malwarebytes anti-malware.

[zubrrr]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.08.30.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19453

Anja :: PC_VAN_ANJA [administrator]

31/08/2013 0:04:33

mbam-log-2013-08-31 (00-04-33).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 266246

Verstreken tijd: 4 minuut/minuten, 15 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1

HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 1

HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {852602C3-6E31-40F2-96D2-829E0DA089BF} -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Is dit goed gedaan ? En wat zou de oorzaak zijn van deze infecties ?

[Dasle]

Zal onze experts verwittigen, en als ze online komen helpen ze je verder. ;-)

[kape]

Je hebt SweetIm of Sweetpacks - al dan niet bewust of onbewust - gedownload. Dat is de reden van de besmetting en de vondst door Malwarebytes. Doe nu even dit:

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

[zubrrr]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Anja at 2013-08-31 06:58:22

Microsoft® Windows Vista™ Home Basic Service Pack 2

System drive C: has 95 GB (64%) free of 149 GB

Total RAM: 3198 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:58:25, on 31/08/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19453)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\System32\nvraidservice.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BX4J9W2\RSIT[2].exe

C:\Program Files\trend micro\Anja.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - MSN Games - Free Online Games

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextnl.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://vivaboxes.be.photo-online.com/ImageUploader4.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - MSN Games - Free Online Games

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Updateservice (gupdate1ca21eaa00e0650) (gupdate1ca21eaa00e0650) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 8500 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Help bij koppelingen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-14 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-04 142896]

{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-11 4702208]

"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]

"eRecoveryService"= []

"NVRaidService"=C:\Windows\system32\nvraidservice.exe [2007-12-07 196128]

"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-06-19 195072]

"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2011-08-31 40368]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-07-18 995184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis startup scan]

C:\Program Files\Trend Micro\HiJackThis\HijackThis.exe /startupscan []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BsScanner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"

"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"

"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"

"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"

"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"

"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"

"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.siren"=sirenacm.dll

"MSVideo8"=VfWWDM32.dll

"msacm.sl_anet"=sl_anet.acm

"msacm.divxa32"=DivXa32.acm

"vidc.vp60"=vp6vfw.dll

"vidc.vp61"=vp6vfw.dll

"vidc.vp62"=vp6vfw.dll

"msacm.ac3filter"=ac3filter.acm

"msacm.lameacm"=LameACM.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-08-31 06:58:22 ----D---- C:\rsit

2013-08-30 23:43:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-08-30 23:43:47 ----A---- C:\Windows\system32\drivers\mbam.sys

2013-08-28 10:01:18 ----A---- C:\Windows\system32\WMVDECOD.DLL

2013-08-20 12:45:02 ----SHD---- C:\$RECYCLE.BIN

2013-08-20 12:43:07 ----D---- C:\Windows\Temp

2013-08-20 12:43:07 ----A---- C:\Windows\zoek-delete.exe

2013-08-20 09:25:48 ----D---- C:\Program Files\CCleaner

2013-08-18 20:12:01 ----D---- C:\Program Files\Trend Micro

2013-08-15 05:28:31 ----ASH---- C:\hiberfil.sys

2013-08-14 17:58:09 ----D---- C:\Program Files\Microsoft Security Client

2013-08-14 17:57:17 ----A---- C:\Windows\system32\drivers\netio.sys

2013-08-14 17:37:32 ----D---- C:\Users\Anja\AppData\Roaming\Malwarebytes

2013-08-14 17:37:24 ----D---- C:\ProgramData\Malwarebytes

2013-08-14 17:35:20 ----A---- C:\Windows\system32\icaapi.dll

2013-08-14 17:35:20 ----A---- C:\Windows\system32\drivers\tssecsrv.sys

2013-08-14 17:35:13 ----A---- C:\Windows\system32\drivers\tcpipreg.sys

2013-08-14 17:35:13 ----A---- C:\Windows\system32\drivers\tcpip.sys

2013-08-14 17:35:08 ----A---- C:\Windows\system32\win32k.sys

2013-08-14 17:35:06 ----A---- C:\Windows\system32\mshtml.dll

2013-08-14 17:35:05 ----A---- C:\Windows\system32\msfeeds.dll

2013-08-14 17:35:05 ----A---- C:\Windows\system32\ieframe.dll

2013-08-14 17:35:04 ----A---- C:\Windows\system32\wininet.dll

2013-08-14 17:35:04 ----A---- C:\Windows\system32\urlmon.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\url.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\occache.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\mstime.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\mshtmled.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\msfeedssync.exe

