buffalo18
-
Items
28 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door buffalo18
-
-
Ik heb denk ik een Trojaans paard op m'n pc staan. Mijn browser doet raar (chrome), als ik op vorige klik bijvoorbeeld sluit hij de pagina. Bij taakbeheer verschijnen de toepassingen, processen en services voor een halve seconde om dan te verdwijnen/verschijnen/verdwijnen... Ik ben nu een scan aan het doen met avast. Hieronder een logje van HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:38:25, on 7/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Klaas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Dell Official Site - The Power To Do More | Dell
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [installShieldSetup] C:\PROGRA~2\INSTAL~1\{399C3~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{399C3~1\reboot.ini -l0x13
O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Dropbox.lnk = Klaas\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11273 bytes
-
Je kan het even proberen zonder ... maar anders wordt het zoeken geblazen ;-)
Is gestart, maar euhm, nu kan ik daar geen cd meer van maken zeker? Als er evt. bestanden weg zijn?
-
Dan gaan we de essentiële Windows-bestanden even controleren. Tik in zoekopdracht de volgende opdracht sfc /scannow in en laat dit runnen. Onderweg wordt normaal gevraagd naar de Windows-CD. Hou deze alvast bij de hand.
Euhm Windows-cd? Ik heb nooit een Windows-cd gezien hoor. Windows 7 was gewoon geïnstalleerd, maar heb daar nooit cd van gezien. Ik herinner me wel dat hij me vroeg om een soort van cd te maken, waarschijnlijk voor dit soort gevallen. Maar waar die ligt..? Geen idee denk ik..
-
En ... maakt dit enig verschil ?
Bwa, probeerde zonet een PDF te openen, 5 minuten later was hij open . Dus niet echt nee, misschien pc nog eens herstarten, maar daarnet duurde het ook weer zeer lang tegen dat ik eindelijk pc kon gebruiken. Bureaublad verschijnt wel heel snel maar dan blokkeert hij precies. En 5 minuten later schiet alles in gang .
Toch bedankt voor de hulp...
-
a2scan_120121-105242
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 1/21/2012 10:51:40 AM
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, H:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 1/21/2012 10:52:42 AM
c:\programdata\microsoft\windows\start menu\programs\cain Ontdekt: Trace.Directory.Cain!A2
c:\program files (x86)\cain Ontdekt: Trace.Directory.Cain!A2
c:\windows\system32\drivers\imon Ontdekt: Trace.Directory.AllMonitor!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} Ontdekt: Trace.Registry.ShoppingReports!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 Ontdekt: Trace.Registry.ShoppingReports!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib Ontdekt: Trace.Registry.ShoppingReports!A2
c:\windows\system32\drivers\imon\bar.jpg Ontdekt: Trace.File.AllMonitor!A2
Key: HKEY_CURRENT_USER\software\cain\settings Ontdekt: Trace.Registry.Cain!A2
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} Ontdekt: Trace.Registry.IBISToolbar!A2
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@doubleclick[1].txt Ontdekt: Trace.TrackingCookie.doubleclick!A2
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[1].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[2].txt Ontdekt: Trace.TrackingCookie.serving-sys!A2
Gescand
Bestanden: 104005
Sporen: 403649
Cookies: 140
Processen: 60
Gevonden
Bestanden: 0
Sporen: 9
Cookies: 3
Processen: 0
Registersleutels: 0
Scan Geëindigd: 1/21/2012 1:42:37 PM
Scantijd: 2:49:55
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[1].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@serving-sys[2].txt Verwijderd Trace.TrackingCookie.serving-sys!A2
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Cookies\klaas@doubleclick[1].txt Verwijderd Trace.TrackingCookie.doubleclick!A2
Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} Verwijderd Trace.Registry.IBISToolbar!A2
Key: HKEY_CURRENT_USER\software\cain\settings Verwijderd Trace.Registry.Cain!A2
c:\windows\system32\drivers\imon\bar.jpg Verwijderd Trace.File.AllMonitor!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} Verwijderd Trace.Registry.ShoppingReports!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32 Verwijderd Trace.Registry.ShoppingReports!A2
Key: HKEY_LOCAL_MACHINE\software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib Verwijderd Trace.Registry.ShoppingReports!A2
c:\windows\system32\drivers\imon Verwijderd Trace.Directory.AllMonitor!A2
c:\programdata\microsoft\windows\start menu\programs\cain Verwijderd Trace.Directory.Cain!A2
c:\program files (x86)\cain Verwijderd Trace.Directory.Cain!A2
Verwijderd
Bestanden: 0
Sporen: 9
Cookies: 3
-
Traagheid is er nog steeds, maar is precies wel beter. Alles start precies met een lag op. Ik open verschillende programma's, het duurt zeer lang voor er iets opent, maar plots openen ze allemaal. Ook bij herstarten was pc zeer traag (programma's laden enzo), maar dan plots wel gebruiksklaar.
