Toscaatje

Lukt ook niet in de veilige modus: bericht: niet gemachtigd. Maar als het geen kwaad kan, dan laat maar zitten.

Toch nog niet helemaal opgelost. Qoobox kan ik niet handmatig verwijderen. Wel een aantal mappen uit de map Qoobox, maar BackEnv blijft erin en krijg melding dat niet bevoegd ben ivm beveiliging. Is hier nog wat aan te doen, of zo laten?

GEWELDIG! Het is verdwenen! Ontzettend bedankt voor de hulp!

ComboFix 12-08-05.02 - ria 05-08-2012 12:24:58.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1013.255 [GMT 2:00] Gestart vanuit: c:\users\ria\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ria\AppData\Local\Temp\ppcrlui_2988_2 c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))) . . 2012-08-05 10:35 . 2012-08-05 10:36 -------- d-----w- c:\users\ria\AppData\Local\temp 2012-08-05 10:35 . 2012-08-05 10:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-05 07:24 . 2012-08-05 07:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CF613E4-B3F3-43EF-AD10-5DF6D27C5AEA}\offreg.dll 2012-08-03 19:13 . 2012-08-03 19:13 388096 ----a-r- c:\users\ria\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-03 19:13 . 2012-08-03 19:13 -------- d-----w- c:\program files\Trend Micro 2012-08-03 14:34 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CF613E4-B3F3-43EF-AD10-5DF6D27C5AEA}\mpengine.dll 2012-07-31 18:28 . 2012-07-31 18:28 -------- d-----w- c:\program files\Microsoft.NET 2012-07-31 17:26 . 2012-07-31 17:26 -------- d-----w- c:\users\ria\AppData\Roaming\Nero 2012-07-31 17:26 . 2012-07-31 17:59 -------- d-----w- c:\users\ria\AppData\Local\Nero 2012-07-31 17:20 . 2012-07-31 17:27 -------- d-----w- c:\programdata\Nero 2012-07-31 17:06 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-07-31 17:06 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2012-07-31 17:05 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2012-07-31 17:04 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-07-31 17:03 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-07-31 17:02 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-07-31 17:02 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2012-07-31 17:01 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-07-31 17:00 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll 2012-07-31 15:20 . 2012-07-31 15:22 -------- d-----w- c:\users\ria\AppData\Roaming\vlc 2012-07-31 15:10 . 2012-07-31 15:10 -------- d-----w- c:\program files\Perion 2012-07-31 15:10 . 2012-07-31 15:10 454 ----a-w- C:\user.js 2012-07-30 10:15 . 2012-07-30 10:15 -------- d-----w- c:\users\ria\AppData\Roaming\EurekaLog 2012-07-15 01:09 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 09:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 09:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 09:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 09:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 09:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 09:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 09:13 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-07-11 09:13 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-11 09:13 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-03 16:21 . 2012-01-28 19:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-03 16:21 . 2012-02-27 19:35 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-07-03 16:21 . 2012-01-28 19:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-03 16:21 . 2012-01-28 19:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-03 16:21 . 2012-01-28 19:18 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-07-03 16:21 . 2012-01-28 19:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-03 16:21 . 2012-01-28 19:18 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-03 16:21 . 2012-01-28 19:18 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-03 16:21 . 2012-01-28 19:21 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-07-03 16:21 . 2012-01-28 19:16 41224 ----a-w- c:\windows\avastSS.scr 2012-07-03 16:21 . 2012-01-28 19:16 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-06-02 22:19 . 2012-06-21 07:53 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 07:53 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 07:42 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 07:42 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 07:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 07:53 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 07:42 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 07:32 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:12 . 2012-06-21 07:32 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 10:25 . 2009-10-03 09:11 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 06:37 . 2012-06-13 10:15 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 06:32 . 2012-06-13 10:15 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-15 06:32 . 2012-06-13 10:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-05-15 06:31 . 2012-06-13 10:15 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-15 06:31 . 2012-06-13 10:15 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-05-15 05:01 . 2012-06-13 10:15 385024 ----a-w- c:\windows\system32\html.iec 2012-05-15 03:26 . 2012-06-13 10:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-05-15 03:23 . 2012-06-13 10:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-06-14 06:58 . 2012-05-25 14:38 419023 ----a-w- c:\program files\afslank12.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2012-07-08 68000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "Skytel"="Skytel.exe" [2007-06-15 1826816] "KPN Assistent"="c:\program files\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-40405613-860080031-4201064226-1000Core.job - c:\users\ria\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 11:54] . 2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-40405613-860080031-4201064226-1000UA.job - c:\users\ria\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 11:54] . 2012-08-04 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-08 12:39] . 2012-08-04 c:\windows\Tasks\User_Feed_Synchronization-{A95504FB-7100-48B8-8D35-3026C316B3DD}.job - c:\windows\system32\msfeedssync.exe [2012-06-13 03:24] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://nl.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) SafeBoot-Wdf01000.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-08-05 12:36 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(628) c:\windows\system32\eNetHook.dll . - - - - - - - > 'lsass.exe'(656) c:\windows\system32\eNetHook.dll . Voltooingstijd: 2012-08-05 12:41:12 ComboFix-quarantined-files.txt 2012-08-05 10:40 . Pre-Run: 5.221.343.232 bytes beschikbaar Post-Run: 5.644.873.728 bytes beschikbaar . - - End Of File - - 65BFC1EEEA575041DC958888832C1072

Is er nog iets wat ik kan doen om het probleem te verhelpen?

Nee, daar is My Start niet zichtbaar.

Ja, hij komt nog steeds tevoorschijn bij het openen van een nieuw tabblad in Google Chrome.

# AdwCleaner v1.800 - Logfile created 08/04/2012 at 09:16:45 # Updated 01/08/2012 by Xplode # Operating system : Windows Vista Home Basic Service Pack 2 (32 bits) # User : ria - PC_VAN_RIA # Running from : C:\Users\ria\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19272 [OK] Registry is clean.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:16:48, on 3-8-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\System32\mobsync.exe C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\ria\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\system32\igfxsrvc.exe C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe /auto O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\ria\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\Software\..\Telephony: DomainName = RK O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = RK O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = RK O20 - AppInit_DLLs: eNetHook.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9233 bytes