opstartgrogramma verwijderen

ekster · 29 juli 2011

Ik heb een productondersteuning programma voor mobiele telefoon gedownload. De verbinding lukte niet. LG raadde me het programma eruit te halen. Dat heb ik gedaan met Revo uninstaller. Nu blijft 1 deel staan in de opstartprogramma: B2C Noti Agent. Dat kan ik wel wegkrijgen door vinkje weg te halen, maar hoe ik kan ik het verwijderen?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:39:57, on 29-7-11

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Windows\System32\rundll32.exe

C:\Users\EKKER1~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Ekker 1\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [PhilipsSongbirdLauncher] C:\Program Files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: Dropbox.lnk = C:\Users\Ekker 1\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10834 bytes

Hijackthis logje

Hartelijke groet, ekster

wouterter · 29 juli 2011

als ik een programma helemaal van mijn pc wil hebben dan gebruik ik TuneUp Utililties 2011

dat programma heeft een uninstaller en die haalt het programma eraf, je kunt hem zelf niet meer terughalen met een rescue programma

Jean-Pierre · 29 juli 2011

Laten we eerst 1 van de specialisten hun werk doen alvorens met andere tips aan te komen.;-)

29 juli 2011 aangepast door Jean-Pierre

kape · 29 juli 2011

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

ekster · 30 juli 2011

ComboFix 11-07-29.03 - Ekker 1 a 30-07-11 9:03.10.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.1654 [GMT 2:00]

Gestart vanuit: c:\users\Ekker 1\Downloads\ComboFix.exe

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Ekker 1\AppData\Local\temp\ppcrlui_4628_2

c:\users\Ekker 1\AppData\Roaming\.#

c:\users\Ekker 1\Documents\~WRL0002.tmp

c:\users\EKKER1~1\AppData\Local\Temp\ppcrlui_4628_2

D:\install.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-28 to 2011-07-30 ))))))))))))))))))))))))))))))

.

2011-07-30 07:19 . 2011-07-30 07:19 -------- d-----w- c:\users\Ekker 1\AppData\Local\temp

2011-07-30 07:19 . 2011-07-30 07:19 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-30 07:19 . 2011-07-30 07:19 -------- d-----w- c:\users\GSN\AppData\Local\temp

2011-07-30 07:19 . 2011-07-30 07:19 -------- d-----w- c:\users\Dixons\AppData\Local\temp

2011-07-30 07:19 . 2011-07-30 07:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-30 06:56 . 2011-07-30 06:59 -------- d-----w- C:\32788R22FWJFW

2011-07-29 18:38 . 2011-07-29 18:38 388096 ----a-r- c:\users\Ekker 1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-07-29 18:38 . 2011-07-29 18:38 -------- d-----w- c:\program files\Trend Micro

2011-07-29 07:29 . 2011-07-29 07:29 -------- d-----w- c:\program files\LG Electronics

2011-07-25 13:02 . 2011-07-01 13:36 767952 ----a-w- c:\windows\BDTSupport.dll

2011-07-25 13:02 . 2011-07-01 13:36 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-07-25 13:02 . 2011-07-01 13:36 2029520 ----a-w- c:\windows\PCTBDCore.dll

2011-07-25 13:02 . 2011-07-01 13:36 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-07-25 10:47 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-07-25 10:47 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-07-25 10:47 . 2011-07-11 07:05 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-07-25 10:47 . 2011-07-11 07:05 107352 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys

2011-07-25 10:46 . 2011-07-11 10:02 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-07-25 10:46 . 2011-07-11 10:06 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-07-25 10:46 . 2011-03-10 07:08 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-07-25 10:42 . 2011-07-11 07:07 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-07-25 10:29 . 2011-07-30 06:13 -------- d-----w- c:\program files\PC Tools Security

2011-07-25 07:07 . 2011-07-25 07:07 -------- d-----w- c:\program files\iPod

2011-07-25 07:07 . 2011-07-25 07:08 -------- d-----w- c:\program files\iTunes

2011-07-25 07:03 . 2011-07-25 07:03 -------- d-----w- c:\program files\Bonjour

2011-07-15 09:31 . 2011-07-15 09:31 -------- d-----w- c:\windows\nl

2011-07-15 09:25 . 2011-07-15 09:25 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-15 09:22 . 2011-07-15 09:22 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\af9bedb01cc42d002\MeshBetaRemover.exe

2011-07-13 06:01 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 06:01 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 06:01 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-02 23:36 . 2011-07-29 08:53 -------- d-----w- C:\LGC320

2011-07-02 23:31 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll

2011-07-02 23:31 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll

2011-07-02 23:31 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll

2011-07-02 23:31 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll

2011-07-02 23:31 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll

2011-07-02 23:31 . 2011-07-02 23:31 -------- d-----w- c:\programdata\LGMOBILEAX

2011-07-02 16:39 . 2011-07-02 16:39 -------- d-----w- c:\program files\Apple Software Update

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-19 14:25 . 2011-05-17 22:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 16:36 . 2011-05-29 16:36 387600 ----a-w- c:\windows\system32\FTBSaver.scr

2011-05-13 14:03 . 2011-05-13 14:03 49016 ----a-w- c:\windows\system32\sirenacm.dll

2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR

2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 06:06 . 2011-05-10 06:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-05-05 05:22 . 2011-05-05 05:22 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-05 05:22 . 2011-05-05 05:22 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-05 05:22 . 2011-05-05 05:22 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-05 05:22 . 2011-05-05 05:22 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-05 05:22 . 2011-05-05 05:22 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-05 05:22 . 2011-05-05 05:22 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-05 05:22 . 2011-05-05 05:22 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-05 05:22 . 2011-05-05 05:22 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-05 05:22 . 2011-05-05 05:22 367104 ----a-w- c:\windows\system32\html.iec