ComboFix 12-01-19.02 - Klaas 21/01/2012 9:15:41.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2650 [GMT 1:00]
Gestart vanuit: C:\Users\Klaas\Desktop\ComboFix.exe
gebruikte Opdracht switches :: C:\Users\Klaas\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-21 to 2012-01-21 ))))))))))))))))))))))))))))))
2012-01-21 08:34:03 . 2012-01-21 08:34:03 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-01-20 16:44:04 . 2012-01-20 16:44:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-20 08:34:41 . 2012-01-06 05:15:20 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DA80C37-7514-4C5C-B4F9-D7CDB0CF24FC}\mpengine.dll
2012-01-11 07:47:15 . 2011-10-26 05:25:16 1572864 ----a-w- C:\Windows\system32\quartz.dll
2012-01-11 07:47:15 . 2011-10-26 05:25:15 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-01-11 07:47:15 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 07:47:15 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 07:47:13 . 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\system32\packager.dll
2012-01-11 07:47:13 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 07:47:13 . 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\system32\ntdll.dll
2012-01-11 07:47:13 . 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-08 11:20:38 . 2012-01-08 11:20:40 -------- d-----w- C:\Users\Klaas\AppData\Roaming\Stellarium
2012-01-08 11:20:01 . 2012-01-08 11:20:36 -------- d-----w- C:\Program Files (x86)\Stellarium
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-12-10 14:24:08 . 2010-05-22 18:08:47 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-12-06 20:34:22 . 2011-12-06 20:34:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 . 2011-12-14 16:14:14 3145216 ----a-w- C:\Windows\system32\win32k.sys
2011-11-15 13:29:56 . 2009-10-25 21:51:11 270720 ------w- C:\Windows\system32\MpSigStub.exe
2011-11-05 05:32:50 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-11-05 04:26:03 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 . 2011-12-15 02:01:56 2309120 ----a-w- C:\Windows\system32\jscript9.dll
2011-11-04 01:44:47 . 2011-12-15 02:01:56 1390080 ----a-w- C:\Windows\system32\wininet.dll
2011-11-04 01:44:21 . 2011-12-15 02:01:56 1493504 ----a-w- C:\Windows\system32\inetcpl.cpl
2011-11-04 01:34:43 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-11-03 22:47:42 . 2011-12-15 02:01:56 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 . 2011-12-15 02:01:56 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 . 2011-12-15 02:01:56 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-29 10:56:39 . 2011-10-29 10:56:39 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-29 10:56:38 . 2011-10-29 10:56:38 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-10-26 05:21:20 . 2011-12-14 16:14:17 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18:12 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 08:01:50 145408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 21:09:34 199464]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-08-27 20:47:18 1200136]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 11:27:02 358336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 09:18:54 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 00:25:50 62720]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 08:58:08 20480]
R3 AF9035BDA;Cinergy T-Stick service;C:\Windows\system32\DRIVERS\AF9035BDA.sys [x]
R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 05:40:12 796192]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys [x]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496]
S2 IGBASVC;EgisTec Service;c:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-08-06 05:21:04 3450368]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 16:12:12 208896]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 23:47:10 191000]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 12:32:14 34048]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 09:54:44 253952]
S2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 10:47:24 716024]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 20:39:09 427192]
S2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 13:31:44 116224]
S3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\system32\DRIVERS\hidshim.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [x]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
Inhoud van de 'Gedeelde Taken' map
2012-01-20 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job
- C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51]
2012-01-21 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job
- C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51]
2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36]
2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36]
2012-01-19 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job
- C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33]
2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job
- C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33]
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19:54 137512 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 02:32:06 8060960]
"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
------- Bijkomende Scan -------
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab
FF - ProfilePath - C:\Users\Klaas\AppData\Roaming\Mozilla\Firefox\Profiles\gukytds7.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
-
Ook uitgevoerd
ComboFix 12-01-19.02 - Klaas 21/01/2012 8:02:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2740 [GMT 1:00]
