ekster
-
Items
122 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door ekster
-
Ik vind ze wel, maar als ik erop klik krijg steeds hetzelfde venster als hierboven. Groetjes, ekster
-
Ongeveer tien keer geprobeerd, ik heb geen idee waar die bestandjes blijven. De eerste keer open ik kladblok na opslaan als...en dan zie ik het. Het opent gewoon. Probeer ik het later nog eens dan krijg ik een venster met: Het item hallo2.text waarnaar deze snelkoppeling verwijst, is gewijzigd of verplaatst, waardoor deze snelkoppeling niet goed meer werkt. Wilt u deze snelkoppeling verwijderen? Waar zijn ze dan gebleven, het is me een raadsel. Vriendelijke groet, ekster
-
Ik heb een nieuwe printer Canon MP 550. Scannen van document gaat prima. Op de pc kom ik dan terecht bij temp-kladblok (volgens handleiding moet dat zijn Kladblok). Dat document kan ik, zoals ik wens, bewerken. Maar als ik opsla als.....weet ik niet waar het bestand blijft. Wat is temp-kladblok? Kunnen jullie me helpen? Hartelijke groet, ekster
-
E-reader heb ik gereset en toen deed alles het weer. Bedankt. Opgelost. Vriendelijke groet, ekster
-
Hallo Helpforum, Vorige week is mijn volkomen op hol geslagen computer door jullie prachtig in orde gemaakt. Maar...nu wil ik sony e-reader gebruiken en dat gaat niet. Om te beginnen bij het verbinden met USB kabel zie ik in Computer staan: Verwisselbare schijf I, maar ook verwisselbare schijf G. Ik heb ereader library verwijderd en geprobeerd opnieuw te installeren. Maar....dat gaat niet. Als ik hardware verwijder geeft hij aan I en G te verwijderen... Bijgevoegd HijackThis log. Dat moet meestal... Groet eksterLogfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:41:51, on 22-8-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\rundll32.exe C:\Windows\PLFSetI.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Users\EKKER1~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9259 bytes
-
Kape heeft mij fantastisch geholpen toen mijn pc helemaal van slag was. Ik moest toen o.m. CCleaner downloaden. Mag ik CCleaner nu gewoon blijven gebruiken??? Het lijkt me veel beter dan schijfopruiming. Hartelijke groet, ekster
-
CCleaner gedaan. Wel, geleerde, geduldige computer-meester vind je het goed dat ik tot morgen wacht met met op discussie opgelost klikken. Kijken of alles het dan ook nog doet? In ieder geval duizend maal dank. Ik zal het uitkijken naar de hulpmails nog missen............Groet, ekster
-
Hoera, hoera AVG zit erin. AVG zei halverwege dat McAfee eruit moest, dat heb ik spontaan met OK gedaan. Wat ellende was dat Virtual Technical Help bleef eindeloos scannen, drukken op herstel zei alleen dat MCAfee ge-update was. Kortom het is weg, good riddance. Moet ik nu nog een andere of betaalde versie van AVG aanschaffen? Moet ik nog eens nakijken met CCleaner? Dat rare D: bestand met letters en cijfersstaat er nog in. Die lange rij met cijfers gaan er niet uit, de rest wel. Toen ik zo'n bestand 3082 opende kreeg ik: Beveiliging, U moet aangemeld zijn met beheersmachtigingen om dit object te kunnen weergeven. Goede groet, goede nacht, ekster
-
Zou ik die ellendige McAfee er niet helemaal uithalen. Het abonnement loopt tot 9-2-2011. Ik het steeds een kreng gevonden. Ik ga AGV proberen. Groet, ekster.
-
Ik word er nu wel heel verdrietig van. Ik vlieg ieder moment uit Internet. Chat van McAfee Help kan ik niet bereiken, ik vlieg er steeds uit. McAfee doet bij herstellen alleen updaten. Maar er blijft staan dat er geen bescherming ..............
-
Voor mij is alles prima, nu begint Mc Afee met een geel uitroepteken te roepen dat de computer niet beschermd is............... Ik ben maar begonnen met updaten en scannen! Groetjes ekster
-
Hoera, ik heb CCleaner aanwijzingen wel gevonden en gedaan en bovendien een nieuw herstelpunt gemaakt. Er staat nog steeds beveiligde modus uitgeschakeld. Groet, ekster
-
Blijf jij mij opdrachten geven die ik niet kan uitvoeren? In Cofiguratie staat Systeem en Systeembeheer(geen tabbladen), geen Systeem en Onderhoud. Wat nu?
-
1. Beveiligde modus uitgeschakeld is dat goed? 2. Unlocker sluit Internet af GED en McAfee wordt knalrood 3. CCleaner heeft 514 MB verwijderd, maar................................ in de linkerkolom zie ik hoofdjes: IE, WE, Systeem, geavonceerd, maar geen "register", scan naar problemen enz. Groet, ekster
-
Combofix is van bureaublad. D bestand kan niet worden verwijderd. Wat nu? Ik kan C:\Qoobox of Q00b0x niet vinden. Ga ik nu door met CCleaner? Groet, ekster
-
Spatie was ik vergeten. Er werd aangegeven dat Combofix was verwijderd. Het icoon van combofix staat nog steeds op bureaublad. Verwijderen lukt, omdat ik "niet gemachtigd ben". In het icoon staat een geel/groen schildje. Map op D gaat ook niet weg: "niet gemachtigd. Groet, ekster
-
Wat een geluk dat je de discussie weer geopend hebt. Ik was zo blij dat iets goed was dat ik er gelijk vanaf wou. Toen ik op opgelost gedrukt had, had ik meteen spijt. Combofix/uninstall lukt niet. Hoewel ik het op bureaublad zie staan, herkent uitvoeren het niet. Het staat niet bij "software" verwijderen, maar wel in "map bureaublad". Verder is er in station D plotseling een bestand (naam allemaal cijfers)verschenen, er staat in: rij van ong. 30 getallen onder elkaar b.v. 1025 DHtmlHeader.html header.bmp Hotfixinstaller.exe NDDP35P!_KB963707 ParameterInfo.xml watermerk.bmp Kan ik dat verwijderen? Hartelijke groet, ekster
-
Ik heb geprobeerd te downloaden. Dat ging. Fantastisch bedankt voor al je hulp en je geduld. Lieve groet, ekster
-
VolgeLogfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:54:54, on 8-8-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE c:\PROGRA~1\mcafee\msc\mcuimgr.exe c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9151 bytes volgens mij ging het hetzelfde..... ComboFix 10-08-07.02 - Ekker 1 08-08-2010 17:37:08.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.1707 [GMT 2:00] Gestart vanuit: c:\users\Ekker 1\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ekker 1\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))) . 2010-08-08 15:46 . 2010-08-08 15:46 -------- d-----w- c:\users\Ekker 1\AppData\Local\temp 2010-08-08 15:46 . 2010-08-08 15:46 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-08 15:46 . 2010-08-08 15:46 -------- d-----w- c:\users\Dixons\AppData\Local\temp 2010-08-08 15:46 . 2010-08-08 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-08 14:30 . 2010-08-08 14:30 -------- d-----w- c:\programdata\WindowsSearch 2010-08-08 14:01 . 2010-08-08 14:01 -------- d-----w- c:\programdata\SSScanAppDataDir 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\Library 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Apple Computer 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\AppData\Local\Apple Computer 2010-08-07 19:43 . 2010-08-07 19:43 -------- d-----w- c:\programdata\Save Data 2010-08-07 15:51 . 2010-08-07 15:51 388096 ----a-r- c:\users\Ekker 1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-07 15:51 . 2010-08-07 15:51 -------- d-----w- c:\program files\Trend Micro 2010-08-06 16:34 . 2010-08-06 16:34 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Uniblue 2010-08-06 14:02 . 2010-08-06 14:02 -------- d-----w- c:\program files\Citrix 2010-08-06 13:47 . 2010-08-06 13:47 -------- d-----w- c:\programdata\Citrix 2010-08-06 13:45 . 2010-08-06 13:45 -------- d-----w- c:\users\Ekker 1\AppData\Local\Citrix 2010-08-06 13:45 . 2010-08-06 14:42 -------- d-----w- c:\users\Ekker 1\AppData\Local\Deployment 2010-08-06 13:45 . 2010-08-06 13:45 -------- d-----w- c:\users\Ekker 1\AppData\Local\Apps 2010-08-06 13:37 . 2010-08-06 13:37 -------- d-----w- c:\users\Ekker 1\AppData\Local\Threat Expert 2010-08-06 13:37 . 2010-08-06 13:37 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Yahoo! 2010-08-06 13:34 . 2010-08-06 13:34 300384 ----a-w- c:\users\Ekker 1\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-08-06 13:34 . 2010-08-06 13:34 300384 ----a-w- c:\programdata\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-08-06 13:33 . 2010-08-06 13:33 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\McAfee 2010-08-05 10:04 . 2010-08-06 06:00 -------- d-----w- c:\users\Ekker 1\AppData\Local\Adobe 2010-08-04 23:12 . 2010-08-08 15:29 -------- d-----w- c:\users\Ekker 1\Tracing 2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- c:\program files\Windows Portable Devices 2010-08-04 20:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-08-04 20:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-08-04 20:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-08-04 20:14 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2010-08-04 20:12 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-08-04 20:12 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-08-04 20:12 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-08-04 15:48 . 2010-08-04 15:50 -------- d-----w- c:\users\Ekker 1\AppData\Local\Microsoft Games 2010-08-04 15:42 . 2010-08-05 06:27 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\MyHeritage 2010-08-04 15:07 . 2010-08-04 15:09 -------- d-----w- c:\windows\system32\ca-ES 2010-08-04 15:07 . 2010-08-04 15:09 -------- d-----w- c:\windows\system32\eu-ES 2010-08-04 15:07 . 2010-08-04 15:08 -------- d-----w- c:\windows\system32\vi-VN 2010-08-04 12:49 . 2010-08-04 12:49 -------- d-----w- c:\users\Ekker 1\AppData\Local\Sony Corporation 2010-08-04 12:49 . 2010-08-04 12:49 -------- d-----w- c:\users\Ekker 1\AppData\Local\kinoma 2010-08-04 12:49 . 2010-08-04 12:49 -------- d--h--w- c:\users\Ekker 1\AppData\Local\acer eNM 2010-08-04 12:48 . 2010-08-08 15:29 680 ----a-w- c:\users\Ekker 1\AppData\Local\d3d9caps.dat 2010-08-04 12:48 . 2010-08-04 12:48 -------- d-----w- c:\users\Ekker 1\AppData\Local\PlayMovie 2010-08-04 12:48 . 2010-08-04 12:48 72384 ----a-w- c:\users\Ekker 1\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-04 12:48 . 2010-08-04 12:48 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\SiteAdvisor 2010-08-04 09:41 . 2010-08-04 09:41 -------- d-----w- c:\windows\system32\EventProviders 2010-08-04 08:06 . 2010-08-04 08:06 -------- d-----w- C:\EGIS_Drive 2010-08-04 05:20 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-08-04 05:20 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-08-04 05:20 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-08-04 05:20 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-08-04 05:20 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-08-04 05:10 . 2009-04-11 06:28 747008 ----a-w- c:\windows\system32\WsmSvc.dll 2010-08-04 05:09 . 2009-04-11 06:28 657408 ----a-w- c:\windows\system32\WMVXENCD.DLL 2010-08-04 05:08 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2010-08-04 05:08 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2010-08-04 05:08 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2010-08-04 05:08 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2010-08-04 04:36 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Public\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Default\AppData\Roaming\Intel 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Dixons\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Default\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\programdata\Roaming 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\program files\Cisco 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\program files\Common Files\Intel 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\programdata\Intel 2010-08-03 22:23 . 2010-08-03 22:23 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-08-03 18:52 . 2010-08-03 18:52 -------- d-----w- c:\users\Dixons\AppData\Local\Threat Expert 2010-08-03 18:13 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-08-03 18:13 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-08-03 18:13 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-08-03 18:13 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll 2010-08-03 18:13 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip 2010-08-03 18:13 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip 2010-08-03 18:11 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2010-08-03 18:11 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-08-03 18:11 . 2010-08-03 18:34 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-08-03 18:11 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-08-03 18:10 . 2010-08-03 18:34 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-08-03 18:10 . 2010-08-08 15:38 -------- d-----w- c:\program files\Spyware Doctor 2010-08-03 18:10 . 2010-08-03 18:14 -------- d-----w- c:\program files\Common Files\PC Tools 2010-08-03 18:10 . 2010-08-03 18:10 -------- d-----w- c:\users\Dixons\AppData\Roaming\PC Tools 2010-08-03 18:10 . 2010-08-03 18:10 -------- d-----w- c:\programdata\PC Tools 2010-08-03 15:16 . 2010-08-03 15:16 -------- d-----w- c:\programdata\MSScanAppDataDir 2010-08-03 13:56 . 2010-08-03 13:56 680 ----a-w- c:\users\Dixons\AppData\Local\d3d9caps.dat 2010-08-03 13:13 . 2010-08-03 13:13 292878 ----a-r- c:\users\Dixons\AppData\Roaming\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\program files\DIFX 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Roaming\Apple Computer 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Local\Apple Computer 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\Library 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\programdata\kinoma 2010-08-03 13:12 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Local\Sony Corporation 2010-08-03 13:12 . 2010-08-03 13:13 -------- d-----w- c:\program files\Sony 2010-08-03 13:12 . 2010-08-03 13:12 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-08-03 13:09 . 2010-08-03 13:09 -------- d-----w- c:\users\Dixons\AppData\Local\kinoma 2010-08-03 13:03 . 2010-08-03 13:03 -------- d-----w- c:\users\Dixons\AppData\Roaming\Uniblue 2010-08-03 13:03 . 2010-08-03 13:03 -------- d-----w- c:\program files\Uniblue 2010-08-03 08:50 . 2010-08-03 08:50 -------- d-----w- c:\users\Dixons\AppData\Local\Adobe 2010-08-03 06:18 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2010-08-03 06:16 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-03 04:54 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2010-08-03 04:47 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-08-03 04:44 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-08-03 04:43 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-08-03 04:43 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-08-03 04:43 . 2010-08-03 04:43 -------- d-----w- c:\program files\MSXML 4.0 2010-08-03 04:13 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-08-03 04:13 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-03 04:13 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-03 04:13 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2010-08-03 04:13 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-08-03 04:11 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2010-08-03 04:10 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-08-03 04:10 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-08-03 04:10 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-08-03 04:10 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll 2010-08-03 04:10 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll 2010-08-03 04:10 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-08-03 04:10 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-08-03 04:10 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-08-03 04:10 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2010-08-03 04:10 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-08-03 04:09 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll 2010-08-03 04:09 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-08 15:34 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-08-08 15:34 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-08-08 15:28 . 2010-08-02 11:47 42301 ----a-w- c:\programdata\nvModes.dat 2010-08-07 14:48 . 2008-04-16 05:22 -------- d-----w- c:\program files\McAfee 2010-08-06 13:32 . 2008-04-16 05:22 -------- d-----w- c:\programdata\McAfee 2010-08-06 05:59 . 2008-04-16 05:53 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 20:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-08-04 20:17 . 2010-08-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-08-04 20:17 . 2010-08-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-08-04 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-08-03 22:45 . 2010-08-04 12:47 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Intel 2010-08-03 22:44 . 2008-04-16 04:56 -------- d-----w- c:\program files\Intel 2010-08-03 21:57 . 2010-08-02 11:47 -------- d-----w- c:\users\Dixons\AppData\Roaming\SiteAdvisor 2010-08-03 06:09 . 2010-08-03 06:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2010-08-03 04:45 . 2008-04-16 05:14 -------- d-----w- c:\program files\Microsoft Works 2010-08-02 18:19 . 2010-08-02 18:19 0 ----a-w- c:\users\Dixons\AppData\Roaming\wklnhst.dat 2010-08-02 16:15 . 2010-08-02 16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-08-02 15:03 . 2008-04-16 05:12 -------- d-----w- c:\programdata\Microsoft Help 2010-08-02 12:02 . 2008-04-16 05:46 -------- d-----w- c:\programdata\CyberLink 2010-08-02 11:58 . 2010-08-02 11:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2010-08-02 11:52 . 2008-04-16 05:45 -------- d-----w- c:\program files\Acer Arcade Deluxe 2010-08-02 11:52 . 2008-04-16 05:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-02 11:47 . 2010-08-02 21:28 2220 ----a-w- c:\windows\CLEANUP.CMD 2010-08-02 11:47 . 2010-08-02 11:47 -------- d-----w- c:\users\Dixons\AppData\Roaming\InstallShield 2010-08-02 11:39 . 2010-08-02 11:39 -------- d-----w- c:\program files\Common Files\snp2uvc 2010-08-02 11:39 . 2010-08-02 11:39 -------- d-----w- c:\programdata\InstallShield 2010-08-02 11:38 . 2008-04-16 05:00 -------- d-----w- c:\program files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360] "Skytel"="Skytel.exe" [2007-08-03 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "SetPanel"="c:\acer\APanel\APanel.cmd" [bU] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "eRecoveryService"="" [bU] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [bU] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-08-03 1287120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-16 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-08-06 14:02 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:25,a5,ac,df,e7,33,cb,01 R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-03 218592] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] --- Andere Services/Drivers In Geheugen --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2008-04-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-16 13:10] 2008-04-16 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-16 13:10] 2010-08-08 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-03 07:50] 2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{81F699E3-61A6-434E-9722-902F0DA72BC1}.job - c:\windows\system32\msfeedssync.exe [2010-08-03 04:30] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mStart Page = hxxp://search.myheritage.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-08 17:46 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(3228) c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\SiteAdvisor\6172\saHook.dll c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll . Voltooingstijd: 2010-08-08 17:52:16 ComboFix-quarantined-files.txt 2010-08-08 15:52 ComboFix2.txt 2010-08-08 13:45 ComboFix3.txt 2010-08-08 12:28 Pre-Run: 105.828.646.912 bytes beschikbaar Post-Run: 105.816.907.776 bytes beschikbaar - - End Of File - - 6A5BF9285E4F0C7D84193F165D6F0696 groet, ekster
-
ComboFix 10-08-07.02 - Ekker 1 08-08-2010 15:28:36.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.1838 [GMT 2:00] Gestart vanuit: c:\users\Ekker 1\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ekker 1\Desktop\CFScript - Snelkoppeling.lnk AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))) . 2010-08-08 13:38 . 2010-08-08 13:39 -------- d-----w- c:\users\Ekker 1\AppData\Local\temp 2010-08-08 13:38 . 2010-08-08 13:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-08 13:38 . 2010-08-08 13:38 -------- d-----w- c:\users\Dixons\AppData\Local\temp 2010-08-08 13:38 . 2010-08-08 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\Library 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Apple Computer 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\AppData\Local\Apple Computer 2010-08-07 19:43 . 2010-08-07 19:43 -------- d-----w- c:\programdata\Save Data 2010-08-07 15:51 . 2010-08-07 15:51 388096 ----a-r- c:\users\Ekker 1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-07 15:51 . 2010-08-07 15:51 -------- d-----w- c:\program files\Trend Micro 2010-08-06 16:34 . 2010-08-06 16:34 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Uniblue 2010-08-06 14:02 . 2010-08-06 14:02 -------- d-----w- c:\program files\Citrix 2010-08-06 13:47 . 2010-08-06 13:47 -------- d-----w- c:\programdata\Citrix 2010-08-06 13:45 . 2010-08-06 13:45 -------- d-----w- c:\users\Ekker 1\AppData\Local\Citrix 2010-08-06 13:45 . 2010-08-06 14:42 -------- d-----w- c:\users\Ekker 1\AppData\Local\Deployment 2010-08-06 13:45 . 2010-08-06 13:45 -------- d-----w- c:\users\Ekker 1\AppData\Local\Apps 2010-08-06 13:37 . 2010-08-06 13:37 -------- d-----w- c:\users\Ekker 1\AppData\Local\Threat Expert 2010-08-06 13:37 . 2010-08-06 13:37 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Yahoo! 2010-08-06 13:34 . 2010-08-06 13:34 300384 ----a-w- c:\users\Ekker 1\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-08-06 13:34 . 2010-08-06 13:34 300384 ----a-w- c:\programdata\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-08-06 13:33 . 2010-08-06 13:33 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\McAfee 2010-08-05 10:04 . 2010-08-06 06:00 -------- d-----w- c:\users\Ekker 1\AppData\Local\Adobe 2010-08-04 23:12 . 2010-08-08 13:12 -------- d-----w- c:\users\Ekker 1\Tracing 2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- c:\program files\Windows Portable Devices 2010-08-04 20:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-08-04 20:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-08-04 20:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-08-04 20:14 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2010-08-04 20:12 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-08-04 20:12 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-08-04 20:12 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-08-04 15:48 . 2010-08-04 15:50 -------- d-----w- c:\users\Ekker 1\AppData\Local\Microsoft Games 2010-08-04 15:42 . 2010-08-05 06:27 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\MyHeritage 2010-08-04 15:07 . 2010-08-04 15:09 -------- d-----w- c:\windows\system32\ca-ES 2010-08-04 15:07 . 2010-08-04 15:09 -------- d-----w- c:\windows\system32\eu-ES 2010-08-04 15:07 . 2010-08-04 15:08 -------- d-----w- c:\windows\system32\vi-VN 2010-08-04 12:49 . 2010-08-04 12:49 -------- d-----w- c:\users\Ekker 1\AppData\Local\Sony Corporation 2010-08-04 12:49 . 2010-08-04 12:49 -------- d-----w- c:\users\Ekker 1\AppData\Local\kinoma 2010-08-04 12:49 . 2010-08-04 12:49 -------- d--h--w- c:\users\Ekker 1\AppData\Local\acer eNM 2010-08-04 12:48 . 2010-08-08 11:43 680 ----a-w- c:\users\Ekker 1\AppData\Local\d3d9caps.dat 2010-08-04 12:48 . 2010-08-04 12:48 -------- d-----w- c:\users\Ekker 1\AppData\Local\PlayMovie 2010-08-04 12:48 . 2010-08-04 12:48 72384 ----a-w- c:\users\Ekker 1\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-04 12:48 . 2010-08-04 12:48 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\SiteAdvisor 2010-08-04 09:41 . 2010-08-04 09:41 -------- d-----w- c:\windows\system32\EventProviders 2010-08-04 08:06 . 2010-08-04 08:06 -------- d-----w- C:\EGIS_Drive 2010-08-04 05:20 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-08-04 05:20 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-08-04 05:20 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-08-04 05:20 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-08-04 05:20 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-08-04 05:10 . 2009-04-11 06:28 747008 ----a-w- c:\windows\system32\WsmSvc.dll 2010-08-04 05:09 . 2009-04-11 06:28 657408 ----a-w- c:\windows\system32\WMVXENCD.DLL 2010-08-04 05:08 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2010-08-04 05:08 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2010-08-04 05:08 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2010-08-04 05:08 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2010-08-04 04:36 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Public\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Default\AppData\Roaming\Intel 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Dixons\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Default\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\programdata\Roaming 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\program files\Cisco 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\program files\Common Files\Intel 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\programdata\Intel 2010-08-03 22:23 . 2010-08-03 22:23 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-08-03 18:52 . 2010-08-03 18:52 -------- d-----w- c:\users\Dixons\AppData\Local\Threat Expert 2010-08-03 18:13 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-08-03 18:13 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-08-03 18:13 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-08-03 18:13 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll 2010-08-03 18:13 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip 2010-08-03 18:13 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip 2010-08-03 18:11 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2010-08-03 18:11 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-08-03 18:11 . 2010-08-03 18:34 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-08-03 18:11 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-08-03 18:10 . 2010-08-03 18:34 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-08-03 18:10 . 2010-08-08 13:39 -------- d-----w- c:\program files\Spyware Doctor 2010-08-03 18:10 . 2010-08-03 18:14 -------- d-----w- c:\program files\Common Files\PC Tools 2010-08-03 18:10 . 2010-08-03 18:10 -------- d-----w- c:\users\Dixons\AppData\Roaming\PC Tools 2010-08-03 18:10 . 2010-08-03 18:10 -------- d-----w- c:\programdata\PC Tools 2010-08-03 15:16 . 2010-08-03 15:16 -------- d-----w- c:\programdata\MSScanAppDataDir 2010-08-03 13:56 . 2010-08-03 13:56 680 ----a-w- c:\users\Dixons\AppData\Local\d3d9caps.dat 2010-08-03 13:13 . 2010-08-03 13:13 292878 ----a-r- c:\users\Dixons\AppData\Roaming\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\program files\DIFX 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Roaming\Apple Computer 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Local\Apple Computer 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\Library 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\programdata\kinoma 2010-08-03 13:12 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Local\Sony Corporation 2010-08-03 13:12 . 2010-08-03 13:13 -------- d-----w- c:\program files\Sony 2010-08-03 13:12 . 2010-08-03 13:12 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-08-03 13:09 . 2010-08-03 13:09 -------- d-----w- c:\users\Dixons\AppData\Local\kinoma 2010-08-03 13:03 . 2010-08-03 13:03 -------- d-----w- c:\users\Dixons\AppData\Roaming\Uniblue 2010-08-03 13:03 . 2010-08-03 13:03 -------- d-----w- c:\program files\Uniblue 2010-08-03 08:50 . 2010-08-03 08:50 -------- d-----w- c:\users\Dixons\AppData\Local\Adobe 2010-08-03 06:18 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2010-08-03 06:16 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-03 04:54 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2010-08-03 04:47 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-08-03 04:44 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-08-03 04:43 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-08-03 04:43 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-08-03 04:43 . 2010-08-03 04:43 -------- d-----w- c:\program files\MSXML 4.0 2010-08-03 04:13 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-08-03 04:13 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-03 04:13 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-03 04:13 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2010-08-03 04:13 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-08-03 04:11 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2010-08-03 04:10 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-08-03 04:10 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-08-03 04:10 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-08-03 04:10 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll 2010-08-03 04:10 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll 2010-08-03 04:10 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-08-03 04:10 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-08-03 04:10 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-08-03 04:10 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2010-08-03 04:10 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-08-03 04:09 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll 2010-08-03 04:09 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2010-08-03 04:09 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2010-08-03 04:09 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-08 13:16 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-08-08 13:16 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-08-08 13:11 . 2010-08-02 11:47 42301 ----a-w- c:\programdata\nvModes.dat 2010-08-07 14:48 . 2008-04-16 05:22 -------- d-----w- c:\program files\McAfee 2010-08-06 13:32 . 2008-04-16 05:22 -------- d-----w- c:\programdata\McAfee 2010-08-06 05:59 . 2008-04-16 05:53 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 20:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-08-04 20:17 . 2010-08-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-08-04 20:17 . 2010-08-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-08-04 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-08-03 22:45 . 2010-08-04 12:47 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Intel 2010-08-03 22:44 . 2008-04-16 04:56 -------- d-----w- c:\program files\Intel 2010-08-03 21:57 . 2010-08-02 11:47 -------- d-----w- c:\users\Dixons\AppData\Roaming\SiteAdvisor 2010-08-03 06:09 . 2010-08-03 06:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2010-08-03 04:45 . 2008-04-16 05:14 -------- d-----w- c:\program files\Microsoft Works 2010-08-02 18:19 . 2010-08-02 18:19 0 ----a-w- c:\users\Dixons\AppData\Roaming\wklnhst.dat 2010-08-02 16:15 . 2010-08-02 16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-08-02 15:03 . 2008-04-16 05:12 -------- d-----w- c:\programdata\Microsoft Help 2010-08-02 12:02 . 2008-04-16 05:46 -------- d-----w- c:\programdata\CyberLink 2010-08-02 11:58 . 2010-08-02 11:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2010-08-02 11:52 . 2008-04-16 05:45 -------- d-----w- c:\program files\Acer Arcade Deluxe 2010-08-02 11:52 . 2008-04-16 05:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-02 11:47 . 2010-08-02 21:28 2220 ----a-w- c:\windows\CLEANUP.CMD 2010-08-02 11:47 . 2010-08-02 11:47 -------- d-----w- c:\users\Dixons\AppData\Roaming\InstallShield 2010-08-02 11:39 . 2010-08-02 11:39 -------- d-----w- c:\program files\Common Files\snp2uvc 2010-08-02 11:39 . 2010-08-02 11:39 -------- d-----w- c:\programdata\InstallShield 2010-08-02 11:38 . 2008-04-16 05:00 -------- d-----w- c:\program files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840] [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}] 2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360] "Skytel"="Skytel.exe" [2007-08-03 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "SetPanel"="c:\acer\APanel\APanel.cmd" [bU] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "eRecoveryService"="" [bU] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [bU] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-08-03 1287120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-16 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-08-06 14:02 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:25,a5,ac,df,e7,33,cb,01 R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-03 218592] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] --- Andere Services/Drivers In Geheugen --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2008-04-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-16 13:10] 2008-04-16 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-16 13:10] 2010-08-08 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-03 07:50] 2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{81F699E3-61A6-434E-9722-902F0DA72BC1}.job - c:\windows\system32\msfeedssync.exe [2010-08-03 04:30] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mStart Page = hxxp://search.myheritage.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-08 15:39 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(2836) c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\SiteAdvisor\6172\saHook.dll c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll . Voltooingstijd: 2010-08-08 15:45:39 ComboFix-quarantined-files.txt 2010-08-08 13:45 ComboFix2.txt 2010-08-08 12:28 Pre-Run: 105.944.031.232 bytes beschikbaar Post-Run: 105.910.640.640 bytes beschikbaar - - End Of File - - C29D94F23D538225781534EE9F780484 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:54:58, on 8-8-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Windows\Explorer.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10167 bytes
-
Hallo Kape, Hoera, het logje is er. Ik had een keer op McAfee gedrukt. Nog eens overgedaan en..................... ComboFix 10-08-07.02 - Ekker 1 08-08-2010 14:12:30.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.1828 [GMT 2:00] Gestart vanuit: c:\users\Ekker 1\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\programdata\1296160 c:\programdata\1296160\BackUp\Empowering Technology Launcher.lnk c:\programdata\1296160\SMAV.ico c:\programdata\1296160\SMAVSys\vd952342.bd c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk c:\users\Ekker 1\GoToAssistDownloadHelper.exe . (((((((((((((((((((( Bestanden Gemaakt van 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))) . 2010-08-08 12:22 . 2010-08-08 12:23 -------- d-----w- c:\users\Ekker 1\AppData\Local\temp 2010-08-08 12:22 . 2010-08-08 12:22 -------- d-----w- c:\users\Dixons\AppData\Local\temp 2010-08-08 12:22 . 2010-08-08 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\Library 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Apple Computer 2010-08-07 21:28 . 2010-08-07 21:28 -------- d-----w- c:\users\Ekker 1\AppData\Local\Apple Computer 2010-08-07 19:43 . 2010-08-07 19:43 -------- d-----w- c:\programdata\Save Data 2010-08-07 15:51 . 2010-08-07 15:51 388096 ----a-r- c:\users\Ekker 1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-07 15:51 . 2010-08-07 15:51 -------- d-----w- c:\program files\Trend Micro 2010-08-06 16:34 . 2010-08-06 16:34 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Uniblue 2010-08-06 14:02 . 2010-08-06 14:02 -------- d-----w- c:\program files\Citrix 2010-08-06 13:47 . 2010-08-06 13:47 -------- d-----w- c:\programdata\Citrix 2010-08-06 13:45 . 2010-08-06 13:45 -------- d-----w- c:\users\Ekker 1\AppData\Local\Citrix 2010-08-06 13:45 . 2010-08-06 14:42 -------- d-----w- c:\users\Ekker 1\AppData\Local\Deployment 2010-08-06 13:45 . 2010-08-06 13:45 -------- d-----w- c:\users\Ekker 1\AppData\Local\Apps 2010-08-06 13:37 . 2010-08-06 13:37 -------- d-----w- c:\users\Ekker 1\AppData\Local\Threat Expert 2010-08-06 13:37 . 2010-08-06 13:37 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Yahoo! 2010-08-06 13:34 . 2010-08-06 13:34 300384 ----a-w- c:\users\Ekker 1\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll 2010-08-06 13:34 . 2010-08-06 13:34 300384 ----a-w- c:\programdata\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll 2010-08-06 13:33 . 2010-08-06 13:33 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\McAfee 2010-08-05 10:04 . 2010-08-06 06:00 -------- d-----w- c:\users\Ekker 1\AppData\Local\Adobe 2010-08-04 23:12 . 2010-08-08 11:43 -------- d-----w- c:\users\Ekker 1\Tracing 2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- c:\program files\Windows Portable Devices 2010-08-04 20:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-08-04 20:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-08-04 20:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-08-04 20:14 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2010-08-04 20:12 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-08-04 20:12 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-08-04 20:12 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-08-04 15:48 . 2010-08-04 15:50 -------- d-----w- c:\users\Ekker 1\AppData\Local\Microsoft Games 2010-08-04 15:42 . 2010-08-05 06:27 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\MyHeritage 2010-08-04 15:07 . 2010-08-04 15:09 -------- d-----w- c:\windows\system32\ca-ES 2010-08-04 15:07 . 2010-08-04 15:09 -------- d-----w- c:\windows\system32\eu-ES 2010-08-04 15:07 . 2010-08-04 15:08 -------- d-----w- c:\windows\system32\vi-VN 2010-08-04 12:49 . 2010-08-04 12:49 -------- d-----w- c:\users\Ekker 1\AppData\Local\Sony Corporation 2010-08-04 12:49 . 2010-08-04 12:49 -------- d-----w- c:\users\Ekker 1\AppData\Local\kinoma 2010-08-04 12:49 . 2010-08-04 12:49 -------- d--h--w- c:\users\Ekker 1\AppData\Local\acer eNM 2010-08-04 12:48 . 2010-08-08 11:43 680 ----a-w- c:\users\Ekker 1\AppData\Local\d3d9caps.dat 2010-08-04 12:48 . 2010-08-04 12:48 -------- d-----w- c:\users\Ekker 1\AppData\Local\PlayMovie 2010-08-04 12:48 . 2010-08-04 12:48 72384 ----a-w- c:\users\Ekker 1\AppData\Local\GDIPFONTCACHEV1.DAT 2010-08-04 12:48 . 2010-08-04 12:48 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\SiteAdvisor 2010-08-04 09:41 . 2010-08-04 09:41 -------- d-----w- c:\windows\system32\EventProviders 2010-08-04 08:06 . 2010-08-04 08:06 -------- d-----w- C:\EGIS_Drive 2010-08-04 05:20 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-08-04 05:20 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-08-04 05:20 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-08-04 05:20 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-08-04 05:20 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-08-04 05:10 . 2009-04-11 06:28 747008 ----a-w- c:\windows\system32\WsmSvc.dll 2010-08-04 05:09 . 2009-04-11 06:28 657408 ----a-w- c:\windows\system32\WMVXENCD.DLL 2010-08-04 05:08 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2010-08-04 05:08 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2010-08-04 05:08 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2010-08-04 05:08 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2010-08-04 04:36 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Public\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Default\AppData\Roaming\Intel 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Dixons\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\users\Default\Roaming 2010-08-03 22:45 . 2010-08-03 22:45 -------- d-----w- c:\programdata\Roaming 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\program files\Cisco 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\program files\Common Files\Intel 2010-08-03 22:44 . 2010-08-03 22:44 -------- d-----w- c:\programdata\Intel 2010-08-03 22:23 . 2010-08-03 22:23 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-08-03 18:52 . 2010-08-03 18:52 -------- d-----w- c:\users\Dixons\AppData\Local\Threat Expert 2010-08-03 18:13 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-08-03 18:13 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-08-03 18:13 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-08-03 18:13 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll 2010-08-03 18:13 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip 2010-08-03 18:13 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip 2010-08-03 18:11 . 2010-02-05 07:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2010-08-03 18:11 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-08-03 18:11 . 2010-08-03 18:34 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-08-03 18:11 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-08-03 18:10 . 2010-08-03 18:34 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-08-03 18:10 . 2010-08-08 12:21 -------- d-----w- c:\program files\Spyware Doctor 2010-08-03 18:10 . 2010-08-03 18:14 -------- d-----w- c:\program files\Common Files\PC Tools 2010-08-03 18:10 . 2010-08-03 18:10 -------- d-----w- c:\users\Dixons\AppData\Roaming\PC Tools 2010-08-03 18:10 . 2010-08-03 18:10 -------- d-----w- c:\programdata\PC Tools 2010-08-03 15:16 . 2010-08-03 15:16 -------- d-----w- c:\programdata\MSScanAppDataDir 2010-08-03 13:56 . 2010-08-03 13:56 680 ----a-w- c:\users\Dixons\AppData\Local\d3d9caps.dat 2010-08-03 13:13 . 2010-08-03 13:13 292878 ----a-r- c:\users\Dixons\AppData\Roaming\Microsoft\Installer\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}\ARPPRODUCTICON.exe 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\program files\DIFX 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Roaming\Apple Computer 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Local\Apple Computer 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\Library 2010-08-03 13:13 . 2010-08-03 13:13 -------- d-----w- c:\programdata\kinoma 2010-08-03 13:12 . 2010-08-03 13:13 -------- d-----w- c:\users\Dixons\AppData\Local\Sony Corporation 2010-08-03 13:12 . 2010-08-03 13:13 -------- d-----w- c:\program files\Sony 2010-08-03 13:12 . 2010-08-03 13:12 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-08-03 13:09 . 2010-08-03 13:09 -------- d-----w- c:\users\Dixons\AppData\Local\kinoma 2010-08-03 13:03 . 2010-08-03 13:03 -------- d-----w- c:\users\Dixons\AppData\Roaming\Uniblue 2010-08-03 13:03 . 2010-08-03 13:03 -------- d-----w- c:\program files\Uniblue 2010-08-03 08:50 . 2010-08-03 08:50 -------- d-----w- c:\users\Dixons\AppData\Local\Adobe 2010-08-03 06:18 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2010-08-03 06:16 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-03 04:54 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2010-08-03 04:47 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-08-03 04:44 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-08-03 04:43 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-08-03 04:43 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-08-03 04:43 . 2010-08-03 04:43 -------- d-----w- c:\program files\MSXML 4.0 2010-08-03 04:13 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-08-03 04:13 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-03 04:13 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-03 04:13 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2010-08-03 04:13 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-08-03 04:11 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2010-08-03 04:10 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-08-03 04:10 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-08-03 04:10 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-08-03 04:10 . 2009-04-11 06:28 53248 ----a-w- c:\windows\system32\tsgqec.dll 2010-08-03 04:10 . 2009-04-11 06:28 136192 ----a-w- c:\windows\system32\aaclient.dll 2010-08-03 04:10 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-08-03 04:10 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-08-03 04:10 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-08-03 04:10 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2010-08-03 04:10 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-08-03 04:09 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll 2010-08-03 04:09 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2010-08-03 04:09 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2010-08-03 04:09 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll 2010-08-03 04:09 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-08 11:47 . 2008-01-21 06:47 667352 ----a-w- c:\windows\system32\perfh013.dat 2010-08-08 11:47 . 2008-01-21 06:47 126854 ----a-w- c:\windows\system32\perfc013.dat 2010-08-08 11:41 . 2010-08-02 11:47 42301 ----a-w- c:\programdata\nvModes.dat 2010-08-07 14:48 . 2008-04-16 05:22 -------- d-----w- c:\program files\McAfee 2010-08-06 13:32 . 2008-04-16 05:22 -------- d-----w- c:\programdata\McAfee 2010-08-06 05:59 . 2008-04-16 05:53 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-04 20:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-08-04 20:17 . 2010-08-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-08-04 20:17 . 2010-08-04 20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-08-04 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-08-04 15:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-08-03 22:45 . 2010-08-04 12:47 -------- d-----w- c:\users\Ekker 1\AppData\Roaming\Intel 2010-08-03 22:44 . 2008-04-16 04:56 -------- d-----w- c:\program files\Intel 2010-08-03 21:57 . 2010-08-02 11:47 -------- d-----w- c:\users\Dixons\AppData\Roaming\SiteAdvisor 2010-08-03 06:09 . 2010-08-03 06:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2010-08-03 04:45 . 2008-04-16 05:14 -------- d-----w- c:\program files\Microsoft Works 2010-08-02 18:19 . 2010-08-02 18:19 0 ----a-w- c:\users\Dixons\AppData\Roaming\wklnhst.dat 2010-08-02 16:15 . 2010-08-02 16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-08-02 15:03 . 2008-04-16 05:12 -------- d-----w- c:\programdata\Microsoft Help 2010-08-02 12:02 . 2008-04-16 05:46 -------- d-----w- c:\programdata\CyberLink 2010-08-02 11:58 . 2010-08-02 11:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2010-08-02 11:52 . 2008-04-16 05:45 -------- d-----w- c:\program files\Acer Arcade Deluxe 2010-08-02 11:52 . 2008-04-16 05:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-02 11:47 . 2010-08-02 21:28 2220 ----a-w- c:\windows\CLEANUP.CMD 2010-08-02 11:47 . 2010-08-02 11:47 -------- d-----w- c:\users\Dixons\AppData\Roaming\InstallShield 2010-08-02 11:39 . 2010-08-02 11:39 -------- d-----w- c:\program files\Common Files\snp2uvc 2010-08-02 11:39 . 2010-08-02 11:39 -------- d-----w- c:\programdata\InstallShield 2010-08-02 11:38 . 2008-04-16 05:00 -------- d-----w- c:\program files\Common Files\InstallShield . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Family Toolbar\tbhelper.dll" [2009-05-07 355840] [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}] [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}] 2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432] [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2010-07-27 67448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360] "Skytel"="Skytel.exe" [2007-08-03 1826816] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144] "SetPanel"="c:\acer\APanel\APanel.cmd" [bU] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744] "eRecoveryService"="" [bU] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [bU] "Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-05-10 906656] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-08-03 1287120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-16 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 2 (0x2) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-08-06 14:02 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:25,a5,ac,df,e7,33,cb,01 R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-03 218592] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480] --- Andere Services/Drivers In Geheugen --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map 2008-04-16 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-16 13:10] 2008-04-16 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-16 13:10] 2010-08-08 c:\windows\Tasks\RegistryBooster.job - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-08-03 07:50] 2010-08-08 c:\windows\Tasks\User_Feed_Synchronization-{81F699E3-61A6-434E-9722-902F0DA72BC1}.job - c:\windows\system32\msfeedssync.exe [2010-08-03 04:30] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mStart Page = hxxp://search.myheritage.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-08-08 14:23 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'Explorer.exe'(1720) c:\program files\Spyware Doctor\pctgmhk.dll c:\program files\SiteAdvisor\6172\saHook.dll c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll c:\acer\Empowering Technology\EPOWER\SysHook.dll . Voltooingstijd: 2010-08-08 14:28:24 ComboFix-quarantined-files.txt 2010-08-08 12:28 Pre-Run: 105.934.852.096 bytes beschikbaar Post-Run: 105.902.170.112 bytes beschikbaar - - End Of File - - 8D85F7577CE2355F64E5F60B71D830E0
-
Combofix gedownload eindelijk. Laten werken. Alles ging geloof ik goed, alleen op het allerlaatst, moest combofix.text komen en dat gebeurde niet. McAfee stond uit. Dus alleen maar weer Hijacklog. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:03:54, on 8-8-2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\rundll32.exe C:\Windows\PLFSetI.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Users\EKKER1~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10330 bytes
-
Het is wel ontzettend stom, maar combifix die ik heb gedownload heeft geen link 1 link 2. het is een trail versie. Hij opent wel, maar vraagt registratiecode en naam. Hoe ik Registrybooster McAfee en Spyware doctor moet uitzetten weet ik ook niet via die link. Wat een sukkel he. Groet, ekster
-
Bij het openen wordt er direct om toestemming gevraagd. Ik klik op Ja en dan komen die errors. Groet ekster i
-
Malewirebites Anti malware staat op USB stick. Bij mijn vriendin bij wie ik hem van de computer haalde, opende MBAM direct met de vraag om te scannen. Bij mij geeft hij echter: runtime error 0 automation error 440. Wat een puinhoop. Begrijp jij het kape. Groeten ekster.