2013-08-14 17:35:03 ----A---- C:\Windows\system32\msfeedsbs.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\licmgr10.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\jsproxy.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\ieUnatt.exe

2013-08-14 17:35:03 ----A---- C:\Windows\system32\ieui.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\iesysprep.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\iesetup.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\iertutil.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\iernonce.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\iepeers.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\iedkcs32.dll

2013-08-14 17:35:03 ----A---- C:\Windows\system32\ie4uinit.exe

2013-08-14 17:34:58 ----A---- C:\Windows\system32\tzres.dll

2013-08-14 17:34:51 ----A---- C:\Windows\system32\drivers\ntfs.sys

2013-08-14 17:34:50 ----A---- C:\Windows\system32\rpcrt4.dll

2013-08-14 17:34:48 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2013-08-14 17:34:48 ----A---- C:\Windows\system32\cdd.dll

2013-08-14 17:34:47 ----A---- C:\Windows\system32\win32spl.dll

2013-08-14 17:34:47 ----A---- C:\Windows\system32\printcom.dll

2013-08-14 17:34:44 ----A---- C:\Windows\system32\certutil.exe

2013-08-14 17:34:44 ----A---- C:\Windows\system32\certenc.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\FntCache.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\DWrite.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d3d10warp.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d3d10level9.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d3d10core.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d3d10_1core.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d3d10_1.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d3d10.dll

2013-08-14 17:34:36 ----A---- C:\Windows\system32\d2d1.dll

2013-08-14 17:34:34 ----A---- C:\Windows\system32\smss.exe

2013-08-14 17:34:34 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-08-14 17:34:34 ----A---- C:\Windows\system32\ntkrnlpa.exe

2013-08-14 17:34:34 ----A---- C:\Windows\system32\ntdll.dll

2013-08-14 17:34:34 ----A---- C:\Windows\system32\csrsrv.dll

2013-08-14 17:34:32 ----A---- C:\Windows\system32\qedit.dll

2013-08-14 17:34:31 ----A---- C:\Windows\system32\mstscax.dll

2013-08-14 17:34:29 ----A---- C:\Windows\system32\winsrv.dll

2013-08-14 17:31:21 ----A---- C:\Windows\system32\wintrust.dll

2013-08-14 17:31:21 ----A---- C:\Windows\system32\cryptsvc.dll

2013-08-14 17:31:21 ----A---- C:\Windows\system32\cryptnet.dll

2013-08-14 17:31:21 ----A---- C:\Windows\system32\crypt32.dll

2013-08-14 16:25:19 ----D---- C:\Windows\system32\MRT

2013-08-14 01:47:03 ----D---- C:\Program Files\Common Files\Java

2013-08-14 01:46:30 ----A---- C:\Windows\system32\javaws.exe

2013-08-14 01:46:21 ----A---- C:\Windows\system32\WindowsAccessBridge.dll

2013-08-14 01:46:21 ----A---- C:\Windows\system32\javaw.exe

2013-08-14 01:46:21 ----A---- C:\Windows\system32\java.exe

2013-08-14 01:46:06 ----D---- C:\Program Files\Java

======List of files/folders modified in the last 1 month======

2013-08-31 06:58:25 ----D---- C:\Windows\Prefetch

2013-08-31 00:10:11 ----D---- C:\Windows\system32\drivers

2013-08-30 23:43:47 ----D---- C:\Program Files

2013-08-30 20:54:48 ----SHD---- C:\System Volume Information

2013-08-29 13:09:57 ----D---- C:\Windows\system32\catroot2

2013-08-28 15:25:56 ----D---- C:\Windows\winsxs

2013-08-28 15:16:00 ----D---- C:\Windows\system32\catroot

2013-08-28 15:15:51 ----D---- C:\Windows\System32

2013-08-28 14:32:49 ----D---- C:\Windows\inf

2013-08-25 16:09:23 ----D---- C:\Windows

2013-08-23 11:02:56 ----D---- C:\Windows\SoftwareDistribution

2013-08-21 16:49:35 ----D---- C:\Windows\Minidump

2013-08-21 12:12:30 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2013-08-20 15:17:39 ----SHD---- C:\Windows\Installer

2013-08-20 15:17:39 ----SD---- C:\Users\Anja\AppData\Roaming\Microsoft

2013-08-20 12:39:27 ----HD---- C:\ProgramData

2013-08-20 10:25:23 ----SD---- C:\ProgramData\Microsoft

2013-08-20 09:25:56 ----D---- C:\Windows\system32\Tasks

2013-08-20 00:08:47 ----SD---- C:\Windows\Downloaded Program Files

2013-08-19 10:46:15 ----D---- C:\Windows\Panther

2013-08-19 10:46:13 ----D---- C:\Windows\Debug

2013-08-15 22:00:57 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-08-15 07:27:48 ----D---- C:\Windows\Microsoft.NET

2013-08-15 07:27:46 ----RSD---- C:\Windows\assembly

2013-08-15 06:48:09 ----D---- C:\Windows\tracing

2013-08-15 06:44:53 ----D---- C:\Windows\rescache

2013-08-15 06:05:08 ----D---- C:\Program Files\Internet Explorer

2013-08-15 06:05:07 ----D---- C:\Windows\system32\migration

2013-08-15 06:05:06 ----D---- C:\Windows\system32\nl-NL

2013-08-15 05:23:29 ----D---- C:\ProgramData\Microsoft Help

2013-08-15 05:13:51 ----D---- C:\Windows\system32\XPSViewer

2013-08-15 04:56:20 ----D---- C:\Program Files\Microsoft Silverlight

2013-08-15 04:52:24 ----D---- C:\Windows\system32\WDI

2013-08-15 03:19:58 ----D---- C:\Windows\system32\config

2013-08-15 03:19:39 ----D---- C:\Windows\Tasks

2013-08-15 03:19:39 ----D---- C:\Windows\system32\spool

2013-08-15 03:19:39 ----D---- C:\Windows\system32\Msdtc

2013-08-15 03:19:39 ----D---- C:\Windows\system32\CodeIntegrity

2013-08-15 03:19:26 ----D---- C:\Windows\system32\wbem

2013-08-15 03:19:26 ----D---- C:\Windows\registration

2013-08-14 18:14:10 ----D---- C:\Users\Anja\AppData\Roaming\Skype

2013-08-14 18:13:54 ----D---- C:\ProgramData\Skype

2013-08-14 18:13:48 ----RD---- C:\Program Files\Skype

2013-08-14 01:47:03 ----D---- C:\Program Files\Common Files

2013-08-14 01:46:10 ----A---- C:\Windows\system32\npdeployJava1.dll

2013-08-14 01:46:10 ----A---- C:\Windows\system32\deployJava1.dll

2013-08-05 16:00:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]

R0 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]

R0 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-12-08 140320]

R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-03-04 18992]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-11-14 43528]

R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]

R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-04 16944]

R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-04 60464]

R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]

R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]

R3 ati2mtag;ati2mtag; C:\Windows\system32\DRIVERS\ati2mtag.sys [2006-11-02 1523200]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]

S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]

S3 Dot4;Microsoft IEEE-1284.4-stuurprogramma; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]

S3 Dot4Print;Stuurprogramma voor printerklasse voor IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]

S3 Dot4Scan;Stuurprogramma voor scannerklasse voor IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752]

S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Functiestuurprogramma voor High Definition Audio-service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-17 1971928]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-04-24 6144]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]

S3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 30752]

S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2012-10-10 10837352]

S3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]

S3 RTL8187B;Wireless Network USB Adapter 54g WL-168v1.004; C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-09-04 286208]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 vmfilter323;323 filter service, Normal; C:\Windows\system32\drivers\vmfilter323.sys [2006-08-08 476672]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323); C:\Windows\System32\Drivers\usbvm323.sys [2006-08-21 244864]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-06-13 247808]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]

R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]

R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-04 500784]

R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]

R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-19 24576]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 hpqddsvc;HP CUE DeviceDiscovery-service; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-07-18 22216]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-07-18 295376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate1ca21eaa00e0650;Google Updateservice (gupdate1ca21eaa00e0650); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-21 133104]

S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 257416]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-21 133104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]

-----------------EOF-----------------

[kape]

Dit ziet er verder erg netjes uit. Malwarebytes heeft dus het nodige gedaan. Indien je geen merkbare problemen meer hebt, mag je RSIT verwijderen en nog even een algemene cleaning doen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Indien dit allemaal probleemloos verlopen is en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

[zubrrr]

Superbedankt Kape.Probleem van de baan.Prima werk geleverd.!!!!!!!!!!!