Gestart vanuit: C:\Users\Klaas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
C:\install.exe
c:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.dll
C:\Program Files (x86)\Common Files\Acer GameZone online.ico
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Recent\ChattChitto.url
C:\Users\Klaas\AppData\Roaming\Sdat.exe
C:\Windows\SysWow64\drivers\imon\anti_end.dll
C:\Windows\SysWow64\drivers\imon\browse_setting.ini
C:\Windows\SysWow64\drivers\imon\gdiplus.dll
C:\Windows\SysWow64\drivers\imon\imonsmtp.exe
C:\Windows\SysWow64\drivers\imon\install_lsp.exe
C:\Windows\SysWow64\drivers\imon\th_imgbrowser.ocx
C:\Windows\SysWow64\drivers\imon\uninstall.exe
C:\Windows\SysWow64\drivers\imon\wodSmtp.ocx
(((((((((((((((((((( Bestanden Gemaakt van 2011-12-21 to 2012-01-21 ))))))))))))))))))))))))))))))
2012-01-21 07:23:28 . 2012-01-21 07:23:28 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-01-20 16:44:04 . 2012-01-20 16:44:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-11 07:47:15 . 2011-10-26 05:25:16 1572864 ----a-w- C:\Windows\system32\quartz.dll
2012-01-11 07:47:15 . 2011-10-26 05:25:15 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-01-11 07:47:15 . 2011-10-26 04:32:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 07:47:15 . 2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 07:47:13 . 2011-11-19 14:58:00 77312 ----a-w- C:\Windows\system32\packager.dll
2012-01-11 07:47:13 . 2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 07:47:13 . 2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\system32\ntdll.dll
2012-01-11 07:47:13 . 2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-08 11:20:38 . 2012-01-08 11:20:40 -------- d-----w- C:\Users\Klaas\AppData\Roaming\Stellarium
2012-01-08 11:20:01 . 2012-01-08 11:20:36 -------- d-----w- C:\Program Files (x86)\Stellarium
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-01-06 05:15:20 . 2012-01-20 08:34:41 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DA80C37-7514-4C5C-B4F9-D7CDB0CF24FC}\mpengine.dll
2011-12-10 14:24:08 . 2010-05-22 18:08:47 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-12-06 20:34:22 . 2011-12-06 20:34:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 . 2011-12-14 16:14:14 3145216 ----a-w- C:\Windows\system32\win32k.sys
2011-11-15 13:29:56 . 2009-10-25 21:51:11 270720 ------w- C:\Windows\system32\MpSigStub.exe
2011-11-05 05:32:50 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-11-05 04:26:03 . 2011-12-14 16:14:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 . 2011-12-15 02:01:56 2309120 ----a-w- C:\Windows\system32\jscript9.dll
2011-11-04 01:44:47 . 2011-12-15 02:01:56 1390080 ----a-w- C:\Windows\system32\wininet.dll
2011-11-04 01:44:21 . 2011-12-15 02:01:56 1493504 ----a-w- C:\Windows\system32\inetcpl.cpl
2011-11-04 01:34:43 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2011-11-03 22:47:42 . 2011-12-15 02:01:56 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 . 2011-12-15 02:01:56 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 . 2011-12-15 02:01:56 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 . 2011-12-15 02:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-29 10:56:39 . 2011-10-29 10:56:39 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-29 10:56:38 . 2011-10-29 10:56:38 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-10-26 05:21:20 . 2011-12-14 16:14:17 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18:12 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 08:01:50 145408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 21:09:34 199464]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-08-27 20:47:18 1200136]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 13:49:28 249064]
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 11:27:02 358336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 09:18:54 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 00:25:50 62720]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 08:58:08 20480]
R3 AF9035BDA;Cinergy T-Stick service;C:\Windows\system32\DRIVERS\AF9035BDA.sys [x]
R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 11:55:36 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe [2009-07-14 01:39:46 27136]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 05:40:12 796192]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys [x]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496]
S2 IGBASVC;EgisTec Service;c:\Program Files (x86)\Acer Bio Protection\BASVC.exe [2009-08-06 05:21:04 3450368]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 16:12:12 208896]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 23:47:10 191000]
S2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);C:\Windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 12:32:14 34048]
S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 09:54:44 253952]
S2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 10:47:24 716024]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 01:47:12 240160]
S2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 20:39:09 427192]
S2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 13:31:44 116224]
S3 hidshim;Service for HID-KMDF Shim layer;C:\Windows\system32\DRIVERS\hidshim.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys [x]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
Inhoud van de 'Gedeelde Taken' map
2012-01-20 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job
- C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51]
2012-01-21 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job
