Hijack logje Sqlite3.dll

[youssie070]

ComboFix 12-01-23.02 - Manuela 24-01-2012 12:53:31.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3956.2447 [GMT 1:00]

Gestart vanuit: c:\users\Manuela\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-24 to 2012-01-24 ))))))))))))))))))))))))))))))

.

.

2012-01-24 12:01 . 2012-01-24 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-24 11:51 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACC7CB0D-8D75-419D-930E-21CBF06D9683}\mpengine.dll

2012-01-22 20:43 . 2012-01-22 20:43 388096 ----a-r- c:\users\Manuela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-22 15:28 . 2012-01-22 15:28 -------- d-----w- c:\program files (x86)\Conduit

2012-01-22 15:28 . 2012-01-22 15:31 -------- d-----w- c:\users\Manuela\AppData\Local\Conduit

2012-01-21 20:41 . 2012-01-21 20:41 -------- d-----w- C:\rsit

2012-01-21 20:14 . 2012-01-22 20:43 -------- d-----w- c:\program files (x86)\Trend Micro

2012-01-21 14:34 . 2012-01-21 14:34 -------- d-----w- c:\users\Manuela\AppData\Roaming\Malwarebytes

2012-01-21 14:34 . 2012-01-21 14:34 -------- d-----w- c:\programdata\Malwarebytes

2012-01-21 14:07 . 2012-01-21 14:29 -------- d-----w- c:\programdata\HP Photo Creations

2012-01-21 14:07 . 2012-01-21 14:29 -------- d-----w- c:\program files (x86)\HP Photo Creations

2012-01-21 14:07 . 2012-01-21 14:07 -------- d-----w- c:\users\Manuela\AppData\Roaming\HpUpdate

2012-01-21 14:06 . 2012-01-21 14:06 -------- d-----w- c:\programdata\HP

2012-01-21 14:06 . 2012-01-21 14:07 -------- d-----w- c:\program files (x86)\HP

2012-01-21 14:06 . 2012-01-21 14:06 -------- d-----w- c:\program files\HP

2012-01-21 14:05 . 2012-01-22 23:17 -------- d-----w- c:\users\Manuela\AppData\Local\HP

2012-01-14 13:13 . 2012-01-14 13:13 -------- d-----w- c:\users\Manuela\AppData\Local\ElevatedDiagnostics

2012-01-14 13:10 . 2012-01-14 13:10 -------- d-----w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

2012-01-14 13:07 . 2012-01-14 13:07 -------- d-----w- c:\users\Manuela\AppData\Local\PackageAware

2012-01-13 16:42 . 2012-01-13 16:42 -------- d-----w- c:\users\Manuela\AppData\Roaming\Need for Speed World

2012-01-13 15:56 . 2012-01-13 15:56 -------- d-----w- c:\users\Manuela\AppData\Local\Electronic_Arts_Inc

2012-01-13 15:54 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll

2012-01-13 15:49 . 2012-01-13 15:53 -------- d--h--w- c:\windows\msdownld.tmp

2012-01-13 14:42 . 2012-01-13 14:42 237 ----a-w- C:\user.js

2012-01-13 14:42 . 2012-01-13 14:48 -------- d-----w- c:\program files (x86)\BrowserCompanion

2012-01-13 14:41 . 2012-01-13 14:41 -------- d-----w- c:\users\Manuela\AppData\Local\Babylon

2012-01-13 14:41 . 2012-01-13 14:41 -------- d-----w- c:\users\Manuela\AppData\Roaming\Babylon

2012-01-13 14:41 . 2012-01-13 14:41 -------- d-----w- c:\programdata\Babylon

2012-01-13 14:39 . 2012-01-13 14:39 -------- d-----w- c:\programdata\Premium

2012-01-13 14:38 . 2012-01-13 14:39 -------- d-----w- c:\programdata\InstallMate

2012-01-12 20:25 . 2012-01-14 12:10 -------- d-----w- c:\programdata\tmp

2012-01-12 20:25 . 2012-01-12 20:25 -------- d-----w- c:\programdata\hps

2012-01-12 20:20 . 2012-01-20 22:20 -------- d-----w- c:\program files (x86)\Fotoservice

2012-01-12 19:18 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 19:18 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-12 19:18 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-12 19:18 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 19:18 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 19:18 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-12 19:18 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-12 19:18 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-03-30 20:09 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-03-30 20:09 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-03-30 19:51 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-07-09 11:48 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-03-30 20:09 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-03-30 20:09 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-03-30 20:09 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-03-30 20:09 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-03-30 20:09 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 04:52 . 2011-12-23 19:39 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 13:29 . 2011-02-24 20:18 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-11-05 05:41 . 2011-12-23 19:40 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-23 19:39 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-23 19:40 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-23 19:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-23 19:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-23 19:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-22_12.11.55 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-01-22 12:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-24 12:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-24 12:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-22 12:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-22 12:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-24 12:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-06 23:22 . 2012-01-24 12:04 60240 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-24 12:04 49596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-12 16:07 . 2012-01-24 12:04 14766 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1300219434-4275829345-324095623-1000_UserData.bin

+ 2010-11-16 23:48 . 2010-11-16 23:48 42344 c:\windows\system32\spool\drivers\x64\3\hpvplui04.dll

+ 2009-07-14 05:30 . 2012-01-23 19:46 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2012-01-21 14:06 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 00:35 . 2009-07-14 00:35 41984 c:\windows\system32\drivers\usbscan.sys

+ 2011-02-13 06:58 . 2012-01-22 23:22 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-13 06:58 . 2012-01-21 09:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-13 06:58 . 2012-01-21 09:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-13 06:58 . 2012-01-22 23:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-22 23:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-21 09:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-22 23:21 . 2012-01-24 11:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-22 23:21 . 2012-01-24 11:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-01-22 23:21 . 2012-01-24 11:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 16:09 . 2012-01-24 11:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 16:09 . 2012-01-22 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-12 16:09 . 2012-01-24 11:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-12 16:09 . 2012-01-22 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-22 23:20 . 2012-01-22 23:20 9560 c:\windows\system32\NetworkList\Icons\{5C720705-9974-4E99-9DC4-181213C7B520}_48.bin

+ 2012-01-22 23:20 . 2012-01-22 23:20 4280 c:\windows\system32\NetworkList\Icons\{5C720705-9974-4E99-9DC4-181213C7B520}_32.bin

+ 2012-01-22 23:20 . 2012-01-22 23:20 2456 c:\windows\system32\NetworkList\Icons\{5C720705-9974-4E99-9DC4-181213C7B520}_24.bin

- 2012-01-22 12:09 . 2012-01-22 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-24 12:02 . 2012-01-24 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-24 12:02 . 2012-01-24 12:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-22 12:09 . 2012-01-22 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-02-12 16:44 . 2012-01-23 19:06 234418 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-16 23:48 . 2010-11-16 23:48 220520 c:\windows\system32\spool\drivers\x64\3\hpvplres04.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 538472 c:\windows\system32\spool\drivers\x64\3\hpvpldrv04.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 349032 c:\windows\system32\spool\drivers\x64\3\hpinksts8711LM.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 306024 c:\windows\system32\spool\drivers\x64\3\hpinksts8711.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 518504 c:\windows\system32\spool\drivers\x64\3\hpfime51.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 349032 c:\windows\system32\hpinksts8711LM.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 274792 c:\windows\system32\hpinkcoi8711.dll

+ 2009-07-14 05:30 . 2012-01-23 19:46 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-01-21 14:06 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2012-01-22 23:21 . 2012-01-22 23:21 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-01-22 12:08 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-24 12:01 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-16 23:48 . 2010-11-16 23:48 2591080 c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll

+ 2012-01-22 20:42 . 2012-01-22 20:42 1402880 c:\windows\Installer\512acb.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-07-08 102400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-12-16 187696]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000Core.job

- c:\users\Manuela\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:12]

.

2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000UA.job

- c:\users\Manuela\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:12]

.

2012-01-24 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-01-21 14:29]

.

2012-01-21 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job

- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=a43664880000000000005cac4c691c22

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7741&r=27360211j306l04e8z1k5t4711p893

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-WinRAR archiver - c:\program files (x86)\WinRAR\uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-24 13:15:00 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-24 12:14

ComboFix2.txt 2012-01-22 14:27

ComboFix3.txt 2012-01-22 12:23

.

Pre-Run: 436.154.814.464 bytes beschikbaar

Post-Run: 435.983.556.608 bytes beschikbaar

.

- - End Of File - - E7F9A8D95E3184525A1CFC1B5E1DA97B

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\msdownld.tmp

C:\user.js

Folder::

c:\program files (x86)\Conduit

c:\users\Manuela\AppData\Local\Conduit

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

c:\program files (x86)\BrowserCompanion

c:\users\Manuela\AppData\Local\Babylon

c:\users\Manuela\AppData\Roaming\Babylon

c:\programdata\Babylon

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Browser companion helper"=-

DDS::

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=a43664880000000000005cac4c691c22

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van RSIT.

[youssie070]

ComboFix 12-01-23.02 - Manuela 24-01-2012 14:04:43.4.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3956.2532 [GMT 1:00]

Gestart vanuit: c:\users\Manuela\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Manuela\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

"c:\windows\msdownld.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\BrowserCompanion

c:\program files (x86)\BrowserCompanion\BCHelper.exe

c:\program files (x86)\BrowserCompanion\blabbers-ch.crx

c:\program files (x86)\BrowserCompanion\logo.ico

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log

c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log

c:\programdata\Babylon

C:\user.js

c:\users\Manuela\AppData\Local\Babylon

c:\users\Manuela\AppData\Local\Babylon\Setup\bab033.tbinst.dat

c:\users\Manuela\AppData\Local\Babylon\Setup\bab091.norecovericon.dat

c:\users\Manuela\AppData\Local\Babylon\Setup\Babylon.dat

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\common.js

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\eula.html

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\page2.css

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\page2.html

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\page2.js

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\page9.html

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\title2.png

c:\users\Manuela\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg

c:\users\Manuela\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb

c:\users\Manuela\AppData\Local\Babylon\Setup\Setup.exe

c:\users\Manuela\AppData\Local\Babylon\Setup\SetupStrings.dat

c:\users\Manuela\AppData\Local\Babylon\Setup\sqlite3.dll

c:\users\Manuela\AppData\Local\Conduit

c:\users\Manuela\AppData\Roaming\Babylon

c:\users\Manuela\AppData\Roaming\Babylon\log_file.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-24 to 2012-01-24 ))))))))))))))))))))))))))))))

.

.

2012-01-24 13:12 . 2012-01-24 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-24 11:51 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACC7CB0D-8D75-419D-930E-21CBF06D9683}\mpengine.dll

2012-01-21 14:34 . 2012-01-21 14:34 -------- d-----w- c:\users\Manuela\AppData\Roaming\Malwarebytes

2012-01-21 14:34 . 2012-01-21 14:34 -------- d-----w- c:\programdata\Malwarebytes

2012-01-21 14:07 . 2012-01-21 14:29 -------- d-----w- c:\programdata\HP Photo Creations

2012-01-21 14:07 . 2012-01-21 14:29 -------- d-----w- c:\program files (x86)\HP Photo Creations

2012-01-21 14:07 . 2012-01-21 14:07 -------- d-----w- c:\users\Manuela\AppData\Roaming\HpUpdate

2012-01-21 14:06 . 2012-01-21 14:06 -------- d-----w- c:\programdata\HP

2012-01-21 14:06 . 2012-01-21 14:07 -------- d-----w- c:\program files (x86)\HP

2012-01-21 14:06 . 2012-01-21 14:06 -------- d-----w- c:\program files\HP

2012-01-21 14:05 . 2012-01-22 23:17 -------- d-----w- c:\users\Manuela\AppData\Local\HP

2012-01-14 13:13 . 2012-01-14 13:13 -------- d-----w- c:\users\Manuela\AppData\Local\ElevatedDiagnostics

2012-01-14 13:07 . 2012-01-14 13:07 -------- d-----w- c:\users\Manuela\AppData\Local\PackageAware

2012-01-13 16:42 . 2012-01-13 16:42 -------- d-----w- c:\users\Manuela\AppData\Roaming\Need for Speed World

2012-01-13 15:56 . 2012-01-13 15:56 -------- d-----w- c:\users\Manuela\AppData\Local\Electronic_Arts_Inc

2012-01-13 15:54 . 2007-03-15 15:57 506728 ----a-w- c:\windows\system32\d3dx10_33.dll

2012-01-13 15:49 . 2012-01-13 15:53 -------- d--h--w- c:\windows\msdownld.tmp

2012-01-13 14:39 . 2012-01-13 14:39 -------- d-----w- c:\programdata\Premium

2012-01-13 14:38 . 2012-01-13 14:39 -------- d-----w- c:\programdata\InstallMate

2012-01-12 20:25 . 2012-01-14 12:10 -------- d-----w- c:\programdata\tmp

2012-01-12 20:25 . 2012-01-12 20:25 -------- d-----w- c:\programdata\hps

2012-01-12 20:20 . 2012-01-20 22:20 -------- d-----w- c:\program files (x86)\Fotoservice

2012-01-12 19:18 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 19:18 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-12 19:18 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-12 19:18 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 19:18 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 19:18 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-12 19:18 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-12 19:18 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-03-30 20:09 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-03-30 20:09 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-03-30 19:51 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-07-09 11:48 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-03-30 20:09 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-03-30 20:09 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-03-30 20:09 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-03-30 20:09 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-03-30 20:09 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 04:52 . 2011-12-23 19:39 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 13:29 . 2011-02-24 20:18 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-11-05 05:41 . 2011-12-23 19:40 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-23 19:39 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-23 19:40 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-23 19:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-23 19:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-23 19:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-22_12.11.55 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-01-22 12:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-24 13:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-24 13:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-22 12:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-22 12:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-24 13:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-06 23:22 . 2012-01-24 13:16 60510 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-24 13:16 49596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-12 16:07 . 2012-01-24 13:16 14790 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1300219434-4275829345-324095623-1000_UserData.bin

+ 2010-11-16 23:48 . 2010-11-16 23:48 42344 c:\windows\system32\spool\drivers\x64\3\hpvplui04.dll

+ 2009-07-14 05:30 . 2012-01-23 19:46 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2012-01-21 14:06 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 00:35 . 2009-07-14 00:35 41984 c:\windows\system32\drivers\usbscan.sys

+ 2011-02-13 06:58 . 2012-01-22 23:22 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-13 06:58 . 2012-01-21 09:33 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-13 06:58 . 2012-01-21 09:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-13 06:58 . 2012-01-22 23:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-22 23:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-21 09:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-22 23:21 . 2012-01-24 12:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-01-22 23:21 . 2012-01-24 12:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-01-22 23:21 . 2012-01-24 12:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-12 16:09 . 2012-01-24 12:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-12 16:09 . 2012-01-22 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-12 16:09 . 2012-01-24 12:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-12 16:09 . 2012-01-22 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-01-22 23:20 . 2012-01-22 23:20 9560 c:\windows\system32\NetworkList\Icons\{5C720705-9974-4E99-9DC4-181213C7B520}_48.bin

+ 2012-01-22 23:20 . 2012-01-22 23:20 4280 c:\windows\system32\NetworkList\Icons\{5C720705-9974-4E99-9DC4-181213C7B520}_32.bin

+ 2012-01-22 23:20 . 2012-01-22 23:20 2456 c:\windows\system32\NetworkList\Icons\{5C720705-9974-4E99-9DC4-181213C7B520}_24.bin

- 2012-01-22 12:09 . 2012-01-22 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-24 13:13 . 2012-01-24 13:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-24 13:13 . 2012-01-24 13:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-22 12:09 . 2012-01-22 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-02-12 16:44 . 2012-01-23 19:06 234418 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-11-16 23:48 . 2010-11-16 23:48 220520 c:\windows\system32\spool\drivers\x64\3\hpvplres04.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 538472 c:\windows\system32\spool\drivers\x64\3\hpvpldrv04.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 349032 c:\windows\system32\spool\drivers\x64\3\hpinksts8711LM.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 306024 c:\windows\system32\spool\drivers\x64\3\hpinksts8711.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 518504 c:\windows\system32\spool\drivers\x64\3\hpfime51.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 349032 c:\windows\system32\hpinksts8711LM.dll

+ 2010-11-16 23:48 . 2010-11-16 23:48 274792 c:\windows\system32\hpinkcoi8711.dll

+ 2009-07-14 05:30 . 2012-01-23 19:46 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-01-21 14:06 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2012-01-22 23:21 . 2012-01-22 23:21 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-01-22 12:08 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-24 13:12 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-16 23:48 . 2010-11-16 23:48 2591080 c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll

+ 2012-01-22 20:42 . 2012-01-22 20:42 1402880 c:\windows\Installer\512acb.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-07-08 102400]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000Core.job

- c:\users\Manuela\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:12]

.

2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000UA.job

- c:\users\Manuela\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:12]

.

2012-01-24 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-01-21 14:29]

.

2012-01-21 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job

- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\hpwebreg.exe [2010-11-16 20:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_7741&r=27360211j306l04e8z1k5t4711p893

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-01-24 14:23:17 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-24 13:23

ComboFix2.txt 2012-01-24 12:15

ComboFix3.txt 2012-01-22 14:27

ComboFix4.txt 2012-01-22 12:23

.

Pre-Run: 435.864.850.432 bytes beschikbaar

Post-Run: 435.805.491.200 bytes beschikbaar

.

- - End Of File - - 5FFFD59B929A1FB6ABEB479A35AD2C73

---------- Post toegevoegd om 14:30 ---------- Vorige post was om 14:28 ----------

Logfile of random's system information tool 1.09 (written by random/random)

Run by Manuela at 2012-01-24 14:29:00

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 416 GB (90%) free of 463 GB

Total RAM: 3956 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:29:03, on 24-1-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manuela\Downloads\RSIT.exe

C:\Program Files (x86)\trend micro\Manuela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9802 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000UA.job

C:\Windows\tasks\HP Photo Creations Communicator.job

C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-03-09 260608]

"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-02-01 337264]

"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2009-12-25 201512]

"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2009-12-25 401192]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-01-22 98304]

"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-04-08 908368]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2011-07-08 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2010-11-20 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-01-24 14:24:27 ----SHD---- C:\$RECYCLE.BIN

2012-01-24 14:23:19 ----A---- C:\ComboFix.txt

2012-01-24 12:52:25 ----A---- C:\Windows\NIRCMD.exe

2012-01-23 12:09:38 ----A---- C:\TDSSKiller.2.7.6.0_23.01.2012_12.09.38_log.txt

2012-01-23 12:08:36 ----A---- C:\TDSSKiller.2.7.6.0_23.01.2012_12.08.36_log.txt

2012-01-23 12:06:28 ----D---- C:\Users\Manuela\AppData\Roaming\WinRAR

2012-01-23 12:06:19 ----D---- C:\Program Files (x86)\WinRAR

2012-01-22 12:57:11 ----A---- C:\Windows\zip.exe

2012-01-22 12:57:11 ----A---- C:\Windows\SWSC.exe

2012-01-22 12:57:11 ----A---- C:\Windows\SWREG.exe

2012-01-22 12:57:11 ----A---- C:\Windows\sed.exe

2012-01-22 12:57:11 ----A---- C:\Windows\PEV.exe

2012-01-22 12:57:11 ----A---- C:\Windows\MBR.exe

2012-01-22 12:57:11 ----A---- C:\Windows\grep.exe

2012-01-22 12:57:02 ----D---- C:\Windows\ERDNT

2012-01-22 12:56:56 ----D---- C:\Qoobox

2012-01-21 21:41:39 ----D---- C:\rsit

2012-01-21 21:14:01 ----D---- C:\Program Files (x86)\Trend Micro

2012-01-21 15:34:54 ----D---- C:\Users\Manuela\AppData\Roaming\Malwarebytes

2012-01-21 15:34:49 ----D---- C:\ProgramData\Malwarebytes

2012-01-21 15:07:22 ----D---- C:\ProgramData\HP Photo Creations

2012-01-21 15:07:22 ----D---- C:\Program Files (x86)\HP Photo Creations

2012-01-21 15:07:10 ----D---- C:\Users\Manuela\AppData\Roaming\HpUpdate

2012-01-21 15:06:55 ----D---- C:\ProgramData\HP

2012-01-21 15:06:32 ----D---- C:\Program Files (x86)\HP

2012-01-13 17:42:40 ----D---- C:\Users\Manuela\AppData\Roaming\Need for Speed World

2012-01-13 16:55:44 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll

2012-01-13 16:55:44 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-01-13 16:55:43 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll

2012-01-13 16:55:42 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll

2012-01-13 16:55:41 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll

2012-01-13 16:55:41 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll

2012-01-13 16:55:40 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll

2012-01-13 16:55:40 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll

2012-01-13 16:55:39 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll

2012-01-13 16:55:39 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-01-13 16:55:38 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll

2012-01-13 16:55:38 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-01-13 16:55:37 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll

2012-01-13 16:55:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-01-13 16:55:31 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll

2012-01-13 16:55:31 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll

2012-01-13 16:55:30 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll

2012-01-13 16:55:28 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll

2012-01-13 16:55:26 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll

2012-01-13 16:55:26 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll

2012-01-13 16:55:25 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll

2012-01-13 16:55:24 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll

2012-01-13 16:55:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-01-13 16:55:22 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll

2012-01-13 16:55:21 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll

2012-01-13 16:55:21 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-01-13 16:55:21 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll

2012-01-13 16:55:20 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll

2012-01-13 16:55:20 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll

2012-01-13 16:55:20 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll

2012-01-13 16:55:19 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll

2012-01-13 16:55:18 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll

2012-01-13 16:55:18 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-01-13 16:55:17 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll

2012-01-13 16:55:16 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll

2012-01-13 16:55:16 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll

2012-01-13 16:55:15 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll

2012-01-13 16:55:15 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll

2012-01-13 16:55:14 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll

2012-01-13 16:55:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll

2012-01-13 16:55:13 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll

2012-01-13 16:55:13 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll

2012-01-13 16:55:12 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll

2012-01-13 16:55:12 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll

2012-01-13 16:55:11 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll

2012-01-13 16:55:11 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll

2012-01-13 16:55:10 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll

2012-01-13 16:55:09 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll

2012-01-13 16:55:08 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll

2012-01-13 16:55:08 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll

2012-01-13 16:55:07 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll

2012-01-13 16:55:06 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll

2012-01-13 16:55:04 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll

2012-01-13 16:55:04 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll

2012-01-13 16:55:03 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll

2012-01-13 16:55:03 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll

2012-01-13 16:55:03 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll

2012-01-13 16:55:02 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll

2012-01-13 16:55:02 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll

2012-01-13 16:55:01 ----A---- C:\Windows\SysWOW64\xinput1_3.dll

2012-01-13 16:55:01 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll

2012-01-13 16:55:00 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll

2012-01-13 16:54:59 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll

2012-01-13 16:54:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll

2012-01-13 16:54:58 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll

2012-01-13 16:54:58 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll

2012-01-13 16:54:56 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll

2012-01-13 16:54:56 ----A---- C:\Windows\SysWOW64\d3dx10.dll

2012-01-13 16:54:55 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll

2012-01-13 16:54:55 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll

2012-01-13 16:54:55 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll

2012-01-13 16:54:54 ----A---- C:\Windows\SysWOW64\xinput1_2.dll

2012-01-13 16:54:54 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll

2012-01-13 16:54:53 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll

2012-01-13 16:54:52 ----A---- C:\Windows\SysWOW64\xinput1_1.dll

2012-01-13 16:54:52 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll

2012-01-13 16:54:42 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll

2012-01-13 16:54:38 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll

2012-01-13 16:54:38 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll

2012-01-13 16:54:37 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll

2012-01-13 16:54:36 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll

2012-01-13 16:54:34 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll

2012-01-13 16:54:33 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll

2012-01-13 16:54:32 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll

2012-01-13 16:54:31 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll

2012-01-13 16:49:04 ----HD---- C:\Windows\msdownld.tmp

2012-01-13 16:49:04 ----D---- C:\Windows\SysWOW64\directx

2012-01-13 15:39:00 ----D---- C:\ProgramData\Premium

2012-01-13 15:38:58 ----D---- C:\ProgramData\InstallMate

2012-01-12 21:25:51 ----D---- C:\ProgramData\tmp

2012-01-12 21:25:50 ----D---- C:\ProgramData\hps

2012-01-12 21:20:55 ----D---- C:\Program Files (x86)\Fotoservice

2012-01-12 20:18:55 ----A---- C:\Windows\SysWOW64\quartz.dll

2012-01-12 20:18:55 ----A---- C:\Windows\SysWOW64\qdvd.dll

2012-01-12 20:18:52 ----A---- C:\Windows\SysWOW64\jscript.dll

2012-01-12 20:18:50 ----A---- C:\Windows\SysWOW64\ntdll.dll

2012-01-12 20:18:48 ----A---- C:\Windows\SysWOW64\packager.dll

======List of files/folders modified in the last 1 month======

2012-01-24 14:29:02 ----D---- C:\Windows\Temp

2012-01-24 14:15:39 ----D---- C:\Windows

2012-01-24 14:15:39 ----A---- C:\Windows\system.ini

2012-01-24 14:13:48 ----A---- C:\Windows\SysWOW64\log.txt

2012-01-24 14:11:53 ----RD---- C:\Program Files (x86)

2012-01-24 14:11:53 ----D---- C:\ProgramData

2012-01-24 14:08:00 ----D---- C:\Windows\SysWOW64\drivers

2012-01-24 14:08:00 ----D---- C:\Windows\SysWOW64

2012-01-24 14:08:00 ----D---- C:\Windows\System32

2012-01-24 14:08:00 ----D---- C:\Windows\AppPatch

2012-01-24 14:07:56 ----D---- C:\Program Files (x86)\Common Files

2012-01-24 12:51:27 ----SHD---- C:\System Volume Information

2012-01-23 20:45:56 ----D---- C:\Windows\inf

2012-01-23 00:21:25 ----SD---- C:\ProgramData\Microsoft

2012-01-22 21:43:39 ----SHD---- C:\Windows\Installer

2012-01-22 21:43:38 ----SD---- C:\Users\Manuela\AppData\Roaming\Microsoft

2012-01-22 20:18:34 ----D---- C:\Users\Manuela\AppData\Roaming\Liteon

2012-01-21 15:29:55 ----D---- C:\Windows\Tasks

2012-01-21 15:06:32 ----D---- C:\Windows\twain_32

2012-01-21 15:06:07 ----RD---- C:\Program Files

2012-01-21 12:01:16 ----D---- C:\Windows\Microsoft.NET

2012-01-21 12:01:14 ----RSD---- C:\Windows\assembly

2012-01-21 10:36:44 ----D---- C:\Windows\winsxs

2012-01-21 02:47:11 ----D---- C:\ProgramData\DivX

2012-01-21 02:47:05 ----D---- C:\Program Files (x86)\DivX

2012-01-21 02:47:00 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-01-21 02:44:58 ----D---- C:\Users\Manuela\AppData\Roaming\DivX

2012-01-13 15:47:12 ----D---- C:\Program Files (x86)\Google

2012-01-13 15:46:44 ----D---- C:\Program Files (x86)\Microsoft

2012-01-12 22:02:18 ----D---- C:\Windows\ehome

2012-01-12 21:54:15 ----D---- C:\ProgramData\Microsoft Help

2011-12-29 21:47:19 ----D---- C:\Windows\SysWOW64\migration

2011-12-29 21:47:19 ----D---- C:\Program Files (x86)\Internet Explorer

2011-12-29 21:37:56 ----D---- C:\Windows\SysWOW64\nl-NL

2011-12-29 21:37:56 ----D---- C:\Windows\SysWOW64\fr-FR

2011-12-29 21:37:56 ----D---- C:\Windows\SysWOW64\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []

R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []

R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []

R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []

R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []

R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys []

R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys []

R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys []

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []

R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys []

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys []

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys []

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys []

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []

S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []

S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2011-07-08 16392]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys []

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[youssie070]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Manuela at 2012-01-24 14:29:00

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 416 GB (90%) free of 463 GB

Total RAM: 3956 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:29:03, on 24-1-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manuela\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manuela\Downloads\RSIT.exe

C:\Program Files (x86)\trend micro\Manuela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9802 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1300219434-4275829345-324095623-1000UA.job

C:\Windows\tasks\HP Photo Creations Communicator.job

C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Aanmelden - Help - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-03-09 260608]

"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-02-01 337264]

"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2009-12-25 201512]

"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2009-12-25 401192]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-01-22 98304]

"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-04-08 908368]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-11-05 283160]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

"AutoStartNPSAgent"=C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2011-07-08 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2010-11-20 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-01-24 14:24:27 ----SHD---- C:\$RECYCLE.BIN

2012-01-24 14:23:19 ----A---- C:\ComboFix.txt

2012-01-24 12:52:25 ----A---- C:\Windows\NIRCMD.exe

2012-01-23 12:09:38 ----A---- C:\TDSSKiller.2.7.6.0_23.01.2012_12.09.38_log.txt

2012-01-23 12:08:36 ----A---- C:\TDSSKiller.2.7.6.0_23.01.2012_12.08.36_log.txt

2012-01-23 12:06:28 ----D---- C:\Users\Manuela\AppData\Roaming\WinRAR

2012-01-23 12:06:19 ----D---- C:\Program Files (x86)\WinRAR

2012-01-22 12:57:11 ----A---- C:\Windows\zip.exe

2012-01-22 12:57:11 ----A---- C:\Windows\SWSC.exe

2012-01-22 12:57:11 ----A---- C:\Windows\SWREG.exe

2012-01-22 12:57:11 ----A---- C:\Windows\sed.exe

2012-01-22 12:57:11 ----A---- C:\Windows\PEV.exe

2012-01-22 12:57:11 ----A---- C:\Windows\MBR.exe

2012-01-22 12:57:11 ----A---- C:\Windows\grep.exe

2012-01-22 12:57:02 ----D---- C:\Windows\ERDNT

2012-01-22 12:56:56 ----D---- C:\Qoobox

2012-01-21 21:41:39 ----D---- C:\rsit

2012-01-21 21:14:01 ----D---- C:\Program Files (x86)\Trend Micro

2012-01-21 15:34:54 ----D---- C:\Users\Manuela\AppData\Roaming\Malwarebytes

2012-01-21 15:34:49 ----D---- C:\ProgramData\Malwarebytes

2012-01-21 15:07:22 ----D---- C:\ProgramData\HP Photo Creations

2012-01-21 15:07:22 ----D---- C:\Program Files (x86)\HP Photo Creations

2012-01-21 15:07:10 ----D---- C:\Users\Manuela\AppData\Roaming\HpUpdate

2012-01-21 15:06:55 ----D---- C:\ProgramData\HP

2012-01-21 15:06:32 ----D---- C:\Program Files (x86)\HP

2012-01-13 17:42:40 ----D---- C:\Users\Manuela\AppData\Roaming\Need for Speed World

2012-01-13 16:55:44 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll

2012-01-13 16:55:44 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll

2012-01-13 16:55:43 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll

2012-01-13 16:55:42 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll

2012-01-13 16:55:41 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll

2012-01-13 16:55:41 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll

2012-01-13 16:55:40 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll

2012-01-13 16:55:40 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll

2012-01-13 16:55:39 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll

2012-01-13 16:55:39 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-01-13 16:55:38 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll

2012-01-13 16:55:38 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-01-13 16:55:37 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll

2012-01-13 16:55:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-01-13 16:55:31 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll

2012-01-13 16:55:31 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll

2012-01-13 16:55:30 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll

2012-01-13 16:55:28 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll

2012-01-13 16:55:26 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll

2012-01-13 16:55:26 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll

2012-01-13 16:55:25 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll

2012-01-13 16:55:24 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll

2012-01-13 16:55:24 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-01-13 16:55:22 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll

2012-01-13 16:55:21 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll

2012-01-13 16:55:21 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-01-13 16:55:21 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll

2012-01-13 16:55:20 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll

2012-01-13 16:55:20 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll

2012-01-13 16:55:20 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll

2012-01-13 16:55:19 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll

2012-01-13 16:55:18 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll

2012-01-13 16:55:18 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-01-13 16:55:17 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll

2012-01-13 16:55:16 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll

2012-01-13 16:55:16 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll

2012-01-13 16:55:15 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll

2012-01-13 16:55:15 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll

2012-01-13 16:55:14 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll

2012-01-13 16:55:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll

2012-01-13 16:55:13 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll

2012-01-13 16:55:13 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll

2012-01-13 16:55:12 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll

2012-01-13 16:55:12 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll

2012-01-13 16:55:11 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll

2012-01-13 16:55:11 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll

2012-01-13 16:55:10 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll

2012-01-13 16:55:09 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll

2012-01-13 16:55:08 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll

2012-01-13 16:55:08 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll

2012-01-13 16:55:07 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll

2012-01-13 16:55:06 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll

2012-01-13 16:55:04 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll

2012-01-13 16:55:04 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll

2012-01-13 16:55:03 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll

2012-01-13 16:55:03 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll

2012-01-13 16:55:03 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll

2012-01-13 16:55:02 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll

2012-01-13 16:55:02 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll

2012-01-13 16:55:01 ----A---- C:\Windows\SysWOW64\xinput1_3.dll

2012-01-13 16:55:01 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll

2012-01-13 16:55:00 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll

2012-01-13 16:54:59 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll

2012-01-13 16:54:59 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll

2012-01-13 16:54:58 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll

2012-01-13 16:54:58 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll

2012-01-13 16:54:56 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll

2012-01-13 16:54:56 ----A---- C:\Windows\SysWOW64\d3dx10.dll

2012-01-13 16:54:55 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll

2012-01-13 16:54:55 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll

2012-01-13 16:54:55 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll

2012-01-13 16:54:54 ----A---- C:\Windows\SysWOW64\xinput1_2.dll

2012-01-13 16:54:54 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll

2012-01-13 16:54:53 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll

2012-01-13 16:54:52 ----A---- C:\Windows\SysWOW64\xinput1_1.dll

2012-01-13 16:54:52 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll

2012-01-13 16:54:42 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll

2012-01-13 16:54:38 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll

2012-01-13 16:54:38 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll

2012-01-13 16:54:37 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll

2012-01-13 16:54:36 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll

2012-01-13 16:54:34 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll

2012-01-13 16:54:33 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll

2012-01-13 16:54:32 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll

2012-01-13 16:54:31 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll

2012-01-13 16:49:04 ----HD---- C:\Windows\msdownld.tmp

2012-01-13 16:49:04 ----D---- C:\Windows\SysWOW64\directx

2012-01-13 15:39:00 ----D---- C:\ProgramData\Premium

2012-01-13 15:38:58 ----D---- C:\ProgramData\InstallMate

2012-01-12 21:25:51 ----D---- C:\ProgramData\tmp

2012-01-12 21:25:50 ----D---- C:\ProgramData\hps

2012-01-12 21:20:55 ----D---- C:\Program Files (x86)\Fotoservice

2012-01-12 20:18:55 ----A---- C:\Windows\SysWOW64\quartz.dll

2012-01-12 20:18:55 ----A---- C:\Windows\SysWOW64\qdvd.dll

2012-01-12 20:18:52 ----A---- C:\Windows\SysWOW64\jscript.dll

2012-01-12 20:18:50 ----A---- C:\Windows\SysWOW64\ntdll.dll

2012-01-12 20:18:48 ----A---- C:\Windows\SysWOW64\packager.dll

======List of files/folders modified in the last 1 month======

2012-01-24 14:29:02 ----D---- C:\Windows\Temp

2012-01-24 14:15:39 ----D---- C:\Windows

2012-01-24 14:15:39 ----A---- C:\Windows\system.ini

2012-01-24 14:13:48 ----A---- C:\Windows\SysWOW64\log.txt

2012-01-24 14:11:53 ----RD---- C:\Program Files (x86)

2012-01-24 14:11:53 ----D---- C:\ProgramData

2012-01-24 14:08:00 ----D---- C:\Windows\SysWOW64\drivers

2012-01-24 14:08:00 ----D---- C:\Windows\SysWOW64

2012-01-24 14:08:00 ----D---- C:\Windows\System32

2012-01-24 14:08:00 ----D---- C:\Windows\AppPatch

2012-01-24 14:07:56 ----D---- C:\Program Files (x86)\Common Files

2012-01-24 12:51:27 ----SHD---- C:\System Volume Information

2012-01-23 20:45:56 ----D---- C:\Windows\inf

2012-01-23 00:21:25 ----SD---- C:\ProgramData\Microsoft

2012-01-22 21:43:39 ----SHD---- C:\Windows\Installer

2012-01-22 21:43:38 ----SD---- C:\Users\Manuela\AppData\Roaming\Microsoft

2012-01-22 20:18:34 ----D---- C:\Users\Manuela\AppData\Roaming\Liteon

2012-01-21 15:29:55 ----D---- C:\Windows\Tasks

2012-01-21 15:06:32 ----D---- C:\Windows\twain_32

2012-01-21 15:06:07 ----RD---- C:\Program Files

2012-01-21 12:01:16 ----D---- C:\Windows\Microsoft.NET

2012-01-21 12:01:14 ----RSD---- C:\Windows\assembly

2012-01-21 10:36:44 ----D---- C:\Windows\winsxs

2012-01-21 02:47:11 ----D---- C:\ProgramData\DivX

2012-01-21 02:47:05 ----D---- C:\Program Files (x86)\DivX

2012-01-21 02:47:00 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-01-21 02:44:58 ----D---- C:\Users\Manuela\AppData\Roaming\DivX

2012-01-13 15:47:12 ----D---- C:\Program Files (x86)\Google

2012-01-13 15:46:44 ----D---- C:\Program Files (x86)\Microsoft

2012-01-12 22:02:18 ----D---- C:\Windows\ehome

2012-01-12 21:54:15 ----D---- C:\ProgramData\Microsoft Help

2011-12-29 21:47:19 ----D---- C:\Windows\SysWOW64\migration

2011-12-29 21:47:19 ----D---- C:\Program Files (x86)\Internet Explorer

2011-12-29 21:37:56 ----D---- C:\Windows\SysWOW64\nl-NL

2011-12-29 21:37:56 ----D---- C:\Windows\SysWOW64\fr-FR

2011-12-29 21:37:56 ----D---- C:\Windows\SysWOW64\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []

R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []

R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []

R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []

R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []

R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys []

R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys []

R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys []

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []

R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys []

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys []

R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys []

R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys []

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []

S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []

S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []

S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2011-07-08 16392]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys []

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]

R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-04-23 867360]

R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-03-03 268824]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]

R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[kape]

En hoe staat het nu met de problemen ?

[youssie070]

harstikke bedankt de probleem is verholpen

maar ik vind dat de pc nu een beetje traag opstart

kan dat aan de programma's liggen die ik heb gedownload??

[kape]

Dan gaan we eens een beetje tools en restjes opruimen : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder RSIT manueel.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit

• via Start -> Configuratiescherm -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.

• Klik nu op "verwijderen" om alle herstelpunten te verwijderen.

• Klik op "Toepassen" en "OK".

• Herstart nu de PC.

[youssie070]

dankjewel voor de hulp

heb je misschien andere tips om me laptop sneller te laten draaien?

[kape]

Download Soluto. (klik er op)

Klik op I Agree – Install. Wacht in het scherm wat daarop volgt. Na 30 seconden verdwijnt dit scherm en installeert Soluto verder. Tijdens dit proces kan je je pc normaal gebruiken.

Als je wilt zien hoever Soluto is met installeren druk je met de rechtermuisknop op het icoontje rechts onderin op de taakbalk en kies je voor ‘Open’.

Als de installatie voltooid is zal Soluto vragen om opnieuw op te starten. Sla alle programma’s die je open hebt staan op, en klik op Reboot PC Now.

Als de pc opnieuw opgestart is open je Soluto en klik je op ‘Chop Boot’. Daar kan je programma’s uitsluiten van het opstarten.

Voor een uitgebreide handleiding hierover klik je Hier. (klik er op)

25 januari 2012 aangepast door kape

[youssie070]

volgens mij is er een nieuwe versie uitgekomen

is daar ook een uitgebreide handleiding van??