 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2012-07-19 13:15 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2012-07-19 13:15 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
    2012-07-19 13:15 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2012-07-19 13:15 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2012-07-19 13:15 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
    2012-07-19 13:15 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
    2012-07-19 13:15 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2012-07-19 12:29 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-07-19 12:29 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-07-19 12:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-07-19 12:15 . 2012-07-19 12:15 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-07-19 12:11 . 2012-07-19 12:11 -------- d-----w- c:\windows\SysWow64\Wat
    2012-07-19 12:11 . 2012-07-19 12:11 -------- d-----w- c:\windows\system32\Wat
    2012-07-19 12:03 . 2012-07-19 12:03 -------- d-----w- c:\windows\SysWow64\wbem\en-US
    2012-07-19 12:02 . 2012-07-19 12:02 -------- d-----w- c:\windows\system32\wbem\en-US
    2012-07-19 11:52 . 2012-07-19 11:52 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-07-19 11:47 . 2012-07-19 11:47 -------- d-----w- c:\program files\CCleaner
    2012-07-19 11:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-19 10:47 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-07-19 10:43 . 2012-07-19 10:43 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2012-07-19 10:35 . 2012-07-03 01:19 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-19 10:23 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-07-19 10:23 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-07-19 10:23 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-07-19 10:23 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-07-19 10:23 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-07-19 10:23 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-07-19 10:23 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-07-19 10:16 . 2011-05-04 05:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
    2012-07-19 10:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-07-19 10:14 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-07-19 10:13 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2012-07-19 10:12 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2012-07-19 10:11 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-19 10:11 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-19 10:11 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-19 10:11 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-19 10:11 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-19 10:11 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-19 10:11 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-19 10:11 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-07-19 10:11 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2012-07-19 10:09 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-07-19 10:09 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-07-19 10:09 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-07-19 10:09 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-07-19 10:09 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-07-19 10:09 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
    2012-07-19 10:09 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2012-07-19 10:09 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2012-07-19 10:09 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2012-07-19 10:09 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-07-19 10:09 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-07-19 10:09 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-07-19 10:09 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-07-19 10:08 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
    2012-07-19 10:08 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-07-19 10:08 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-07-19 10:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-19 10:08 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-07-19 10:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-19 10:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-07-19 10:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-07-19 09:52 . 2012-07-19 09:52 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-07-19 09:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-07-19 09:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-07-19 09:22 . 2010-02-26 13:49 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
    2012-07-19 09:22 . 2010-02-26 13:49 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-19 18:15 . 2012-07-19 18:15 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
    2012-07-19 18:15 . 2012-07-19 18:15 5632 ----a-w- c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
    2012-07-19 18:15 . 2012-07-19 18:15 50688 ----a-w- c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
    2012-07-19 18:15 . 2012-07-19 18:15 26624 ----a-w- c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui
    2012-07-19 18:15 . 2012-07-19 18:15 16896 ----a-w- c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui
    2012-07-19 18:14 . 2012-07-19 18:14 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
    2012-07-19 15:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-07-19 15:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-12 98304]
    "MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-17 124136]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 135664]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 135664]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-04-26 332272]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-12 202752]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
    S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-12 6405120]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-12 188928]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - MPFILTER
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 09:40]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 09:40]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856764668-183140939-148475565-1001Core.job
    - c:\users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 09:39]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856764668-183140939-148475565-1001UA.job
    - c:\users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 09:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-04-26 09:23 750064 ----a-w- c:\programdata\Partner\Partner64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-25 877600]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
    "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5553g&r=27360712h906l0493z1l5t5581l602
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5553g&r=27360712h906l0493z1l5t5581l602
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b63nltsm.default\
    FF - prefs.js: browser.startup.homepage - Google
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-07-20 16:23:12
    ComboFix-quarantined-files.txt 2012-07-20 14:23
    .
    Pre-Run: 582.666.006.528 bytes beschikbaar
    Post-Run: 582.412.279.808 bytes beschikbaar
    .
    - - End Of File - - 781C6C20C9B31465D2EC0BECA5E802B1

  8. #8
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    39.363

    Standaard

    Open een kladblokbestand.

    Kopieer en plak daarin de onderstaande vetgedrukte tekst.


    Folder::
    c:\programdata\Partner


    Driver::
    Partner Service

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

    Sla dit bestand op je bureaublad op als CFScript.

    Sleep CFScript.txt in ComboFix.exe
    Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

    Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

    P.S. : MSE en Malwarebytes kan je samen gebruiken, maar best niet als je de permanente scanner van Malwarebytes instelt. Beter is Malwarebytes op geregelde tijdstippen te gebruiken als extraatje om je PC te controleren. Dan niet vergeten om telkens een update te doen, zodat je met de meest actuele database werkt.



  9. #9
    Nieuweling
    Geregistreerd
    18 juli 2012
    Berichten
    6

    Standaard

    Hij heeft nu wel iets verwijderd volgens mij. Wat is dat "Partner Service" precies als ik het vragen mag en waarom is het beter dat het weg is?

    De ComboFix log:


    ComboFix 12-07-20.02 - Hasan 20-07-2012 17:37:28.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3838.2421 [GMT 2:00]
    Gestart vanuit: c:\users\Hasan\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Hasan\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Partner
    c:\programdata\Partner\debug.log
    c:\programdata\Partner\Partner.exe
    c:\programdata\Partner\Partner64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Partner Service
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 15:42 . 2012-07-20 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-20 15:42 . 2012-07-20 15:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-20 14:59 . 2012-07-20 14:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-20 14:59 . 2012-07-20 14:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-20 14:59 . 2012-07-20 14:59 -------- d-----w- c:\windows\system32\Macromed
    2012-07-20 14:44 . 2012-06-29 01:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB82C2AE-54A5-41CB-BFD0-45EFFF4E3253}\mpengine.dll
    2012-07-20 14:27 . 2012-06-29 01:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-20 13:32 . 2012-07-20 13:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A573EC2-2EE8-4213-AC64-EC5C38C53BE2}\gapaengine.dll
    2012-07-20 13:31 . 2012-07-20 13:31 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-20 13:30 . 2012-07-20 13:31 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-20 13:21 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64D43E35-081D-43F3-A454-274F8DE21E4A}\mpengine.dll
    2012-07-20 13:21 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-07-19 18:29 . 2012-07-19 18:29 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-19 18:29 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-19 18:29 . 2012-07-19 18:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\XPSViewer
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\nl
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\drivers\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\SysWow64\0413
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\system32\nl
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\system32\0413
    2012-07-19 18:16 . 2012-07-19 15:06 -------- d-----w- c:\windows\SysWow64\wbem\nl-NL
    2012-07-19 18:16 . 2012-07-19 18:16 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
    2012-07-19 18:16 . 2012-07-19 15:06 -------- d-----w- c:\windows\system32\drivers\nl-NL
    2012-07-19 18:16 . 2012-07-19 15:06 -------- d-----w- c:\windows\system32\wbem\nl-NL
    2012-07-19 18:15 . 2012-07-19 18:15 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
    2012-07-19 18:09 . 2012-07-19 18:09 -------- d-----w- c:\windows\NAPP_Dism_Log
    2012-07-19 15:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-19 15:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-19 14:29 . 2012-07-19 14:29 -------- d-----w- c:\windows\system32\SPReview
    2012-07-19 14:28 . 2012-07-19 14:28 -------- d-----w- c:\windows\system32\EventProviders
    2012-07-19 14:07 . 2010-11-20 13:27 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2012-07-19 14:06 . 2010-11-20 13:34 71552 ----a-w- c:\windows\system32\drivers\volmgr.sys
    2012-07-19 14:05 . 2010-11-20 13:27 154624 ----a-w- c:\windows\system32\uxlib.dll
    2012-07-19 14:04 . 2010-11-20 13:26 41472 ----a-w- c:\windows\system32\mciqtz32.dll
    2012-07-19 14:03 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2012-07-19 14:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
    2012-07-19 14:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
    2012-07-19 14:02 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2012-07-19 14:02 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
    2012-07-19 14:02 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-07-19 13:59 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-07-19 13:59 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2012-07-19 13:59 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2012-07-19 13:16 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2012-07-19 13:16 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2012-07-19 13:16 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2012-07-19 13:16 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2012-07-19 13:16 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2012-07-19 13:16 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2012-07-19 13:16 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2012-07-19 13:16 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-07-19 13:16 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
    2012-07-19 13:16 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
    2012-07-19 13:15 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-07-19 13:15 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
    2012-07-19 13:15 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
    2012-07-19 13:15 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2012-07-19 13:15 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2012-07-19 13:15 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2012-07-19 13:15 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
    2012-07-19 13:15 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2012-07-19 13:15 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2012-07-19 13:15 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
    2012-07-19 13:15 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
    2012-07-19 13:15 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2012-07-19 12:29 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-07-19 12:29 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-07-19 12:29 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-07-19 12:15 . 2012-07-19 12:15 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-07-19 12:11 . 2012-07-19 12:11 -------- d-----w- c:\windows\SysWow64\Wat
    2012-07-19 12:11 . 2012-07-19 12:11 -------- d-----w- c:\windows\system32\Wat
    2012-07-19 12:03 . 2012-07-19 12:03 -------- d-----w- c:\windows\SysWow64\wbem\en-US
    2012-07-19 12:02 . 2012-07-19 12:02 -------- d-----w- c:\windows\system32\wbem\en-US
    2012-07-19 11:52 . 2012-07-19 11:52 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-07-19 11:47 . 2012-07-19 11:47 -------- d-----w- c:\program files\CCleaner
    2012-07-19 11:40 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-19 10:47 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-07-19 10:43 . 2012-07-19 10:43 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2012-07-19 10:35 . 2012-07-03 01:19 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-19 10:23 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-07-19 10:23 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-07-19 10:23 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-07-19 10:23 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-07-19 10:23 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-07-19 10:23 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-07-19 10:23 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-07-19 10:16 . 2011-05-04 05:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
    2012-07-19 10:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-07-19 10:14 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-07-19 10:13 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2012-07-19 10:12 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
    2012-07-19 10:11 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-07-19 10:11 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-19 10:11 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-19 10:11 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-19 10:11 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-07-19 10:11 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2012-07-19 10:11 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2012-07-19 10:11 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
    2012-07-19 10:11 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2012-07-19 10:09 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2012-07-19 10:09 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-07-19 10:09 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-07-19 10:09 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-07-19 10:09 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2012-07-19 10:09 . 2010-11-20 13:25 974336 ----a-w- c:\windows\system32\WFS.exe
    2012-07-19 10:09 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2012-07-19 10:09 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2012-07-19 10:09 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2012-07-19 10:09 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2012-07-19 10:09 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2012-07-19 10:09 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-07-19 10:09 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-07-19 10:08 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
    2012-07-19 10:08 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-07-19 10:08 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-07-19 10:08 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-19 10:08 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-07-19 10:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-07-19 10:01 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-07-19 10:01 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-07-19 09:52 . 2012-07-19 09:52 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-19 18:15 . 2012-07-19 18:15 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
    2012-07-19 18:15 . 2012-07-19 18:15 5632 ----a-w- c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
    2012-07-19 18:15 . 2012-07-19 18:15 50688 ----a-w- c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
    2012-07-19 18:15 . 2012-07-19 18:15 26624 ----a-w- c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui
    2012-07-19 18:15 . 2012-07-19 18:15 16896 ----a-w- c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui
    2012-07-19 18:14 . 2012-07-19 18:14 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
    2012-07-19 15:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-07-19 15:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-20_14.06.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-07-20 13:17 . 2012-07-20 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-20 15:44 . 2012-07-20 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-20 13:17 . 2012-07-20 13:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-20 15:44 . 2012-07-20 15:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-07-20 14:59 . 2012-07-20 14:59 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
    + 2012-07-20 14:59 . 2012-07-20 14:59 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    + 2012-07-20 14:59 . 2012-07-20 14:59 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_Plugin.exe
    + 2009-07-14 05:01 . 2012-07-20 15:43 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-07-19 19:16 308040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-07-20 14:59 . 2012-07-20 14:59 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    + 2012-07-20 14:59 . 2012-07-20 14:59 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    - 2012-07-19 12:00 . 2012-07-19 19:16 1015344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1856764668-183140939-148475565-1001-8192.dat
    + 2012-07-19 12:00 . 2012-07-20 15:43 1015344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1856764668-183140939-148475565-1001-8192.dat
    + 2012-07-20 14:59 . 2012-07-20 14:59 12314312 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-26 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-12 98304]
    "MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-17 124136]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 250056]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 135664]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-19 1255736]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-12 202752]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
    S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-12 6405120]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-12 188928]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 14:59]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 09:40]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-19 09:40]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856764668-183140939-148475565-1001Core.job
    - c:\users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 09:39]
    .
    2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856764668-183140939-148475565-1001UA.job
    - c:\users\Hasan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 09:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-25 877600]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
    "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF1367.3XE" [2010-11-20 345088]
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5553g&r=27360712h906l0493z1l5t5581l602
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_5553g&r=27360712h906l0493z1l5t5581l602
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\Hasan\AppData\Roaming\Mozilla\Firefox\Profiles\b63nltsm.default\
    FF - prefs.js: browser.startup.homepage - Google
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner64.dll
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-07-20 17:48:45 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-07-20 15:48
    ComboFix2.txt 2012-07-20 14:23
    .
    Pre-Run: 581.875.535.872 bytes beschikbaar
    Post-Run: 581.395.210.240 bytes beschikbaar
    .
    - - End Of File - - F4ED2E2662CBA68C01BABC5BC9F7DD4C

  10. #10
    Website Beheerder
    Geregistreerd
    23 december 2007
    Locatie
    Kapellen
    Berichten
    39.363

    Standaard

    Partner Service wordt ervan verdacht (ongewenst) informatie te verzenden ? Vandaar dat je deze beter van de PC afhaalt. Nu is dat ook opgelost.

    Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

    Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

    Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

    Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

    Download CCleaner.
    Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

    Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

    Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

    Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

    • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
    • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
    • Klik op "Toepassen" en "OK".
    • Herstart nu de PC.

    Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !
    Hmmm gaf dit bericht een bedankje.



Discussie gesloten
Pagina 1 van 2 12 LaatsteLaatste

Soortgelijke discussies

  1. [OPGELOST] KLPD virus...
    door Lucas in forum Archief Bestrijding malware & virussen
    Reacties: 5
    Laatste bericht: 19 juli 2012, 11:06
  2. Valse KLPD e-mail besmet computer via Java-lek
    door Asus in forum Waarschuwingen
    Reacties: 0
    Laatste bericht: 16 juli 2012, 19:25
  3. [OPGELOST] Politie Federal Computer Crime Unit Virus (Ukash/Politievirus)
    door ImInTrouble in forum Archief Bestrijding malware & virussen
    Reacties: 7
    Laatste bericht: 14 juli 2012, 15:06
  4. PC geblokkeerd - politievirus/ukash virus
    door hcoppitt in forum Archief Bestrijding malware & virussen
    Reacties: 3
    Laatste bericht: 9 juli 2012, 06:03
  5. KLPD waarschuwt voor schadelijk e-mailbericht
    door Kurtt in forum Waarschuwingen
    Reacties: 5
    Laatste bericht: 16 maart 2012, 21:03

Labels voor deze discussie

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •