Toscaatje
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Toscaatje
-
-
Toch nog niet helemaal opgelost. Qoobox kan ik niet handmatig verwijderen. Wel een aantal mappen uit de map Qoobox, maar BackEnv blijft erin en krijg melding dat niet bevoegd ben ivm beveiliging. Is hier nog wat aan te doen, of zo laten?
-
GEWELDIG! Het is verdwenen! Ontzettend bedankt voor de hulp!
-
ComboFix 12-08-05.02 - ria 05-08-2012 12:24:58.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1013.255 [GMT 2:00]
Gestart vanuit: c:\users\ria\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ria\AppData\Local\Temp\ppcrlui_2988_2
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-07-05 to 2012-08-05 ))))))))))))))))))))))))))))))
.
.
2012-08-05 10:35 . 2012-08-05 10:36 -------- d-----w- c:\users\ria\AppData\Local\temp
2012-08-05 10:35 . 2012-08-05 10:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 07:24 . 2012-08-05 07:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CF613E4-B3F3-43EF-AD10-5DF6D27C5AEA}\offreg.dll
2012-08-03 19:13 . 2012-08-03 19:13 388096 ----a-r- c:\users\ria\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-03 19:13 . 2012-08-03 19:13 -------- d-----w- c:\program files\Trend Micro
2012-08-03 14:34 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CF613E4-B3F3-43EF-AD10-5DF6D27C5AEA}\mpengine.dll
2012-07-31 18:28 . 2012-07-31 18:28 -------- d-----w- c:\program files\Microsoft.NET
2012-07-31 17:26 . 2012-07-31 17:26 -------- d-----w- c:\users\ria\AppData\Roaming\Nero
2012-07-31 17:26 . 2012-07-31 17:59 -------- d-----w- c:\users\ria\AppData\Local\Nero
2012-07-31 17:20 . 2012-07-31 17:27 -------- d-----w- c:\programdata\Nero
2012-07-31 17:06 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-31 17:06 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-07-31 17:05 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-31 17:04 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-31 17:03 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-07-31 17:02 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-07-31 17:02 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2012-07-31 17:01 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-31 17:00 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-07-31 15:20 . 2012-07-31 15:22 -------- d-----w- c:\users\ria\AppData\Roaming\vlc
2012-07-31 15:10 . 2012-07-31 15:10 -------- d-----w- c:\program files\Perion
2012-07-31 15:10 . 2012-07-31 15:10 454 ----a-w- C:\user.js
2012-07-30 10:15 . 2012-07-30 10:15 -------- d-----w- c:\users\ria\AppData\Roaming\EurekaLog
2012-07-15 01:09 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 09:14 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 09:14 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 09:14 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 09:14 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 09:14 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 09:14 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 09:13 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 09:13 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 09:13 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2012-01-28 19:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-02-27 19:35 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-03 16:21 . 2012-01-28 19:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-01-28 19:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-01-28 19:18 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-07-03 16:21 . 2012-01-28 19:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2012-01-28 19:18 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-01-28 19:18 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-01-28 19:21 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-07-03 16:21 . 2012-01-28 19:16 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-01-28 19:16 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-21 07:53 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:53 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:42 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:42 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 07:53 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 07:53 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 07:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 07:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 07:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2009-10-03 09:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 06:37 . 2012-06-13 10:15 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-13 10:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-13 10:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-13 10:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-13 10:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-13 10:15 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-13 10:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-13 10:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-06-14 06:58 . 2012-05-25 14:38 419023 ----a-w- c:\program files\afslank12.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2012-07-08 68000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-21 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"KPN Assistent"="c:\program files\KPN\KPN Assistent\KPN_Assistent.exe" [2011-08-18 33560288]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-40405613-860080031-4201064226-1000Core.job
- c:\users\ria\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 11:54]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-40405613-860080031-4201064226-1000UA.job
- c:\users\ria\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-01 11:54]
.
2012-08-04 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-08 12:39]
.
2012-08-04 c:\windows\Tasks\User_Feed_Synchronization-{A95504FB-7100-48B8-8D35-3026C316B3DD}.job
- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! UK
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-08-05 12:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\eNetHook.dll
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\eNetHook.dll
.
Voltooingstijd: 2012-08-05 12:41:12
ComboFix-quarantined-files.txt 2012-08-05 10:40
.
Pre-Run: 5.221.343.232 bytes beschikbaar
Post-Run: 5.644.873.728 bytes beschikbaar
.
- - End Of File - - 65BFC1EEEA575041DC958888832C1072
-
Is er nog iets wat ik kan doen om het probleem te verhelpen?
-
Nee, daar is My Start niet zichtbaar.
-
Ja, hij komt nog steeds tevoorschijn bij het openen van een nieuw tabblad in Google Chrome.
-
# AdwCleaner v1.800 - Logfile created 08/04/2012 at 09:16:45
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)
# User : ria - PC_VAN_RIA
# Running from : C:\Users\ria\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19272
[OK] Registry is clean.
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:16:48, on 3-8-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\ria\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ria\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [KPN Assistent] C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe /auto
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\ria\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\Software\..\Telephony: DomainName = RK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = RK
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = RK
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9233 bytes
HJT-log - MyStart Incredibar verwijderen
in Archief Bestrijding malware & virussen
Geplaatst:
Lukt ook niet in de veilige modus: bericht: niet gemachtigd. Maar als het geen kwaad kan, dan laat maar zitten.