- C:\Users\Klaas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-30 17:00:52 . 2011-11-30 17:00:51]
2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36]
2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 14:15:26 . 2010-01-31 11:55:36]
2012-01-19 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000Core.job
- C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33]
2012-01-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1200137767-1035772069-1397413781-1000UA.job
- C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 15:39:07 . 2010-06-16 17:30:33]
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19:54 137512 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 02:03:32 186904]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 02:32:06 8060960]
"combofix"="C:\ComboFix\CF14882.3XE" [2010-11-20 13:24:33 345088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
------- Bijkomende Scan -------
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab
FF - ProfilePath - C:\Users\Klaas\AppData\Roaming\Mozilla\Firefox\Profiles\gukytds7.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
- - - - ORPHANS VERWIJDERD - - - -
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
-
Voila, alles uitgevoerd, wel in veilige modus daar ik in normale modus niet meer kan werken door de extreme traagheid .
Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: v2012.01.20.02
Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 9.0.8112.16421
Klaas :: KLAAS-PC [administrator]
20/01/2012 17:45:26
mbam-log-2012-01-20 (17-45-26).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstarten | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 207816
Verstreken tijd: 13 minuut/minuten, 58 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 85
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.HbAx (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.IEButtonA (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.IEButton (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Dwnldr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.HbGuru (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.ReportData (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Scopes (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.22.0 (Adware.HotBar) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879047EB6765A503FA990 (Malware.Trace) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 35
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\plugins (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\plugins (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\FunWebProducts\Installr (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0 (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 47
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaasupdate001.exe (Spyware.Passwords.XGen) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Local\Temp\0.9119469560445368.exe (Spyware.Passwords.XGen) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Local\Temp\60414.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\video (1).exe (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\video.exe (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\Webfetti (1).exe (Adware.FunWeb) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\Webfetti.exe (Adware.FunWeb) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\XvidSetup (1).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\XvidSetup (2).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\XvidSetup (3).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\XvidSetup (4).exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\Downloads\XvidSetup.exe (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Roaming\data.dat (Stolen.Data) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Spyware Protection .lnk (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Local\Temp\Crypted.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Klaas\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.630.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\link.ico (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\chrome\content\infopane.js (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\firefox\firefoxtoolbar\extensions\components\BrowserExtensionFF.dll (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome\questbrowse.jar (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:19, on 20/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12308 bytes
-
Sins kort is m'n pc tergend traag. Ik heb Windows 7 (Acer Aspire 7738G). Hieronder de log van Hijack. Ik zag dat er bij veel bestanden (file missing) bijstond, misschien heeft het daar ergens mee te maken?
Ook moet ik erbij vermelden dat m'n pc bijna altijd in slaapstand staat 's nachts, dus hij wordt eigenlijk nooit uitgeschakeld. Ik heb hem onlangs (sind dat hij zo traag was) en heropgestart en dat ging ook hééél traag. Iemand een idee?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:00:03, on 20/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Klaas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Klaas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing)
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12890 bytes
-
Ik heb de laatste dagen last van een fake-antivirusprogramma dat zich telkens vanzelf voor m'n ogen installeert op m'n pc, je kan het installatievenster natuurlijk niet wegklikken... Ook komt er bij het opstarten een fake security-center op m'n scherm. En om de zoveel tijd komen er links naar verschillende websites op m'n bureaublad.
Ik heb nu gezien dat ADaware een proces heeft geblokt, maar hieronder het rapport.
Ik heb al veel scans gedaan met ADaware, maar telkens opnieuw vindt hij dezelfde bestanden, ze komen steeds terug. Ik wou ook nog een hijackscan doen maar ik krijg error bij opstarten 'kan ...hijackthis.exe' niet starten...
Logfile created: 16/07/2010 19:24:03
Ad-Aware version: 8.2.6
Extended engine: 81608688
Extended engine version:
User performing scan: Name
*********************** Definitions database information ***********************
Lavasoft definition file: 149.330
Genotype definition file version: 2010/07/15 08:06:49
******************************** Scan results: *********************************
Scan profile name: Slim. scan (ID: smart)
Objects scanned: 32033
Objects detected: 31
Type Detected
==========================
Processes.......: 3
Registry entries: 3
Hostfile entries: 0
Files...........: 1
Folders.........: 8
LSPs............: 0
Cookies.........: 16
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *metriweb* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408990 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514
Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514
Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514
Description: c:\program files (x86)\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105629 Family ID: 2494514
Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514
Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514
Description: c:\users\name\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514
Description: c:\users\name
\appdata\roaming\microsoft\windows\start menu\programs\defense center Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105632 Family ID: 2494514
Quarantined items:
Description: c:\users\name\appdata\local\temp\msderun.exe Family Name: Win32.Trojan.FakeAV Engine: 1 Clean status: Success Item ID: 4296987 Family ID: 5429
Description: c:\users\name\appdata\local\temp\mschrt20ex.dll Family Name: Win32.Trojan.FakeAV Engine: 1 Clean status: Success Item ID: 4296981 Family ID: 5429
Description: c:\users\name\appdata\local\temp\wscsvc32.exe Family Name: Win32.Trojan.Fraudpack Engine: 1 Clean status: Success Item ID: 4296912 Family ID: 5226
Description: c:\program files (x86)\defense center\defcnt.exe Family Name: Win32.FraudTool.PaladinAntivirus/A Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 5fe9c026b40db8177ec69ddfd30620e2
Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{5E2121EE-0300-11D4-8D3B-444553540000} Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429946 Family ID: 2494514
Description: HKLM:SOFTWARE\Defense Center: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105626 Family ID: 2494514
Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 4105627 Family ID: 2494514
Scan and cleaning complete: Finished correctly after 151 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Slim. scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Apr 28 20:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Apr 28 02:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Apr 28 08:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Apr 28 14:37:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Apr 28 20:37:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: false
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: nl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: false
ID: usespywareheuristics, enabled:1, value: false
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: name-PC
Processor name: Intel® Core2 Quad CPU Q9000 @ 2.00GHz
Processor identifier: Intel64 Family 6 Model 23 Stepping 10
Processor speed: ~1995MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 5898, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2799980544 bytes
Physical memory total: 4289650688 bytes
Virtual memory available: 1967296512 bytes
Virtual memory total: 2147352576 bytes
Memory load: 34%
Microsoft (build 7600)
Windows startup mode:
Running processes:
PID: 336 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 532 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 624 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 664 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 680 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 688 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 808 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 868 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 968 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1000 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 304 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 824 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1088 name: C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1120 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1252 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1296 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1532 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1588 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1604 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1696 name: C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1944 name: C:\Program Files\LSI SoftModem\agr64svc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1976 name: C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\Program Files (x86)\Acer\Registration\GregHSRW.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1232 name: C:\Program Files (x86)\Acer Bio Protection\BASVC.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1228 name: C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2056 name: C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2076 name: C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2128 name: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2172 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2196 name: C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2236 name: C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2256 name: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2344 name: C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2380 name: C:\Program Files\Acer\Acer Updater\UpdaterService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2404 name: C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2424 name: C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2616 name: C:\Windows\System32\taskhost.exe owner: name domain: name-PC
PID: 2688 name: C:\Windows\System32\taskeng.exe owner: name domain: name-PC
PID: 2720 name: C:\Windows\System32\dwm.exe owner: name domain: name-PC
PID: 2812 name: C:\Windows\explorer.exe owner: name domain: name-PC
PID: 2984 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3008 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2492 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2524 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3140 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3224 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3440 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3712 name: C:\Users\name\AppData\Local\Temp\MSDERUN.EXE owner: name domain: name-PC
PID: 3768 name: C:\Windows\PLFSetI.exe owner: name domain: name-PC
PID: 3784 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: name domain: name-PC
PID: 3820 name: C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe owner: name domain: name-PC
PID: 3832 name: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe owner: name domain: name-PC
PID: 3848 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: name domain: name-PC
PID: 4052 name: C:\Users\name\AppData\Local\Temp\wscsvc32.exe owner: name domain: name-PC
PID: 3272 name: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: name domain: name-PC
PID: 3584 name: C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe owner: name domain: name-PC
PID: 3576 name: C:\Program Files (x86)\Launch Manager\LManager.exe owner: name domain: name-PC
PID: 1808 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: name domain: name-PC
PID: 2768 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3808 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 4192 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4216 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4500 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4672 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: name domain: name-PC
PID: 4724 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: name domain: name-PC
PID: 2092 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: name domain: name-PC
PID: 4088 name: C:\Program Files (x86)\Nero\Update\NASvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2296 name: C:\Windows\System32\sppsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 4488 name: C:\Windows\System32\PrintIsolationHost.exe owner: SYSTEM domain: NT AUTHORITY
Startup items:
Name: EgisTecLiveUpdate
imagepath: "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
Name: LManager
imagepath: C:\Program Files (x86)\Launch Manager\LManager.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: AgereModemAudio
displayname: Agere Modem Call Progress Audio
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: AudioSrv
displayname: Windows Audio
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser
displayname: Computer Browser
Name: bthserv
displayname: Bluetooth Support Service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP-client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: ePowerSvc
displayname: Acer ePower Service
Name: eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: Greg_Service
displayname: GRegService
Name: hidserv
displayname: Human Interface Device Access
Name: HomeGroupListener
displayname: HomeGroup Listener
Name: HomeGroupProvider
displayname: HomeGroup Provider
Name: IAANTMON
displayname: Intel® Matrix Storage Event Monitor
Name: IGBASVC
displayname: EgisTec Service
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: IPBusEnum
displayname: PnP-X IP Bus Enumerator
Name: iphlpsvc
displayname: IP Helper
Name: KeyIso
displayname: CNG Key Isolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: LVPrcS64
displayname: Process Monitor
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: MWLService
displayname: MyWinLocker Service
Name: NAUpdate
displayname: Nero Update
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: NTI IScheduleSvc
displayname: NTI IScheduleSvc
Name: NTISchedulerSvc
displayname: NTI Backup Now 5 Scheduler Service
Name: nTuneService
displayname: Performance Service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: p2pimsvc
displayname: Peer Networking Identity Manager
Name: p2psvc
displayname: Peer Networking Grouping
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: PNRPsvc
displayname: Peer Name Resolution Protocol
Name: Power
displayname: Power
Name: ProfSvc
displayname: User Profile Service
Name: RasMan
displayname: Remote Access Connection Manager
Name: RetroLauncher
displayname: Retrospect Launcher
Name: RpcEptMapper
displayname: RPC Endpoint Mapper
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: RS_Service
displayname: Raw Socket Service
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: sppsvc
displayname: Software Protection
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: Secure Socket Tunneling Protocol Service
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telephony
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: TrustedInstaller
displayname: Windows Modules Installer
Name: UpdateCenterService
displayname: Update Center Service
Name: Updater Service
displayname: Updater Service
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: vpnagent
displayname: Cisco AnyConnect VPN Agent
Name: WDDMService
displayname: WD SmartWare Drive Manager Service
Name: WdiServiceHost
displayname: Diagnostic Service Host
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WDSmartWareBackgroundService
displayname: WD SmartWare Background Service
Name: WinDefend
displayname: Windows Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP Web Proxy Auto-Discovery Service
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
-
Die bestanden ken ik niet nee . Hieronder de logs. Maar het lijkt wel in orde nu.. zal die uhm.exe geweest zijn denk ik.