2011-05-05 05:22 . 2011-05-05 05:22 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-05 05:22 . 2011-05-05 05:22 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-05 05:22 . 2011-05-05 05:22 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-05 05:22 . 2011-05-05 05:22 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-05 05:22 . 2011-05-05 05:22 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-05 05:22 . 2011-05-05 05:22 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-05 05:22 . 2011-05-05 05:22 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-05 05:22 . 2011-05-05 05:22 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-05 05:22 . 2011-05-05 05:22 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-05 05:22 . 2011-05-05 05:22 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-04 02:52 . 2010-08-13 00:45 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-02 17:16 . 2011-06-17 05:44 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-22 15:18 . 2011-03-24 10:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Ekker 1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Ekker 1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Ekker 1\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"PhilipsSongbirdLauncher"="c:\program files\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe" [2010-09-01 346624]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]

"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648]

"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]

"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-03 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-03 13535776]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-07-07 1600984]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]

.

c:\users\Ekker 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Ekker 1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-16 535336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2010-08-06 14:02 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]

2011-06-14 23:47 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]

R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-02-02 11232]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-07-11 263888]

S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]

S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]

S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-07-11 253096]

S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]

S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2011-07-11 70664]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - PCTSDInjDriver32

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2011-07-30 c:\windows\Tasks\User_Feed_Synchronization-{81F699E3-61A6-434E-9722-902F0DA72BC1}.job

- c:\windows\system32\msfeedssync.exe [2011-05-05 05:22]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

mStart Page = hxxp://nl.woofi.info

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 62.45.45.45 192.168.1.1

FF - ProfilePath - c:\users\Ekker 1\AppData\Roaming\Mozilla\Firefox\Profiles\pht9iuqb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6048c1&v=6.010.023.001&i=23&tp=ab&iy=&ychte=nl&lng=nl&q=

FF - prefs.js: network.proxy.type - 0

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-30 09:19

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2011-07-30 09:26:16

ComboFix-quarantined-files.txt 2011-07-30 07:26

ComboFix2.txt 2011-05-20 06:44

.

Pre-Run: 95.065.321.472 bytes beschikbaar

Post-Run: 95.133.933.568 bytes beschikbaar

.

- - End Of File - - 1B5BFC2A49F0BF8A7D06557A66D49B89

Twee vragen: Ik krijg van jullie het bericht dat ik niet gerechtigd ben op deze pagina. Waarom is dit? Moet ik misschien mijn donatie verlengen?

Ik kreeg een vriendschapsbericht van Help Forum. Wat is daar de bedoeling van?

Hartelijke groet, ekster

kape · 30 juli 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\Microsoft\BingBar\BBSvc.EXE

Folder::

c:\program files\Microsoft\BingBar

c:\programdata\LGMOBILEAX\B2C_Client

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]

Driver::

BBSvc

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht. En laat dan ook even weten of het ongewenste programma nu helemaal verwijderd is van je PC ?

Twee vragen: Ik krijg van jullie het bericht dat ik niet gerechtigd ben op deze pagina. Waarom is dit? Moet ik misschien mijn donatie verlengen?

Dat heeft normaal niets met je donatie ter maken. Moet ofwel een tijdelijk probleem geweest zijn, of mogelijk het gevolg van een té groot bericht dat je wilde plaatsen. Bekijk nog even of dit probleem zich opnieuw voordoet ?

Ik kreeg een vriendschapsbericht van Help Forum. Wat is daar de bedoeling van?

Op PCH kunnen andere forumgebruikers je een vraag stellen om "vriend" te worden. Indien dit via PCH gebeurt én je de afzender kent, kan je daar - naar eigen goeddunken - positief of negatief op antwoorden. Maar dat is je eigen keuze.

ekster · 30 juli 2011

Ik heb Spyware doctor met antivirus.

Volgens opgegeven aanwijzingen spyware uitgeschakeld. Vanmorgen werkte Combofix daar prima mee. Nu ineens niet meer, antivirus moest uit. Ik heb alles geprobeerd maar dat lukte niet. Dus met eigen risico doorgegaan met Combofix +log.txt.

Dat heb ik geweten. Combofix duurde heel lang, toen afsluiten. Dat lukte nog, maar opstarten bleef zwart gat met cursor.

Ik heb toen handmatig uitgezet en opnieuw opgestart. Combofix maakte toch logje af. Maar configuratie werkte niet meer, internet stond op sitecom, spyware doctor vond 136 infecties.

Nu werkt alles weet. Eigen netwerk opgezocht en opnieuw opgestart. Kun je me laten weten hoe ik de antivirus van spyware doctor kan uitschakelen?

Bovendien geeft combofix 10 minuten aan, maar alles van combofix duurt minstens een half uur.

ComboFix 11-07-29.03 - Ekker 1 a 30-07-11 11:46:00.11.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3069.1730 [GMT 2:00]

Gestart vanuit: c:\users\Ekker 1\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Ekker 1\Desktop\CFScript.txt

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files\Microsoft\BingBar\BBSvc.EXE"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_BBSvc

-------\Service_SeaPort

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-06-28 to 2011-07-30 ))))))))))))))))))))))))))))))

.

2011-07-30 10:07 . 2011-07-30 10:24 -------- d-----w- c:\users\Ekker 1\AppData\Local\temp

2011-07-30 10:07 . 2011-07-30 10:07 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-07-30 10:07 . 2011-07-30 10:07 -------- d-----w- c:\users\GSN\AppData\Local\temp

2011-07-30 10:07 . 2011-07-30 10:07 -------- d-----w- c:\users\Dixons\AppData\Local\temp

2011-07-30 10:07 . 2011-07-30 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp