Bammens

30 maart 2011

Hier het logbestand van Combifix:

ComboFix 11-03-29.05 - Carl 30-03-2011 12:13:23.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.31.1043.18.2013.1054 [GMT 2:00]

Gestart vanuit: c:\users\Carl\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-28 to 2011-03-30 ))))))))))))))))))))))))))))))

.

2011-03-30 10:28 . 2011-03-30 10:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-28 16:39 . 2011-03-28 16:39 -------- d-----w- c:\program files\Microsoft

2011-03-28 16:39 . 2011-03-28 16:39 -------- d-----w- c:\program files\Windows Live SkyDrive

2011-03-28 16:10 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-03-28 16:10 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-03-28 15:32 . 2011-03-28 15:32 -------- d-----w- c:\program files\Microsoft LifeCam

2011-03-28 15:32 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2011-03-28 15:32 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2011-03-28 11:58 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-03-28 11:58 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-03-28 11:58 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-03-28 08:36 . 2011-03-28 08:36 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\3e60340c1cbed231f\MeshBetaRemover.exe

2011-03-28 08:35 . 2011-03-28 08:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\28aa9de11cbed2318\DSETUP.dll

2011-03-28 08:35 . 2011-03-28 08:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\28aa9de11cbed2318\DXSETUP.exe

2011-03-28 08:35 . 2011-03-28 08:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\28aa9de11cbed2318\dsetup32.dll

2011-03-28 08:35 . 2011-03-28 08:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\2736e9491cbed2317\DSETUP.dll

2011-03-28 08:35 . 2011-03-28 08:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\2736e9491cbed2317\DXSETUP.exe

2011-03-28 08:35 . 2011-03-28 08:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\2736e9491cbed2317\dsetup32.dll

2011-03-28 08:22 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-03-28 08:20 . 2010-12-18 04:20 386048 ----a-w- c:\windows\system32\html.iec

2011-03-28 08:16 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-03-28 08:16 . 2010-11-02 04:46 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-03-28 08:16 . 2010-11-02 04:23 107520 ----a-w- c:\windows\system32\cdd.dll

2011-03-26 11:30 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2011-03-26 11:30 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2011-03-26 11:30 . 2011-03-26 11:30 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2011-03-26 11:30 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2011-03-26 11:30 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2011-03-26 11:30 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2011-03-26 11:30 . 2011-03-26 11:30 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2011-03-19 11:14 . 1997-03-12 16:01 151552 ------w- c:\windows\crllyrnt.dll

2011-03-19 11:14 . 1995-11-07 08:57 6144 ------w- c:\windows\system32\drivers\crlscsi.sys

2011-03-19 11:14 . 1995-05-22 13:05 108032 ------w- c:\windows\system32\mfcuia32.dll

2011-03-19 11:14 . 1995-05-19 13:49 133904 ------w- c:\windows\system32\mfcans32.dll

2011-03-19 11:13 . 2011-03-19 11:14 -------- d-----w- c:\windows\COREL

2011-03-19 11:13 . 2011-03-19 11:13 -------- d-----w- C:\Corel

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-13 19:02 . 2011-02-13 19:02 24064 ----a-w- c:\windows\system32\prefscpl.cpl

2011-01-14 16:23 . 2011-01-14 16:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-02 19:15 . 2010-11-24 15:22 0 ---ha-w- c:\users\Carl\AppData\Local\WavXMapDrive.bat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-03 09:16 175400 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\voipbuster.exe" [2010-12-14 12948272]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-10-09 134656]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-10-15 656696]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-11-17 261888]

"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2009-02-17 446464]

"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]

"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]

"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-09-12 531272]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-17 976832]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2011-02-13 20480]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-10 638976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 135664]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-24 1343400]

S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [2008-03-12 22560]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys [2011-02-25 800376]

S1 crlscsi;crlscsi; [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110325.002\IDSvix86.sys [2011-03-14 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1205000.07D\SYMNETS.SYS [2010-12-01 295032]

S2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [2009-05-13 417792]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [2008-03-11 87072]

S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-18 24576]

S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-11-17 255744]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-28 102448]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-30 c:\windows\Tasks\Acer Registration Reminder.job

- c:\program files\Acer\Registration\GREG.exe [2009-08-28 09:40]

.

2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 18:47]

.

2011-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-24 18:47]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=veriton_m275&r=17051010r806pe415u245z4654r44r

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)

WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)

WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file)

HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe

HKCU-Run-WebCamRT.exe - (no file)

HKLM-Run-EmbassySecurityCheck - c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(904)

c:\program files\Acer\Acer PowerSaver\SysHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\windows\system32\taskhost.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\PSIService.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\RunDll32.exe

.

**************************************************************************

.

Voltooingstijd: 2011-03-30 12:45:12 - machine werd herstart

ComboFix-quarantined-files.txt 2011-03-30 10:45

.

Pre-Run: 20.892.815.360 bytes beschikbaar

Post-Run: 20.648.230.912 bytes beschikbaar

.

- - End Of File - - 892D96A407996F20DEC4AA4DB8F6E8ED

30 maart 2011

Hallo Kape,

Ja, ik heb het als administrator uitgevoerd.

Hieronder hetgeen kweezie wabbit mij adviseerde weg te halen. Hijackthis heeft wel een aantal items verwijderd, maar nog niet alles. 3 Items zijn dus blijven staan.

Groet,

Ad.

is blijven staan R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

is blijven staan R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

is blijven staan O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

verwijderd O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

verwijderd O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

verwijderd O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

verwijderd O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

verwijderd O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll

verwijderd O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE

verwijderd O9 - Extra button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)

verwijderd O9 - Extra 'Tools' menuitem: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - (no file)

verwijderd O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab

verwijderd O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll

---------- Post toegevoegd om 07:59 ---------- Vorige post was om 07:56 ----------

Kape,

Voor de zekerheid nog even gescand en uiteraard weer als Adminitrator.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:57:51, on 30-3-2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe

C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [WavXMgr] "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe"

O4 - HKLM\..\Run: [secureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

O4 - HKLM\..\Run: [EmbassySecurityCheck] ";C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe

O4 - HKLM\..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe

O4 - HKLM\..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe /addrun /l 1043 /LaunchAtStart

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Acer SmartBoot Service (ASLSvc) - Acer Incorporated - C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--

End of file - 9471 bytes

29 maart 2011

Hierbij.