Hijack log:
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = deredactie.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12971 bytes
Databaseversie: 4131
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22/05/2010 20:14:28
mbam-log-2010-05-22 (20-14-28).txt
Scantype: Snelle scan
Objecten gescand: 127094
Verstreken tijd: 4 minuut/minuten, 10 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 8
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 47
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080500.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102443.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103752.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103753.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103754.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103800.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103801.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat103805.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125451.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat164049.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165413.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165414.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165415.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165416.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat165417.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat192752.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194117.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194118.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194121.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194940.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194941.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200309.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200310.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200311.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200312.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200314.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200317.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200318.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200319.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200323.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200324.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200325.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200326.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200327.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200328.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200329.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200334.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat200336.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat281824.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat281825.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat281826.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Klaas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580459.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
-
Ik heb de laatste tijd last van vreselijk vervelende pop-ups. De pop-ups verschijnen zelfs wanneer IE zelfs niet geopend is. Ik heb al gescand met ad-aware, spyware doctor, kaspersky en avg maar pop-ups blijven komen... Iemand raad?
Hieronder de log van hijack:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:48, on 22/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Uzyzub.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Users\Klaas\AppData\Local\Temp\Uhm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = deredactie.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: (no name) - {BFE7D8EF-0538-3F2B-A3FA-F4087F576789} - (no file)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Klaas\AppData\Local\Temp\Uhm.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: mel.bat080500.bat
O4 - Startup: mel.bat102443.bat
O4 - Startup: mel.bat103752.bat
O4 - Startup: mel.bat103753.bat
O4 - Startup: mel.bat103754.bat
O4 - Startup: mel.bat103800.bat
O4 - Startup: mel.bat103801.bat
O4 - Startup: mel.bat103805.bat
O4 - Startup: mel.bat125451.bat
O4 - Startup: mel.bat164049.bat
O4 - Startup: mel.bat165413.bat
O4 - Startup: mel.bat165414.bat
O4 - Startup: mel.bat165415.bat
O4 - Startup: mel.bat165416.bat
O4 - Startup: mel.bat165417.bat
O4 - Startup: mel.bat192752.bat
O4 - Startup: mel.bat194117.bat
O4 - Startup: mel.bat194118.bat
O4 - Startup: mel.bat194121.bat
O4 - Startup: mel.bat194940.bat
O4 - Startup: mel.bat194941.bat
O4 - Startup: mel.bat200309.bat
O4 - Startup: mel.bat200310.bat
O4 - Startup: mel.bat200311.bat
O4 - Startup: mel.bat200312.bat
O4 - Startup: mel.bat200314.bat
O4 - Startup: mel.bat200317.bat
O4 - Startup: mel.bat200318.bat
O4 - Startup: mel.bat200319.bat
O4 - Startup: mel.bat200323.bat
O4 - Startup: mel.bat200324.bat
O4 - Startup: mel.bat200325.bat
O4 - Startup: mel.bat200326.bat
O4 - Startup: mel.bat200327.bat
O4 - Startup: mel.bat200328.bat
O4 - Startup: mel.bat200329.bat
O4 - Startup: mel.bat200334.bat
O4 - Startup: mel.bat200336.bat
O4 - Startup: mel.bat281824.bat
O4 - Startup: mel.bat281825.bat
O4 - Startup: mel.bat281826.bat
O4 - Startup: mel.bat580459.bat
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\imon\pklsp.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://asavpn1.ugent.be/CACHE/stc/11/binaries/vpnweb.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files (x86)\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14907 bytes
-
Of met MS Office Picture Viewer, ook heel handig!
-
Wil je draadloos aansluiten op dat apparaat of niet? Misschien staat de mac-filter aan.
-
Ja natuurlijk! Devolo garandeert nu al gegevensoverdracht van 200Mbps, da's een snelheid die je normaal wel niet zal halen maar je kan er naar streven. Hangt ervanaf in welk circuit je beide powerlineadapters zijn aangesloten. Maar ik heb thuis nog de oude (blauwe) devolo's en ik heb een snelheid van 20Mbps wat meer dan genoeg is .
-
Dindo,
Ik heb een technics van de 1200 serie. Heeft me veel gekost maar is wel de moeite! Maar het is misschien niet zo gebruiksvriendelijk als uw vorige platenspeler. de technics heeft nl. geen usb-aansluiting.
Om je platen naar mp3 om te zetten dien je je platenspeler op een versterker aan te sluiten, en de versterker aansluiten op de line-in van je pc.
Dan download je gepaste software, bv. goldwave (freeware), en... omzetten die handel!
-
Is je pc zo ingesteld dat hij het geluid via de bluetoothluidsprekers afspeelt? Ik vermoed dat het apparaat wordt herkend als een virtuele bluetoothluidspreker. Check dat eens bij configuratiescherm -> geluid. Kabels goed aangesloten?
-
Als je kwaliteit wil zal je ervoor moeten betalen vrees ik. De beste kwaliteit haal je uit een Technics, daar heb ik toch goede ervaringen mee.
-
Garfield 2 en sims 3 zijn vrij oude games, dus die hebben niet al te hoge vereisten. Welk besturingssysteem heb je?
Als je windows 7 hebt kan je ze in compabiliteitsmodus eens proberen, is wel niet altijd een garantie voor succes. Probeer het merk/model van je grafische kaart te weten te komen en download de nieuwste driver.
-
Het kan natuurlijk ook liggen aan hoe ver je van de centrale verwijderd bent en bij welke ISP je bent.
Zit je bij telenet, dan is er geen probleem. Maar als je bij belgacom een abo hebt kan je al eens een trage internetverbinding voorgeschoteld krijgen. Belgacom verdeelt nu al een hele tijd vdsl2-lijnen (downstream: 20Mbps). Je kan daarvoor een aanvraag doen, is helemaal gratis.
In de buurt van je KVD (straatkast) moet wel een ROP (remote operating platform -> voor de vdsl2) staan anders is vdsl niet beschikbaar op jouw adres (maar je kan dat snel te weten komen).
Je kan ook eens een checkup doen van je binnenbekabeling, kan ook geen kwaad .
-
Kan je eens de link doorgeven? Ik zie maar 1 versie van de devolo audio extender op de website.
-
Dag iedereen,
Ik heb een groot probleem . Ik heb een devolo audio extender. De installatie ging vlot, maarr de software is blijkbaar niet compatible met windows 7.
Normaal kan je switchen tussen de geluidskaart van je pc en die van devolo. Mijn pc (win 7) vindt die geluidskaart van devolo niet.
Aangezien het product niet meer wordt gemaakt verschijnt er geen software die compatible is met windows 7. Heel ergerlijk natuurlijk.
Is er niemand hier, die zelf die software kan aanpassen aan windows 7? Het zou mij veel plezier doen en heb er zelfs nog een vergoeding voor over, voor diegene die dat kan. Of zijn er andere oplossingen?
Bedankt!
-
Dag iedereen,
Ik heb een groot probleem . Ik heb een devolo audio extender. De installatie ging vlot, maarr de software is blijkbaar niet compatible met windows 7.
Normaal kan je switchen tussen de geluidskaart van je pc en die van devolo. Mijn pc (win 7) vindt die geluidskaart van devolo niet.
Aangezien het product niet meer wordt gemaakt verschijnt er geen software die compatible is met windows 7. Heel ergerlijk natuurlijk.
Is er niemand hier, die zelf die software kan aanpassen aan windows 7? Het zou mij veel plezier doen en heb er zelfs nog een vergoeding voor over, voor diegene die dat kan. Of zijn er andere oplossingen?
Bedankt!
-
Dag iedereen,
Ik heb een devolo audio extender gekocht en geïnstalleerd zoals het hoort. Na het installeren van de software zou ik de geluidsdriver van devolo als staandaard moeten instellen. Maar die driver en dus geluidskaart staat helemaal niet tussen de lijst met mijn andere geluidsdrivers. Zou het kunnen omdat ik windows 7 heb? Iemand een oplossing?
Bedankt!
Virus + logje
in Archief Windows Algemeen
Geplaatst:
Probleem is intussen al opgelost, voorlopig toch. Toch nog een vraagje, onderaan het logje zie ik veel (file missing) bij toch belangrijke bestanden? Kan dit geen kwaad?